Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.07.2012, 18:09   #1
Curly89
 
Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi) - Standard

Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi)



Hallo Zusammen,

leider gehör ich zu den Dummen, die auf die blöde Phishing-Mail der "deutschen Post" reingefallen ist.

"Lieber Kunde,

Es ist unserem Boten leider misslungen einen Postsendung an Ihre Adresse zuzustellen.
Grund: Ein Fehler in der Leiferanschrift.
Sie konnen Ihre Postsendung in unserer Postabteilung personlich kriegen.
Anbei finden Sie einen Postetikett.
Sie sollen dieses Postetikett drucken lassen, um Ihre Postsendung in der Postabteilung empfangen zu konnen.

Vielen Dank!
Deutsche Post AG."

Da ich zufällig auch noch eine Paketsendung erwartete, hab ich weniger nachgedacht, als ich den Anhang öffnete und blöderweise die ZIP-Datei auch noch entpackt habe.
Als ich darauf aufmerksam gemacht worden bin, das könnte eine Fake-E-Mail sein, habe ich mich informiert darüber.

Durch Recherchen bin ich auf dieses Forum gestoßen und habe den Scan des Malwarebytes anti malware durchgeführt, gleich 2 mal.
Zuerst den Quick-Scan und den vollständigen Suchlauf.
Wobei ich bei dem vollständigen Suchlauf vergessen hab, vorher zu aktualisieren. Ich hoffe, das ist nicht so schlimm :/
Ich hoffe ihr könnt mir hier helfen, dass der Trojaner bald Vergangenheit ist.

Quick-Scan:

Malwarebytes Anti-Malware 1.62.0.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.07.14.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Curly :: CURLY-PC [Administrator]

14.07.2012 16:55:15
mbam-log-2012-07-14 (16-55-15).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 213176
Laufzeit: 4 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 25
HKCR\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C} (Adware.QuestScan) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\HBLiteAx.Info (Adware.HotBar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\HBLiteAx.Info.1 (Adware.HotBar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\HBLiteAX.UserProfiles (Adware.HotBar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\HBLiteAX.UserProfiles.1 (Adware.HotBar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ShoppingReport2.HbAx (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ShoppingReport2.HbAx.1 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ShoppingReport2.HbInfoBand (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ShoppingReport2.HbInfoBand.1 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ShoppingReport2.IEButton (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ShoppingReport2.IEButton.1 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ShoppingReport2.IEButtonA (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ShoppingReport2.IEButtonA.1 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ShoppingReport2.RprtCtrl (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ShoppingReport2.RprtCtrl.1 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\hblitesa (Adware.HotBar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\ShoppingReport2 (Adware.ShoppingReport2) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\HBLite (Adware.HotBar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\QUESTSCAN (Adware.QuestScan) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 8
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|kxfmpban (Trojan.Phex.THAGen1) -> Daten: "C:\Users\Curly\AppData\Local\xincfqas.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|oxkpoicw (Trojan.Phex.THAGen1) -> Daten: "C:\Users\Curly\AppData\Local\fngdtpah.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|trfsfclp (Trojan.Phex.THAGen1) -> Daten: "C:\Users\Curly\AppData\Local\njekjppc.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|fxejhhil (Trojan.Phex.THAGen1) -> Daten: "C:\Users\Curly\AppData\Local\bblsxexs.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|gnrjfthu (Trojan.Phex.THAGen1) -> Daten: "C:\Users\Curly\AppData\Local\hipuexod.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|nfldaolc (Trojan.Phex.THAGen1) -> Daten: "C:\Users\Curly\AppData\Local\terljrrq.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Mozilla\Firefox\extensions|HBLite@HBLite.com (Adware.HotBar) -> Daten: C:\Program Files (x86)\HBLite\bin\11.0.384.0\firefox\extensions -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\QuestScan|DllPath (Adware.QuestScan) -> Daten: C:\Program Files (x86)\QuestScan\questscan.dll -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 13
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Curly\AppData\Roaming\HBLite (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\HBLiteSA (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\HBLite (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\HBLite\bin (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\HBLite\bin\11.0.384.0 (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\HBLite\bin\11.0.384.0\firefox (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\HBLite\bin\11.0.384.0\firefox\extensions (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\HBLite\bin\11.0.384.0\firefox\extensions\plugins (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ShoppingReport2 (Adware.ShoppingReport2) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ShoppingReport2\Bin (Adware.ShoppingReport2) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ShoppingReport2\Bin\2.7.37 (Adware.ShoppingReport2) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 21
C:\Users\Curly\Downloads\888casino.exe (PUP.Casino) -> Keine Aktion durchgeführt.
C:\Users\Curly\AppData\Local\xincfqas.exe (Trojan.Phex.THAGen1) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Curly\AppData\Local\fngdtpah.exe (Trojan.Phex.THAGen1) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Curly\AppData\Local\njekjppc.exe (Trojan.Phex.THAGen1) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Curly\AppData\Local\bblsxexs.exe (Trojan.Phex.THAGen1) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Curly\AppData\Local\hipuexod.exe (Trojan.Phex.THAGen1) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Curly\AppData\Local\terljrrq.exe (Trojan.Phex.THAGen1) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Curly\AppData\Local\Temp\Temp1_Postetikett_Deutsche_Post_AG_DE1543-35.zip\Postetikett_Deutsche_Post_AG_DE1543-35.exe (Trojan.Phex.THAGen1) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Curly\Downloads\PDFConverterSetup.exe (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Curly\Downloads\setup (1).exe (Adware.Bundler) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Curly\Downloads\setup.exe (Adware.Bundler) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\HBLiteSA\HBLiteSA.dat (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\HBLiteSA\HBLiteSAAbout.mht (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\HBLiteSA\HBLiteSAau.dat (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\HBLiteSA\HBLiteSAEULA.mht (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\HBLiteSA\HBLiteSA_kyf.dat (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\HBLite\bin\11.0.384.0\firefox\extensions\install.rdf (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ShoppingReport2\Uninst.exe (Adware.ShoppingReport2) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Uninstall Instructions.lnk (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)




Vollständiger Suchlauf:

Malwarebytes Anti-Malware 1.62.0.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.07.14.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Curly :: CURLY-PC [Administrator]

14.07.2012 17:15:00
mbam-log-2012-07-14 (17-15-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 418261
Laufzeit: 1 Stunde(n), 15 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab PDF Converter (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Program Files (x86)\FoxTabPDFConverter\Uninstall\Uninstall.exe (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Curly\Downloads\888casino.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)



Liebe Grüße

Curly

Alt 14.07.2012, 18:39   #2
markusg
/// Malware-holic
 
Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi) - Standard

Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi)



hi
wenn du die logs ins forum kopierst, brauchst du sie nicht noch mal anzuhängen :-)
1. in zukunft solche mails bitte an mich weiterleiten, wie das geht, steht in meiner signatur.
2. gibt es bei dir verschlüsselte dateien?
3.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 14.07.2012, 19:24   #3
Curly89
 
Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi) - Standard

Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi)



Ich hatte das mit dem direkt reinstellen woanders gesehen.
Soweit ich weiß, habe ich keine verschlüsselten Dateien.

Hier die Logs:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 7/14/2012 7:59:50 PM - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Curly\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 2.80 Gb Available Physical Memory | 72.59% Memory free
7.73 Gb Paging File | 6.60 Gb Available in Paging File | 85.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 253.00 Gb Total Space | 171.67 Gb Free Space | 67.85% Space Free | Partition Type: NTFS
Drive D: | 192.66 Gb Total Space | 192.57 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
 
