Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Befall vom Verschluesselungstrojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.06.2012, 21:49   #1
Salik
 
Befall vom Verschluesselungstrojaner - Standard

Befall vom Verschluesselungstrojaner



Hallo,

Gestern habe ich mir den Verschluesselungstrojaer eingefangen.
Ich erhielt eine email mit dem Betreff "Konto Einzug für den Benutzer -nik84-" von dem Absender "patrick_kenney@cox.net" und folgendem Inhalt:


Lieber Kunde -nik84-,

wir müssten leider feststellen, dass unsere Rechnung Nummer: 57472019 für den Nutzer -nik84- immer noch nicht ausgeglichen wurde. Dies bedeutet einen rechtskräftigen Schuldnerverzug Ihrerseits. Nach deutschen Recht könnten wir die offenen Rechnungen bereits jetzt durch Rechtsanwalt fordern. Wir geben Ihnen trotzdem noch eine letzte Möglichkeit, Ihre Verpflichtung zu erfüllen, indem Sie innerhalb von 3 Tagen die ausstehende Rechnung in Grösse von 682.00 EURO an uns zahlen.

Die Dienste und die Rechnung können Sie im Zusatzordner sehen.

Bitte beachten Sie, die Folgen des Verzugs bestehen vor allem in der Regresspflicht des Schuldners sowie in einer verschärften Haftung.

www.flirt-fever.de AG mit Sitz in München

Geschäftsführer: Manfred Baumgartner, Elisabeth Huber
Gericht: Keiserslautern

------------------------------------------------------
Anmkerung zu dieser E-mail: -nik84- ist ein Benuzternamen den ich mir vor ca 6Jahren auf einem unentgeldlichen Chatting- oder Datingportal gegeben hatte. Ich habe diesen Account nie aktiv genutzt.

Im Anhang dieser E-mail war eine 68KB große ZIP Datei mit dem Namen "Mahnbescheid" die ich entpackte und deren Inhalt (eine Datei die irgend etwas mit Mahnung hiess und eine MS-DOS Anwendung war) ich ausführte.
Es erschien eine Sanduhr fuer vll. 2 Sekunden. Daraufhin verschwan die Datei und der Ordner blieb leer.
Ich entpackte daraufhin erneut die ZIP-Datei und fuehrte die MS-DOS Anwendung erneut aus. Sie verschwand erneut nach ca 2 Sekunden.

Ich verliess den Raum und als ich wenig später wieder in der Nähe meines Computers war sah ich das er sich neu gestartet hatte. Ich logte mich über mein Fingerprint-Scan ein und erhielt die oben abgebildete Meldung und hatte kein Zugang mehr auf mein Desktop.
Nach sporadischer Recherche im Internet(anderer Rechner) wollte ich schauen ob ich mich über einen Anderen Benutzer anmelden konnte und benutzte Strg/Alt/Entf um in den Taskmanager zu gelangen.
Nun wählte ich Benutzer Abmeldet, der Bildschirm mit der Trojanermeldung wurde geschlossen und ich landete auf meinem Desktop, wo ich entscheiden musste ob ich die Beendigung eines Programmes erzwingen wollte oder eben nicht.
Da ich zu diesem Zeitpunkt zumindest wieder auf meinem Desktop angelangt war verneinte ich und führte eine Systemwiederherstellung vom Vortag aus, in der Hoffnung dadurch permanent von dieser Scamsoftware befreit zu sein.

Nachdem der Rechner neu gestartet wurde konnte ich tatsächlich wieder wie gewohnt auf mein Computer zugreifen und habe keine Trojaner-Meldung mehr erhalten.

Da ich den Computer beruflich nutze und Angst vor einem keylogger habe, hatte ich den Rechner zwar noch einige Stunden an gehabt(mit aktiver Internetleitung), mich jedoch weder in mein email-Account oder Skype-Account eingeloggt, noch wichtige passwörter verwendet.
Zu dem Zeitpunkt des Ausfürhens der MS-DOS Anwendung war jedoch ein Passwort-Verwaltungsprogramm geöffnet, das alle wichtigen Passwörter von mir auf dem Desktop angezeigt hat. Ebenso war ich zu diesem Zeutpunkt noch in mein Email-Account eingeloggt.

Nachdem ein Freund mich auf dieses Forum aufmerksam gemacht hat habe ich den Rechner nach ca 15 Minuetiger Benutzung beendet und erst nach Trennung unseres Routers wieder gestartet. Ich habe ihm offline Modus "defogger" und "OTL" ausgefuehrt.
Da ich ein 64Bit Windows benutze habe ich den GMER scan nicht ausgefuehrt.



Ergebnisse von defogger und OTL:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:28 on 02/06/2012 (User)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


OTL.txt:

OTL logfile created on: 02.06.2012 19:29:14 - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\User\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

15,93 Gb Total Physical Memory | 13,90 Gb Available Physical Memory | 87,25% Memory free
31,86 Gb Paging File | 29,57 Gb Available in Paging File | 92,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 437,97 Gb Total Space | 163,34 Gb Free Space | 37,29% Space Free | Partition Type: NTFS
Drive D: | 959,72 Mb Total Space | 949,31 Mb Free Space | 98,92% Space Free | Partition Type: FAT
Drive F: | 13,69 Gb Total Space | 0,01 Gb Free Space | 0,05% Space Free | Partition Type: FAT32

Computer Name: USER-HP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.02 18:27:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012.05.09 09:47:54 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012.03.19 12:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011.08.15 16:18:14 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.04.15 14:18:06 | 001,646,056 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.12.06 23:02:12 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010.10.19 13:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.07.16 15:54:06 | 000,634,192 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
PRC - [2010.06.14 13:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
PRC - [2010.05.07 17:21:38 | 000,080,496 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2010.04.16 16:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2010.04.05 18:41:14 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2010.04.05 18:40:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.12.29 23:19:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009.12.16 01:11:14 | 000,281,192 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2009.12.16 01:08:40 | 000,704,512 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
PRC - [2009.12.02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009.12.02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009.11.21 04:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.11.11 22:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009.11.04 22:46:40 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.11.04 22:46:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.09.08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009.09.08 08:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe


========== Modules (No Company Name) ==========

MOD - [2012.03.16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2012.03.16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.04.04 08:46:43 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV:64bit: - [2011.05.13 14:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010.11.20 14:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2010.07.16 15:54:06 | 000,462,160 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2010.06.14 13:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe -- (HPDayStarterService)
SRV:64bit: - [2010.02.12 03:25:58 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.01.27 22:01:04 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010.01.21 13:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.12.30 08:03:24 | 002,019,120 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009.12.29 23:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009.12.16 22:48:12 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2009.12.16 01:11:14 | 000,281,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV:64bit: - [2009.12.16 01:08:40 | 000,704,512 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe -- (DEBridge)
SRV:64bit: - [2009.08.03 21:32:20 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 02:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\AESTSr64.exe -- (AESTFilters)
SRV - [2012.05.30 22:20:46 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.27 00:23:57 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.26 12:38:02 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.19 12:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011.08.15 16:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.04.15 14:18:06 | 001,646,056 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
SRV - [2010.10.19 13:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.08.20 21:08:46 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010.05.07 17:21:38 | 000,080,496 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2010.04.16 16:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2010.04.05 18:40:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.21 13:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\STacSV64.exe -- (STacSV)
SRV - [2009.12.30 07:44:24 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2009.12.02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009.12.02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009.11.04 22:46:40 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.11.04 22:46:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.09.08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009.07.14 02:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 21:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 07:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.09.02 07:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011.05.13 14:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.05.13 14:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011.03.16 01:29:49 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.03.16 01:29:49 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.12 10:42:12 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.20 10:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.08.20 21:08:46 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010.06.04 00:56:06 | 001,803,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.02.12 04:01:36 | 006,180,864 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.01.21 13:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010.01.13 17:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2010.01.07 19:22:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.01.07 19:22:40 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.01.07 19:22:36 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.01.07 19:22:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.01.07 18:37:40 | 000,295,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2009.12.16 01:12:22 | 000,015,688 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\SbFsLock.sys -- (SbFsLock)
DRV:64bit: - [2009.12.16 01:12:20 | 000,058,184 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RsvLock.sys -- (RsvLock)
DRV:64bit: - [2009.12.16 01:12:18 | 000,056,648 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SafeBoot.sys -- (SafeBoot)
DRV:64bit: - [2009.12.11 22:32:06 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009.12.02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009.12.02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009.12.02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009.12.02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009.11.21 04:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.11.21 04:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.10.29 01:54:00 | 000,079,360 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009.10.26 22:52:00 | 000,061,952 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.08.03 21:32:22 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.07.20 23:05:50 | 000,059,008 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rismcx64.sys -- (rismcx64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.07.14 00:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.26 01:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009.06.26 00:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009.06.26 00:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 19:32:52 | 000,060,160 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SbAlg.sys -- (SbAlg)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.29 15:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.12.16 01:12:28 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysWow64\drivers\SbAlg.sys -- (SbAlg)
DRV - [2009.12.16 01:12:16 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\Windows\SysWow64\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2009.12.16 01:12:14 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysWow64\drivers\rsvlock.sys -- (RsvLock)
DRV - [2009.12.16 01:12:10 | 000,110,520 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysWow64\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{8DC519B8-319D-44B3-BF7D-78FBA47609B8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8DC519B8-319D-44B3-BF7D-78FBA47609B8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_deGB422
IE - HKCU\..\SearchScopes\{8DC519B8-319D-44B3-BF7D-78FBA47609B8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "spiegelonline.de"
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4218
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\Firefox [2010.08.27 06:18:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.08.27 06:18:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010.08.27 06:18:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011.12.08 16:53:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.19 13:56:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.19 13:56:05 | 000,000,000 | ---D | M]

[2011.03.13 20:38:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2012.05.09 14:56:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions
[2012.03.28 17:00:56 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.01.15 18:48:23 | 000,001,635 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\firefox-add-ons.xml
[2012.06.01 00:24:10 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-1.xml
[2011.05.15 16:35:54 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-2.xml
[2011.07.28 23:24:07 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-3.xml
[2011.08.18 13:33:57 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-4.xml
[2011.09.03 17:07:14 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-5.xml
[2011.09.18 20:47:57 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-6.xml
[2011.09.27 21:36:08 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-7.xml
[2011.10.07 00:16:08 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-8.xml
[2011.10.13 18:32:04 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-9.xml
[2011.05.03 05:55:57 | 000,001,056 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin.xml
[2011.11.09 15:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.02 01:43:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.01.15 18:51:30 | 000,042,737 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9JQU4F4O.DEFAULT\EXTENSIONS\{AFF87FA2-A58E-4EDD-B852-0A20203C1E17}.XPI
[2012.04.26 12:38:02 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.03.13 19:28:58 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.15 16:04:43 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.15 16:04:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.15 16:04:43 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.15 16:04:43 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.15 16:04:43 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.15 16:04:43 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Windows\SysNative\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DT HM2] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [CPN Notifier] C:\Program Files (x86)\Cake Poker 2.0\PokerNotifier.exe File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\User\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\User\Desktop\PartyPoker.lnk File not found
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08E48B58-C541-493B-B384-742D0A2040F3}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F0A312B-EF89-4A51-A9AA-2C243587594D}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.06.02 19:24:54 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.06.02 19:24:53 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.61.0.1400.exe
[2012.05.31 22:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.05.31 22:26:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\TuneUp Software
[2012.05.31 22:26:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012.05.31 22:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.05.31 22:26:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.05.31 22:26:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.05.31 05:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Gilde 2 - Gold Edition
[2012.05.31 05:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Die Gilde 2 - Gold Edition
[2012.05.30 22:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.05.30 22:19:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microgaming
[2012.05.30 22:17:09 | 000,000,000 | ---D | C] -- C:\Microgaming
[2012.05.30 22:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\MGS
[2012.05.30 22:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\5050 Poker
[2012.05.24 17:41:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\LolClient2
[2012.05.19 13:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.05.19 13:55:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.05.15 20:34:30 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Diablo III
[2012.05.15 00:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012.05.15 00:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012.05.15 00:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.05.15 00:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012.05.15 00:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.05.10 13:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.06.02 19:28:11 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable
[2012.06.02 19:16:05 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.02 19:15:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.02 18:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.02 18:46:49 | 000,026,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.02 18:46:49 | 000,026,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.02 18:39:26 | 4237,852,670 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.02 18:36:56 | 000,149,694 | ---- | M] () -- C:\Users\User\Desktop\DecryptHelper-0.5.3.exe
[2012.06.02 18:33:36 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.02 18:27:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.06.02 18:25:40 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe
[2012.06.02 03:39:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.01 22:40:16 | 001,691,424 | ---- | M] () -- C:\Users\User\Desktop\manila 048.jpg
[2012.06.01 22:02:54 | 000,267,624 | ---- | M] () -- C:\Users\User\Desktop\jw.jpg
[2012.06.01 11:06:32 | 000,324,793 | ---- | M] () -- C:\Users\User\Desktop\photo_007.JPG
[2012.05.31 21:10:41 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUser.job
[2012.05.31 05:54:02 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Die Gilde 2 - Gold Edition.lnk
[2012.05.31 00:42:09 | 000,002,336 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.05.30 22:18:41 | 000,001,777 | ---- | M] () -- C:\Users\Public\Desktop\5050 Poker.lnk
[2012.05.30 20:00:24 | 733,218,816 | ---- | M] () -- C:\Users\User\Desktop\the.spirit.molecule.2010.dvdrip.xvid-unveil.avi
[2012.05.30 09:58:28 | 000,092,511 | ---- | M] () -- C:\Users\User\Desktop\the.spirit.molecule.2010.dvdrip.xvid-unveil.srt
[2012.05.29 20:56:29 | 000,003,025 | ---- | M] () -- C:\Users\User\Desktop\TableNinja.lnk
[2012.05.28 16:02:18 | 007,033,254 | ---- | M] () -- C:\Users\User\Desktop\gartendusche.pdf
[2012.05.20 21:06:31 | 001,165,937 | ---- | M] () -- C:\Users\User\Desktop\CD 3 - Track 04.mp3
[2012.05.20 21:06:31 | 001,132,865 | ---- | M] () -- C:\Users\User\Desktop\CD 3 - Track 03.mp3
[2012.05.20 21:06:31 | 000,915,765 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 09.mp3
[2012.05.20 21:06:30 | 000,810,517 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 05.mp3
[2012.05.20 21:06:30 | 000,675,707 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 06.mp3
[2012.05.20 21:06:29 | 000,756,489 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 04.mp3
[2012.05.20 21:06:29 | 000,647,055 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 01.mp3
[2012.05.20 21:06:29 | 000,585,643 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 03.mp3
[2012.05.20 21:06:29 | 000,340,931 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 08.mp3
[2012.05.20 21:06:28 | 000,427,225 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 11.mp3
[2012.05.20 21:06:27 | 000,389,629 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 10.mp3
[2012.05.20 21:06:26 | 000,319,117 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 07.mp3
[2012.05.20 21:06:26 | 000,287,137 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 02.mp3
[2012.05.20 20:59:10 | 000,445,555 | ---- | M] () -- C:\Users\User\Desktop\CD 3 - Track 02.mp3
[2012.05.20 20:59:08 | 000,554,651 | ---- | M] () -- C:\Users\User\Desktop\CD 3 - Track 01.mp3
[2012.05.20 20:59:07 | 000,510,035 | ---- | M] () -- C:\Users\User\Desktop\CD 2 - Track 05.mp3
[2012.05.20 17:18:28 | 001,114,344 | ---- | M] () -- C:\Users\User\Desktop\libelle1.jpg
[2012.05.19 14:21:55 | 013,608,820 | ---- | M] () -- C:\Users\User\Desktop\minimal.mp3
[2012.05.19 13:56:01 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.05.15 21:54:38 | 001,061,625 | ---- | M] () -- C:\Users\User\Desktop\CD 2 - Track 03.mp3
[2012.05.15 21:54:37 | 002,391,629 | ---- | M] () -- C:\Users\User\Desktop\CD 2 - Track 01.mp3
[2012.05.15 21:54:34 | 000,761,585 | ---- | M] () -- C:\Users\User\Desktop\CD 2 - Track 02.mp3
[2012.05.15 00:13:00 | 000,001,185 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.05.13 15:05:55 | 000,293,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.13 07:03:28 | 004,299,144 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.13 07:03:28 | 000,735,912 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012.05.13 07:03:28 | 000,733,626 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012.05.13 07:03:28 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012.05.13 07:03:28 | 000,697,526 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.13 07:03:28 | 000,652,804 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.13 07:03:28 | 000,152,200 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012.05.13 07:03:28 | 000,148,576 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012.05.13 07:03:28 | 000,148,532 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.13 07:03:28 | 000,146,072 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012.05.13 07:03:28 | 000,121,478 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.13 06:55:46 | 1018,430,265 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.05.10 16:51:49 | 000,018,519 | ---- | M] () -- C:\Users\User\Desktop\Shares Cashgame 2011.ods
[2012.05.10 16:24:21 | 000,013,466 | ---- | M] () -- C:\Users\User\Desktop\Shares Cashgame 2012.ods
[2 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.06.02 19:28:11 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable
[2012.06.02 19:24:54 | 000,149,694 | ---- | C] () -- C:\Users\User\Desktop\DecryptHelper-0.5.3.exe
[2012.06.02 19:24:54 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe
[2012.06.01 22:38:50 | 001,691,424 | ---- | C] () -- C:\Users\User\Desktop\manila 048.jpg
[2012.06.01 22:02:40 | 000,267,624 | ---- | C] () -- C:\Users\User\Desktop\jw.jpg
[2012.06.01 11:05:43 | 000,324,793 | ---- | C] () -- C:\Users\User\Desktop\photo_007.JPG
[2012.05.31 05:54:02 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Die Gilde 2 - Gold Edition.lnk
[2012.05.30 22:21:10 | 000,002,336 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.05.30 22:17:09 | 000,001,777 | ---- | C] () -- C:\Users\Public\Desktop\5050 Poker.lnk
[2012.05.30 09:58:25 | 733,218,816 | ---- | C] () -- C:\Users\User\Desktop\the.spirit.molecule.2010.dvdrip.xvid-unveil.avi
[2012.05.30 09:58:23 | 000,092,511 | ---- | C] () -- C:\Users\User\Desktop\the.spirit.molecule.2010.dvdrip.xvid-unveil.srt
[2012.05.28 15:56:13 | 007,033,254 | ---- | C] () -- C:\Users\User\Desktop\gartendusche.pdf
[2012.05.27 14:48:59 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForUser.job
[2012.05.20 21:06:21 | 001,165,937 | ---- | C] () -- C:\Users\User\Desktop\CD 3 - Track 04.mp3
[2012.05.20 21:06:21 | 001,132,865 | ---- | C] () -- C:\Users\User\Desktop\CD 3 - Track 03.mp3
[2012.05.20 21:06:21 | 000,915,765 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 09.mp3
[2012.05.20 21:06:21 | 000,810,517 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 05.mp3
[2012.05.20 21:06:21 | 000,756,489 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 04.mp3
[2012.05.20 21:06:21 | 000,675,707 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 06.mp3
[2012.05.20 21:06:21 | 000,647,055 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 01.mp3
[2012.05.20 21:06:21 | 000,585,643 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 03.mp3
[2012.05.20 21:06:21 | 000,427,225 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 11.mp3
[2012.05.20 21:06:21 | 000,389,629 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 10.mp3
[2012.05.20 21:06:21 | 000,340,931 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 08.mp3
[2012.05.20 21:06:21 | 000,319,117 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 07.mp3
[2012.05.20 21:06:21 | 000,287,137 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 02.mp3
[2012.05.20 20:59:08 | 000,445,555 | ---- | C] () -- C:\Users\User\Desktop\CD 3 - Track 02.mp3
[2012.05.20 20:59:06 | 000,554,651 | ---- | C] () -- C:\Users\User\Desktop\CD 3 - Track 01.mp3
[2012.05.20 20:59:03 | 000,510,035 | ---- | C] () -- C:\Users\User\Desktop\CD 2 - Track 05.mp3
[2012.05.20 17:17:28 | 001,114,344 | ---- | C] () -- C:\Users\User\Desktop\libelle1.jpg
[2012.05.19 14:19:35 | 013,608,820 | ---- | C] () -- C:\Users\User\Desktop\minimal.mp3
[2012.05.19 13:56:01 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.05.18 14:10:36 | 014,748,447 | ---- | C] () -- C:\Users\User\Desktop\PokerStars 1.3.1.ipa
[2012.05.15 21:54:35 | 001,061,625 | ---- | C] () -- C:\Users\User\Desktop\CD 2 - Track 03.mp3
[2012.05.15 21:54:33 | 000,761,585 | ---- | C] () -- C:\Users\User\Desktop\CD 2 - Track 02.mp3
[2012.05.15 21:54:31 | 002,391,629 | ---- | C] () -- C:\Users\User\Desktop\CD 2 - Track 01.mp3
[2012.05.15 00:12:34 | 000,001,185 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.05.10 16:51:48 | 000,018,519 | ---- | C] () -- C:\Users\User\Desktop\Shares Cashgame 2011.ods
[2012.05.10 16:24:21 | 000,013,466 | ---- | C] () -- C:\Users\User\Desktop\Shares Cashgame 2012.ods
[2011.11.22 06:39:41 | 000,004,876 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2011.10.11 04:16:05 | 000,000,045 | ---- | C] () -- C:\Users\User\AppData\Local\machpro.dat
[2011.05.20 15:18:36 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{783A11D7-BDAA-4C02-B0A3-4255724E3CD3}
[2011.05.19 09:50:58 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPPassFilter.dll.hpsign
[2011.05.19 09:50:58 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPCrProv.dll.hpsign
[2011.05.07 14:47:47 | 004,183,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.17 00:05:02 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2011.03.13 13:59:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.18 15:07:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.01.09 12:32:43 | 000,255,360 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2011.01.09 12:32:43 | 000,025,984 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2011.01.09 12:32:43 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2011.01.09 12:27:54 | 001,612,392 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2011.01.09 12:27:54 | 001,108,584 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2011.01.09 12:27:54 | 000,256,616 | ---- | C] () -- C:\Windows\SysWow64\nViewSetup.exe
[2010.08.27 06:18:13 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010.08.27 06:10:27 | 000,000,178 | ---- | C] () -- C:\Windows\SysWow64\HPPA.ini
[2010.07.16 15:54:06 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPSCEL.dll.hpsign
[2010.07.16 15:54:06 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPFPApi.dll.hpsign
[2010.07.16 15:54:06 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPClback.dll.hpsign
[2010.07.15 17:01:46 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPFPApiUI.dll.hpsign