Computer Name: CURLY-PC | User Name: Curly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08C6D1B2-7F49-4A39-AF32-E99A95D2B07D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2092520B-966D-4044-BFAC-53AE2EDD7ECB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{32D469AE-4A65-4279-917F-076C18D355B7}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3C7072C4-65BE-4245-B0B5-13752809C068}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{3D57B42A-1BEB-4542-A383-ED564A49F3DF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{466BAAA6-48D5-43D4-BA6D-2471905BA12A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{47ACC041-CA4F-486E-B485-ADAE4FB3B65B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{57A298F4-A108-49E4-A12B-0196497137AE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5E3A5AC1-9573-46DC-BFE1-44850761EC48}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{7099478B-B3D6-4364-A12D-933F8F3DB4DA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{74E47DFA-198F-4D2C-8345-DDB106031F75}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{79B54805-6501-40CC-8A51-769B9F988187}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7AD559A0-6325-45BF-9889-971651042C4E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7EC1E60D-2AA7-4BB3-9086-AD970A586728}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{80E1DBE4-4D81-4F83-AC18-23D0B70640CC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{81683327-42EB-49B9-91BE-BF5F81FFA6E8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8293E152-0868-447F-99BB-4A2020E1ACB6}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8676C04B-E3F7-4851-B324-85D4ED38F757}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{87C6315B-DC5E-4902-93F0-550178C46158}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8F25E10B-133F-4202-A4C9-B0B71645EB1B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{90A6E77D-D528-4771-9047-1324942BCBFF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{93637A4F-B52D-4CD8-A85D-C239C87F64AB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{98A6891E-44A5-4C0F-AA5A-D1A0FA3D38E7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{99DAD283-B6DE-40AA-B7CC-7E8AF8DD83E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A0FE82B3-1407-43E4-8C0B-9E5651FEF8C1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A536A900-1CDC-4ACF-85F3-901AF7594448}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AAD76EF7-CBA5-4CFD-951E-65CD6DAA660D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AC1435AA-6ADA-4E97-B5BE-07F670C10D1F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B13A441A-641B-4608-A20D-387E5E7B1DFE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B24D3273-7724-4BA9-82F5-5AF8AD33EECA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B7360798-D458-4D58-B80E-8DE8B65A1616}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C4696401-DA3F-49D7-B5B3-D856F37CEEA2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C4FB5557-2150-48B1-8244-AAB4EC93CDED}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D9C98227-C8A8-41EE-BAFC-0E43973757EC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E83E5F40-589C-4A4B-8E41-51D86763631F}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0052185F-4EC0-4155-90E8-B4AC671186E4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{13D664E8-A134-4759-B79E-DF3F8CAE2C1C}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | 
"{16968817-39FF-440D-A0BF-691DF4DD6B0A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1B35A95D-7346-4D92-953A-31B307694FC6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{208A3084-C63C-4826-B483-F6B009767D1B}" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"{26FCA5F2-140B-42F2-A396-8DF3D9B3C060}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{310EDACB-5FC7-4F05-9308-B1C804BC8BB3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
"{37677B55-48E1-4F5F-8092-8B566677137A}" = protocol=17 | dir=in | app=c:\users\curly\appdata\local\akamai\netsession_win.exe | 
"{3AE7A479-8530-4BD3-A916-AECD223FA6E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3E04AB46-F9C0-403A-9774-BC1D0B6CC8CB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{40836A3E-C887-407F-AD26-20C61DC690FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5481D989-E77F-4E17-AA08-9F65F10C7A93}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{577285BC-9155-4B27-A26F-ECFE53F0BA22}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5A4CB546-335C-47B2-AF36-60D559FD276A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8068FAB8-FC58-40B1-9D2B-98E206F5522C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{89F449F1-BD36-4016-934C-7CC9D13B89EB}" = protocol=6 | dir=out | app=system | 
"{8B4052CE-D834-411E-BAA1-4E2CBBFFBFDA}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{8E79F325-74F9-4526-B156-551FB2FF97EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9D9D963F-5742-47BA-BED4-790F23736B70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB1CBE95-38FA-4129-B8D5-9F02DCAB5C75}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AC4BFE1E-0574-432A-A409-9C70455EA853}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B2823A6C-76AF-4725-AED2-A929CBED35EC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{BE69FC28-6D2C-490E-9B17-BE3071076C72}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C0F010B6-7DBD-4F13-8551-639ABC497C27}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CE979443-744A-42EE-971C-615DD432484D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D0043576-4FF5-4FFB-9489-36699BBF8110}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EBF7309C-A09C-4DFC-815A-BD5727BCD612}" = protocol=6 | dir=in | app=c:\users\curly\appdata\local\akamai\netsession_win.exe | 
"{F04600AA-DAAB-4CEE-9906-7351820009AF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F1C06C51-379A-4301-93B4-40EDE8E10C56}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{F280F92D-F2F7-4350-99F4-F42588E5BC5E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F660CDAB-929A-4315-BA96-287578D11C92}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FD3AFA01-032F-4FB5-A7BC-5C6810DD7DB7}" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{6CE4A3D7-371C-476E-A2CD-C01E5BAE6980}C:\program files (x86)\pacificpoker\bin\poker.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pacificpoker\bin\poker.exe | 
"TCP Query User{A98B90E5-C86C-404E-A1E9-089A7B1733DC}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{AD7B1BCF-28B0-474B-BFC6-840E99F5CD7B}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{B393B290-C8D1-4D53-AEB8-CE76E9DFEF54}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{EEB7CED1-C2BD-44C5-B683-C3E4D59373DC}C:\users\curly\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\curly\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{388353D5-5BA1-4A3F-A02C-2AE50045B01D}C:\program files (x86)\pacificpoker\bin\poker.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pacificpoker\bin\poker.exe | 
"UDP Query User{69CADA3B-F6A4-477F-82EF-ECF803BB2DDF}C:\users\curly\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\curly\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{7E18F17B-7C5E-462F-8D5E-A036093CA140}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{EDEFCBCA-EB35-470F-A06E-052002CEB662}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{F185A452-A77C-4DF3-8A6E-F6CCD2445B5B}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel(R) PROSet/Wireless WiFi Software
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F796312-289C-40CA-856C-9FBCF5E83342}" = REALTEK Wireless LAN Software
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{60356853-8141-8377-6786-288431479053}" = Jewel Empire-Hidden Secrets
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}" = Gem Shop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}" = Bonbon Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113128447}" = Daycare Nightmare
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F9557866-B4C8-4CE5-8508-0E386BDC20B2}" = Easy Network Manager
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"888poker" = 888poker
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Akamai" = Akamai NetSession Interface Service
"Alice Software" = Alice Software 4.10.0
"BabylonToolbar" = Babylon toolbar on IE
"BFG-Awakening 2 - Der Mondenwald" = Awakening 2: Der Mondenwald
"BFGC" = Big Fish Games: Game Manager
"colosseum" = Colosseum Casino
"DealPly" = DealPly
"DSGPlayer" = RTL GAME CENTER
"ElsterFormular für Privatanwender und Unternehmer 12.0.0.5880k" = ElsterFormular für Privatanwender und Unternehmer
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Jane Angel_is1" = Jane Angel
"Jewel Match 2" = Jewel Match 2
"Jewel Quest 2_is1" = Jewel Quest 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"TmNationsForever_is1" = TmNationsForever
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/25/2012 4:11:05 PM | Computer Name = Curly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 4/26/2012 8:01:30 AM | Computer Name = Curly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 4/26/2012 2:10:03 PM | Computer Name = Curly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 4/27/2012 3:10:37 AM | Computer Name = Curly-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 15.4.3538.513,
 Zeitstempel: 0x4dcdb2b3  Name des fehlerhaften Moduls: YCWebCameraSource.ax, Version:
 2.0.10175.3910, Zeitstempel: 0x4b9715b8  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000c9d8
ID
 des fehlerhaften Prozesses: 0xb30  Startzeit der fehlerhaften Anwendung: 0x01cd2444c59627a4
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\CyberLink\YouCam\YCWebCameraSource.ax
Berichtskennung:
 164509e8-9038-11e1-a521-002454ce6eec
 
Error - 4/27/2012 3:20:21 AM | Computer Name = Curly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 4/27/2012 3:54:43 AM | Computer Name = Curly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 4/27/2012 5:22:11 AM | Computer Name = Curly-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
 in Zeile 2.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 4/27/2012 5:22:29 AM | Computer Name = Curly-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 4/27/2012 2:26:51 PM | Computer Name = Curly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 4/28/2012 5:06:31 AM | Computer Name = Curly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
[ System Events ]
Error - 6/9/2012 8:53:58 AM | Computer Name = Curly-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Benutzerprofildienst" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:   %%1056
 
Error - 6/12/2012 2:02:39 PM | Computer Name = Curly-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.127.1715.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%854     Quellpfad: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8403.0     Fehlercode: 0x8024001e     Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 
 
Error - 6/14/2012 11:06:37 AM | Computer Name = Curly-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.127.1922.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%854     Quellpfad: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8403.0     Fehlercode: 0x80240016     Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 
 
Error - 6/14/2012 11:06:37 AM | Computer Name = Curly-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.127.1922.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%854     Quellpfad: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8403.0     Fehlercode: 0x80240016     Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 
 
Error - 6/14/2012 11:06:37 AM | Computer Name = Curly-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.127.1922.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%853     Quellpfad: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8403.0     Fehlercode: 0x80240016     Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 
 
Error - 6/28/2012 3:22:04 PM | Computer Name = Curly-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:   %%-2147467243
 
Error - 7/1/2012 9:15:12 AM | Computer Name = Curly-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Rezip erreicht.
 
Error - 7/3/2012 10:51:02 AM | Computer Name = Curly-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Rezip erreicht.
 
Error - 7/3/2012 1:39:26 PM | Computer Name = Curly-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 7/14/2012 11:51:06 AM | Computer Name = Curly-PC | Source = Tcpip | ID = 4199
Description = Das System hat einen Adressenkonflikt der IP-Adresse 192.168.1.2 mit
 dem Computer mit der  Netzwerkhardwareadresse E4-7C-F9-26-4A-D2 ermittelt. Netzwerkvorgänge
 könnten daher auf diesem  System unterbrochen werden.
 
 
< End of report >
         
--- --- ---

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 7/14/2012 7:59:50 PM - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Curly\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 2.80 Gb Available Physical Memory | 72.59% Memory free
7.73 Gb Paging File | 6.60 Gb Available in Paging File | 85.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 253.00 Gb Total Space | 171.67 Gb Free Space | 67.85% Space Free | Partition Type: NTFS
Drive D: | 192.66 Gb Total Space | 192.57 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
 
Computer Name: CURLY-PC | User Name: Curly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/07/14 19:11:02 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Curly\Downloads\OTL (1).exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Curly\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/12/09 12:45:58 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010/06/08 09:39:00 | 000,847,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/05/06 08:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/01/19 04:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/10/13 12:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/06/03 13:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 16:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\SysWOW64\Rezip.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009/06/03 13:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 13:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/07/10 19:44:31 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/06/10 21:45:38 | 001,605,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/27 02:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/26 20:32:58 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/28 11:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/27 16:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 08:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV - [2010/09/29 16:05:06 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Samsung | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=100478&babsrc=SP_ss&mntrId=c641592b0000000000001ef46a1a847a
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Curly\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Curly\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - homepage: Google
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Google
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Curly\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Curly\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Curly\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Curly\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.2_0\
CHR - Extension: YouTube = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Deaktivierungs-Add-on von Google Analytics = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\0.9.0_0\
CHR - Extension: DealPly = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: Skype Click to Call = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Google Mail = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Curly\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Curly\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Curly\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F96EEFF-043E-470A-85AA-1D0C59A2263E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70F52640-BC37-48B9-9469-CABB97784DB3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92071B0F-B1C4-4A63-AA34-2BC15A05C928}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/14 16:53:36 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Roaming\Malwarebytes
[2012/07/14 16:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/14 16:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/14 16:53:10 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/07/14 16:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/14 13:51:07 | 000,000,000 | ---D | C] -- C:\Users\Curly\Documents\Simply Super Software
[2012/07/14 13:20:03 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{0B8437F3-455E-4594-8000-CF2F32718C1D}
[2012/07/14 13:19:52 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{6C50CC1E-1167-4A7D-97C7-77F4D945A868}
[2012/07/14 01:07:36 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{1B83F72F-FBBE-46E8-946A-A33B291D913B}
[2012/07/14 01:07:25 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{1083DB5F-87E2-4B8C-A08E-3EB677EE55A3}
[2012/07/13 13:06:58 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{9EC33733-E145-43BC-B53B-5C96E92188CB}
[2012/07/13 13:06:45 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{3F957AFA-14D0-4C70-AF31-0B0067AA517B}
[2012/07/12 16:48:11 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{099B6F47-AB64-47D3-A2A8-C409E9F9A19C}
[2012/07/12 16:47:58 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{97A632B0-08D6-4C87-8F2B-A9ADBA3AE2E8}
[2012/07/11 17:38:57 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{C547E0FE-1315-45DD-AAA6-522B906BBBD9}
[2012/07/11 17:38:45 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{BDE20456-27AE-4CD2-AD2D-4ABD9227DFFA}
[2012/07/10 16:37:45 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{E82146B6-C436-494A-AA78-D4C3AE77C09C}
[2012/07/10 16:37:33 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{B4CC0C13-FB37-44A5-8E9B-E41B412B244E}
[2012/07/09 19:27:23 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{22EB1839-8BA7-4D07-85A6-7C5F02C36C5C}
[2012/07/09 19:27:10 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{042A7E39-51F4-43E4-819B-A52B8BB4C792}
[2012/07/08 20:04:12 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{0C37E501-C89C-41EF-8440-C6F29A13A811}
[2012/07/08 20:03:57 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{0A0C36D9-EB71-4FF6-8001-D57D96B660A3}
[2012/07/08 08:03:30 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{31225A11-D694-422C-AF66-F82EBB79FCD0}
[2012/07/08 08:03:19 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{725F1962-318B-459B-92C9-891110E6E725}
[2012/07/07 20:02:53 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{966E0BD8-68CC-4DE1-91B7-483DFD16DAB0}
[2012/07/07 20:02:42 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{A60421EA-A0FC-4112-95D3-3B50B3EA1306}
[2012/07/07 08:02:12 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{66028DD7-4F0D-4C0F-A50D-3861B1260581}
[2012/07/07 08:01:59 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{DCB17834-1F54-4C3D-8BF7-04CD84CEB5E8}
[2012/07/06 19:59:17 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{2F3B04F8-9F2E-4D93-86AB-13F62C2972B9}
[2012/07/06 19:59:05 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{A15967AC-8D31-4385-BC9B-42BD30EC5F91}
[2012/07/05 16:38:24 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{7EA1BB94-60C8-40C0-B2B9-F5D1EC40C3CC}
[2012/07/05 16:38:12 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{0AF0B1B3-F5CA-4A7C-9926-0234C7172410}
[2012/07/03 16:51:41 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{238179E4-F0CA-4AE6-AA56-5B7E1E455416}
[2012/07/03 16:51:30 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{1D31B9E6-9D35-4E53-9213-7226158CAC92}
[2012/06/30 15:57:34 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Roaming\Try2
[2012/06/30 15:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Try2
[2012/06/30 15:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rondomedia
[2012/06/30 15:55:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\rondomedia
[2012/06/30 08:40:33 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{91C14A3C-EA6D-464D-90E6-04588472836A}
[2012/06/30 08:40:21 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{620D4DA6-0351-4304-A54F-B1BCAC8AF811}
[2012/06/29 20:08:06 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{85C6442F-B9D5-49A7-9D2D-EE984F9FC91F}
[2012/06/29 20:07:54 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{87ECE462-7EEB-4211-8CC4-697C787AE266}
[2012/06/28 17:22:39 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{3E6338C1-61A4-4A1B-8E84-E71F251E3E04}
[2012/06/28 17:22:26 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{B6F28B37-0223-49DE-BE8F-A05024E34C24}
[2012/06/27 12:07:26 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{EDF4A685-4661-4669-8A69-B0DC621C1B6A}
[2012/06/27 12:07:12 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{8C0D85AC-4947-4705-8572-DFA62CA98594}
[2012/06/26 17:26:04 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{8314CFFE-C64E-4C90-9263-6EE337D4A14C}
[2012/06/26 17:25:51 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{0E617B41-9F0F-42B2-A076-A8AAA7B408E0}
[2012/06/25 18:15:14 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{787B3F86-D47E-45E5-B545-ECFEC5683D0D}
[2012/06/25 18:15:03 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{6136B93F-ADA6-42A8-91C6-94F1687857D2}
[2012/06/24 13:51:27 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{AA44DD6E-9ED3-494A-B90B-DC4F06829FC1}
[2012/06/24 13:51:14 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{2F4D4BE8-90F8-4F30-BF09-6EADADB91195}
[2012/06/23 23:18:53 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{CC8E8176-BDCD-479F-A942-D218B5F1D1C5}
[2012/06/23 23:18:42 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{461389E9-71DC-4D5A-9755-8605D9AA9487}
[2012/06/23 11:18:15 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{A9369701-9AE9-4A9F-B7D6-A0E26C14F609}
[2012/06/23 11:18:01 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{5989344F-A244-48B1-929E-F872BFBF60AC}
[2012/06/22 10:16:47 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{854BC9EB-6588-4052-A7C5-B258DD5993FE}
[2012/06/22 10:16:34 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{4E24F057-FEA2-4E00-9260-DC15E3AE99EC}
[2012/06/21 22:16:02 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{812CBD7C-EACC-46FE-B4A8-6A6287DC04C4}
[2012/06/21 22:15:49 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{9661BFD4-872C-4FB1-B612-DCCB5EA8A0A2}
[2012/06/21 09:45:38 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{9E0D13C0-8A97-46CF-8160-CAE36ACB3112}
[2012/06/21 09:45:26 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{7D65540B-B4C7-4AAA-BDB2-B862F4F33313}
[2012/06/20 14:29:38 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{FECEF177-12E8-4706-8C42-BA2B2BE52D20}
[2012/06/20 14:29:26 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{FF83F29A-A84E-475E-8B44-6D249E43C7A3}
[2012/06/20 14:28:15 | 000,000,000 | ---D | C] -- C:\windows\de
[2012/06/20 14:23:19 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{5D1AC59A-784F-43FA-92F5-E7D855BFFD8C}
[2012/06/20 14:23:08 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{0AD04DD3-AA84-45EE-9A18-E2DD33BC6254}
[2012/06/20 12:52:08 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{09AC0B06-970F-42FA-B9E9-C9102F3D9A0B}
[2012/06/20 12:51:57 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{FDECE332-E2F4-4A21-BE08-3686ACF7296D}
[2012/06/20 12:40:21 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{BA5E77BF-3B9E-4CF5-96D0-E6CD6BF6157B}
[2012/06/20 12:40:10 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{BC041490-B794-47A9-8408-C0453B9C8A30}
[2012/06/20 08:54:05 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{4963E122-B1E8-4341-AE89-CAB1253F3D20}
[2012/06/20 08:53:52 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{8A196436-5561-4FC4-82D2-B860537E631D}
[2012/06/20 08:16:09 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{389ADBA7-CF63-4ED7-8388-CD7535264E4F}
[2012/06/20 08:15:57 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{AE11333D-3098-4744-90D9-013AB0476BCC}
[2012/06/19 20:37:56 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{AF064C82-00F6-4179-8E96-713F68634680}
[2012/06/19 20:37:43 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{B1283DBE-5973-4313-B936-DE316349B10B}
[2012/06/19 13:16:57 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{26AEC35B-4A4C-414C-B412-D4B0B538FBCA}
[2012/06/19 13:16:45 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{71EDB583-229D-45ED-BFBC-56224171E6F3}
[2012/06/19 10:25:51 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{86E9479B-BC8E-498C-8F8F-056CAFD83FC5}
[2012/06/19 10:25:38 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{39F18714-431F-4877-A76C-229B7BE21B61}
[2012/06/19 08:18:31 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{CAD1D7C6-BB32-4577-BFDC-9CA9C1961E69}
[2012/06/19 08:18:13 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{E9D50095-2332-4F8F-978F-5CB23262705D}
[2012/06/17 08:55:55 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{17A4699B-7E9B-4B84-8C52-8EF3BCCFEC97}
[2012/06/16 08:39:24 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{DB85DFBD-E265-4904-81A8-621671DDA6CD}
[2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[2 C:\Users\Curly\*.tmp files -> C:\Users\Curly\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/14 19:41:00 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-522234228-4192544273-3428825822-1000UA.job
[2012/07/14 18:43:03 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/14 18:43:03 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/14 18:35:31 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/14 18:35:26 | 4148,744,192 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/14 09:45:21 | 000,058,880 | ---- | M] () -- C:\Users\Curly\AppData\Local\gjgsnppv
[2012/07/14 09:44:17 | 000,000,000 | ---- | M] () -- C:\Users\Curly\AppData\Roaming\SharedSettings.ccs
[2012/07/14 09:43:44 | 000,058,880 | ---- | M] () -- C:\Users\Curly\AppData\Local\duipdtsf
[2012/07/12 17:42:29 | 000,002,397 | ---- | M] () -- C:\Users\Curly\Desktop\Google Chrome.lnk
[2012/07/12 17:17:38 | 000,276,976 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/07/08 07:41:00 | 000,001,068 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-522234228-4192544273-3428825822-1000Core.job
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/06/30 15:57:31 | 000,002,271 | ---- | M] () -- C:\Users\Public\Desktop\Jewel Empire - Hidden Secrets.lnk
[2012/06/23 19:58:36 | 003,379,648 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012/06/23 19:58:36 | 001,440,770 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/06/23 19:58:36 | 001,001,626 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012/06/23 19:58:36 | 000,892,264 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/06/23 19:58:36 | 000,005,646 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/06/23 17:39:19 | 000,001,172 | ---- | M] () -- C:\Users\Curly\Desktop\Jewel Quest 2.lnk
[2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[2 C:\Users\Curly\*.tmp files -> C:\Users\Curly\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/07/14 13:50:56 | 000,153,088 | ---- | C] () -- C:\windows\SysWow64\UNRAR3.dll
[2012/07/14 13:50:56 | 000,075,264 | ---- | C] () -- C:\windows\SysWow64\unacev2.dll
[2012/07/14 09:45:21 | 000,058,880 | ---- | C] () -- C:\Users\Curly\AppData\Local\gjgsnppv
[2012/07/14 09:44:17 | 000,000,000 | ---- | C] () -- C:\Users\Curly\AppData\Roaming\SharedSettings.ccs
[2012/07/14 09:43:44 | 000,058,880 | ---- | C] () -- C:\Users\Curly\AppData\Local\duipdtsf
[2012/06/30 15:57:31 | 000,002,271 | ---- | C] () -- C:\Users\Public\Desktop\Jewel Empire - Hidden Secrets.lnk
[2012/06/23 17:39:19 | 000,001,172 | ---- | C] () -- C:\Users\Curly\Desktop\Jewel Quest 2.lnk
[2011/12/13 20:46:28 | 000,098,304 | ---- | C] () -- C:\windows\SysWow64\redmonnt.dll
[2011/01/25 22:12:09 | 000,005,612 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/01/09 23:52:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/09 22:20:40 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/08/04 05:29:38 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2010/08/04 04:29:02 | 000,001,960 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/08/04 04:27:22 | 000,311,296 | ---- | C] () -- C:\windows\SysWow64\Rezip.exe
 