========== LOP Check ==========

[2011.03.13 15:14:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Absolute Poker
[2011.06.14 19:18:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BSW
[2011.02.18 15:00:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DigitalPersona
[2011.10.19 22:06:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileZilla
[2011.07.14 20:59:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\go
[2011.05.28 22:54:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HEM Data
[2012.01.22 05:20:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HoldemManager
[2012.01.12 10:56:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ICQ
[2012.01.11 19:58:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2011.03.17 18:17:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient
[2012.05.24 17:41:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient2
[2012.06.01 03:13:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Microgaming
[2012.01.19 04:35:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Might & Magic Heroes VI
[2011.04.04 08:52:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2011.11.22 06:06:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PacificPoker
[2011.03.21 20:51:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Roaming
[2012.05.14 15:07:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoftGrid Client
[2011.03.13 17:56:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Stardock
[2012.01.19 21:12:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeamViewer
[2012.01.30 07:27:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\The Creative Assembly
[2011.05.07 14:48:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TP
[2012.05.31 22:26:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software
[2011.03.15 01:45:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ubisoft
[2012.04.04 18:23:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WindSolutions
[2012.05.31 21:11:02 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker 2.0:MID

< End of report >



Extas.txt:

OTL Extras logfile created on: 02.06.2012 19:29:14 - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\User\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

15,93 Gb Total Physical Memory | 13,90 Gb Available Physical Memory | 87,25% Memory free
31,86 Gb Paging File | 29,57 Gb Available in Paging File | 92,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 437,97 Gb Total Space | 163,34 Gb Free Space | 37,29% Space Free | Partition Type: NTFS
Drive D: | 959,72 Mb Total Space | 949,31 Mb Free Space | 98,92% Space Free | Partition Type: FAT
Drive F: | 13,69 Gb Total Space | 0,01 Gb Free Space | 0,05% Space Free | Partition Type: FAT32

Computer Name: USER-HP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05AF378E-58DA-4C1D-AABC-E01331FDCBC4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{086F6C41-78B5-4829-9699-344B0056F02D}" = lport=5432 | protocol=6 | dir=in | name=postgres |
"{08EE115C-4673-46E3-850D-1D6C9C3D5C9E}" = lport=139 | protocol=6 | dir=in | app=system |
"{1813A6EE-2B15-41D9-B851-936D684F9C38}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2027F87A-D083-46FC-938F-7BC73BFECF8D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{20F01804-3606-452C-83F6-95441A329209}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2CE2DD8B-6BC0-4D6C-B049-76B8750B1EC8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3694FC4B-6838-4C54-8538-0B041E6A6ADB}" = lport=137 | protocol=17 | dir=in | app=system |
"{36BB01D4-AFF9-4434-ABCB-2025E85B145D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3AF0AE3B-DD91-4958-86FD-87E5BEAF90F6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3D29DAF9-9B46-48F9-BCB3-22C78D5541CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{481CDD78-669E-4847-953A-A580F4538655}" = lport=57650 | protocol=6 | dir=in | name=pando media booster |
"{559D407D-0356-4748-A8E3-5A4760601087}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{616BFA03-8A6C-4AA4-87E7-02FB451F02C1}" = lport=445 | protocol=6 | dir=in | app=system |
"{660D153B-7E42-40CB-830F-DE200534D0C3}" = rport=139 | protocol=6 | dir=out | app=system |
"{691ED685-B255-4769-BE60-2A33258F2343}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6B86E04B-BCDB-41BA-924B-4AC46E56D300}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{71F9ADA8-8147-47A2-A298-BD5DC0D02E53}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{732AC519-B451-40CC-864D-DC21C5ADADB0}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher |
"{744E38AB-F1BE-4716-840D-601E4A74BAD4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{763C9631-F514-44F5-80D4-1658C6EBBA84}" = lport=57650 | protocol=17 | dir=in | name=pando media booster |
"{7B1FF991-4893-48AA-8DB8-9FA77A93122B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7B64A13B-7B06-414D-AFB0-0BF786F8CE7B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E6387CA-1298-42F6-9ABF-B60D865DC1A9}" = lport=57650 | protocol=6 | dir=in | name=pando media booster |
"{8426EAEA-DECA-4742-835D-C2C78D0E0696}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher |
"{935CFF0E-BBCF-4EB3-8FA7-3719D7B603E4}" = rport=137 | protocol=17 | dir=out | app=system |
"{943BDF35-4272-4052-999C-006BBB172401}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{94CE8610-71A2-4662-B847-E25100718209}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{97181B7B-B290-4596-B458-5156D42EB7D3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9882F307-8EF6-4C5E-96B9-01905683F354}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{991C81D9-9912-4828-84F6-C4B94BDA53E6}" = lport=57650 | protocol=17 | dir=in | name=pando media booster |
"{9C9A6DB3-DFD2-44B3-A476-A208FEC11D85}" = rport=138 | protocol=17 | dir=out | app=system |
"{A2E7F08B-7E12-424F-9694-6A8145EAC548}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A4AD938C-E152-421B-9187-465EB42C530A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AFDE1E94-08B0-4B7D-8F48-16B5CAE10959}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CBB6F7CA-9AB1-440A-8CC2-785CCFE1F2B8}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher |
"{D14C4A09-95E2-434A-88E6-34CA07E4B08F}" = lport=138 | protocol=17 | dir=in | app=system |
"{EECBE44C-0950-4364-9BEC-B32961C98DCF}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher |
"{F47417AF-6467-494C-A9E9-9275DB4F9E8A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F5609390-DC8B-47E8-BBC5-61E4DABE576E}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002AE74B-95DA-4E33-9FBA-21E6EBAE1A24}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"{041B46B0-6687-479E-91E0-96D03F025573}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{055ADDF2-3AD7-44FE-8E78-FCF913182568}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{05E34EB4-3E9F-4A20-9CD4-1D28C1ADD069}" = protocol=6 | dir=out | app=c:\program files (x86)\rosettastoneltdservices\rosettastoneltdservices.exe |
"{0C8F0003-0840-4100-A431-4CE783382E94}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{0D7C608F-4BDF-4AC4-B85B-C2240583E6A4}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"{0D8A7159-CBA8-4EF3-8543-8A402BD2AD59}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{0E3E9CC9-17CA-48B9-AAD8-33C41157DDF1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0EA201EF-6C8F-4AC3-9337-51D858AD6BC3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0F8E1313-CDD3-4412-9B00-8D64D5250036}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{11351A9B-2E98-40BA-B3D4-8C63444AC999}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"{127384A4-61E0-4BD0-8C2A-7A96ED0CE886}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{1485E5BB-A00A-4EF7-B3F2-3898F54D04AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{155F2E5D-AE87-4E9B-B5EA-E5C2AC47AB59}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\anno4.exe |
"{17539821-7B27-423F-889A-CBFA4E568797}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{1774B384-DCDC-4C99-A25F-8085271E377A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv beyond the sword\beyond the sword\civ4beyondsword.exe |
"{1F6BE095-ABC4-4DD7-80F4-1B0975BC4A36}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{1F98B8BE-62B6-41EC-B569-E92109193306}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"{202CFA8B-005C-4134-83F4-A9F12AB5B2ED}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{21A48DDF-D534-4B86-8FED-52F533F6523E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"{22006BC6-A84F-4292-9509-EC2116AC7C7D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{23A3B85F-BAB9-44C8-B999-E789C97D4AD0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{26804569-FAE1-4954-80C9-B8E6BDC20AA7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{296A504D-CF9E-4A43-AEA8-B63173134BFD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2A402D4A-ED68-4B44-A562-A83272033A73}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{2AA40DBF-D739-4AB5-A341-BAAD2176B3EA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2AB5E87F-3322-4A91-ABD2-2548947BC44E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\might and magic heroes vi\might & magic heroes vi.exe |
"{2CDA3A20-FB85-482C-A456-80506FF49E46}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{300F073B-1037-436D-B77F-DCFF5B0EBDC8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{3128A5C1-027E-42D6-9A9B-7F92435507F5}" = protocol=17 | dir=in | app=c:\program files (x86)\cake poker 2.0\pokerclient.exe |
"{31839750-813B-4A16-90D4-8C9090800821}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{333608A6-4998-4757-9C4B-8B1CE51F6642}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\might and magic heroes vi\might & magic heroes vi.exe |
"{36F5972C-7A02-4893-94B4-A00CCE4C7CB4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\anno4.exe |
"{380321B4-FA5D-4E96-96F8-7B7288B00262}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{38EF4908-3FF7-4492-BDD1-C511F3B9D0C7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
"{3ACFF160-A210-4D17-87D1-1745BA6F2A44}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\addon.exe |
"{3BAA2035-BF2C-4620-9A64-D64197B872EA}" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"{3FCE8DD7-CBD6-4946-8E51-72ED035ECB73}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
"{401C243C-BBB9-4A66-9BB7-BCA55ED770F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe |
"{40A57FB8-3683-4ADD-AFC3-6066E1D84053}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{45A90FB3-20B9-4048-AC90-642750E53785}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{47255028-E7CA-42B9-A5FC-782A00DCD4FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\addon.exe |
"{4C96129C-8F4E-438C-A602-B108260F8361}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"{54373459-0BE6-45D0-BEDA-DB32BC0985B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe |
"{549F1601-2363-4987-8AF2-DEA9191ECACF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{575B3BDC-D995-4BA8-8989-315E2062B1F7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5904CD96-BC7A-4844-9B1E-3B67B18E395F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"{596BBAFB-4FB5-49BD-9BD0-11EC8B821E09}" = dir=in | app=c:\program files (x86)\rosettastoneltdservices\rosettastonedaemon.exe |
"{5A21C336-4A27-402B-B596-2389E1B2A80E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{5DC1BD7B-0DA6-4F5D-85A9-7941966C5F0F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{5DDF8EB3-08F4-477E-8543-320C080C2998}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5F57AE70-1022-415F-8E7C-874C22348622}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{61898376-5E9F-49DD-AC4C-32444DB6DCAD}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{63508F75-3332-4396-9603-096CA049205C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{6B38F23F-17D5-491D-97DC-93663816F9A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6BBF4ADA-295B-46B7-A5F8-E6840EE1EFEB}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{6CA39B31-4A28-4681-BA63-98F80EDDFCF3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{6F117D7E-66F5-4C16-8A90-EAD040D63F62}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{718D3EAC-3D33-4089-A023-650A52366BF3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe |
"{71A7673E-DC79-4DD1-AB74-D497EEAE66C9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{71BEF318-E98B-46C5-9CDE-F40D69EC3A54}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{7368B78E-B35E-421E-95EA-6ACEDDCE2FAF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{7435C04B-5F8F-4745-BF07-88722802F189}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{7541E88C-083C-478A-A15F-E7CE2222C06C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{786CD85D-5AAF-4526-BA0F-58122762B0C3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
"{79D2FB5D-5749-4A74-BC09-82E63B8A0FC6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\addon.exe |
"{7AB7680D-8D3E-4FDB-ABC8-ED3856ABB302}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{7E69F7EB-3A2F-4F94-BD95-9ACECCC42D35}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{7E7EC802-986B-4E46-AD31-73EEBDC747E2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7FD68369-6491-4388-9519-450D4B6E17D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv beyond the sword\beyond the sword\civ4beyondsword.exe |
"{80C540B1-C1A4-41C7-B942-F8240F073539}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{814D5585-14AA-4BF2-BCD8-B9BD361434AF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{821198EB-EB4E-470D-A6A9-5B0E7CA5BA4B}" = protocol=6 | dir=in | app=c:\program files (x86)\cake poker 2.0\pokerclient.exe |
"{86241B6D-E93A-4515-8444-D6FFB5294747}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{86FDD8DD-C790-426C-AA50-7166C1052918}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
"{8708EE70-2F9D-4025-BB00-26923467F0CE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{874D108C-24E8-46AC-BFB7-A3023EE9084A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{887C0542-95DF-4128-B450-1ABAECE3AA9F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{8917EFF4-4F8E-4F5E-B4CB-C2BB177BC157}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{8A5A24B5-EB07-4FA3-A1FC-6C93100AA47B}" = protocol=6 | dir=out | app=c:\program files (x86)\rosettastoneltdservices\rosettastonedaemon.exe |
"{8ABB38AC-7607-479E-A81A-5A1973D92871}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{8B8C71FB-97DC-413E-B8C2-779387A85A4D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8CAFA1E3-5581-4B7A-AA3D-44D36D4D7668}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
"{903374FF-56D5-406D-8908-149BC2E02AB6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{9368C4FD-5063-4D36-9887-DA50017AE506}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{94FC4389-6093-471D-851D-C440598A4405}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
"{9A2EB4DC-4F47-4E66-B166-D3CDBA3A15EF}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{9D31BDA9-BBF2-41E2-8E3B-AE917D814C8B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9EEA38F8-1106-42B7-8FC6-03594FE4554D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{A189866B-2DED-4FF8-95F7-C659A7388005}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A2FF59B7-5F5D-4E37-ACD9-C4419B629E66}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{A330685D-B34D-426F-B314-DBC5D6DDDA57}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{A425DE0D-F62B-45CA-B37B-F7841DE45B7A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{A6561FC7-0C13-4831-8C7A-537B5E6A2F46}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{A6A79BB4-E2FF-4551-889E-FD6ED1CA983E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A7C70E8B-3F81-41C0-9BAB-3993B35B363A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A8EEE20D-D6EB-4F62-8252-BDB3C3E090A9}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{AB27D25B-22FA-48FF-94C2-05AC91F077C5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{AC2D269F-31FC-42AA-A151-F2E6C7C7F9DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv beyond the sword\beyond the sword\civ4beyondsword.exe |
"{ACE9E015-4409-401A-BD2F-BEE0640D525C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\addon.exe |
"{AF94144B-89F1-4493-92EB-E5A76FCCD09F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{AFEC0135-76E5-4E95-8EB7-711FDF8805AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B2621A31-2EB0-400C-820B-D08169CF0742}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\anno4.exe |
"{B3D97759-BB7E-4A30-8CD7-D0FEE4F0EE3A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{B461C89F-7C64-46FE-B56D-C2ACC88CFC0D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B8F7935D-58D9-4A39-9CB7-73A381325DBE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\anno4.exe |
"{BBABD334-96DA-4A77-8592-C42182EA30BC}" = protocol=6 | dir=out | app=system |
"{BC45E590-ED82-4E2C-B3E3-2A6AE2E06F5F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{BE730B1E-A7C5-4D29-A414-FCFBF6A1DF6E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{BFD1B1AA-66C2-440D-BD86-1FE9A317A598}" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"{C489C08D-3253-4C22-928A-D3895A1E78FB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{C973167C-85E3-4141-BFFD-31FC39330B58}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
"{CA4E3DC3-0002-4005-97E8-935A910729E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CCB1D667-8312-4ECE-A06B-1FCBD7953931}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{D0DE7BDF-941F-4753-84E9-6FE4A8053893}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv beyond the sword\beyond the sword\civ4beyondsword.exe |
"{D18A3FA1-B89E-43CB-BD9A-FCC5D8AF314D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{D26DFDA4-4697-4900-AA6F-6CB00458DB7D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm |
"{D2DF29B9-5B93-4270-87ED-2D3B531CDD0A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{D46804ED-2CB0-4489-8937-61D2D81ECEE2}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{D5EB984F-92F9-4C59-96D9-9C4609E98998}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{D8824366-7460-42EC-9796-C2D4D3B6C5C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D9DBFA53-382D-4F3F-B3B6-6232A4DD127C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DB2AF529-A4A7-4FB2-B763-DD9CEE64DBF4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{DC403AFE-E855-44D1-ABE0-F248B0698C3C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{E111B8CE-054F-42F3-ADE4-C0B176B43389}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{E11566CF-84C9-45CA-836E-7D11008A8968}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{E248F161-04C0-43B8-A0DF-013EB06FD80F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E53AADDB-3B5B-4EAB-A1D3-927B9984A10D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{E5D88093-3116-4D8C-9C06-B58C612E99FA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{E6630ADD-A8DA-47EB-9D1E-B23F076AAA88}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{E6E8794A-DC2E-4A21-BE35-649227B69F3E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"{E82D6E7A-1A1E-4299-9BFC-7C1DC88FB464}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E92E33C1-98E6-43E3-A669-8E07935B2EDF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{EC7472C6-8EE0-4C68-A5B6-49FE588443AC}" = dir=in | app=c:\program files (x86)\rosettastoneltdservices\rosettastoneltdservices.exe |
"{ECA1E7F2-C466-47BA-962B-370419AD23ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{ECD12CC1-AF56-4448-B10F-2DFAB9049E68}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{F2EA84C8-E953-4E95-80B2-C36273823846}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F88E448E-4E9C-42F8-ADE5-569E7D3F5536}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FB41C12A-D860-4BF2-A9E9-55B63B20D9A0}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{FC02B129-7458-426F-A755-D34778ECD029}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FC4A5F15-D4CC-4C08-B55C-62B60B922CE7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe |
"{FE44C7C6-5877-468C-BA0A-F430BAB33139}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{FEEBE1BD-6369-422B-851F-F89995E5D702}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{FF3FEBCB-9D24-4649-9A44-A69B7F66F1AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"TCP Query User{1BAB75B7-1BD6-47BD-A9DA-AA827A5C5300}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{2792FE74-2B56-49AC-8593-63A0FB23D8E8}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{2A12BA20-F81D-4117-900E-7166B6772572}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{2F217471-DC3A-44C1-832E-09F573547333}C:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe |
"TCP Query User{2F3AF7B1-B928-4DA8-84CB-E017C1BEDB85}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{43E1FB80-2BA3-4598-B2DE-F79BECB87E3B}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"TCP Query User{4E81203E-A5FB-4612-95A6-AD51978F41E6}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"TCP Query User{5AD88A56-957A-4533-BC7A-BC92FAD32BFD}C:\program files (x86)\steam\steamapps\common\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\tools\anno4web.exe |
"TCP Query User{7C940D05-EFDB-4D5F-AB91-981C3AF70E7D}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{C3D0E571-CC2D-4F85-ADAB-B1E74688185B}C:\program files (x86)\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"TCP Query User{D441ECB9-5A58-4109-ADEA-EA6F4ADF35EC}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe |
"TCP Query User{D92E2BBA-64F0-4B04-97CE-9F5C034F6FF0}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{E93E28B5-2903-4F30-B3FB-EFDDC367BA51}C:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe |
"TCP Query User{F720B683-61A5-4102-9B6E-5D138987D955}C:\users\user\downloads\rapget141\rapget.exe" = protocol=6 | dir=in | app=c:\users\user\downloads\rapget141\rapget.exe |
"UDP Query User{0715BA33-6385-4163-9442-36F9C7FE2E09}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{0901B92D-2AD1-4F46-A2CA-BBC6F85304A2}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{09B80726-095D-4319-A097-F04AAC455ED7}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"UDP Query User{1A3E9F89-C1EC-4A1C-BA5A-1A547D42982F}C:\program files (x86)\steam\steamapps\common\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\tools\anno4web.exe |
"UDP Query User{2A0E6C06-D04E-40B5-8E93-F303450DF540}C:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe |
"UDP Query User{57D76075-BBD3-40C1-A509-7D9755DDECE2}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{61833A4B-05C3-45D6-B335-B2BA2F3C7120}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{75E1500F-8786-43E4-AE8F-E6792FC79580}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{8721760A-90CE-4545-8E1D-D950DFFC1BA0}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"UDP Query User{A956CC8C-E626-4C17-A097-C23FCFA91A31}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{C9A3DED1-F34E-4E01-92B6-FA393C1A5A9A}C:\program files (x86)\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"UDP Query User{CEB6BC7E-E7F7-4C5E-A017-DE3F7E13FA30}C:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe |
"UDP Query User{D37300E8-FE97-45A0-8674-3ACA889AC962}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe |
"UDP Query User{D7419ED2-3820-4238-BC4F-CDE5EBD9B832}C:\users\user\downloads\rapget141\rapget.exe" = protocol=17 | dir=in | app=c:\users\user\downloads\rapget141\rapget.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{3513DD3C-7680-4C7C-BF18-BA375D5F4132}" = Pre-Boot Security for HP ProtectTools
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75126DE9-C8EC-46B2-949F-EFA770AAFD9B}" = HP ProtectTools Security Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89D7DD37-5A15-46E0-9C3C-A0004C4F1A38}" = Drive Encryption for HP ProtectTools
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F258628-2E18-4C2E-8127-EF4EFAF5F75C}" = HP 3D DriveGuard
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{938C9D51-4233-4DCE-A650-96918ACDBF3E}" = HP Power Data
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Broadcom 2070 Bluetooth 2.1 + EDR
"{B4867F47-1E4E-4EA2-8FE7-1153BD5B121E}" = Validity Fingerprint Driver
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{E6BC696E-5E96-4C1B-9371-379AF3A46B6B}" = HP Wireless Assistant
"{E6BEE2A9-04CF-42FF-B95B-BB70FAD2DC3E}" = HP QuickLook
"{EEB023B5-8EBE-4BEB-90C8-BDA16ABEDBB4}" = HP Power Assistant
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"7E38E30BB92ED94B21CF062A7386554CBA991FEB" = Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"HoldemManager" = Holdem Manager
"HPProtectTools" = HP ProtectTools Security Manager
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PROSet" = Intel(R) Network Connections Drivers
"sp6" = Logitech SetPoint 6.32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E9389C0-0E8A-4174-A430-CFAFF29CC3A7}" = PokerStrategy.com Equilab
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1CE213F8-D2A4-4069-B918-589EEFB1DB2C}" = HP Mobile Display Assistant
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{251A498D-2109-4BD2-AA12-797EE9C348DE}" = TableNinjaPP
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{448672D7-7607-4026-A8F2-E4D4B214E704}" = HP Documentation
"{4728FCB1-5155-41CD-AF34-1E92DDE6556D}" = TableNinja
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B29835-EF99-41D2-9104-F159DE62F165}" = Bing Bar Platform
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6A008E45-DFE2-4D8E-9245-2ACF53EEA19B}" = NoteCaddy 2
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.24
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{7861911B-4270-498A-8F7A-FCF0570F4862}" = HP QuickWeb
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BEA3C63-101D-4009-8B73-E9CE4A5F8A9C}" = League of Legends
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88A6A61E-52B3-4B89-BDBE-D7F9A04510D3}" = TableNinja
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5CBB488-6850-4C67-86D5-542A07A7A4DE}" = HP Setup
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF6EB833-D48A-49AC-9394-4C57489FDFF2}" = HP Software Framework
"{B1FE3DA1-15C1-4AEB-85A6-883F8C4AFD42}" = HP ESU for Microsoft Windows 7
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA688606-4B20-4982-995E-EDADC6A6817E}" = League of Legends
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D1F7C704-99F2-11E1-9C74-984BE15F174E}" = Evernote v. 4.5.6
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{FD8234FF-A70D-4632-B146-F41AB37C0B24}" = HP Business Card Reader
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFF186B6-4D02-4D8D-A776-C43E062E01A9}" = Rosetta Stone Ltd Services
"5050poker (Poker)" = 5050 Poker
"5992-1726-3179-3433" = ProPokerTools Odds Oracle 1.6.0
"888poker" = 888poker
"Adobe AIR" = Adobe AIR
"Betfair Poker_is1" = Betfair Poker
"BSW" = BrettspielWelt
"Cake Poker 2.0" = Cake Poker 2.0
"Diablo III" = Diablo III
"Die Gilde 2 - Gold Edition" = Die Gilde 2 - Gold Edition
"Drive Encryption" = Drive Encryption for HP ProtectTools
"EVE" = EVE Online (remove only)
"Fences" = Fences
"FileZilla Client" = FileZilla Client 3.5.1
"Google Chrome" = Google Chrome
"HMA! Pro VPN" = HMA! Pro VPN 2.6.8
"HoldemManager2" = Holdem Manager 2
"hon" = Heroes of Newerth
"ICQToolbar" = ICQ Toolbar
"InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"JDownloader" = JDownloader
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mermaid Poker" = Mermaid Poker
"mIRC" = mIRC
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"ParadisePoker" = ParadisePoker
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"PokerTracker3" = PokerTracker 3 (remove only)
"PostgreSQL 8.4" = PostgreSQL 8.4
"Steam App 104700" = Super Monday Night Combat
"Steam App 10500" = Empire: Total War
"Steam App 17460" = Mass Effect
"Steam App 24980" = Mass Effect 2
"Steam App 32460" = Monkey Island 2: Special Edition
"Steam App 33350" = Anno 1404: Venice
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 3900" = Sid Meier's Civilization IV
"Steam App 42910" = Magicka
"Steam App 4760" = Rome: Total War Gold Edition
"Steam App 48220" = Might & Magic ® Heroes ® VI
"Steam App 48240" = Anno 2070
"Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™
"Steam App 65800" = Dungeon Defenders
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8800" = Sid Meier's Civilization IV: Beyond the Sword
"Steam App 8930" = Sid Meier's Civilization V
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 1.1.7
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.00 (32-Bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Absolute Poker" = Absolute Poker
"Betfred Poker" = Betfred Poker
"CarbonPoker" = CarbonPoker
"CelebPoker" = CelebPoker
"Game Organizer" = EasyBits GO
"Green Joker Poker" = Green Joker Poker
"myBet Poker" = myBet Poker
"Paddy Power Poker" = Paddy Power Poker
"Poker 770" = Poker 770
"Titan Poker" = Titan Poker
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >



Ich habe Malwarebytes Anti-Malware heruntergeladen und auf dem befallenen Rechner gezogen, allerdings noch nicht ausgefuehrt.

Vielen Dank wenn Ihr euch meinem Problem annehmen solltet.

Alt 05.06.2012, 14:29   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall vom Verschluesselungstrojaner - Standard

Befall vom Verschluesselungstrojaner



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 06.06.2012, 03:56   #3
Salik
 
Befall vom Verschluesselungstrojaner - Standard

Befall vom Verschluesselungstrojaner



Hey,

danke. Hier das Ergebnis vom Malware-Scan:


Malwarebytes Anti-Malware (Test) 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.06.05.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
User :: USER-HP [Administrator]

Schutz: Aktiviert

06.06.2012 02:26:59
mbam-log-2012-06-06 (02-26-59).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 655541
Laufzeit: 25 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\5050poker (Poker) (PUP.Casino.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Betfred Poker (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CelebPoker (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Green Joker Poker (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\myBet Poker (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Paddy Power Poker (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Poker 770 (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Titan Poker (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 21
C:\Microgaming\Poker\5050pokerMPP\install.exe (PUP.Casino.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Poker\Betfred Poker\_SetupPoker_d7a3c9[1].exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Poker\CelebPoker\_SetupPoker_e69dd.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Poker\Chilipoker\_SetupCasino_4a50(1).exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Poker\Green Joker Poker\_SetupCasino_a81bab.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Poker\myBet Poker\_SetupCasino_a21255.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Poker\Paddy Power Poker\_SetupPoker.exe_3b5c79.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Poker\Poker 770\_SetupPoker.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Poker\Titan Poker\_TitanPSetup_126130.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Local\Temp\smfplyxsnw.pre (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Local\Temp\Poker 770\SetupPoker.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\Desktop\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\Downloads\5050poker.exe (PUP.Casino.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\Downloads\SetupCasino_4a50(1).exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\Downloads\SetupCasino_4a50.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\Downloads\SetupCasino_a21255.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\Downloads\SetupCasino_a81bab.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\Downloads\SetupPoker.exe_3b5c79.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\Downloads\SetupPoker_e69dd.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\Downloads\TitanPSetup_126130.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

ESET - Scanergebniss

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=78c47951dd15074bbe8d5f7ea3a7fd9e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-06 04:17:38
# local_time=2012-06-06 05:17:38 (+0000, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 91413469 0 0
# compatibility_mode=8192 67108863 100 0 2007 2007 0 0
# scanned=446323
# found=2
# cleaned=0
# scan_time=7839
C:\$Recycle.Bin\S-1-5-21-1234291694-453656751-21271432-1000\$RL0I72K.zip	Win32/Trustezeb.B trojan (unable to clean)	00000000000000000000000000000000	I
C:\$Recycle.Bin\S-1-5-21-1234291694-453656751-21271432-1000\$RRKLUHV.zip	Win32/Trustezeb.B trojan (unable to clean)	00000000000000000000000000000000	I
         
__________________

Alt 06.06.2012, 13:36   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall vom Verschluesselungstrojaner - Standard

Befall vom Verschluesselungstrojaner



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? (abgesehen von der Verschlüsselung)
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.06.2012, 19:11   #5
Salik
 
Befall vom Verschluesselungstrojaner - Standard

Befall vom Verschluesselungstrojaner



Hey,

Danke fuer deine Antowrt.

Nein,das ist das erste mal das ich Malwarebytes in Benutzung hatte.

Zu den beiden anderen Fragen:

1.) Ja, laeuft uneingeschraenkt.
2.) Nein, alle da.


Alt 07.06.2012, 13:24   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall vom Verschluesselungstrojaner - Standard

Befall vom Verschluesselungstrojaner



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Befall vom Verschluesselungstrojaner

Alt 08.06.2012, 16:35   #7
Salik
 
Befall vom Verschluesselungstrojaner - Standard

Befall vom Verschluesselungstrojaner



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.06.2012 12:06:08 - Run 2
OTL by OldTimer - Version 3.2.45.0     Folder = C:\Users\User\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,93 Gb Total Physical Memory | 13,32 Gb Available Physical Memory | 83,62% Memory free
31,86 Gb Paging File | 28,88 Gb Available in Paging File | 90,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 437,97 Gb Total Space | 160,73 Gb Free Space | 36,70% Space Free | Partition Type: NTFS
Drive D: | 959,72 Mb Total Space | 949,20 Mb Free Space | 98,90% Space Free | Partition Type: FAT
Drive F: | 13,69 Gb Total Space | 0,01 Gb Free Space | 0,05% Space Free | Partition Type: FAT32
 
Computer Name: USER-HP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.02 18:27:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012.05.09 09:47:54 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012.04.26 12:38:02 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.03.19 12:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.02.15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011.08.15 16:18:14 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.04.15 14:18:06 | 001,646,056 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
PRC - [2011.03.13 19:28:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\javaw.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.12.06 23:02:12 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010.10.19 13:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.07.16 15:54:06 | 000,634,192 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
PRC - [2010.06.14 13:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
PRC - [2010.05.07 17:21:38 | 000,080,496 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2010.04.16 16:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2010.04.05 18:41:14 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2010.04.05 18:40:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.12.29 23:19:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009.12.16 01:11:14 | 000,281,192 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2009.12.16 01:08:40 | 000,704,512 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
PRC - [2009.12.02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009.12.02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009.11.21 04:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.11.11 22:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009.11.04 22:46:40 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.11.04 22:46:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.09.08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009.09.08 08:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.09 14:49:32 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012.04.26 12:38:02 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.03.16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2012.03.16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.04.04 08:46:43 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV:64bit: - [2011.05.13 14:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010.11.20 14:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2010.07.16 15:54:06 | 000,462,160 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2010.06.14 13:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe -- (HPDayStarterService)
SRV:64bit: - [2010.02.12 03:25:58 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.01.27 22:01:04 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010.01.21 13:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.12.30 08:03:24 | 002,019,120 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009.12.29 23:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009.12.16 22:48:12 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2009.12.16 01:11:14 | 000,281,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV:64bit: - [2009.12.16 01:08:40 | 000,704,512 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe -- (DEBridge)
SRV:64bit: - [2009.08.03 21:32:20 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 02:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\AESTSr64.exe -- (AESTFilters)
SRV - [2012.05.30 22:20:46 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.27 00:23:57 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.26 12:38:02 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.19 12:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011.08.15 16:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.04.15 14:18:06 | 001,646,056 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
SRV - [2010.11.20 13:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.10.19 13:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.08.20 21:08:46 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010.05.07 17:21:38 | 000,080,496 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2010.04.16 16:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2010.04.05 18:40:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.21 13:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\STacSV64.exe -- (STacSV)
SRV - [2009.12.30 07:44:24 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2009.12.02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009.12.02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009.11.04 22:46:40 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.11.04 22:46:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.09.08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009.07.14 02:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 21:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\AESTSr64.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 07:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.09.02 07:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011.05.13 14:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.05.13 14:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011.03.16 01:29:49 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.03.16 01:29:49 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.12 10:42:12 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.20 10:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.08.20 21:08:46 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010.06.04 00:56:06 | 001,803,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.02.12 04:01:36 | 006,180,864 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.01.21 13:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010.01.13 17:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2010.01.07 19:22:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.01.07 19:22:40 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.01.07 19:22:36 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.01.07 19:22:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.01.07 18:37:40 | 000,295,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2009.12.16 01:12:22 | 000,015,688 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\SbFsLock.sys -- (SbFsLock)
DRV:64bit: - [2009.12.16 01:12:20 | 000,058,184 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RsvLock.sys -- (RsvLock)
DRV:64bit: - [2009.12.16 01:12:18 | 000,056,648 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SafeBoot.sys -- (SafeBoot)
DRV:64bit: - [2009.12.11 22:32:06 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009.12.02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009.12.02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009.12.02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009.12.02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009.11.21 04:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.11.21 04:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.10.29 01:54:00 | 000,079,360 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009.10.26 22:52:00 | 000,061,952 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.08.03 21:32:22 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.07.20 23:05:50 | 000,059,008 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rismcx64.sys -- (rismcx64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.07.14 00:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.26 01:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009.06.26 00:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009.06.26 00:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 19:32:52 | 000,060,160 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SbAlg.sys -- (SbAlg)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.29 15:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.12.16 01:12:28 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysWow64\drivers\SbAlg.sys -- (SbAlg)
DRV - [2009.12.16 01:12:16 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\Windows\SysWow64\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2009.12.16 01:12:14 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysWow64\drivers\rsvlock.sys -- (RsvLock)
DRV - [2009.12.16 01:12:10 | 000,110,520 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysWow64\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{8DC519B8-319D-44B3-BF7D-78FBA47609B8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8DC519B8-319D-44B3-BF7D-78FBA47609B8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_deGB422
IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\SearchScopes\{8DC519B8-319D-44B3-BF7D-78FBA47609B8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1234291694-453656751-21271432-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-1234291694-453656751-21271432-1004\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-1234291694-453656751-21271432-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "spiegelonline.de"
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4218
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\Firefox [2010.08.27 06:18:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.08.27 06:18:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010.08.27 06:18:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011.12.08 16:53:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.19 13:56:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.19 13:56:05 | 000,000,000 | ---D | M]
 