========== LOP Check ==========
 
[2011/12/13 20:46:15 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\Babylon
[2012/05/29 18:17:53 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\DVDVideoSoft
[2011/01/25 22:42:42 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/02/26 15:39:46 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\elsterformular
[2011/01/10 19:07:58 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\Green Clover Games
[2011/01/10 06:22:54 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\Hansenet
[2012/06/03 18:38:42 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\iMaxGen
[2011/08/12 19:54:36 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\JewelMatch2
[2012/02/12 19:41:08 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\Need for Speed World
[2011/10/24 16:00:20 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\PacificPoker
[2011/01/10 19:37:17 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\PlayPond
[2012/07/14 12:06:01 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\SoftGrid Client
[2011/12/15 22:23:52 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\TP
[2012/06/30 15:57:34 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\Try2
[2011/12/27 20:44:36 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\Windows Live Writer
[2012/07/08 13:24:58 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011/05/07 19:07:15 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011/01/10 19:29:18 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache
[2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010/08/04 04:22:21 | 000,000,000 | ---D | M] -- C:\Intel
[2011/10/10 19:44:15 | 000,000,000 | ---D | M] -- C:\Microgaming
[2011/12/15 22:28:51 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011/02/21 18:19:35 | 000,000,000 | ---D | M] -- C:\PFiles
[2012/04/23 18:17:30 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/07/14 17:06:47 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011/12/29 13:16:24 | 000,000,000 | ---D | M] -- C:\Program Files(x86)
[2012/07/14 17:06:47 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011/01/09 22:17:20 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012/07/14 20:04:19 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/01/09 22:18:57 | 000,000,000 | R--D | M] -- C:\Users
[2012/06/20 14:28:15 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007/05/17 14:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) MD5=A5F72BB0D024E7E463344105BE613AE4 -- C:\windows\SysNative\drivers\iaStor.sys
[2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) MD5=A5F72BB0D024E7E463344105BE613AE4 -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_c62e28b241ae90ea\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2011/01/09 22:44:24 | 000,000,148 | ---- | M] () -- C:\Users\Curly\DiskScrP.txt
[2012/07/14 20:10:10 | 001,835,008 | -HS- | M] () -- C:\Users\Curly\NTUSER.DAT
[2012/07/14 20:10:10 | 000,262,144 | -HS- | M] () -- C:\Users\Curly\ntuser.dat.LOG1
[2011/01/09 22:18:58 | 000,000,000 | -HS- | M] () -- C:\Users\Curly\ntuser.dat.LOG2
[2011/01/09 23:17:32 | 000,065,536 | -HS- | M] () -- C:\Users\Curly\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011/01/09 23:17:32 | 000,524,288 | -HS- | M] () -- C:\Users\Curly\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011/01/09 23:17:32 | 000,524,288 | -HS- | M] () -- C:\Users\Curly\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012/05/15 16:37:51 | 000,065,536 | -HS- | M] () -- C:\Users\Curly\NTUSER.DAT{1a3ab4de-9e9b-11e1-971f-002454ce6eec}.TM.blf
[2012/05/15 16:37:51 | 000,524,288 | -HS- | M] () -- C:\Users\Curly\NTUSER.DAT{1a3ab4de-9e9b-11e1-971f-002454ce6eec}.TMContainer00000000000000000001.regtrans-ms
[2012/05/15 16:37:51 | 000,524,288 | -HS- | M] () -- C:\Users\Curly\NTUSER.DAT{1a3ab4de-9e9b-11e1-971f-002454ce6eec}.TMContainer00000000000000000002.regtrans-ms
[2011/01/09 22:18:58 | 000,000,020 | -HS- | M] () -- C:\Users\Curly\ntuser.ini
[2 C:\Users\Curly\*.tmp files -> C:\Users\Curly\*.tmp -> ]
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:FC70A22A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:2AE74FF9
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F8F070C2

< End of report >
         
--- --- ---
__________________

Alt 14.07.2012, 19:28   #4
Curly89
 
Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi) - Standard

Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi)



Ich hatte das mit dem direkt reinstellen woanders gesehen.
Soweit ich weiß, habe ich keine verschlüsselten Dateien.

Hier die Logs:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 7/14/2012 7:59:50 PM - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Curly\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 2.80 Gb Available Physical Memory | 72.59% Memory free
7.73 Gb Paging File | 6.60 Gb Available in Paging File | 85.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 253.00 Gb Total Space | 171.67 Gb Free Space | 67.85% Space Free | Partition Type: NTFS
Drive D: | 192.66 Gb Total Space | 192.57 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
 
Computer Name: CURLY-PC | User Name: Curly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08C6D1B2-7F49-4A39-AF32-E99A95D2B07D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2092520B-966D-4044-BFAC-53AE2EDD7ECB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{32D469AE-4A65-4279-917F-076C18D355B7}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3C7072C4-65BE-4245-B0B5-13752809C068}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{3D57B42A-1BEB-4542-A383-ED564A49F3DF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{466BAAA6-48D5-43D4-BA6D-2471905BA12A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{47ACC041-CA4F-486E-B485-ADAE4FB3B65B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{57A298F4-A108-49E4-A12B-0196497137AE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5E3A5AC1-9573-46DC-BFE1-44850761EC48}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{7099478B-B3D6-4364-A12D-933F8F3DB4DA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{74E47DFA-198F-4D2C-8345-DDB106031F75}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{79B54805-6501-40CC-8A51-769B9F988187}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7AD559A0-6325-45BF-9889-971651042C4E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7EC1E60D-2AA7-4BB3-9086-AD970A586728}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{80E1DBE4-4D81-4F83-AC18-23D0B70640CC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{81683327-42EB-49B9-91BE-BF5F81FFA6E8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8293E152-0868-447F-99BB-4A2020E1ACB6}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8676C04B-E3F7-4851-B324-85D4ED38F757}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{87C6315B-DC5E-4902-93F0-550178C46158}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8F25E10B-133F-4202-A4C9-B0B71645EB1B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{90A6E77D-D528-4771-9047-1324942BCBFF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{93637A4F-B52D-4CD8-A85D-C239C87F64AB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{98A6891E-44A5-4C0F-AA5A-D1A0FA3D38E7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{99DAD283-B6DE-40AA-B7CC-7E8AF8DD83E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A0FE82B3-1407-43E4-8C0B-9E5651FEF8C1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A536A900-1CDC-4ACF-85F3-901AF7594448}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AAD76EF7-CBA5-4CFD-951E-65CD6DAA660D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AC1435AA-6ADA-4E97-B5BE-07F670C10D1F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B13A441A-641B-4608-A20D-387E5E7B1DFE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B24D3273-7724-4BA9-82F5-5AF8AD33EECA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B7360798-D458-4D58-B80E-8DE8B65A1616}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C4696401-DA3F-49D7-B5B3-D856F37CEEA2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C4FB5557-2150-48B1-8244-AAB4EC93CDED}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D9C98227-C8A8-41EE-BAFC-0E43973757EC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E83E5F40-589C-4A4B-8E41-51D86763631F}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0052185F-4EC0-4155-90E8-B4AC671186E4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{13D664E8-A134-4759-B79E-DF3F8CAE2C1C}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | 
"{16968817-39FF-440D-A0BF-691DF4DD6B0A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1B35A95D-7346-4D92-953A-31B307694FC6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{208A3084-C63C-4826-B483-F6B009767D1B}" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"{26FCA5F2-140B-42F2-A396-8DF3D9B3C060}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{310EDACB-5FC7-4F05-9308-B1C804BC8BB3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
"{37677B55-48E1-4F5F-8092-8B566677137A}" = protocol=17 | dir=in | app=c:\users\curly\appdata\local\akamai\netsession_win.exe | 
"{3AE7A479-8530-4BD3-A916-AECD223FA6E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3E04AB46-F9C0-403A-9774-BC1D0B6CC8CB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{40836A3E-C887-407F-AD26-20C61DC690FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5481D989-E77F-4E17-AA08-9F65F10C7A93}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{577285BC-9155-4B27-A26F-ECFE53F0BA22}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5A4CB546-335C-47B2-AF36-60D559FD276A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8068FAB8-FC58-40B1-9D2B-98E206F5522C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{89F449F1-BD36-4016-934C-7CC9D13B89EB}" = protocol=6 | dir=out | app=system | 
"{8B4052CE-D834-411E-BAA1-4E2CBBFFBFDA}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{8E79F325-74F9-4526-B156-551FB2FF97EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9D9D963F-5742-47BA-BED4-790F23736B70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB1CBE95-38FA-4129-B8D5-9F02DCAB5C75}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AC4BFE1E-0574-432A-A409-9C70455EA853}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B2823A6C-76AF-4725-AED2-A929CBED35EC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{BE69FC28-6D2C-490E-9B17-BE3071076C72}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C0F010B6-7DBD-4F13-8551-639ABC497C27}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CE979443-744A-42EE-971C-615DD432484D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D0043576-4FF5-4FFB-9489-36699BBF8110}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EBF7309C-A09C-4DFC-815A-BD5727BCD612}" = protocol=6 | dir=in | app=c:\users\curly\appdata\local\akamai\netsession_win.exe | 
"{F04600AA-DAAB-4CEE-9906-7351820009AF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F1C06C51-379A-4301-93B4-40EDE8E10C56}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{F280F92D-F2F7-4350-99F4-F42588E5BC5E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F660CDAB-929A-4315-BA96-287578D11C92}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FD3AFA01-032F-4FB5-A7BC-5C6810DD7DB7}" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{6CE4A3D7-371C-476E-A2CD-C01E5BAE6980}C:\program files (x86)\pacificpoker\bin\poker.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pacificpoker\bin\poker.exe | 
"TCP Query User{A98B90E5-C86C-404E-A1E9-089A7B1733DC}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{AD7B1BCF-28B0-474B-BFC6-840E99F5CD7B}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{B393B290-C8D1-4D53-AEB8-CE76E9DFEF54}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{EEB7CED1-C2BD-44C5-B683-C3E4D59373DC}C:\users\curly\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\curly\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{388353D5-5BA1-4A3F-A02C-2AE50045B01D}C:\program files (x86)\pacificpoker\bin\poker.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pacificpoker\bin\poker.exe | 
"UDP Query User{69CADA3B-F6A4-477F-82EF-ECF803BB2DDF}C:\users\curly\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\curly\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{7E18F17B-7C5E-462F-8D5E-A036093CA140}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{EDEFCBCA-EB35-470F-A06E-052002CEB662}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{F185A452-A77C-4DF3-8A6E-F6CCD2445B5B}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel(R) PROSet/Wireless WiFi Software
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F796312-289C-40CA-856C-9FBCF5E83342}" = REALTEK Wireless LAN Software
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{60356853-8141-8377-6786-288431479053}" = Jewel Empire-Hidden Secrets
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}" = Gem Shop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}" = Bonbon Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113128447}" = Daycare Nightmare
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F9557866-B4C8-4CE5-8508-0E386BDC20B2}" = Easy Network Manager
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"888poker" = 888poker
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Akamai" = Akamai NetSession Interface Service
"Alice Software" = Alice Software 4.10.0
"BabylonToolbar" = Babylon toolbar on IE
"BFG-Awakening 2 - Der Mondenwald" = Awakening 2: Der Mondenwald
"BFGC" = Big Fish Games: Game Manager
"colosseum" = Colosseum Casino
"DealPly" = DealPly
"DSGPlayer" = RTL GAME CENTER
"ElsterFormular für Privatanwender und Unternehmer 12.0.0.5880k" = ElsterFormular für Privatanwender und Unternehmer
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Jane Angel_is1" = Jane Angel
"Jewel Match 2" = Jewel Match 2
"Jewel Quest 2_is1" = Jewel Quest 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"TmNationsForever_is1" = TmNationsForever
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/25/2012 4:11:05 PM | Computer Name = Curly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 4/26/2012 8:01:30 AM | Computer Name = Curly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 4/26/2012 2:10:03 PM | Computer Name = Curly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 4/27/2012 3:10:37 AM | Computer Name = Curly-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 15.4.3538.513,
 Zeitstempel: 0x4dcdb2b3  Name des fehlerhaften Moduls: YCWebCameraSource.ax, Version:
 2.0.10175.3910, Zeitstempel: 0x4b9715b8  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000c9d8
ID
 des fehlerhaften Prozesses: 0xb30  Startzeit der fehlerhaften Anwendung: 0x01cd2444c59627a4
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\CyberLink\YouCam\YCWebCameraSource.ax
Berichtskennung:
 164509e8-9038-11e1-a521-002454ce6eec
 
Error - 4/27/2012 3:20:21 AM | Computer Name = Curly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 4/27/2012 3:54:43 AM | Computer Name = Curly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 4/27/2012 5:22:11 AM | Computer Name = Curly-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
 in Zeile 2.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 4/27/2012 5:22:29 AM | Computer Name = Curly-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 4/27/2012 2:26:51 PM | Computer Name = Curly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 4/28/2012 5:06:31 AM | Computer Name = Curly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
[ System Events ]
Error - 6/9/2012 8:53:58 AM | Computer Name = Curly-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Benutzerprofildienst" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:   %%1056
 
Error - 6/12/2012 2:02:39 PM | Computer Name = Curly-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.127.1715.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%854     Quellpfad: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8403.0     Fehlercode: 0x8024001e     Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 
 
Error - 6/14/2012 11:06:37 AM | Computer Name = Curly-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.127.1922.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%854     Quellpfad: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8403.0     Fehlercode: 0x80240016     Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 
 
Error - 6/14/2012 11:06:37 AM | Computer Name = Curly-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.127.1922.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%854     Quellpfad: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8403.0     Fehlercode: 0x80240016     Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 
 
Error - 6/14/2012 11:06:37 AM | Computer Name = Curly-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.127.1922.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%853     Quellpfad: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8403.0     Fehlercode: 0x80240016     Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 
 
Error - 6/28/2012 3:22:04 PM | Computer Name = Curly-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:   %%-2147467243
 
Error - 7/1/2012 9:15:12 AM | Computer Name = Curly-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Rezip erreicht.
 
Error - 7/3/2012 10:51:02 AM | Computer Name = Curly-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Rezip erreicht.
 
Error - 7/3/2012 1:39:26 PM | Computer Name = Curly-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 7/14/2012 11:51:06 AM | Computer Name = Curly-PC | Source = Tcpip | ID = 4199
Description = Das System hat einen Adressenkonflikt der IP-Adresse 192.168.1.2 mit
 dem Computer mit der  Netzwerkhardwareadresse E4-7C-F9-26-4A-D2 ermittelt. Netzwerkvorgänge
 könnten daher auf diesem  System unterbrochen werden.
 