[2011.03.13 20:38:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2012.05.09 14:56:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions
[2012.03.28 17:00:56 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.01.15 18:48:23 | 000,001,635 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\firefox-add-ons.xml
[2012.06.08 11:56:50 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-1.xml
[2011.05.15 16:35:54 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-2.xml
[2011.07.28 23:24:07 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-3.xml
[2011.08.18 13:33:57 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-4.xml
[2011.09.03 17:07:14 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-5.xml
[2011.09.18 20:47:57 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-6.xml
[2011.09.27 21:36:08 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-7.xml
[2011.10.07 00:16:08 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-8.xml
[2011.10.13 18:32:04 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-9.xml
[2011.05.03 05:55:57 | 000,001,056 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin.xml
[2011.11.09 15:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.02 01:43:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.01.15 18:51:30 | 000,042,737 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9JQU4F4O.DEFAULT\EXTENSIONS\{AFF87FA2-A58E-4EDD-B852-0A20203C1E17}.XPI
[2012.06.01 00:22:09 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9JQU4F4O.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.04.26 12:38:02 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.03.13 19:28:58 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.15 16:04:43 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.15 16:04:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.15 16:04:43 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.15 16:04:43 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.15 16:04:43 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.15 16:04:43 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Windows\SysNative\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DT HM2] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1234291694-453656751-21271432-1000..\Run: [CPN Notifier] C:\Program Files (x86)\Cake Poker 2.0\PokerNotifier.exe File not found
O4 - HKU\S-1-5-21-1234291694-453656751-21271432-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1234291694-453656751-21271432-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1234291694-453656751-21271432-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\User\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\User\Desktop\PartyPoker.lnk File not found
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08E48B58-C541-493B-B384-742D0A2040F3}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.06 03:14:04 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\dc
[2012.06.06 02:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.06 02:24:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012.06.06 02:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.06 02:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.06 02:24:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.06 02:24:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.02 19:24:54 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.06.02 19:24:53 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\User\Desktop\mbam-setup-1.61.0.1400.exe
[2012.05.31 22:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.05.31 22:26:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\TuneUp Software
[2012.05.31 22:26:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012.05.31 22:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.05.31 22:26:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.05.31 22:26:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.05.31 05:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Gilde 2 - Gold Edition
[2012.05.31 05:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Die Gilde 2 - Gold Edition
[2012.05.30 22:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.05.30 22:19:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microgaming
[2012.05.30 22:17:09 | 000,000,000 | ---D | C] -- C:\Microgaming
[2012.05.30 22:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\MGS
[2012.05.30 22:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\5050 Poker
[2012.05.24 17:41:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\LolClient2
[2012.05.19 13:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.05.19 13:55:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.05.15 20:34:30 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Diablo III
[2012.05.15 00:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012.05.15 00:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012.05.15 00:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.05.15 00:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012.05.15 00:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.05.10 13:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.08 12:05:13 | 000,026,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.08 12:05:13 | 000,026,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.08 12:02:10 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.08 11:50:09 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.08 11:49:55 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.08 11:49:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.07 08:39:47 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUser.job
[2012.06.06 18:07:46 | 1530,976,720 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.06.06 18:07:44 | 4237,852,670 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.06 03:05:19 | 004,260,060 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.06 03:05:19 | 000,735,912 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012.06.06 03:05:19 | 000,733,626 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012.06.06 03:05:19 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012.06.06 03:05:19 | 000,697,526 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.06 03:05:19 | 000,652,804 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.06 03:05:19 | 000,152,200 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012.06.06 03:05:19 | 000,148,576 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012.06.06 03:05:19 | 000,148,532 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.06 03:05:19 | 000,146,072 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012.06.06 03:05:19 | 000,121,478 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.06 02:24:37 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.02 19:28:11 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable
[2012.06.02 18:33:36 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\User\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.02 18:27:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.06.02 18:25:40 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe
[2012.06.01 22:40:16 | 001,691,424 | ---- | M] () -- C:\Users\User\Desktop\manila 048.jpg
[2012.06.01 22:02:54 | 000,267,624 | ---- | M] () -- C:\Users\User\Desktop\jw.jpg
[2012.06.01 11:06:32 | 000,324,793 | ---- | M] () -- C:\Users\User\Desktop\photo_007.JPG
[2012.05.31 05:54:02 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Die Gilde 2 - Gold Edition.lnk
[2012.05.31 00:42:09 | 000,002,336 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.05.30 22:18:41 | 000,001,777 | ---- | M] () -- C:\Users\Public\Desktop\5050 Poker.lnk
[2012.05.30 20:00:24 | 733,218,816 | ---- | M] () -- C:\Users\User\Desktop\the.spirit.molecule.2010.dvdrip.xvid-unveil.avi
[2012.05.30 09:58:28 | 000,092,511 | ---- | M] () -- C:\Users\User\Desktop\the.spirit.molecule.2010.dvdrip.xvid-unveil.srt
[2012.05.29 20:56:29 | 000,003,025 | ---- | M] () -- C:\Users\User\Desktop\TableNinja.lnk
[2012.05.28 16:02:18 | 007,033,254 | ---- | M] () -- C:\Users\User\Desktop\gartendusche.pdf
[2012.05.20 17:18:28 | 001,114,344 | ---- | M] () -- C:\Users\User\Desktop\libelle1.jpg
[2012.05.19 14:21:55 | 013,608,820 | ---- | M] () -- C:\Users\User\Desktop\minimal.mp3
[2012.05.19 13:56:01 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.05.15 00:13:00 | 000,001,185 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.05.13 15:05:55 | 000,293,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.10 16:51:49 | 000,018,519 | ---- | M] () -- C:\Users\User\Desktop\Shares Cashgame 2011.ods
[2012.05.10 16:24:21 | 000,013,466 | ---- | M] () -- C:\Users\User\Desktop\Shares Cashgame 2012.ods
[2 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.06 02:24:37 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.02 19:28:11 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable
[2012.06.02 19:24:54 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe
[2012.06.01 22:38:50 | 001,691,424 | ---- | C] () -- C:\Users\User\Desktop\manila 048.jpg
[2012.06.01 22:02:40 | 000,267,624 | ---- | C] () -- C:\Users\User\Desktop\jw.jpg
[2012.06.01 11:05:43 | 000,324,793 | ---- | C] () -- C:\Users\User\Desktop\photo_007.JPG
[2012.05.31 05:54:02 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Die Gilde 2 - Gold Edition.lnk
[2012.05.30 22:21:10 | 000,002,336 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.05.30 22:17:09 | 000,001,777 | ---- | C] () -- C:\Users\Public\Desktop\5050 Poker.lnk
[2012.05.30 09:58:25 | 733,218,816 | ---- | C] () -- C:\Users\User\Desktop\the.spirit.molecule.2010.dvdrip.xvid-unveil.avi
[2012.05.30 09:58:23 | 000,092,511 | ---- | C] () -- C:\Users\User\Desktop\the.spirit.molecule.2010.dvdrip.xvid-unveil.srt
[2012.05.28 15:56:13 | 007,033,254 | ---- | C] () -- C:\Users\User\Desktop\gartendusche.pdf
[2012.05.27 14:48:59 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForUser.job
[2012.05.20 17:17:28 | 001,114,344 | ---- | C] () -- C:\Users\User\Desktop\libelle1.jpg
[2012.05.19 14:19:35 | 013,608,820 | ---- | C] () -- C:\Users\User\Desktop\minimal.mp3
[2012.05.19 13:56:01 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.05.18 14:10:36 | 014,748,447 | ---- | C] () -- C:\Users\User\Desktop\PokerStars 1.3.1.ipa
[2012.05.15 00:12:34 | 000,001,185 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.05.10 16:51:48 | 000,018,519 | ---- | C] () -- C:\Users\User\Desktop\Shares Cashgame 2011.ods
[2012.05.10 16:24:21 | 000,013,466 | ---- | C] () -- C:\Users\User\Desktop\Shares Cashgame 2012.ods
[2011.11.22 06:39:41 | 000,004,876 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2011.10.11 04:16:05 | 000,000,045 | ---- | C] () -- C:\Users\User\AppData\Local\machpro.dat
[2011.05.20 15:18:36 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{783A11D7-BDAA-4C02-B0A3-4255724E3CD3}
[2011.05.19 09:50:58 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPPassFilter.dll.hpsign
[2011.05.19 09:50:58 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPCrProv.dll.hpsign
[2011.05.07 14:47:47 | 004,183,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.17 00:05:02 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2011.03.13 13:59:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.18 15:07:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.01.09 12:32:43 | 000,255,360 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2011.01.09 12:32:43 | 000,025,984 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2011.01.09 12:32:43 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2011.01.09 12:27:54 | 001,612,392 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2011.01.09 12:27:54 | 001,108,584 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2011.01.09 12:27:54 | 000,256,616 | ---- | C] () -- C:\Windows\SysWow64\nViewSetup.exe
[2010.08.27 06:18:13 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010.08.27 06:10:27 | 000,000,178 | ---- | C] () -- C:\Windows\SysWow64\HPPA.ini
[2010.07.16 15:54:06 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPSCEL.dll.hpsign
[2010.07.16 15:54:06 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPFPApi.dll.hpsign
[2010.07.16 15:54:06 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPClback.dll.hpsign
[2010.07.15 17:01:46 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPFPApiUI.dll.hpsign
 
========== LOP Check ==========
 
[2011.03.13 15:14:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Absolute Poker
[2011.06.14 19:18:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BSW
[2011.02.18 15:00:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DigitalPersona
[2011.10.19 22:06:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileZilla
[2011.07.14 20:59:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\go
[2011.05.28 22:54:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HEM Data
[2012.01.22 05:20:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HoldemManager
[2012.01.12 10:56:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ICQ
[2012.01.11 19:58:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2011.03.17 18:17:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient
[2012.05.24 17:41:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient2
[2012.06.01 03:13:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Microgaming
[2012.01.19 04:35:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Might & Magic Heroes VI
[2011.04.04 08:52:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2011.11.22 06:06:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PacificPoker
[2011.03.21 20:51:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Roaming
[2012.05.14 15:07:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoftGrid Client
[2011.03.13 17:56:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Stardock
[2012.01.19 21:12:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeamViewer
[2012.01.30 07:27:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\The Creative Assembly
[2011.05.07 14:48:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TP
[2012.05.31 22:26:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software
[2011.03.15 01:45:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ubisoft
[2012.04.04 18:23:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WindSolutions
[2012.05.31 21:11:02 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.03.13 15:14:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Absolute Poker
[2011.04.16 01:25:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Adobe
[2011.12.31 00:53:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Apple Computer
[2011.06.14 19:18:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BSW
[2011.02.18 15:00:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DigitalPersona
[2011.06.16 15:14:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\dvdcss
[2011.10.19 22:06:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileZilla
[2011.07.14 20:59:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\go
[2011.03.13 15:03:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Google
[2011.05.28 22:54:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HEM Data
[2011.07.15 21:01:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Hewlett-Packard
[2012.01.22 05:20:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HoldemManager
[2011.10.06 15:39:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\hpqLog
[2012.01.12 10:56:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ICQ
[2011.02.18 15:02:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Identities
[2011.10.27 23:10:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\InstallShield
[2012.01.11 19:58:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2012.01.11 19:57:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Logishrd
[2012.01.11 19:58:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Logitech
[2011.03.17 18:17:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient
[2012.05.24 17:41:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient2
[2011.03.13 13:32:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Macromedia
[2012.06.06 02:24:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012.06.01 03:13:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Microgaming
[2011.10.11 04:15:44 | 000,000,000 | --SD | M] -- C:\Users\User\AppData\Roaming\Microsoft
[2012.01.19 04:35:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Might & Magic Heroes VI
[2011.10.16 04:51:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mIRC
[2011.03.13 20:38:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla
[2011.03.21 16:22:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla-Cache
[2011.04.04 08:52:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2011.11.22 06:06:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PacificPoker
[2011.03.21 20:51:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Roaming
[2012.06.08 12:05:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Skype
[2011.05.29 15:05:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\skypePM
[2012.05.14 15:07:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoftGrid Client
[2011.03.13 17:56:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Stardock
[2012.01.19 21:12:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeamViewer
[2012.01.30 07:27:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\The Creative Assembly
[2011.05.07 14:48:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TP
[2012.05.31 22:26:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software
[2011.03.15 01:45:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ubisoft
[2012.06.02 01:13:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\vlc
[2012.06.02 01:13:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Winamp
[2012.04.04 18:23:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WindSolutions
[2011.03.14 00:52:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.03.13 15:15:39 | 000,151,552 | ---- | M] (ABSOLUTE POKER) -- C:\Users\User\AppData\Roaming\Absolute Poker\DownLoadInst\liveupdate.exe
[2012.04.04 17:18:58 | 008,767,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\User\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2011.08.22 16:30:41 | 003,089,056 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\User\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2012.04.29 22:05:15 | 000,013,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{251A498D-2109-4BD2-AA12-797EE9C348DE}\_2320BA6B4FD0E77DBA50BD.exe
[2012.04.29 22:05:15 | 000,013,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{251A498D-2109-4BD2-AA12-797EE9C348DE}\_27F58524F6C4BEE7845CF2.exe
[2012.01.11 19:58:42 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2012.05.29 20:56:29 | 000,013,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{4728FCB1-5155-41CD-AF34-1E92DDE6556D}\_6D3AC9EA95E45EA1603B4B.exe
[2012.05.29 20:56:29 | 000,013,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{4728FCB1-5155-41CD-AF34-1E92DDE6556D}\_853F67D554F05449430E7E.exe
[2012.05.29 20:56:29 | 000,013,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{4728FCB1-5155-41CD-AF34-1E92DDE6556D}\_B6FC864924B85821C04CB9.exe
[2011.10.20 06:38:11 | 000,134,520 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{6A008E45-DFE2-4D8E-9245-2ACF53EEA19B}\_853F67D554F05449430E7E.exe
[2011.10.20 06:38:11 | 000,134,520 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{6A008E45-DFE2-4D8E-9245-2ACF53EEA19B}\_E08F725C08A3AB3AAD9C0C.exe
[2012.05.13 19:58:26 | 000,013,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{88A6A61E-52B3-4B89-BDBE-D7F9A04510D3}\_91504D44843E411F525CA5.exe
[2012.05.13 19:58:26 | 000,013,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{88A6A61E-52B3-4B89-BDBE-D7F9A04510D3}\_D776FA2A4A7B775E66843F.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.04.05 18:21:50 | 000,331,288 | ---- | M] (Intel Corporation) MD5=592A0B130FF567A1725F96AD1510D551 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2010.04.05 18:21:50 | 000,331,288 | ---- | M] (Intel Corporation) MD5=592A0B130FF567A1725F96AD1510D551 -- C:\swsetup\Drivers\32\HDD\IaStor.sys
[2010.04.05 18:21:50 | 000,331,288 | ---- | M] (Intel Corporation) MD5=592A0B130FF567A1725F96AD1510D551 -- C:\swsetup\INTELMSM\Winall\Driver\IaStor.sys
[2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\swsetup\Drivers\64\HDD\IaStor.sys
[2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\swsetup\INTELMSM\Winall\Driver64\IaStor.sys
[2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_75016077b0145423\iaStor.sys
[2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_f60e9f88cda1872e\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.01.09 12:25:21 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2011.01.09 12:25:21 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.01.09 12:25:21 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.01.09 12:25:20 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.08.27 06:20:52 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.08.27 06:20:52 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker 2.0:MID

< End of report >
         
--- --- ---


Danke!

Alt 08.06.2012, 18:20   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall vom Verschluesselungstrojaner - Standard

Befall vom Verschluesselungstrojaner



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - user.js - File not found
[2012.03.28 17:00:56 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.01.15 18:48:23 | 000,001,635 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\firefox-add-ons.xml
[2012.06.08 11:56:50 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-1.xml
[2011.05.15 16:35:54 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-2.xml
[2011.07.28 23:24:07 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-3.xml
[2011.08.18 13:33:57 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-4.xml
[2011.09.03 17:07:14 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-5.xml
[2011.09.18 20:47:57 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-6.xml
[2011.09.27 21:36:08 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-7.xml
[2011.10.07 00:16:08 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-8.xml
[2011.10.13 18:32:04 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-9.xml
[2011.05.03 05:55:57 | 000,001,056 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin.xml
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1234291694-453656751-21271432-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe File not found
[2011.11.22 06:39:41 | 000,004,876 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker 2.0:MID
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.06.2012, 19:03   #9
Salik
 
Befall vom Verschluesselungstrojaner - Standard

Befall vom Verschluesselungstrojaner



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.06.2012 12:06:08 - Run 2
OTL by OldTimer - Version 3.2.45.0     Folder = C:\Users\User\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,93 Gb Total Physical Memory | 13,32 Gb Available Physical Memory | 83,62% Memory free
31,86 Gb Paging File | 28,88 Gb Available in Paging File | 90,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 437,97 Gb Total Space | 160,73 Gb Free Space | 36,70% Space Free | Partition Type: NTFS
Drive D: | 959,72 Mb Total Space | 949,20 Mb Free Space | 98,90% Space Free | Partition Type: FAT
Drive F: | 13,69 Gb Total Space | 0,01 Gb Free Space | 0,05% Space Free | Partition Type: FAT32
 
Computer Name: USER-HP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.02 18:27:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012.05.09 09:47:54 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012.04.26 12:38:02 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.03.19 12:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.02.15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011.08.15 16:18:14 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.04.15 14:18:06 | 001,646,056 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
PRC - [2011.03.13 19:28:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\javaw.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.12.06 23:02:12 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010.10.19 13:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.07.16 15:54:06 | 000,634,192 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
PRC - [2010.06.14 13:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
PRC - [2010.05.07 17:21:38 | 000,080,496 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2010.04.16 16:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2010.04.05 18:41:14 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2010.04.05 18:40:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.12.29 23:19:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009.12.16 01:11:14 | 000,281,192 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2009.12.16 01:08:40 | 000,704,512 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
PRC - [2009.12.02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009.12.02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009.11.21 04:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.11.11 22:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009.11.04 22:46:40 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.11.04 22:46:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.09.08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009.09.08 08:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.09 14:49:32 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012.04.26 12:38:02 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.03.16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2012.03.16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.04.04 08:46:43 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV:64bit: - [2011.05.13 14:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010.11.20 14:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2010.07.16 15:54:06 | 000,462,160 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2010.06.14 13:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe -- (HPDayStarterService)
SRV:64bit: - [2010.02.12 03:25:58 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.01.27 22:01:04 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010.01.21 13:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.12.30 08:03:24 | 002,019,120 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009.12.29 23:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009.12.16 22:48:12 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2009.12.16 01:11:14 | 000,281,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV:64bit: - [2009.12.16 01:08:40 | 000,704,512 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe -- (DEBridge)
SRV:64bit: - [2009.08.03 21:32:20 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 02:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\AESTSr64.exe -- (AESTFilters)
SRV - [2012.05.30 22:20:46 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.27 00:23:57 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.26 12:38:02 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.19 12:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011.08.15 16:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.04.15 14:18:06 | 001,646,056 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
SRV - [2010.11.20 13:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.10.19 13:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.08.20 21:08:46 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010.05.07 17:21:38 | 000,080,496 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2010.04.16 16:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2010.04.05 18:40:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.21 13:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\STacSV64.exe -- (STacSV)
SRV - [2009.12.30 07:44:24 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2009.12.02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009.12.02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009.11.04 22:46:40 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.11.04 22:46:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.09.08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009.07.14 02:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 21:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\AESTSr64.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 07:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.09.02 07:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011.05.13 14:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.05.13 14:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011.03.16 01:29:49 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.03.16 01:29:49 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.12 10:42:12 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.20 10:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.08.20 21:08:46 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010.06.04 00:56:06 | 001,803,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.02.12 04:01:36 | 006,180,864 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.01.21 13:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010.01.13 17:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2010.01.07 19:22:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.01.07 19:22:40 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.01.07 19:22:36 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.01.07 19:22:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.01.07 18:37:40 | 000,295,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2009.12.16 01:12:22 | 000,015,688 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\SbFsLock.sys -- (SbFsLock)
DRV:64bit: - [2009.12.16 01:12:20 | 000,058,184 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RsvLock.sys -- (RsvLock)
DRV:64bit: - [2009.12.16 01:12:18 | 000,056,648 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SafeBoot.sys -- (SafeBoot)
DRV:64bit: - [2009.12.11 22:32:06 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009.12.02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009.12.02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009.12.02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009.12.02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009.11.21 04:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.11.21 04:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.10.29 01:54:00 | 000,079,360 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009.10.26 22:52:00 | 000,061,952 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.08.03 21:32:22 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.07.20 23:05:50 | 000,059,008 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rismcx64.sys -- (rismcx64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.07.14 00:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.26 01:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009.06.26 00:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009.06.26 00:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 19:32:52 | 000,060,160 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SbAlg.sys -- (SbAlg)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.29 15:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.12.16 01:12:28 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysWow64\drivers\SbAlg.sys -- (SbAlg)
DRV - [2009.12.16 01:12:16 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\Windows\SysWow64\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2009.12.16 01:12:14 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysWow64\drivers\rsvlock.sys -- (RsvLock)
DRV - [2009.12.16 01:12:10 | 000,110,520 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysWow64\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{8DC519B8-319D-44B3-BF7D-78FBA47609B8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8DC519B8-319D-44B3-BF7D-78FBA47609B8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_deGB422
IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\SearchScopes\{8DC519B8-319D-44B3-BF7D-78FBA47609B8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1234291694-453656751-21271432-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-1234291694-453656751-21271432-1004\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-1234291694-453656751-21271432-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "spiegelonline.de"
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4218
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\Firefox [2010.08.27 06:18:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.08.27 06:18:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010.08.27 06:18:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011.12.08 16:53:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.19 13:56:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.19 13:56:05 | 000,000,000 | ---D | M]
 