 
< End of report >
         
--- --- ---




OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 7/14/2012 7:59:50 PM - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Curly\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 2.80 Gb Available Physical Memory | 72.59% Memory free
7.73 Gb Paging File | 6.60 Gb Available in Paging File | 85.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 253.00 Gb Total Space | 171.67 Gb Free Space | 67.85% Space Free | Partition Type: NTFS
Drive D: | 192.66 Gb Total Space | 192.57 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
 
Computer Name: CURLY-PC | User Name: Curly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/07/14 19:11:02 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Curly\Downloads\OTL (1).exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Curly\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/12/09 12:45:58 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010/06/08 09:39:00 | 000,847,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/05/06 08:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/01/19 04:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/10/13 12:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/06/03 13:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 16:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\SysWOW64\Rezip.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009/06/03 13:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 13:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/07/10 19:44:31 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/06/10 21:45:38 | 001,605,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/27 02:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/26 20:32:58 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/28 11:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/27 16:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 08:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV - [2010/09/29 16:05:06 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Samsung | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=100478&babsrc=SP_ss&mntrId=c641592b0000000000001ef46a1a847a
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Curly\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Curly\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - homepage: Google
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Google
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Curly\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Curly\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Curly\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Curly\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.2_0\
CHR - Extension: YouTube = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Deaktivierungs-Add-on von Google Analytics = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\0.9.0_0\
CHR - Extension: DealPly = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: Skype Click to Call = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Google Mail = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Curly\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Curly\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Curly\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F96EEFF-043E-470A-85AA-1D0C59A2263E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70F52640-BC37-48B9-9469-CABB97784DB3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92071B0F-B1C4-4A63-AA34-2BC15A05C928}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/14 16:53:36 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Roaming\Malwarebytes
[2012/07/14 16:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/14 16:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/14 16:53:10 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/07/14 16:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/14 13:51:07 | 000,000,000 | ---D | C] -- C:\Users\Curly\Documents\Simply Super Software
[2012/07/14 13:20:03 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{0B8437F3-455E-4594-8000-CF2F32718C1D}
[2012/07/14 13:19:52 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{6C50CC1E-1167-4A7D-97C7-77F4D945A868}
[2012/07/14 01:07:36 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{1B83F72F-FBBE-46E8-946A-A33B291D913B}
[2012/07/14 01:07:25 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{1083DB5F-87E2-4B8C-A08E-3EB677EE55A3}
[2012/07/13 13:06:58 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{9EC33733-E145-43BC-B53B-5C96E92188CB}
[2012/07/13 13:06:45 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{3F957AFA-14D0-4C70-AF31-0B0067AA517B}
[2012/07/12 16:48:11 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{099B6F47-AB64-47D3-A2A8-C409E9F9A19C}
[2012/07/12 16:47:58 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{97A632B0-08D6-4C87-8F2B-A9ADBA3AE2E8}
[2012/07/11 17:38:57 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{C547E0FE-1315-45DD-AAA6-522B906BBBD9}
[2012/07/11 17:38:45 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{BDE20456-27AE-4CD2-AD2D-4ABD9227DFFA}
[2012/07/10 16:37:45 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{E82146B6-C436-494A-AA78-D4C3AE77C09C}
[2012/07/10 16:37:33 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{B4CC0C13-FB37-44A5-8E9B-E41B412B244E}
[2012/07/09 19:27:23 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{22EB1839-8BA7-4D07-85A6-7C5F02C36C5C}
[2012/07/09 19:27:10 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{042A7E39-51F4-43E4-819B-A52B8BB4C792}
[2012/07/08 20:04:12 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{0C37E501-C89C-41EF-8440-C6F29A13A811}
[2012/07/08 20:03:57 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{0A0C36D9-EB71-4FF6-8001-D57D96B660A3}
[2012/07/08 08:03:30 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{31225A11-D694-422C-AF66-F82EBB79FCD0}
[2012/07/08 08:03:19 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{725F1962-318B-459B-92C9-891110E6E725}
[2012/07/07 20:02:53 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{966E0BD8-68CC-4DE1-91B7-483DFD16DAB0}
[2012/07/07 20:02:42 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{A60421EA-A0FC-4112-95D3-3B50B3EA1306}
[2012/07/07 08:02:12 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{66028DD7-4F0D-4C0F-A50D-3861B1260581}
[2012/07/07 08:01:59 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{DCB17834-1F54-4C3D-8BF7-04CD84CEB5E8}
[2012/07/06 19:59:17 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{2F3B04F8-9F2E-4D93-86AB-13F62C2972B9}
[2012/07/06 19:59:05 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{A15967AC-8D31-4385-BC9B-42BD30EC5F91}
[2012/07/05 16:38:24 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{7EA1BB94-60C8-40C0-B2B9-F5D1EC40C3CC}
[2012/07/05 16:38:12 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{0AF0B1B3-F5CA-4A7C-9926-0234C7172410}
[2012/07/03 16:51:41 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{238179E4-F0CA-4AE6-AA56-5B7E1E455416}
[2012/07/03 16:51:30 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{1D31B9E6-9D35-4E53-9213-7226158CAC92}
[2012/06/30 15:57:34 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Roaming\Try2
[2012/06/30 15:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Try2
[2012/06/30 15:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rondomedia
[2012/06/30 15:55:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\rondomedia
[2012/06/30 08:40:33 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{91C14A3C-EA6D-464D-90E6-04588472836A}
[2012/06/30 08:40:21 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{620D4DA6-0351-4304-A54F-B1BCAC8AF811}
[2012/06/29 20:08:06 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{85C6442F-B9D5-49A7-9D2D-EE984F9FC91F}
[2012/06/29 20:07:54 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{87ECE462-7EEB-4211-8CC4-697C787AE266}
[2012/06/28 17:22:39 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{3E6338C1-61A4-4A1B-8E84-E71F251E3E04}
[2012/06/28 17:22:26 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{B6F28B37-0223-49DE-BE8F-A05024E34C24}
[2012/06/27 12:07:26 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{EDF4A685-4661-4669-8A69-B0DC621C1B6A}
[2012/06/27 12:07:12 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{8C0D85AC-4947-4705-8572-DFA62CA98594}
[2012/06/26 17:26:04 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{8314CFFE-C64E-4C90-9263-6EE337D4A14C}
[2012/06/26 17:25:51 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{0E617B41-9F0F-42B2-A076-A8AAA7B408E0}
[2012/06/25 18:15:14 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{787B3F86-D47E-45E5-B545-ECFEC5683D0D}
[2012/06/25 18:15:03 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{6136B93F-ADA6-42A8-91C6-94F1687857D2}
[2012/06/24 13:51:27 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{AA44DD6E-9ED3-494A-B90B-DC4F06829FC1}
[2012/06/24 13:51:14 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{2F4D4BE8-90F8-4F30-BF09-6EADADB91195}
[2012/06/23 23:18:53 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{CC8E8176-BDCD-479F-A942-D218B5F1D1C5}
[2012/06/23 23:18:42 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{461389E9-71DC-4D5A-9755-8605D9AA9487}
[2012/06/23 11:18:15 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{A9369701-9AE9-4A9F-B7D6-A0E26C14F609}
[2012/06/23 11:18:01 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{5989344F-A244-48B1-929E-F872BFBF60AC}
[2012/06/22 10:16:47 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{854BC9EB-6588-4052-A7C5-B258DD5993FE}
[2012/06/22 10:16:34 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{4E24F057-FEA2-4E00-9260-DC15E3AE99EC}
[2012/06/21 22:16:02 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{812CBD7C-EACC-46FE-B4A8-6A6287DC04C4}
[2012/06/21 22:15:49 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{9661BFD4-872C-4FB1-B612-DCCB5EA8A0A2}
[2012/06/21 09:45:38 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{9E0D13C0-8A97-46CF-8160-CAE36ACB3112}
[2012/06/21 09:45:26 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{7D65540B-B4C7-4AAA-BDB2-B862F4F33313}
[2012/06/20 14:29:38 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{FECEF177-12E8-4706-8C42-BA2B2BE52D20}
[2012/06/20 14:29:26 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{FF83F29A-A84E-475E-8B44-6D249E43C7A3}
[2012/06/20 14:28:15 | 000,000,000 | ---D | C] -- C:\windows\de
[2012/06/20 14:23:19 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{5D1AC59A-784F-43FA-92F5-E7D855BFFD8C}
[2012/06/20 14:23:08 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{0AD04DD3-AA84-45EE-9A18-E2DD33BC6254}
[2012/06/20 12:52:08 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{09AC0B06-970F-42FA-B9E9-C9102F3D9A0B}
[2012/06/20 12:51:57 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{FDECE332-E2F4-4A21-BE08-3686ACF7296D}
[2012/06/20 12:40:21 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{BA5E77BF-3B9E-4CF5-96D0-E6CD6BF6157B}
[2012/06/20 12:40:10 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{BC041490-B794-47A9-8408-C0453B9C8A30}
[2012/06/20 08:54:05 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{4963E122-B1E8-4341-AE89-CAB1253F3D20}
[2012/06/20 08:53:52 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{8A196436-5561-4FC4-82D2-B860537E631D}
[2012/06/20 08:16:09 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{389ADBA7-CF63-4ED7-8388-CD7535264E4F}
[2012/06/20 08:15:57 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{AE11333D-3098-4744-90D9-013AB0476BCC}
[2012/06/19 20:37:56 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{AF064C82-00F6-4179-8E96-713F68634680}
[2012/06/19 20:37:43 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{B1283DBE-5973-4313-B936-DE316349B10B}
[2012/06/19 13:16:57 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{26AEC35B-4A4C-414C-B412-D4B0B538FBCA}
[2012/06/19 13:16:45 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{71EDB583-229D-45ED-BFBC-56224171E6F3}
[2012/06/19 10:25:51 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{86E9479B-BC8E-498C-8F8F-056CAFD83FC5}
[2012/06/19 10:25:38 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{39F18714-431F-4877-A76C-229B7BE21B61}
[2012/06/19 08:18:31 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{CAD1D7C6-BB32-4577-BFDC-9CA9C1961E69}
[2012/06/19 08:18:13 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{E9D50095-2332-4F8F-978F-5CB23262705D}
[2012/06/17 08:55:55 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{17A4699B-7E9B-4B84-8C52-8EF3BCCFEC97}
[2012/06/16 08:39:24 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{DB85DFBD-E265-4904-81A8-621671DDA6CD}
[2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[2 C:\Users\Curly\*.tmp files -> C:\Users\Curly\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/14 19:41:00 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-522234228-4192544273-3428825822-1000UA.job
[2012/07/14 18:43:03 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/14 18:43:03 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/14 18:35:31 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/14 18:35:26 | 4148,744,192 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/14 09:45:21 | 000,058,880 | ---- | M] () -- C:\Users\Curly\AppData\Local\gjgsnppv
[2012/07/14 09:44:17 | 000,000,000 | ---- | M] () -- C:\Users\Curly\AppData\Roaming\SharedSettings.ccs
[2012/07/14 09:43:44 | 000,058,880 | ---- | M] () -- C:\Users\Curly\AppData\Local\duipdtsf
[2012/07/12 17:42:29 | 000,002,397 | ---- | M] () -- C:\Users\Curly\Desktop\Google Chrome.lnk
[2012/07/12 17:17:38 | 000,276,976 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/07/08 07:41:00 | 000,001,068 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-522234228-4192544273-3428825822-1000Core.job
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/06/30 15:57:31 | 000,002,271 | ---- | M] () -- C:\Users\Public\Desktop\Jewel Empire - Hidden Secrets.lnk
[2012/06/23 19:58:36 | 003,379,648 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012/06/23 19:58:36 | 001,440,770 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/06/23 19:58:36 | 001,001,626 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012/06/23 19:58:36 | 000,892,264 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/06/23 19:58:36 | 000,005,646 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/06/23 17:39:19 | 000,001,172 | ---- | M] () -- C:\Users\Curly\Desktop\Jewel Quest 2.lnk
[2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[2 C:\Users\Curly\*.tmp files -> C:\Users\Curly\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/07/14 13:50:56 | 000,153,088 | ---- | C] () -- C:\windows\SysWow64\UNRAR3.dll
[2012/07/14 13:50:56 | 000,075,264 | ---- | C] () -- C:\windows\SysWow64\unacev2.dll
[2012/07/14 09:45:21 | 000,058,880 | ---- | C] () -- C:\Users\Curly\AppData\Local\gjgsnppv
[2012/07/14 09:44:17 | 000,000,000 | ---- | C] () -- C:\Users\Curly\AppData\Roaming\SharedSettings.ccs
[2012/07/14 09:43:44 | 000,058,880 | ---- | C] () -- C:\Users\Curly\AppData\Local\duipdtsf
[2012/06/30 15:57:31 | 000,002,271 | ---- | C] () -- C:\Users\Public\Desktop\Jewel Empire - Hidden Secrets.lnk
[2012/06/23 17:39:19 | 000,001,172 | ---- | C] () -- C:\Users\Curly\Desktop\Jewel Quest 2.lnk
[2011/12/13 20:46:28 | 000,098,304 | ---- | C] () -- C:\windows\SysWow64\redmonnt.dll
[2011/01/25 22:12:09 | 000,005,612 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/01/09 23:52:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/09 22:20:40 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/08/04 05:29:38 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2010/08/04 04:29:02 | 000,001,960 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/08/04 04:27:22 | 000,311,296 | ---- | C] () -- C:\windows\SysWow64\Rezip.exe
 
========== LOP Check ==========
 
[2011/12/13 20:46:15 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\Babylon
[2012/05/29 18:17:53 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\DVDVideoSoft
[2011/01/25 22:42:42 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/02/26 15:39:46 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\elsterformular
[2011/01/10 19:07:58 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\Green Clover Games
[2011/01/10 06:22:54 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\Hansenet
[2012/06/03 18:38:42 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\iMaxGen
[2011/08/12 19:54:36 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\JewelMatch2
[2012/02/12 19:41:08 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\Need for Speed World
[2011/10/24 16:00:20 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\PacificPoker
[2011/01/10 19:37:17 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\PlayPond
[2012/07/14 12:06:01 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\SoftGrid Client
[2011/12/15 22:23:52 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\TP
[2012/06/30 15:57:34 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\Try2
[2011/12/27 20:44:36 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\Windows Live Writer
[2012/07/08 13:24:58 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011/05/07 19:07:15 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011/01/10 19:29:18 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache
[2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010/08/04 04:22:21 | 000,000,000 | ---D | M] -- C:\Intel
[2011/10/10 19:44:15 | 000,000,000 | ---D | M] -- C:\Microgaming
[2011/12/15 22:28:51 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011/02/21 18:19:35 | 000,000,000 | ---D | M] -- C:\PFiles
[2012/04/23 18:17:30 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/07/14 17:06:47 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011/12/29 13:16:24 | 000,000,000 | ---D | M] -- C:\Program Files(x86)
[2012/07/14 17:06:47 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011/01/09 22:17:20 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012/07/14 20:04:19 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/01/09 22:18:57 | 000,000,000 | R--D | M] -- C:\Users
[2012/06/20 14:28:15 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007/05/17 14:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) MD5=A5F72BB0D024E7E463344105BE613AE4 -- C:\windows\SysNative\drivers\iaStor.sys
[2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) MD5=A5F72BB0D024E7E463344105BE613AE4 -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_c62e28b241ae90ea\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2011/01/09 22:44:24 | 000,000,148 | ---- | M] () -- C:\Users\Curly\DiskScrP.txt
[2012/07/14 20:10:10 | 001,835,008 | -HS- | M] () -- C:\Users\Curly\NTUSER.DAT
[2012/07/14 20:10:10 | 000,262,144 | -HS- | M] () -- C:\Users\Curly\ntuser.dat.LOG1
[2011/01/09 22:18:58 | 000,000,000 | -HS- | M] () -- C:\Users\Curly\ntuser.dat.LOG2
[2011/01/09 23:17:32 | 000,065,536 | -HS- | M] () -- C:\Users\Curly\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011/01/09 23:17:32 | 000,524,288 | -HS- | M] () -- C:\Users\Curly\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011/01/09 23:17:32 | 000,524,288 | -HS- | M] () -- C:\Users\Curly\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012/05/15 16:37:51 | 000,065,536 | -HS- | M] () -- C:\Users\Curly\NTUSER.DAT{1a3ab4de-9e9b-11e1-971f-002454ce6eec}.TM.blf
[2012/05/15 16:37:51 | 000,524,288 | -HS- | M] () -- C:\Users\Curly\NTUSER.DAT{1a3ab4de-9e9b-11e1-971f-002454ce6eec}.TMContainer00000000000000000001.regtrans-ms
[2012/05/15 16:37:51 | 000,524,288 | -HS- | M] () -- C:\Users\Curly\NTUSER.DAT{1a3ab4de-9e9b-11e1-971f-002454ce6eec}.TMContainer00000000000000000002.regtrans-ms
[2011/01/09 22:18:58 | 000,000,020 | -HS- | M] () -- C:\Users\Curly\ntuser.ini
[2 C:\Users\Curly\*.tmp files -> C:\Users\Curly\*.tmp -> ]
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:FC70A22A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:2AE74FF9
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F8F070C2

< End of report >
         
--- --- ---

Alt 15.07.2012, 16:49   #5
markusg
/// Malware-holic
 
Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi) - Standard

Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi)



hi
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.07.2012, 20:13   #6
Curly89
 
Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi) - Standard

Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi)



eine kurze frage habe ich hierzu noch:
Wie kann ich microsoft security essentials deaktivieren?

hier der log von combofix
Am Anfang stand ich solle einen Sytemwiederherstellungspunkt erstellen.
Soll ich das noch machen?

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-14.01 - Curly 16.07.2012  10:14:52.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3957.2786 [GMT 2:00]
ausgeführt von:: c:\users\Curly\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPly.crx
c:\program files (x86)\DealPly\DealPlyIE.dll
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\uninst.exe
c:\programdata\FullRemove.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-16 bis 2012-07-16  ))))))))))))))))))))))))))))))
.
.
2012-07-16 08:25 . 2012-07-16 08:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-16 08:09 . 2012-05-31 04:04	9013136	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BE2E01AE-F098-4358-BFDD-6B633A61A4AB}\mpengine.dll
2012-07-15 04:34 . 2012-05-31 04:04	9013136	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-14 14:53 . 2012-07-14 14:53	--------	d-----w-	c:\users\Curly\AppData\Roaming\Malwarebytes
2012-07-14 14:53 . 2012-07-14 14:53	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-14 14:53 . 2012-07-14 14:53	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-14 14:53 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-14 11:50 . 2003-02-02 17:06	153088	----a-w-	c:\windows\SysWow64\UNRAR3.dll
2012-07-14 11:50 . 2002-03-05 22:00	75264	----a-w-	c:\windows\SysWow64\unacev2.dll
2012-07-12 15:00 . 2012-06-12 03:08	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-03 15:02 . 2012-02-10 17:50	927800	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6FA9DE79-CD3D-4C98-9D98-B8BBCDCD92DC}\gapaengine.dll
2012-06-30 13:57 . 2012-06-30 13:57	--------	d-----w-	c:\users\Curly\AppData\Roaming\Try2
2012-06-30 13:57 . 2012-06-30 13:57	--------	d-----w-	c:\programdata\Try2
2012-06-30 13:55 . 2012-06-30 13:55	--------	d-----w-	c:\program files (x86)\rondomedia
2012-06-21 07:31 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 07:31 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 07:31 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 07:31 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 07:30 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-21 07:30 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 07:30 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 07:30 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 07:30 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-20 12:28 . 2012-06-20 12:28	--------	d-----w-	c:\windows\de
2012-06-20 12:23 . 2012-06-20 12:23	89944	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\8cb7c75d1cd4edf01\DSETUP.dll
2012-06-20 12:23 . 2012-06-20 12:23	537432	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\8cb7c75d1cd4edf01\DXSETUP.exe
2012-06-20 12:23 . 2012-06-20 12:23	1801048	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\8cb7c75d1cd4edf01\dsetup32.dll
2012-06-20 12:23 . 2012-06-20 12:23	15712	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\8d07bd491cd4edf02\MeshBetaRemover.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-25 17:18 . 2012-05-25 17:18	0	----a-w-	c:\windows\SysWow64\shoF47B.tmp
2012-05-15 04:01 . 2012-06-13 14:46	1188864	----a-w-	c:\windows\system32\wininet.dll
2012-05-15 03:03 . 2012-06-13 14:46	981504	----a-w-	c:\windows\SysWow64\wininet.dll
2012-05-04 11:06 . 2012-06-13 14:46	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 14:46	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 14:46	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 14:46	209920	----a-w-	c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 14:45	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 14:46	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 14:46	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 14:46	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 14:45	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 14:45	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 14:45	1462272	----a-w-	c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 14:45	1158656	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 14:45	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 14:45	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-04-20 03:45 . 2012-06-13 14:46	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2012-04-20 03:16 . 2012-06-13 14:46	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-04-18 11:49 . 2012-05-29 16:17	405176	----a-w-	c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\Curly\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe [2009-03-05 311296]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-06-27 83488]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-522234228-4192544273-3428825822-1000Core.job
- c:\users\Curly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-09 22:00]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-522234228-4192544273-3428825822-1000UA.job
- c:\users\Curly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-09 22:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-09 16413288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?AF=100478&babsrc=HP_ss&mntrId=c641592b0000000000001ef46a1a847a
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube to MP3 Converter - c:\users\Curly\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-16  10:28:50
ComboFix-quarantined-files.txt  2012-07-16 08:28
.
Vor Suchlauf: 11 Verzeichnis(se), 184.266.301.440 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 185.726.205.952 Bytes frei
.
- - End Of File - - 4CFB3B000B246F0254C0B06B0D386E86
         