[2011.03.13 20:38:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2012.05.09 14:56:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions
[2012.03.28 17:00:56 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.01.15 18:48:23 | 000,001,635 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\firefox-add-ons.xml
[2012.06.08 11:56:50 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-1.xml
[2011.05.15 16:35:54 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-2.xml
[2011.07.28 23:24:07 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-3.xml
[2011.08.18 13:33:57 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-4.xml
[2011.09.03 17:07:14 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-5.xml
[2011.09.18 20:47:57 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-6.xml
[2011.09.27 21:36:08 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-7.xml
[2011.10.07 00:16:08 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-8.xml
[2011.10.13 18:32:04 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-9.xml
[2011.05.03 05:55:57 | 000,001,056 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin.xml
[2011.11.09 15:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.02 01:43:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.01.15 18:51:30 | 000,042,737 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9JQU4F4O.DEFAULT\EXTENSIONS\{AFF87FA2-A58E-4EDD-B852-0A20203C1E17}.XPI
[2012.06.01 00:22:09 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9JQU4F4O.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.04.26 12:38:02 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.03.13 19:28:58 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.15 16:04:43 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.15 16:04:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.15 16:04:43 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.15 16:04:43 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.15 16:04:43 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.15 16:04:43 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Windows\SysNative\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DT HM2] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1234291694-453656751-21271432-1000..\Run: [CPN Notifier] C:\Program Files (x86)\Cake Poker 2.0\PokerNotifier.exe File not found
O4 - HKU\S-1-5-21-1234291694-453656751-21271432-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1234291694-453656751-21271432-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1234291694-453656751-21271432-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\User\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\User\Desktop\PartyPoker.lnk File not found
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08E48B58-C541-493B-B384-742D0A2040F3}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.06 03:14:04 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\dc
[2012.06.06 02:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.06 02:24:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012.06.06 02:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.06 02:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.06 02:24:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.06 02:24:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.02 19:24:54 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.06.02 19:24:53 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\User\Desktop\mbam-setup-1.61.0.1400.exe
[2012.05.31 22:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.05.31 22:26:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\TuneUp Software
[2012.05.31 22:26:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012.05.31 22:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.05.31 22:26:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.05.31 22:26:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.05.31 05:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Gilde 2 - Gold Edition
[2012.05.31 05:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Die Gilde 2 - Gold Edition
[2012.05.30 22:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.05.30 22:19:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microgaming
[2012.05.30 22:17:09 | 000,000,000 | ---D | C] -- C:\Microgaming
[2012.05.30 22:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\MGS
[2012.05.30 22:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\5050 Poker
[2012.05.24 17:41:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\LolClient2
[2012.05.19 13:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.05.19 13:55:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.05.15 20:34:30 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Diablo III
[2012.05.15 00:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012.05.15 00:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012.05.15 00:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.05.15 00:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012.05.15 00:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.05.10 13:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.08 12:05:13 | 000,026,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.08 12:05:13 | 000,026,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.08 12:02:10 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.08 11:50:09 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.08 11:49:55 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.08 11:49:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.07 08:39:47 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUser.job
[2012.06.06 18:07:46 | 1530,976,720 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.06.06 18:07:44 | 4237,852,670 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.06 03:05:19 | 004,260,060 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.06 03:05:19 | 000,735,912 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012.06.06 03:05:19 | 000,733,626 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012.06.06 03:05:19 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012.06.06 03:05:19 | 000,697,526 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.06 03:05:19 | 000,652,804 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.06 03:05:19 | 000,152,200 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012.06.06 03:05:19 | 000,148,576 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012.06.06 03:05:19 | 000,148,532 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.06 03:05:19 | 000,146,072 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012.06.06 03:05:19 | 000,121,478 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.06 02:24:37 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.02 19:28:11 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable
[2012.06.02 18:33:36 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\User\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.02 18:27:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.06.02 18:25:40 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe
[2012.06.01 22:40:16 | 001,691,424 | ---- | M] () -- C:\Users\User\Desktop\manila 048.jpg
[2012.06.01 22:02:54 | 000,267,624 | ---- | M] () -- C:\Users\User\Desktop\jw.jpg
[2012.06.01 11:06:32 | 000,324,793 | ---- | M] () -- C:\Users\User\Desktop\photo_007.JPG
[2012.05.31 05:54:02 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Die Gilde 2 - Gold Edition.lnk
[2012.05.31 00:42:09 | 000,002,336 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.05.30 22:18:41 | 000,001,777 | ---- | M] () -- C:\Users\Public\Desktop\5050 Poker.lnk
[2012.05.30 20:00:24 | 733,218,816 | ---- | M] () -- C:\Users\User\Desktop\the.spirit.molecule.2010.dvdrip.xvid-unveil.avi
[2012.05.30 09:58:28 | 000,092,511 | ---- | M] () -- C:\Users\User\Desktop\the.spirit.molecule.2010.dvdrip.xvid-unveil.srt
[2012.05.29 20:56:29 | 000,003,025 | ---- | M] () -- C:\Users\User\Desktop\TableNinja.lnk
[2012.05.28 16:02:18 | 007,033,254 | ---- | M] () -- C:\Users\User\Desktop\gartendusche.pdf
[2012.05.20 17:18:28 | 001,114,344 | ---- | M] () -- C:\Users\User\Desktop\libelle1.jpg
[2012.05.19 14:21:55 | 013,608,820 | ---- | M] () -- C:\Users\User\Desktop\minimal.mp3
[2012.05.19 13:56:01 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.05.15 00:13:00 | 000,001,185 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.05.13 15:05:55 | 000,293,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.10 16:51:49 | 000,018,519 | ---- | M] () -- C:\Users\User\Desktop\Shares Cashgame 2011.ods
[2012.05.10 16:24:21 | 000,013,466 | ---- | M] () -- C:\Users\User\Desktop\Shares Cashgame 2012.ods
[2 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.06 02:24:37 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.02 19:28:11 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable
[2012.06.02 19:24:54 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe
[2012.06.01 22:38:50 | 001,691,424 | ---- | C] () -- C:\Users\User\Desktop\manila 048.jpg
[2012.06.01 22:02:40 | 000,267,624 | ---- | C] () -- C:\Users\User\Desktop\jw.jpg
[2012.06.01 11:05:43 | 000,324,793 | ---- | C] () -- C:\Users\User\Desktop\photo_007.JPG
[2012.05.31 05:54:02 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Die Gilde 2 - Gold Edition.lnk
[2012.05.30 22:21:10 | 000,002,336 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.05.30 22:17:09 | 000,001,777 | ---- | C] () -- C:\Users\Public\Desktop\5050 Poker.lnk
[2012.05.30 09:58:25 | 733,218,816 | ---- | C] () -- C:\Users\User\Desktop\the.spirit.molecule.2010.dvdrip.xvid-unveil.avi
[2012.05.30 09:58:23 | 000,092,511 | ---- | C] () -- C:\Users\User\Desktop\the.spirit.molecule.2010.dvdrip.xvid-unveil.srt
[2012.05.28 15:56:13 | 007,033,254 | ---- | C] () -- C:\Users\User\Desktop\gartendusche.pdf
[2012.05.27 14:48:59 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForUser.job
[2012.05.20 17:17:28 | 001,114,344 | ---- | C] () -- C:\Users\User\Desktop\libelle1.jpg
[2012.05.19 14:19:35 | 013,608,820 | ---- | C] () -- C:\Users\User\Desktop\minimal.mp3
[2012.05.19 13:56:01 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.05.18 14:10:36 | 014,748,447 | ---- | C] () -- C:\Users\User\Desktop\PokerStars 1.3.1.ipa
[2012.05.15 00:12:34 | 000,001,185 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.05.10 16:51:48 | 000,018,519 | ---- | C] () -- C:\Users\User\Desktop\Shares Cashgame 2011.ods
[2012.05.10 16:24:21 | 000,013,466 | ---- | C] () -- C:\Users\User\Desktop\Shares Cashgame 2012.ods
[2011.11.22 06:39:41 | 000,004,876 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2011.10.11 04:16:05 | 000,000,045 | ---- | C] () -- C:\Users\User\AppData\Local\machpro.dat
[2011.05.20 15:18:36 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{783A11D7-BDAA-4C02-B0A3-4255724E3CD3}
[2011.05.19 09:50:58 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPPassFilter.dll.hpsign
[2011.05.19 09:50:58 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPCrProv.dll.hpsign
[2011.05.07 14:47:47 | 004,183,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.17 00:05:02 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2011.03.13 13:59:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.18 15:07:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.01.09 12:32:43 | 000,255,360 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2011.01.09 12:32:43 | 000,025,984 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2011.01.09 12:32:43 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2011.01.09 12:27:54 | 001,612,392 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2011.01.09 12:27:54 | 001,108,584 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2011.01.09 12:27:54 | 000,256,616 | ---- | C] () -- C:\Windows\SysWow64\nViewSetup.exe
[2010.08.27 06:18:13 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010.08.27 06:10:27 | 000,000,178 | ---- | C] () -- C:\Windows\SysWow64\HPPA.ini
[2010.07.16 15:54:06 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPSCEL.dll.hpsign
[2010.07.16 15:54:06 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPFPApi.dll.hpsign
[2010.07.16 15:54:06 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPClback.dll.hpsign
[2010.07.15 17:01:46 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPFPApiUI.dll.hpsign
 
========== LOP Check ==========
 
[2011.03.13 15:14:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Absolute Poker
[2011.06.14 19:18:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BSW
[2011.02.18 15:00:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DigitalPersona
[2011.10.19 22:06:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileZilla
[2011.07.14 20:59:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\go
[2011.05.28 22:54:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HEM Data
[2012.01.22 05:20:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HoldemManager
[2012.01.12 10:56:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ICQ
[2012.01.11 19:58:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2011.03.17 18:17:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient
[2012.05.24 17:41:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient2
[2012.06.01 03:13:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Microgaming
[2012.01.19 04:35:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Might & Magic Heroes VI
[2011.04.04 08:52:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2011.11.22 06:06:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PacificPoker
[2011.03.21 20:51:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Roaming
[2012.05.14 15:07:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoftGrid Client
[2011.03.13 17:56:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Stardock
[2012.01.19 21:12:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeamViewer
[2012.01.30 07:27:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\The Creative Assembly
[2011.05.07 14:48:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TP
[2012.05.31 22:26:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software
[2011.03.15 01:45:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ubisoft
[2012.04.04 18:23:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WindSolutions
[2012.05.31 21:11:02 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.03.13 15:14:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Absolute Poker
[2011.04.16 01:25:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Adobe
[2011.12.31 00:53:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Apple Computer
[2011.06.14 19:18:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BSW
[2011.02.18 15:00:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DigitalPersona
[2011.06.16 15:14:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\dvdcss
[2011.10.19 22:06:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileZilla
[2011.07.14 20:59:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\go
[2011.03.13 15:03:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Google
[2011.05.28 22:54:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HEM Data
[2011.07.15 21:01:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Hewlett-Packard
[2012.01.22 05:20:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HoldemManager
[2011.10.06 15:39:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\hpqLog
[2012.01.12 10:56:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ICQ
[2011.02.18 15:02:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Identities
[2011.10.27 23:10:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\InstallShield
[2012.01.11 19:58:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2012.01.11 19:57:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Logishrd
[2012.01.11 19:58:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Logitech
[2011.03.17 18:17:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient
[2012.05.24 17:41:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient2
[2011.03.13 13:32:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Macromedia
[2012.06.06 02:24:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012.06.01 03:13:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Microgaming
[2011.10.11 04:15:44 | 000,000,000 | --SD | M] -- C:\Users\User\AppData\Roaming\Microsoft
[2012.01.19 04:35:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Might & Magic Heroes VI
[2011.10.16 04:51:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mIRC
[2011.03.13 20:38:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla
[2011.03.21 16:22:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla-Cache
[2011.04.04 08:52:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2011.11.22 06:06:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PacificPoker
[2011.03.21 20:51:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Roaming
[2012.06.08 12:05:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Skype
[2011.05.29 15:05:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\skypePM
[2012.05.14 15:07:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoftGrid Client
[2011.03.13 17:56:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Stardock
[2012.01.19 21:12:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeamViewer
[2012.01.30 07:27:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\The Creative Assembly
[2011.05.07 14:48:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TP
[2012.05.31 22:26:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software
[2011.03.15 01:45:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ubisoft
[2012.06.02 01:13:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\vlc
[2012.06.02 01:13:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Winamp
[2012.04.04 18:23:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WindSolutions
[2011.03.14 00:52:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.03.13 15:15:39 | 000,151,552 | ---- | M] (ABSOLUTE POKER) -- C:\Users\User\AppData\Roaming\Absolute Poker\DownLoadInst\liveupdate.exe
[2012.04.04 17:18:58 | 008,767,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\User\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2011.08.22 16:30:41 | 003,089,056 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\User\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2012.04.29 22:05:15 | 000,013,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{251A498D-2109-4BD2-AA12-797EE9C348DE}\_2320BA6B4FD0E77DBA50BD.exe
[2012.04.29 22:05:15 | 000,013,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{251A498D-2109-4BD2-AA12-797EE9C348DE}\_27F58524F6C4BEE7845CF2.exe
[2012.01.11 19:58:42 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2012.05.29 20:56:29 | 000,013,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{4728FCB1-5155-41CD-AF34-1E92DDE6556D}\_6D3AC9EA95E45EA1603B4B.exe
[2012.05.29 20:56:29 | 000,013,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{4728FCB1-5155-41CD-AF34-1E92DDE6556D}\_853F67D554F05449430E7E.exe
[2012.05.29 20:56:29 | 000,013,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{4728FCB1-5155-41CD-AF34-1E92DDE6556D}\_B6FC864924B85821C04CB9.exe
[2011.10.20 06:38:11 | 000,134,520 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{6A008E45-DFE2-4D8E-9245-2ACF53EEA19B}\_853F67D554F05449430E7E.exe
[2011.10.20 06:38:11 | 000,134,520 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{6A008E45-DFE2-4D8E-9245-2ACF53EEA19B}\_E08F725C08A3AB3AAD9C0C.exe
[2012.05.13 19:58:26 | 000,013,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{88A6A61E-52B3-4B89-BDBE-D7F9A04510D3}\_91504D44843E411F525CA5.exe
[2012.05.13 19:58:26 | 000,013,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{88A6A61E-52B3-4B89-BDBE-D7F9A04510D3}\_D776FA2A4A7B775E66843F.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.04.05 18:21:50 | 000,331,288 | ---- | M] (Intel Corporation) MD5=592A0B130FF567A1725F96AD1510D551 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2010.04.05 18:21:50 | 000,331,288 | ---- | M] (Intel Corporation) MD5=592A0B130FF567A1725F96AD1510D551 -- C:\swsetup\Drivers\32\HDD\IaStor.sys
[2010.04.05 18:21:50 | 000,331,288 | ---- | M] (Intel Corporation) MD5=592A0B130FF567A1725F96AD1510D551 -- C:\swsetup\INTELMSM\Winall\Driver\IaStor.sys
[2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\swsetup\Drivers\64\HDD\IaStor.sys
[2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\swsetup\INTELMSM\Winall\Driver64\IaStor.sys
[2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_75016077b0145423\iaStor.sys
[2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_f60e9f88cda1872e\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.01.09 12:25:21 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2011.01.09 12:25:21 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.01.09 12:25:21 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.01.09 12:25:20 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.08.27 06:20:52 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.08.27 06:20:52 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker 2.0:MID

< End of report >
         
--- --- ---

[/code]

Danke!

Alt 08.06.2012, 19:21   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall vom Verschluesselungstrojaner - Standard

Befall vom Verschluesselungstrojaner





Das ist aber jetzt ein OTL-log und nicht das Log vom Fix
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.06.2012, 19:34   #11
Salik
 
Befall vom Verschluesselungstrojaner - Standard

Befall vom Verschluesselungstrojaner



Ja, ganz komisch, ich wunder mich auch schon grade ueber den Doppelpost, kann mich garnicht daran erinnern. War ich wohl Gedankenversunken.

Anyway, hier der Log vom Fix:

Code:
ATTFilter
All processes killed
========== OTL ==========
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" removed from keyword.URL
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\firefox-add-ons.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1234291694-453656751-21271432-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}\ not found.
C:\ProgramData\bltofzsb.qlf moved successfully.
ADS C:\Program Files (x86)\Cake Poker 2.0:MID deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Public
 
User: User
->Temp folder emptied: 744071148 bytes
->Temporary Internet Files folder emptied: 68191859 bytes
->Java cache emptied: 792158 bytes
->FireFox cache emptied: 85742719 bytes
->Google Chrome cache emptied: 6437323 bytes
->Flash cache emptied: 11938727 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 948576 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 154278 bytes
RecycleBin emptied: 18845889 bytes
 
Total Files Cleaned = 894,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: postgres
 
User: Public
 
User: User
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.45.0 log created on 06082012_182249

Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         
Hab hierbei allerdings nicht das Haekchen bei "Scannen aller Benutzer" gesetzt

Alt 08.06.2012, 19:53   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall vom Verschluesselungstrojaner - Standard

Befall vom Verschluesselungstrojaner



Der Haken ist nur beim Log-Erstellen relevant, nicht beim Fixen

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.06.2012, 19:58   #13
Salik
 
Befall vom Verschluesselungstrojaner - Standard

Befall vom Verschluesselungstrojaner



Ja, ganz komisch, ich wunder mich auch schon grade ueber den Doppelpost, kann mich garnicht daran erinnern. War ich wohl Gedankenversunken.

Anyway, hier der Log vom Fix:

Code:
ATTFilter
All processes killed
========== OTL ==========
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" removed from keyword.URL
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\firefox-add-ons.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1234291694-453656751-21271432-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}\ not found.
C:\ProgramData\bltofzsb.qlf moved successfully.
ADS C:\Program Files (x86)\Cake Poker 2.0:MID deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Public
 
User: User
->Temp folder emptied: 744071148 bytes
->Temporary Internet Files folder emptied: 68191859 bytes
->Java cache emptied: 792158 bytes
->FireFox cache emptied: 85742719 bytes
->Google Chrome cache emptied: 6437323 bytes
->Flash cache emptied: 11938727 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 948576 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 154278 bytes
RecycleBin emptied: 18845889 bytes
 
Total Files Cleaned = 894,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: postgres
 
User: Public
 
User: User
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.45.0 log created on 06082012_182249

Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         
Hab hierbei allerdings nicht das Haekchen bei "Scannen aller Benutzer" gesetzt.

Darum hab ichs einfach nochmal mit Haekchen gemacht:

Code:
ATTFilter
All processes killed
========== OTL ==========
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" removed from keyword.URL
Folder C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
File C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\firefox-add-ons.xml not found.
File C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-1.xml not found.
File C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-2.xml not found.
File C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-3.xml not found.
File C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-4.xml not found.
File C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-5.xml not found.
File C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-6.xml not found.
File C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-7.xml not found.
File C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-8.xml not found.
File C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-9.xml not found.
File C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin.xml not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-21-1234291694-453656751-21271432-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}\ not found.
File C:\ProgramData\bltofzsb.qlf not found.
Unable to delete ADS C:\Program Files (x86)\Cake Poker 2.0:MID .
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: User
->Temp folder emptied: 1075 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6510944 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32768 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 6,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: postgres
 
User: Public
 
User: User
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.45.0 log created on 06082012_183505

Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Alt 08.06.2012, 20:09   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall vom Verschluesselungstrojaner - Standard

Befall vom Verschluesselungstrojaner



Na,, der Haken ist beim Fixen egal weil es nur skriptabhängig ist

Aber ist net schlimm

Nur wunder ich mich was das jetzt nochmal soll, du solltest doch den TDSS Dingsbums machen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.06.2012, 23:37   #15
Salik
 
Befall vom Verschluesselungstrojaner - Standard

Befall vom Verschluesselungstrojaner





Ok hier der TDSS Report:

Code:
ATTFilter
22:32:07.0808 7076	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
22:32:08.0089 7076	============================================================
22:32:08.0089 7076	Current date / time: 2012/06/08 22:32:08.0089
22:32:08.0089 7076	SystemInfo:
22:32:08.0089 7076	
22:32:08.0089 7076	OS Version: 6.1.7601 ServicePack: 1.0
22:32:08.0089 7076	Product type: Workstation
22:32:08.0089 7076	ComputerName: USER-HP
22:32:08.0089 7076	UserName: User
22:32:08.0089 7076	Windows directory: C:\Windows
22:32:08.0089 7076	System windows directory: C:\Windows
22:32:08.0089 7076	Running under WOW64
22:32:08.0089 7076	Processor architecture: Intel x64
22:32:08.0089 7076	Number of processors: 8
22:32:08.0089 7076	Page size: 0x1000
22:32:08.0089 7076	Boot type: Normal boot
22:32:08.0089 7076	============================================================
22:32:08.0385 7076	Drive \Device\Harddisk0\DR0 - Size: 0x773C256000 (476.94 Gb), SectorSize: 0x200, Cylinders: 0xF334, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:32:08.0385 7076	Drive \Device\Harddisk1\DR1 - Size: 0x3C000000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:32:08.0385 7076	============================================================
22:32:08.0385 7076	\Device\Harddisk0\DR0:
22:32:08.0385 7076	MBR partitions:
22:32:08.0385 7076	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x98767
22:32:08.0385 7076	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x98F67, BlocksNum 0x36BEF515
22:32:08.0385 7076	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x36C8847C, BlocksNum 0x31EA43A
22:32:08.0385 7076	\Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x39E728B6, BlocksNum 0x1B6E9FA
22:32:08.0385 7076	\Device\Harddisk1\DR1:
22:32:08.0385 7076	MBR partitions:
22:32:08.0385 7076	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1DFFE0
22:32:08.0385 7076	============================================================
22:32:08.0401 7076	C: <-> \Device\Harddisk0\DR0\Partition1
22:32:08.0401 7076	F: <-> \Device\Harddisk0\DR0\Partition3
22:32:08.0401 7076	============================================================
22:32:08.0401 7076	Initialize success
22:32:08.0401 7076	============================================================
22:33:18.0019 3276	============================================================
22:33:18.0019 3276	Scan started
22:33:18.0019 3276	Mode: Manual; SigCheck; TDLFS; 
22:33:18.0019 3276	============================================================
22:33:18.0222 3276	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:33:18.0300 3276	1394ohci - ok
22:33:18.0300 3276	Accelerometer   (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
22:33:18.0331 3276	Accelerometer - ok
22:33:18.0362 3276	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:33:18.0362 3276	ACPI - ok
22:33:18.0378 3276	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:33:18.0393 3276	AcpiPmi - ok
22:33:18.0409 3276	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:33:18.0424 3276	AdobeARMservice - ok
22:33:18.0471 3276	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:33:18.0502 3276	AdobeFlashPlayerUpdateSvc - ok
22:33:18.0534 3276	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:33:18.0549 3276	adp94xx - ok
22:33:18.0565 3276	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:33:18.0580 3276	adpahci - ok
22:33:18.0596 3276	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:33:18.0612 3276	adpu320 - ok
22:33:18.0612 3276	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:33:18.0705 3276	AeLookupSvc - ok
22:33:18.0736 3276	AESTFilters     (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\AESTSr64.exe
22:33:18.0752 3276	AESTFilters - ok
22:33:18.0783 3276	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:33:18.0799 3276	AFD - ok
22:33:18.0799 3276	AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
22:33:18.0814 3276	AgereModemAudio - ok
22:33:18.0908 3276	AgereSoftModem  (c98356d813b581e9c425b42a5d146ce0) C:\Windows\system32\DRIVERS\agrsm64.sys
22:33:18.0955 3276	AgereSoftModem - ok
22:33:18.0955 3276	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:33:18.0970 3276	agp440 - ok
22:33:18.0970 3276	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:33:18.0986 3276	ALG - ok
22:33:19.0002 3276	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:33:19.0002 3276	aliide - ok
22:33:19.0017 3276	AMD External Events Utility (af932d0e9ace1522ee4cda050c14dcad) C:\Windows\system32\atiesrxx.exe
22:33:19.0033 3276	AMD External Events Utility - ok
22:33:19.0033 3276	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:33:19.0048 3276	amdide - ok
22:33:19.0048 3276	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:33:19.0064 3276	AmdK8 - ok
22:33:19.0080 3276	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:33:19.0080 3276	AmdPPM - ok
22:33:19.0095 3276	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:33:19.0111 3276	amdsata - ok
22:33:19.0126 3276	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:33:19.0126 3276	amdsbs - ok
22:33:19.0142 3276	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:33:19.0142 3276	amdxata - ok
22:33:19.0158 3276	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:33:19.0236 3276	AppID - ok
22:33:19.0251 3276	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:33:19.0267 3276	AppIDSvc - ok
22:33:19.0282 3276	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:33:19.0298 3276	Appinfo - ok
22:33:19.0314 3276	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:33:19.0329 3276	Apple Mobile Device - ok
22:33:19.0329 3276	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
22:33:19.0345 3276	AppMgmt - ok
22:33:19.0360 3276	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:33:19.0360 3276	arc - ok
22:33:19.0376 3276	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:33:19.0392 3276	arcsas - ok
22:33:19.0407 3276	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:33:19.0423 3276	aspnet_state - ok
22:33:19.0423 3276	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:33:19.0454 3276	AsyncMac - ok
22:33:19.0454 3276	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:33:19.0470 3276	atapi - ok
22:33:19.0906 3276	atikmdag        (c7f3af81f7fba52d89754da28c0fea12) C:\Windows\system32\DRIVERS\atikmdag.sys
22:33:20.0016 3276	atikmdag - ok
22:33:20.0062 3276	atksgt          (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
22:33:20.0094 3276	atksgt - ok
22:33:20.0140 3276	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:33:20.0187 3276	AudioEndpointBuilder - ok
22:33:20.0187 3276	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:33:20.0218 3276	AudioSrv - ok
22:33:20.0234 3276	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:33:20.0265 3276	AxInstSV - ok
22:33:20.0296 3276	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:33:20.0312 3276	b06bdrv - ok
22:33:20.0343 3276	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:33:20.0343 3276	b57nd60a - ok
22:33:20.0359 3276	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:33:20.0374 3276	BDESVC - ok
22:33:20.0374 3276	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:33:20.0406 3276	Beep - ok
22:33:20.0452 3276	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:33:20.0499 3276	BFE - ok
22:33:20.0562 3276	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
22:33:20.0608 3276	BITS - ok
22:33:20.0624 3276	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:33:20.0640 3276	blbdrive - ok
22:33:20.0671 3276	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:33:20.0671 3276	Bonjour Service - ok
22:33:20.0686 3276	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:33:20.0702 3276	bowser - ok
22:33:20.0702 3276	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:33:20.0733 3276	BrFiltLo - ok
22:33:20.0733 3276	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:33:20.0749 3276	BrFiltUp - ok
22:33:20.0764 3276	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:33:20.0780 3276	Browser - ok
22:33:20.0811 3276	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:33:20.0842 3276	Brserid - ok
22:33:20.0842 3276	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:33:20.0874 3276	BrSerWdm - ok
22:33:20.0874 3276	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:33:20.0889 3276	BrUsbMdm - ok
22:33:20.0889 3276	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:33:20.0905 3276	BrUsbSer - ok
22:33:20.0905 3276	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
22:33:20.0920 3276	BthEnum - ok
22:33:20.0936 3276	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:33:20.0952 3276	BTHMODEM - ok
22:33:20.0952 3276	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
22:33:20.0967 3276	BthPan - ok
22:33:20.0998 3276	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
22:33:21.0030 3276	BTHPORT - ok
22:33:21.0045 3276	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:33:21.0061 3276	bthserv - ok
22:33:21.0076 3276	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
22:33:21.0092 3276	BTHUSB - ok
22:33:21.0092 3276	btwaudio        (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
22:33:21.0108 3276	btwaudio - ok
22:33:21.0108 3276	btwavdt         (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys
22:33:21.0123 3276	btwavdt - ok
22:33:21.0170 3276	btwdins         (10ffb5fa51d5713d872b41a59dfc2213) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
22:33:21.0186 3276	btwdins - ok
22:33:21.0201 3276	btwl2cap        (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
22:33:21.0201 3276	btwl2cap - ok
22:33:21.0201 3276	btwrchid        (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
22:33:21.0217 3276	btwrchid - ok
22:33:21.0217 3276	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:33:21.0248 3276	cdfs - ok
22:33:21.0248 3276	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
22:33:21.0264 3276	cdrom - ok
22:33:21.0279 3276	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:33:21.0295 3276	CertPropSvc - ok
22:33:21.0310 3276	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:33:21.0310 3276	circlass - ok
22:33:21.0342 3276	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:33:21.0357 3276	CLFS - ok
22:33:21.0373 3276	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:33:21.0388 3276	clr_optimization_v2.0.50727_32 - ok
22:33:21.0388 3276	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:33:21.0404 3276	clr_optimization_v2.0.50727_64 - ok
22:33:21.0435 3276	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:33:21.0435 3276	clr_optimization_v4.0.30319_32 - ok
22:33:21.0451 3276	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:33:21.0466 3276	clr_optimization_v4.0.30319_64 - ok
22:33:21.0466 3276	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:33:21.0482 3276	CmBatt - ok
22:33:21.0482 3276	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:33:21.0498 3276	cmdide - ok
22:33:21.0529 3276	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:33:21.0576 3276	CNG - ok
22:33:21.0591 3276	Com4QLBEx       (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
22:33:21.0607 3276	Com4QLBEx - ok
22:33:21.0607 3276	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:33:21.0622 3276	Compbatt - ok
22:33:21.0622 3276	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:33:21.0638 3276	CompositeBus - ok
22:33:21.0638 3276	COMSysApp - ok
22:33:21.0638 3276	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:33:21.0654 3276	crcdisk - ok
22:33:21.0669 3276	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
22:33:21.0700 3276	CryptSvc - ok
22:33:21.0732 3276	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
22:33:21.0747 3276	CSC - ok
22:33:21.0794 3276	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
22:33:21.0810 3276	CscService - ok
22:33:21.0888 3276	cvhsvc          (61a86809b62769643892bc0812b204aa) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:33:21.0903 3276	cvhsvc - ok
22:33:21.0981 3276	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:33:22.0044 3276	DcomLaunch - ok
22:33:22.0075 3276	DEBridge        (0fd1090009949c58c86b40dd705d0f5d) c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
22:33:22.0090 3276	DEBridge ( UnsignedFile.Multi.Generic ) - warning
22:33:22.0090 3276	DEBridge - detected UnsignedFile.Multi.Generic (1)
22:33:22.0122 3276	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:33:22.0137 3276	defragsvc - ok
22:33:22.0153 3276	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:33:22.0184 3276	DfsC - ok
22:33:22.0200 3276	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:33:22.0231 3276	Dhcp - ok
22:33:22.0246 3276	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:33:22.0262 3276	discache - ok
22:33:22.0278 3276	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:33:22.0293 3276	Disk - ok
22:33:22.0293 3276	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:33:22.0309 3276	Dnscache - ok
22:33:22.0340 3276	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:33:22.0356 3276	dot3svc - ok
22:33:22.0402 3276	DpHost          (e0e65ed0985a28fb18128d6099e985c4) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
22:33:22.0418 3276	DpHost - ok
22:33:22.0434 3276	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:33:22.0465 3276	DPS - ok
22:33:22.0465 3276	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:33:22.0480 3276	drmkaud - ok
22:33:22.0496 3276	DTSRVC          (3ae67690c73eada053231ae8142fa6be) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
22:33:22.0512 3276	DTSRVC - ok
22:33:22.0574 3276	DXGKrnl         (209f1a92cb507b2c2eb9e28a1416590e) C:\Windows\System32\drivers\dxgkrnl.sys
22:33:22.0621 3276	DXGKrnl - ok
22:33:22.0636 3276	e1kexpress      (e6bdb3c7ef35d82ff987576b9cf07a57) C:\Windows\system32\DRIVERS\e1k62x64.sys
22:33:22.0636 3276	e1kexpress - ok
22:33:22.0652 3276	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:33:22.0683 3276	EapHost - ok
22:33:22.0917 3276	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:33:22.0980 3276	ebdrv - ok
22:33:23.0026 3276	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:33:23.0042 3276	EFS - ok
22:33:23.0104 3276	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:33:23.0136 3276	ehRecvr - ok
22:33:23.0151 3276	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:33:23.0167 3276	ehSched - ok
22:33:23.0198 3276	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:33:23.0229 3276	elxstor - ok
22:33:23.0245 3276	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:33:23.0245 3276	ErrDev - ok
22:33:23.0292 3276	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:33:23.0323 3276	EventSystem - ok
22:33:23.0338 3276	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:33:23.0354 3276	exfat - ok
22:33:23.0370 3276	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:33:23.0401 3276	fastfat - ok
22:33:23.0432 3276	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:33:23.0463 3276	Fax - ok
22:33:23.0463 3276	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:33:23.0479 3276	fdc - ok
22:33:23.0479 3276	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:33:23.0510 3276	fdPHost - ok
22:33:23.0510 3276	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:33:23.0541 3276	FDResPub - ok
22:33:23.0541 3276	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:33:23.0557 3276	FileInfo - ok
22:33:23.0557 3276	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:33:23.0588 3276	Filetrace - ok
22:33:23.0588 3276	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:33:23.0604 3276	flpydisk - ok
22:33:23.0619 3276	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:33:23.0635 3276	FltMgr - ok
22:33:23.0713 3276	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:33:23.0760 3276	FontCache - ok
22:33:23.0760 3276	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:33:23.0775 3276	FontCache3.0.0.0 - ok
22:33:23.0775 3276	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:33:23.0791 3276	FsDepends - ok
22:33:23.0791 3276	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:33:23.0806 3276	Fs_Rec - ok
22:33:23.0822 3276	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:33:23.0838 3276	fvevol - ok
22:33:23.0838 3276	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:33:23.0853 3276	gagp30kx - ok
22:33:23.0853 3276	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:33:23.0869 3276	GEARAspiWDM - ok
22:33:23.0931 3276	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:33:23.0978 3276	gpsvc - ok
22:33:23.0994 3276	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:33:23.0994 3276	gupdate - ok
22:33:24.0009 3276	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:33:24.0009 3276	gupdatem - ok
22:33:24.0025 3276	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:33:24.0040 3276	gusvc - ok
22:33:24.0040 3276	hamachi         (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
22:33:24.0056 3276	hamachi - ok
22:33:24.0243 3276	Hamachi2Svc     (ce77bc37bdd36c9dc50c3591ebac3fa3) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
22:33:24.0274 3276	Hamachi2Svc - ok
22:33:24.0321 3276	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:33:24.0337 3276	hcw85cir - ok
22:33:24.0368 3276	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:33:24.0399 3276	HdAudAddService - ok
22:33:24.0415 3276	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:33:24.0430 3276	HDAudBus - ok
22:33:24.0430 3276	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
22:33:24.0430 3276	HECIx64 - ok
22:33:24.0446 3276	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:33:24.0446 3276	HidBatt - ok
22:33:24.0462 3276	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:33:24.0477 3276	HidBth - ok
22:33:24.0477 3276	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:33:24.0493 3276	HidIr - ok
22:33:24.0493 3276	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
22:33:24.0524 3276	hidserv - ok
22:33:24.0524 3276	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:33:24.0540 3276	HidUsb - ok
22:33:24.0555 3276	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:33:24.0571 3276	hkmsvc - ok
22:33:24.0602 3276	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:33:24.0618 3276	HomeGroupListener - ok
22:33:24.0633 3276	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:33:24.0649 3276	HomeGroupProvider - ok
22:33:24.0649 3276	HP Power Assistant Service (cf3ae4aeab7e3ab87122dc4ddd3a6947) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
22:33:24.0664 3276	HP Power Assistant Service - ok
22:33:24.0680 3276	HP ProtectTools Service (657e81df0625198c97f91c09ae9611fc) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
22:33:24.0680 3276	HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - warning
22:33:24.0680 3276	HP ProtectTools Service - detected UnsignedFile.Multi.Generic (1)
22:33:24.0696 3276	HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
22:33:24.0696 3276	HP Support Assistant Service - ok
22:33:24.0711 3276	HP Wireless Assistant Service (9abd12fce4a62905731c286bb1d66789) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
22:33:24.0727 3276	HP Wireless Assistant Service - ok
22:33:24.0727 3276	HPDayStarterService (a4a0e006a1826ea2629e59de2008bb9d) c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
22:33:24.0742 3276	HPDayStarterService ( UnsignedFile.Multi.Generic ) - warning
22:33:24.0742 3276	HPDayStarterService - detected UnsignedFile.Multi.Generic (1)
22:33:24.0758 3276	HPDrvMntSvc.exe (b19ff523b533a3f198b9239e1749c940) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
22:33:24.0758 3276	HPDrvMntSvc.exe - ok
22:33:24.0774 3276	hpdskflt        (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
22:33:24.0789 3276	hpdskflt - ok
22:33:24.0805 3276	HpFkCryptService (393383fe7f577b4a111b44445716fcb3) c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
22:33:24.0820 3276	HpFkCryptService - ok
22:33:24.0820 3276	HpqKbFiltr      (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
22:33:24.0836 3276	HpqKbFiltr - ok
22:33:24.0898 3276	hpqwmiex        (01091b900e15878b4434f9c726c4541d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
22:33:24.0930 3276	hpqwmiex - ok
22:33:24.0930 3276	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:33:24.0945 3276	HpSAMD - ok
22:33:24.0945 3276	hpsrv           (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
22:33:24.0961 3276	hpsrv - ok
22:33:25.0008 3276	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:33:25.0070 3276	HTTP - ok
22:33:25.0070 3276	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:33:25.0070 3276	hwpolicy - ok
22:33:25.0086 3276	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:33:25.0101 3276	i8042prt - ok
22:33:25.0132 3276	IAANTMON        (593ef9f904c8497f6d794dc6fcc59dca) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
22:33:25.0148 3276	IAANTMON - ok
22:33:25.0179 3276	iaStor          (c50107c730c9a955f6fd7376733f2d68) C:\Windows\system32\DRIVERS\iaStor.sys
22:33:25.0179 3276	iaStor - ok
22:33:25.0210 3276	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:33:25.0226 3276	iaStorV - ok
22:33:25.0257 3276	ICQ Service     (b1a28fa1afde10b95ff9354b15701d70) C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
22:33:25.0257 3276	ICQ Service - ok
22:33:25.0304 3276	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:33:25.0335 3276	idsvc - ok
22:33:25.0398 3276	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:33:25.0413 3276	iirsp - ok
22:33:25.0491 3276	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:33:25.0538 3276	IKEEXT - ok
22:33:25.0538 3276	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:33:25.0538 3276	intelide - ok
22:33:25.0554 3276	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:33:25.0569 3276	intelppm - ok
22:33:25.0569 3276	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:33:25.0600 3276	IPBusEnum - ok
22:33:25.0616 3276	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:33:25.0632 3276	IpFilterDriver - ok
22:33:25.0678 3276	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:33:25.0741 3276	iphlpsvc - ok
22:33:25.0756 3276	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:33:25.0756 3276	IPMIDRV - ok
22:33:25.0772 3276	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:33:25.0803 3276	IPNAT - ok
22:33:25.0881 3276	iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
22:33:25.0912 3276	iPod Service - ok
22:33:25.0912 3276	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:33:25.0928 3276	IRENUM - ok
22:33:25.0928 3276	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:33:25.0944 3276	isapnp - ok
22:33:25.0959 3276	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:33:25.0975 3276	iScsiPrt - ok
22:33:25.0975 3276	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:33:25.0990 3276	kbdclass - ok
22:33:25.0990 3276	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
22:33:25.0990 3276	kbdhid - ok
22:33:26.0006 3276	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:33:26.0006 3276	KeyIso - ok
22:33:26.0022 3276	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:33:26.0022 3276	KSecDD - ok
22:33:26.0037 3276	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:33:26.0053 3276	KSecPkg - ok
22:33:26.0053 3276	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:33:26.0084 3276	ksthunk - ok
22:33:26.0115 3276	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:33:26.0146 3276	KtmRm - ok
22:33:26.0162 3276	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
22:33:26.0193 3276	LanmanServer - ok
22:33:26.0193 3276	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:33:26.0224 3276	LanmanWorkstation - ok
22:33:26.0271 3276	LBTServ         (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
22:33:26.0287 3276	LBTServ - ok
22:33:26.0302 3276	LEqdUsb         (ed7ec050cd6c20e1a93a4dafb7efd14d) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
22:33:26.0302 3276	LEqdUsb - ok
22:33:26.0318 3276	LHidEqd         (3267bc698e29474a8381e68904eb0390) C:\Windows\system32\DRIVERS\LHidEqd.Sys
22:33:26.0318 3276	LHidEqd - ok
22:33:26.0334 3276	LHidFilt        (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
22:33:26.0334 3276	LHidFilt - ok
22:33:26.0349 3276	lirsgt          (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
22:33:26.0349 3276	lirsgt - ok
22:33:26.0349 3276	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:33:26.0380 3276	lltdio - ok
22:33:26.0396 3276	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:33:26.0427 3276	lltdsvc - ok
22:33:26.0427 3276	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:33:26.0458 3276	lmhosts - ok
22:33:26.0458 3276	LMouFilt        (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
22:33:26.0474 3276	LMouFilt - ok
22:33:26.0490 3276	LMS             (17a9c5ffa241aaab275ee5cacef77686) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:33:26.0490 3276	LMS - ok
22:33:26.0505 3276	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:33:26.0521 3276	LSI_FC - ok
22:33:26.0536 3276	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:33:26.0536 3276	LSI_SAS - ok
22:33:26.0552 3276	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:33:26.0568 3276	LSI_SAS2 - ok
22:33:26.0568 3276	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:33:26.0583 3276	LSI_SCSI - ok
22:33:26.0599 3276	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:33:26.0614 3276	luafv - ok
22:33:26.0630 3276	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
22:33:26.0646 3276	MBAMProtector - ok
22:33:26.0692 3276	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:33:26.0724 3276	MBAMService - ok
22:33:26.0724 3276	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:33:26.0739 3276	Mcx2Svc - ok
22:33:26.0739 3276	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:33:26.0755 3276	megasas - ok
22:33:26.0770 3276	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:33:26.0786 3276	MegaSR - ok
22:33:26.0802 3276	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:33:26.0833 3276	MMCSS - ok
22:33:26.0833 3276	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:33:26.0864 3276	Modem - ok
22:33:26.0864 3276	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:33:26.0880 3276	monitor - ok
22:33:26.0880 3276	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:33:26.0895 3276	mouclass - ok
22:33:26.0895 3276	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:33:26.0911 3276	mouhid - ok
22:33:26.0911 3276	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:33:26.0926 3276	mountmgr - ok
22:33:26.0942 3276	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:33:26.0942 3276	MozillaMaintenance - ok
22:33:26.0958 3276	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:33:26.0973 3276	mpio - ok
22:33:26.0973 3276	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:33:27.0004 3276	mpsdrv - ok
22:33:27.0067 3276	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:33:27.0129 3276	MpsSvc - ok
22:33:27.0145 3276	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:33:27.0160 3276	MRxDAV - ok
22:33:27.0160 3276	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:33:27.0176 3276	mrxsmb - ok
22:33:27.0207 3276	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:33:27.0223 3276	mrxsmb10 - ok
22:33:27.0223 3276	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:33:27.0238 3276	mrxsmb20 - ok
22:33:27.0238 3276	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:33:27.0254 3276	msahci - ok
22:33:27.0270 3276	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:33:27.0270 3276	msdsm - ok
22:33:27.0285 3276	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:33:27.0301 3276	MSDTC - ok
22:33:27.0301 3276	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:33:27.0332 3276	Msfs - ok
22:33:27.0332 3276	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:33:27.0363 3276	mshidkmdf - ok
22:33:27.0363 3276	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:33:27.0379 3276	msisadrv - ok
22:33:27.0394 3276	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:33:27.0426 3276	MSiSCSI - ok
22:33:27.0426 3276	msiserver - ok
22:33:27.0426 3276	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:33:27.0457 3276	MSKSSRV - ok
22:33:27.0457 3276	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:33:27.0488 3276	MSPCLOCK - ok
22:33:27.0488 3276	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:33:27.0519 3276	MSPQM - ok
22:33:27.0535 3276	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:33:27.0550 3276	MsRPC - ok
22:33:27.0566 3276	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:33:27.0566 3276	mssmbios - ok
22:33:27.0582 3276	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:33:27.0597 3276	MSTEE - ok
22:33:27.0613 3276	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:33:27.0613 3276	MTConfig - ok
22:33:27.0628 3276	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:33:27.0628 3276	Mup - ok
22:33:27.0675 3276	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:33:27.0706 3276	napagent - ok
22:33:27.0722 3276	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:33:27.0753 3276	NativeWifiP - ok
22:33:27.0816 3276	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:33:27.0847 3276	NDIS - ok
22:33:27.0847 3276	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:33:27.0878 3276	NdisCap - ok
22:33:27.0878 3276	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:33:27.0909 3276	NdisTapi - ok
22:33:27.0909 3276	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:33:27.0940 3276	Ndisuio - ok
22:33:27.0956 3276	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:33:27.0987 3276	NdisWan - ok
22:33:28.0003 3276	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:33:28.0018 3276	NDProxy - ok
22:33:28.0034 3276	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:33:28.0065 3276	NetBIOS - ok
22:33:28.0081 3276	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:33:28.0112 3276	NetBT - ok
22:33:28.0112 3276	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:33:28.0128 3276	Netlogon - ok
22:33:28.0159 3276	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:33:28.0190 3276	Netman - ok
22:33:28.0206 3276	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:33:28.0221 3276	NetMsmqActivator - ok
22:33:28.0221 3276	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:33:28.0237 3276	NetPipeActivator - ok
22:33:28.0268 3276	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:33:28.0299 3276	netprofm - ok
22:33:28.0315 3276	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:33:28.0315 3276	NetTcpActivator - ok
22:33:28.0315 3276	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:33:28.0330 3276	NetTcpPortSharing - ok
22:33:28.0845 3276	NETw5s64        (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
22:33:28.0970 3276	NETw5s64 - ok
22:33:29.0017 3276	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:33:29.0032 3276	nfrd960 - ok
22:33:29.0048 3276	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:33:29.0095 3276	NlaSvc - ok
22:33:29.0095 3276	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:33:29.0126 3276	Npfs - ok
22:33:29.0126 3276	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:33:29.0157 3276	nsi - ok
22:33:29.0173 3276	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:33:29.0188 3276	nsiproxy - ok
22:33:29.0329 3276	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:33:29.0376 3276	Ntfs - ok
22:33:29.0438 3276	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:33:29.0485 3276	Null - ok
22:33:29.0485 3276	nusb3hub        (785298579b5f9b4032152dfbb992fdb6) C:\Windows\system32\DRIVERS\nusb3hub.sys
22:33:29.0500 3276	nusb3hub - ok
22:33:29.0516 3276	nusb3xhc        (df2750481b4964814467c974f2b0eef1) C:\Windows\system32\DRIVERS\nusb3xhc.sys
22:33:29.0516 3276	nusb3xhc - ok
22:33:30.0280 3276	nvlddmkm        (aac0cdb1d5f4d4decac7945b1436ca3f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:33:30.0499 3276	nvlddmkm - ok
22:33:30.0561 3276	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:33:30.0592 3276	nvraid - ok
22:33:30.0608 3276	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:33:30.0608 3276	nvstor - ok
22:33:30.0639 3276	nvsvc           (035b3e892ffb369506736bb8103321df) C:\windows\system32\nvvsvc.exe
22:33:30.0655 3276	nvsvc - ok
22:33:30.0655 3276	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:33:30.0670 3276	nv_agp - ok
22:33:30.0670 3276	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:33:30.0686 3276	ohci1394 - ok
22:33:30.0702 3276	OpenVPNService  (d8a0164a79d4bfd6083945c5431e41e7) C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe
22:33:30.0702 3276	OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
22:33:30.0702 3276	OpenVPNService - detected UnsignedFile.Multi.Generic (1)
22:33:30.0717 3276	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:33:30.0717 3276	ose - ok
22:33:31.0076 3276	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:33:31.0170 3276	osppsvc - ok
22:33:31.0232 3276	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:33:31.0263 3276	p2pimsvc - ok
22:33:31.0294 3276	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:33:31.0310 3276	p2psvc - ok
22:33:31.0326 3276	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:33:31.0341 3276	Parport - ok
22:33:31.0341 3276	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
22:33:31.0357 3276	partmgr - ok
22:33:31.0372 3276	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:33:31.0388 3276	PcaSvc - ok
22:33:31.0404 3276	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:33:31.0419 3276	pci - ok
22:33:31.0419 3276	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:33:31.0419 3276	pciide - ok
22:33:31.0450 3276	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:33:31.0450 3276	pcmcia - ok
22:33:31.0466 3276	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:33:31.0466 3276	pcw - ok
22:33:31.0482 3276	PdiService      (0a098df98ec8facaa30bd7db4c7aea06) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
22:33:31.0497 3276	PdiService - ok
22:33:31.0544 3276	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:33:31.0591 3276	PEAUTH - ok
22:33:31.0684 3276	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
22:33:31.0716 3276	PeerDistSvc - ok
22:33:31.0778 3276	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:33:31.0794 3276	PerfHost - ok
22:33:31.0950 3276	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:33:32.0012 3276	pla - ok
22:33:32.0028 3276	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:33:32.0043 3276	PlugPlay - ok
22:33:32.0043 3276	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:33:32.0059 3276	PNRPAutoReg - ok
22:33:32.0074 3276	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:33:32.0090 3276	PNRPsvc - ok
22:33:32.0121 3276	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:33:32.0184 3276	PolicyAgent - ok
22:33:32.0184 3276	postgresql-8.4 - ok
22:33:32.0199 3276	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:33:32.0230 3276	Power - ok
22:33:32.0246 3276	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:33:32.0277 3276	PptpMiniport - ok
22:33:32.0277 3276	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:33:32.0293 3276	Processor - ok
22:33:32.0308 3276	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
22:33:32.0340 3276	ProfSvc - ok
22:33:32.0340 3276	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:33:32.0355 3276	ProtectedStorage - ok
22:33:32.0355 3276	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:33:32.0386 3276	Psched - ok
22:33:32.0511 3276	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:33:32.0558 3276	ql2300 - ok
22:33:32.0636 3276	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:33:32.0652 3276	ql40xx - ok
22:33:32.0683 3276	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:33:32.0698 3276	QWAVE - ok
22:33:32.0698 3276	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:33:32.0714 3276	QWAVEdrv - ok
22:33:32.0714 3276	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:33:32.0745 3276	RasAcd - ok
22:33:32.0745 3276	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:33:32.0776 3276	RasAgileVpn - ok
22:33:32.0792 3276	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:33:32.0823 3276	RasAuto - ok
22:33:32.0823 3276	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:33:32.0854 3276	Rasl2tp - ok
22:33:32.0870 3276	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:33:32.0901 3276	RasMan - ok
22:33:32.0917 3276	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:33:32.0948 3276	RasPppoe - ok
22:33:32.0948 3276	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:33:32.0979 3276	RasSstp - ok
22:33:33.0010 3276	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:33:33.0057 3276	rdbss - ok
22:33:33.0057 3276	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:33:33.0073 3276	rdpbus - ok
22:33:33.0073 3276	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:33:33.0104 3276	RDPCDD - ok
22:33:33.0120 3276	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
22:33:33.0135 3276	RDPDR - ok
22:33:33.0135 3276	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:33:33.0166 3276	RDPENCDD - ok
22:33:33.0166 3276	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:33:33.0182 3276	RDPREFMP - ok
22:33:33.0198 3276	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
22:33:33.0198 3276	RdpVideoMiniport - ok
22:33:33.0213 3276	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
22:33:33.0229 3276	RDPWD - ok
22:33:33.0244 3276	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:33:33.0260 3276	rdyboost - ok
22:33:33.0260 3276	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:33:33.0291 3276	RemoteAccess - ok
22:33:33.0307 3276	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:33:33.0338 3276	RemoteRegistry - ok
22:33:33.0338 3276	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
22:33:33.0354 3276	RFCOMM - ok
22:33:33.0369 3276	rimmptsk        (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
22:33:33.0369 3276	rimmptsk - ok
22:33:33.0369 3276	rimspci         (3dca561aaf776aa2e356fb5b142aa5f8) C:\Windows\system32\DRIVERS\rimspe64.sys
22:33:33.0385 3276	rimspci - ok
22:33:33.0400 3276	rimsptsk        (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
22:33:33.0400 3276	rimsptsk - ok
22:33:33.0416 3276	risdpcie        (c4581f04aa130892555b821f1fbaa151) C:\Windows\system32\DRIVERS\risdpe64.sys
22:33:33.0416 3276	risdpcie - ok
22:33:33.0432 3276	rismcx64        (d018844dc53d8428410a2feeeee9373e) C:\Windows\system32\DRIVERS\rismcx64.sys
22:33:33.0432 3276	rismcx64 - ok
22:33:33.0447 3276	rismxdp         (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
22:33:33.0463 3276	rismxdp - ok
22:33:33.0463 3276	rixdpcie        (a4579105a3c5b6290701ead0c153e07a) C:\Windows\system32\DRIVERS\rixdpe64.sys
22:33:33.0478 3276	rixdpcie - ok
22:33:33.0603 3276	RosettaStoneDaemon (e7062dbd907e0c5ceeb5abdaf07e6b32) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
22:33:33.0634 3276	RosettaStoneDaemon - ok
22:33:33.0681 3276	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:33:33.0712 3276	RpcEptMapper - ok
22:33:33.0728 3276	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:33:33.0728 3276	RpcLocator - ok
22:33:33.0775 3276	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:33:33.0822 3276	RpcSs - ok
22:33:33.0837 3276	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:33:33.0853 3276	rspndr - ok
22:33:33.0868 3276	RsvLock         (ecbab4cd65cbedbe26ec6838e4fb7c1c) C:\Windows\system32\drivers\RsvLock.sys
22:33:33.0868 3276	RsvLock - ok
22:33:33.0884 3276	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
22:33:33.0884 3276	s3cap - ok
22:33:33.0884 3276	SafeBoot        (317a99735c3a26c5cd60ab59e5e7e4e2) C:\Windows\system32\drivers\SafeBoot.sys
22:33:33.0900 3276	Suspicious file (NoAccess): C:\Windows\system32\drivers\SafeBoot.sys. md5: 317a99735c3a26c5cd60ab59e5e7e4e2
22:33:33.0900 3276	SafeBoot ( LockedFile.Multi.Generic ) - warning
22:33:33.0900 3276	SafeBoot - detected LockedFile.Multi.Generic (1)
22:33:33.0900 3276	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:33:33.0900 3276	SamSs - ok
22:33:33.0915 3276	SbAlg           (fd8714a36c4646de22ddc7e36f6d09ef) C:\Windows\system32\drivers\SbAlg.sys
22:33:33.0915 3276	SbAlg - ok
22:33:33.0915 3276	SbFsLock        (fcaa034231e58b0de64d0a7904015535) C:\Windows\system32\drivers\SbFsLock.sys
22:33:33.0931 3276	SbFsLock - ok
22:33:33.0931 3276	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:33:33.0946 3276	sbp2port - ok
22:33:33.0962 3276	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:33:33.0978 3276	SCardSvr - ok
22:33:33.0993 3276	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:33:34.0009 3276	scfilter - ok
22:33:34.0071 3276	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:33:34.0118 3276	Schedule - ok
22:33:34.0134 3276	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:33:34.0165 3276	SCPolicySvc - ok
22:33:34.0165 3276	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
22:33:34.0180 3276	sdbus - ok
22:33:34.0196 3276	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:33:34.0212 3276	SDRSVC - ok
22:33:34.0227 3276	SeaPort         (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
22:33:34.0243 3276	SeaPort - ok
22:33:34.0258 3276	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:33:34.0274 3276	secdrv - ok
22:33:34.0274 3276	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:33:34.0305 3276	seclogon - ok
22:33:34.0305 3276	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
22:33:34.0336 3276	SENS - ok
22:33:34.0352 3276	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:33:34.0352 3276	SensrSvc - ok
22:33:34.0368 3276	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:33:34.0368 3276	Serenum - ok
22:33:34.0383 3276	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:33:34.0399 3276	Serial - ok
22:33:34.0399 3276	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:33:34.0414 3276	sermouse - ok
22:33:34.0430 3276	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:33:34.0446 3276	SessionEnv - ok
22:33:34.0461 3276	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:33:34.0461 3276	sffdisk - ok
22:33:34.0477 3276	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:33:34.0477 3276	sffp_mmc - ok
22:33:34.0492 3276	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:33:34.0492 3276	sffp_sd - ok
22:33:34.0492 3276	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:33:34.0508 3276	sfloppy - ok
22:33:34.0570 3276	Sftfs           (d5183ed285d2795491dc15bddcbee5ad) C:\Windows\system32\DRIVERS\Sftfslh.sys
22:33:34.0586 3276	Sftfs - ok
22:33:34.0617 3276	sftlist         (bfdb58616ff5ea540a5f58301d50641e) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:33:34.0633 3276	sftlist - ok
22:33:34.0648 3276	Sftplay         (00f118b68c50d2206dd51634f9142b83) C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:33:34.0664 3276	Sftplay - ok
22:33:34.0664 3276	Sftredir        (76a827df5640bfe16a0cdbb4108adeca) C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:33:34.0680 3276	Sftredir - ok
22:33:34.0680 3276	Sftvol          (1b4c9701645086bab8cafffce30ed284) C:\Windows\system32\DRIVERS\Sftvollh.sys
22:33:34.0680 3276	Sftvol - ok
22:33:34.0695 3276	sftvsa          (b94c3c4dca2093243c76ca218ede2a97) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:33:34.0711 3276	sftvsa - ok
22:33:34.0742 3276	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:33:34.0773 3276	SharedAccess - ok
22:33:34.0804 3276	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:33:34.0836 3276	ShellHWDetection - ok
22:33:34.0836 3276	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:33:34.0851 3276	SiSRaid2 - ok
22:33:34.0851 3276	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:33:34.0867 3276	SiSRaid4 - ok
22:33:34.0882 3276	SkypeUpdate     (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
22:33:34.0898 3276	SkypeUpdate - ok
22:33:34.0898 3276	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:33:34.0929 3276	Smb - ok
22:33:34.0929 3276	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:33:34.0945 3276	SNMPTRAP - ok
22:33:35.0070 3276	SNP2UVC         (84e347359a28e9e544ff169fbdea5f59) C:\Windows\system32\DRIVERS\snp2uvc.sys
22:33:35.0132 3276	SNP2UVC - ok
22:33:35.0194 3276	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:33:35.0226 3276	spldr - ok
22:33:35.0257 3276	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:33:35.0304 3276	Spooler - ok
22:33:35.0569 3276	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:33:35.0647 3276	sppsvc - ok
22:33:35.0709 3276	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:33:35.0756 3276	sppuinotify - ok
22:33:35.0803 3276	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:33:35.0818 3276	srv - ok
22:33:35.0850 3276	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:33:35.0881 3276	srv2 - ok
22:33:35.0896 3276	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:33:35.0896 3276	srvnet - ok
22:33:35.0928 3276	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:33:35.0959 3276	SSDPSRV - ok
22:33:35.0959 3276	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:33:35.0990 3276	SstpSvc - ok
22:33:36.0037 3276	STacSV          (da7702025dfd169b909c4da3126762cc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\STacSV64.exe
22:33:36.0068 3276	STacSV - ok
22:33:36.0068 3276	Steam Client Service - ok
22:33:36.0084 3276	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:33:36.0099 3276	stexstor - ok
22:33:36.0130 3276	STHDA           (caf5a9708671b14b9670260735b22c4e) C:\Windows\system32\DRIVERS\stwrt64.sys
22:33:36.0162 3276	STHDA - ok
22:33:36.0208 3276	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:33:36.0240 3276	stisvc - ok
22:33:36.0255 3276	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
22:33:36.0255 3276	storflt - ok
22:33:36.0271 3276	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
22:33:36.0271 3276	storvsc - ok
22:33:36.0271 3276	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:33:36.0286 3276	swenum - ok
22:33:36.0318 3276	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:33:36.0364 3276	swprv - ok
22:33:36.0364 3276	Synth3dVsc - ok
22:33:36.0489 3276	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:33:36.0536 3276	SysMain - ok
22:33:36.0583 3276	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:33:36.0598 3276	TabletInputService - ok
22:33:36.0614 3276	tap0901         (3b73c849b41fb20d77b0e553214061a5) C:\Windows\system32\DRIVERS\tap0901.sys
22:33:36.0614 3276	tap0901 - ok
22:33:36.0645 3276	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:33:36.0676 3276	TapiSrv - ok
22:33:36.0676 3276	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:33:36.0708 3276	TBS - ok
22:33:36.0848 3276	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
22:33:36.0895 3276	Tcpip - ok
22:33:37.0082 3276	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
22:33:37.0129 3276	TCPIP6 - ok
22:33:37.0191 3276	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:33:37.0254 3276	tcpipreg - ok
22:33:37.0254 3276	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:33:37.0269 3276	TDPIPE - ok
22:33:37.0269 3276	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:33:37.0285 3276	TDTCP - ok
22:33:37.0300 3276	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:33:37.0316 3276	tdx - ok
22:33:37.0503 3276	TeamViewer6     (8a9828975a857e477efef5a61ba45ac0) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
22:33:37.0550 3276	TeamViewer6 - ok
22:33:37.0737 3276	TeamViewer7     (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
22:33:37.0784 3276	TeamViewer7 - ok
22:33:37.0846 3276	teamviewervpn   (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
22:33:37.0862 3276	teamviewervpn - ok
22:33:37.0862 3276	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:33:37.0893 3276	TermDD - ok
22:33:37.0940 3276	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:33:37.0987 3276	TermService - ok
22:33:37.0987 3276	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:33:38.0002 3276	Themes - ok
22:33:38.0018 3276	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:33:38.0034 3276	THREADORDER - ok
22:33:38.0049 3276	TPM             (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
22:33:38.0049 3276	TPM - ok
22:33:38.0065 3276	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:33:38.0096 3276	TrkWks - ok
22:33:38.0112 3276	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:33:38.0143 3276	TrustedInstaller - ok
22:33:38.0143 3276	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:33:38.0174 3276	tssecsrv - ok
22:33:38.0190 3276	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:33:38.0190 3276	TsUsbFlt - ok
22:33:38.0205 3276	tsusbhub - ok
22:33:38.0221 3276	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:33:38.0236 3276	tunnel - ok
22:33:38.0252 3276	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:33:38.0252 3276	uagp35 - ok
22:33:38.0299 3276	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:33:38.0330 3276	udfs - ok
22:33:38.0330 3276	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:33:38.0346 3276	UI0Detect - ok
22:33:38.0346 3276	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:33:38.0361 3276	uliagpkx - ok
22:33:38.0377 3276	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:33:38.0377 3276	umbus - ok
22:33:38.0377 3276	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:33:38.0392 3276	UmPass - ok
22:33:38.0408 3276	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
22:33:38.0424 3276	UmRdpService - ok
22:33:38.0595 3276	UNS             (7953d636309b7f505c70667a7a2437cf) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:33:38.0642 3276	UNS - ok
22:33:38.0720 3276	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:33:38.0767 3276	upnphost - ok
22:33:38.0767 3276	USBAAPL64       (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
22:33:38.0782 3276	USBAAPL64 - ok
22:33:38.0782 3276	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:33:38.0798 3276	usbccgp - ok
22:33:38.0814 3276	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:33:38.0814 3276	usbcir - ok
22:33:38.0829 3276	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
22:33:38.0845 3276	usbehci - ok
22:33:38.0860 3276	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:33:38.0876 3276	usbhub - ok
22:33:38.0876 3276	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:33:38.0892 3276	usbohci - ok
22:33:38.0892 3276	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:33:38.0907 3276	usbprint - ok
22:33:38.0923 3276	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:33:38.0938 3276	USBSTOR - ok
22:33:38.0938 3276	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:33:38.0954 3276	usbuhci - ok
22:33:38.0970 3276	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
22:33:38.0985 3276	usbvideo - ok
22:33:38.0985 3276	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:33:39.0016 3276	UxSms - ok
22:33:39.0016 3276	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:33:39.0032 3276	VaultSvc - ok
22:33:39.0172 3276	vcsFPService    (790f7f11d4cf4e9b9e3ad7a181092e4b) C:\windows\system32\vcsFPService.exe
22:33:39.0219 3276	vcsFPService - ok
22:33:39.0266 3276	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:33:39.0282 3276	vdrvroot - ok
22:33:39.0328 3276	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:33:39.0391 3276	vds - ok
22:33:39.0391 3276	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:33:39.0406 3276	vga - ok
22:33:39.0422 3276	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:33:39.0438 3276	VgaSave - ok
22:33:39.0453 3276	VGPU - ok
22:33:39.0453 3276	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:33:39.0469 3276	vhdmp - ok
22:33:39.0469 3276	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:33:39.0484 3276	viaide - ok
22:33:39.0500 3276	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
22:33:39.0500 3276	vmbus - ok
22:33:39.0516 3276	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
22:33:39.0516 3276	VMBusHID - ok
22:33:39.0531 3276	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:33:39.0531 3276	volmgr - ok
22:33:39.0562 3276	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:33:39.0578 3276	volmgrx - ok
22:33:39.0594 3276	volsnap         (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
22:33:39.0609 3276	volsnap - ok
22:33:39.0625 3276	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:33:39.0640 3276	vsmraid - ok
22:33:39.0750 3276	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:33:39.0812 3276	VSS - ok
22:33:39.0843 3276	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:33:39.0859 3276	vwifibus - ok
22:33:39.0874 3276	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:33:39.0874 3276	vwififlt - ok
22:33:39.0906 3276	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:33:39.0952 3276	W32Time - ok
22:33:39.0968 3276	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:33:39.0968 3276	WacomPen - ok
22:33:39.0984 3276	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:33:40.0015 3276	WANARP - ok
22:33:40.0015 3276	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:33:40.0046 3276	Wanarpv6 - ok
22:33:40.0140 3276	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:33:40.0171 3276	WatAdminSvc - ok
22:33:40.0296 3276	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:33:40.0327 3276	wbengine - ok
22:33:40.0405 3276	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:33:40.0436 3276	WbioSrvc - ok
22:33:40.0467 3276	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:33:40.0483 3276	wcncsvc - ok
22:33:40.0483 3276	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:33:40.0498 3276	WcsPlugInService - ok
22:33:40.0514 3276	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:33:40.0514 3276	Wd - ok
22:33:40.0576 3276	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:33:40.0608 3276	Wdf01000 - ok
22:33:40.0623 3276	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:33:40.0654 3276	WdiServiceHost - ok
22:33:40.0654 3276	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:33:40.0670 3276	WdiSystemHost - ok
22:33:40.0686 3276	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:33:40.0701 3276	WebClient - ok
22:33:40.0732 3276	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:33:40.0748 3276	Wecsvc - ok
22:33:40.0764 3276	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:33:40.0795 3276	wercplsupport - ok
22:33:40.0795 3276	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:33:40.0826 3276	WerSvc - ok
22:33:40.0842 3276	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:33:40.0857 3276	WfpLwf - ok
22:33:40.0873 3276	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:33:40.0873 3276	WIMMount - ok
22:33:40.0888 3276	WinDefend - ok
22:33:40.0888 3276	WinHttpAutoProxySvc - ok
22:33:40.0904 3276	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:33:40.0935 3276	Winmgmt - ok
22:33:41.0076 3276	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:33:41.0138 3276	WinRM - ok
22:33:41.0185 3276	WinUSB          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
22:33:41.0216 3276	WinUSB - ok
22:33:41.0278 3276	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:33:41.0325 3276	Wlansvc - ok
22:33:41.0481 3276	wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:33:41.0512 3276	wlidsvc - ok
22:33:41.0575 3276	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:33:41.0590 3276	WmiAcpi - ok
22:33:41.0622 3276	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:33:41.0637 3276	wmiApSrv - ok
22:33:41.0653 3276	WMPNetworkSvc - ok
22:33:41.0653 3276	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:33:41.0668 3276	WPCSvc - ok
22:33:41.0684 3276	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:33:41.0700 3276	WPDBusEnum - ok
22:33:41.0700 3276	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:33:41.0731 3276	ws2ifsl - ok
22:33:41.0731 3276	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
22:33:41.0746 3276	wscsvc - ok
22:33:41.0762 3276	WSearch - ok
22:33:41.0934 3276	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
22:33:42.0012 3276	wuauserv - ok
22:33:42.0058 3276	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:33:42.0121 3276	WudfPf - ok
22:33:42.0136 3276	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:33:42.0152 3276	WUDFRd - ok
22:33:42.0168 3276	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:33:42.0199 3276	wudfsvc - ok
22:33:42.0214 3276	WwanSvc         (ce8cf9de9cbfdaa318bd04d8be3fcada) C:\Windows\System32\wwansvc.dll
22:33:42.0230 3276	WwanSvc - ok
22:33:42.0246 3276	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:33:42.0480 3276	\Device\Harddisk0\DR0 - ok
22:33:42.0480 3276	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
22:33:44.0773 3276	\Device\Harddisk1\DR1 - ok
22:33:44.0788 3276	Boot (0x1200)   (8a2532311174dd9800ce1bef7a2298dd) \Device\Harddisk0\DR0\Partition0
22:33:44.0788 3276	\Device\Harddisk0\DR0\Partition0 - ok
22:33:44.0788 3276	Boot (0x1200)   (1a61c705cbf7aa2950edff54d13b6a2f) \Device\Harddisk0\DR0\Partition1
22:33:44.0788 3276	\Device\Harddisk0\DR0\Partition1 - ok
22:33:44.0804 3276	Boot (0x1200)   (98fab305b785dc1908ad0fc2554516da) \Device\Harddisk0\DR0\Partition2
22:33:44.0804 3276	\Device\Harddisk0\DR0\Partition2 - ok
22:33:44.0804 3276	Boot (0x1200)   (85434178f1772277a8cce7f492e2f113) \Device\Harddisk0\DR0\Partition3
22:33:44.0804 3276	\Device\Harddisk0\DR0\Partition3 - ok
22:33:44.0820 3276	Boot (0x1200)   (5fd6a081f42a3367f8b539984ee2ab2f) \Device\Harddisk1\DR1\Partition0
22:33:44.0820 3276	\Device\Harddisk1\DR1\Partition0 - ok
22:33:44.0820 3276	============================================================
22:33:44.0820 3276	Scan finished
22:33:44.0820 3276	============================================================
22:33:44.0835 5624	Detected object count: 5
22:33:44.0835 5624	Actual detected object count: 5
22:35:15.0581 5624	DEBridge ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:15.0581 5624	DEBridge ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:35:15.0581 5624	HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:15.0581 5624	HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:35:15.0581 5624	HPDayStarterService ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:15.0581 5624	HPDayStarterService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:35:15.0596 5624	OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:15.0596 5624	OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:35:15.0596 5624	SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
22:35:15.0596 5624	SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip
         

Antwort

Themen zu Befall vom Verschluesselungstrojaner
alternate, autorun, bho, bildschirm, bonjour, e-mail, error, firefox, flash player, flirt fever trojaner, flirt-fever, install.exe, internet, internetleitung, jdownloader, kunde, launch, league of legends, mahnbescheid.zip, mahnung, microsoft office starter 2010, monkey island, ms-dos, ms-dos anwendung, pando media booster, problem, sanduhr, searchscopes, security, svchost.exe, taskmanager, udp, usb, usb 3.0, version=1.0, windows, zip-datei



Ähnliche Themen: Befall vom Verschluesselungstrojaner


  1. verschluesselungstrojaner logfile
    Log-Analyse und Auswertung - 10.01.2013 (31)
  2. Gibt es Neuigkeiten zum Thema: .jpg wiederherstellen nach verschluesselungstrojaner
    Log-Analyse und Auswertung - 20.09.2012 (3)
  3. GVU 2.07 Befall
    Plagegeister aller Art und deren Bekämpfung - 19.08.2012 (4)
  4. VerschluesselungsTrojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 15.08.2012 (1)
  5. Jpg wiederherstellen nach verschluesselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 28.06.2012 (1)
  6. Verschluesselungstrojaner
    Log-Analyse und Auswertung - 11.06.2012 (2)
  7. Sie haben sich mit einem Verschluesselungstrojaner infiziert
    Log-Analyse und Auswertung - 27.05.2012 (7)
  8. PC blockiert durch Verschluesselungstrojaner / was tun mit log files
    Log-Analyse und Auswertung - 08.05.2012 (5)
  9. 50 Euro UKash / Verschluesselungstrojaner
    Log-Analyse und Auswertung - 05.05.2012 (11)
  10. Telekom-Virus via pdf / Verschluesselungstrojaner ukash
    Log-Analyse und Auswertung - 04.05.2012 (5)
  11. Windows/Verschluesselungstrojaner WinXP *100 Euro Paysafe / 50 Euro Ucash
    Log-Analyse und Auswertung - 03.05.2012 (11)
  12. Verschluesselungstrojaner 2048 Bit PGP-RSA
    Plagegeister aller Art und deren Bekämpfung - 27.04.2012 (7)
  13. Verschluesselungstrojaner 2048 Bit PGP-RSA
    Plagegeister aller Art und deren Bekämpfung - 25.04.2012 (1)
  14. PC Befall
    Plagegeister aller Art und deren Bekämpfung - 24.11.2007 (0)
  15. PC befall!!!!
    Plagegeister aller Art und deren Bekämpfung - 30.05.2007 (1)
  16. W32 Befall
    Plagegeister aller Art und deren Bekämpfung - 05.04.2006 (4)
  17. Befall!
    Log-Analyse und Auswertung - 27.11.2004 (7)

Zum Thema Befall vom Verschluesselungstrojaner - Hallo, Gestern habe ich mir den Verschluesselungstrojaer eingefangen. Ich erhielt eine email mit dem Betreff "Konto Einzug für den Benutzer -nik84-" von dem Absender "patrick_kenney@cox.net" und folgendem Inhalt: Lieber Kunde - Befall vom Verschluesselungstrojaner...
Archiv
Du betrachtest: Befall vom Verschluesselungstrojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.