--- --- ---

Alt 17.07.2012, 22:13   #7
markusg
/// Malware-holic
 
Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi) - Standard

Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi)



ne, stand ja am anfang da, da hättest es machen sollen.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.07.2012, 16:17   #8
Curly89
 
Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi) - Standard

Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi)



17:14:17.0325 4744 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
17:14:17.0528 4744 ============================================================
17:14:17.0528 4744 Current date / time: 2012/07/18 17:14:17.0528
17:14:17.0528 4744 SystemInfo:
17:14:17.0528 4744
17:14:17.0528 4744 OS Version: 6.1.7601 ServicePack: 1.0
17:14:17.0528 4744 Product type: Workstation
17:14:17.0528 4744 ComputerName: CURLY-PC
17:14:17.0528 4744 UserName: Curly
17:14:17.0528 4744 Windows directory: C:\windows
17:14:17.0528 4744 System windows directory: C:\windows
17:14:17.0528 4744 Running under WOW64
17:14:17.0528 4744 Processor architecture: Intel x64
17:14:17.0528 4744 Number of processors: 4
17:14:17.0528 4744 Page size: 0x1000
17:14:17.0528 4744 Boot type: Normal boot
17:14:17.0528 4744 ============================================================
17:14:18.0963 4744 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:14:18.0979 4744 ============================================================
17:14:18.0979 4744 \Device\Harddisk0\DR0:
17:14:18.0979 4744 MBR partitions:
17:14:18.0979 4744 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
17:14:18.0979 4744 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0x1FA00000
17:14:18.0994 4744 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x22233000, BlocksNum 0x18152800
17:14:18.0994 4744 ============================================================
17:14:19.0088 4744 C: <-> \Device\Harddisk0\DR0\Partition1
17:14:19.0135 4744 D: <-> \Device\Harddisk0\DR0\Partition2
17:14:19.0135 4744 ============================================================
17:14:19.0135 4744 Initialize success
17:14:19.0135 4744 ============================================================
17:14:53.0312 2876 ============================================================
17:14:53.0312 2876 Scan started
17:14:53.0312 2876 Mode: Manual; SigCheck; TDLFS;
17:14:53.0312 2876 ============================================================
17:14:53.0686 2876 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
17:14:53.0826 2876 1394ohci - ok
17:14:53.0904 2876 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
17:14:53.0936 2876 ACPI - ok
17:14:53.0998 2876 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
17:14:54.0076 2876 AcpiPmi - ok
17:14:54.0201 2876 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
17:14:54.0248 2876 adp94xx - ok
17:14:54.0310 2876 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
17:14:54.0341 2876 adpahci - ok
17:14:54.0388 2876 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
17:14:54.0419 2876 adpu320 - ok
17:14:54.0450 2876 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
17:14:54.0544 2876 AeLookupSvc - ok
17:14:54.0638 2876 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
17:14:54.0716 2876 AFD - ok
17:14:54.0762 2876 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
17:14:54.0794 2876 agp440 - ok
17:14:55.0246 2876 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
17:14:55.0246 2876 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
17:14:55.0246 2876 Akamai ( HiddenFile.Multi.Generic ) - warning
17:14:55.0246 2876 Akamai - detected HiddenFile.Multi.Generic (1)
17:14:55.0402 2876 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
17:14:55.0449 2876 ALG - ok
17:14:55.0511 2876 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
17:14:55.0542 2876 aliide - ok
17:14:55.0542 2876 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
17:14:55.0574 2876 amdide - ok
17:14:55.0636 2876 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
17:14:55.0698 2876 AmdK8 - ok
17:14:55.0714 2876 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
17:14:55.0745 2876 AmdPPM - ok
17:14:55.0792 2876 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
17:14:55.0823 2876 amdsata - ok
17:14:55.0854 2876 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
17:14:55.0886 2876 amdsbs - ok
17:14:55.0901 2876 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
17:14:55.0917 2876 amdxata - ok
17:14:55.0964 2876 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
17:14:56.0026 2876 AppID - ok
17:14:56.0057 2876 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
17:14:56.0166 2876 AppIDSvc - ok
17:14:56.0229 2876 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
17:14:56.0307 2876 Appinfo - ok
17:14:56.0354 2876 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
17:14:56.0385 2876 arc - ok
17:14:56.0432 2876 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
17:14:56.0447 2876 arcsas - ok
17:14:56.0494 2876 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
17:14:56.0634 2876 AsyncMac - ok
17:14:56.0681 2876 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
17:14:56.0712 2876 atapi - ok
17:14:56.0884 2876 athr (2c0bb386e86670bb1b1a57caaef3e50d) C:\windows\system32\DRIVERS\athrx.sys
17:14:57.0056 2876 athr - ok
17:14:57.0274 2876 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
17:14:57.0414 2876 AudioEndpointBuilder - ok
17:14:57.0414 2876 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
17:14:57.0461 2876 AudioSrv - ok
17:14:57.0524 2876 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
17:14:57.0633 2876 AxInstSV - ok
17:14:57.0773 2876 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
17:14:57.0836 2876 b06bdrv - ok
17:14:57.0914 2876 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
17:14:57.0976 2876 b57nd60a - ok
17:14:58.0023 2876 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
17:14:58.0116 2876 BDESVC - ok
17:14:58.0179 2876 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
17:14:58.0288 2876 Beep - ok
17:14:58.0397 2876 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
17:14:58.0506 2876 BFE - ok
17:14:58.0600 2876 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
17:14:58.0709 2876 BITS - ok
17:14:58.0787 2876 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
17:14:58.0818 2876 blbdrive - ok
17:14:58.0865 2876 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
17:14:58.0928 2876 bowser - ok
17:14:58.0974 2876 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
17:14:59.0084 2876 BrFiltLo - ok
17:14:59.0130 2876 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
17:14:59.0162 2876 BrFiltUp - ok
17:14:59.0193 2876 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
17:14:59.0255 2876 Browser - ok
17:14:59.0302 2876 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
17:14:59.0364 2876 Brserid - ok
17:14:59.0411 2876 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
17:14:59.0474 2876 BrSerWdm - ok
17:14:59.0505 2876 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
17:14:59.0567 2876 BrUsbMdm - ok
17:14:59.0598 2876 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
17:14:59.0661 2876 BrUsbSer - ok
17:14:59.0739 2876 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
17:14:59.0801 2876 BthEnum - ok
17:14:59.0864 2876 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
17:14:59.0895 2876 BTHMODEM - ok
17:14:59.0957 2876 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
17:14:59.0988 2876 BthPan - ok
17:15:00.0098 2876 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
17:15:00.0207 2876 BTHPORT - ok
17:15:00.0269 2876 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
17:15:00.0363 2876 bthserv - ok
17:15:00.0425 2876 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
17:15:00.0456 2876 BTHUSB - ok
17:15:00.0503 2876 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
17:15:00.0581 2876 cdfs - ok
17:15:00.0628 2876 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
17:15:00.0644 2876 cdrom - ok
17:15:00.0706 2876 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
17:15:00.0800 2876 CertPropSvc - ok
17:15:00.0846 2876 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
17:15:00.0893 2876 circlass - ok
17:15:00.0956 2876 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
17:15:00.0971 2876 CLFS - ok
17:15:01.0049 2876 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:15:01.0065 2876 clr_optimization_v2.0.50727_32 - ok
17:15:01.0112 2876 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:15:01.0143 2876 clr_optimization_v2.0.50727_64 - ok
17:15:01.0236 2876 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:15:01.0252 2876 clr_optimization_v4.0.30319_32 - ok
17:15:01.0330 2876 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:15:01.0361 2876 clr_optimization_v4.0.30319_64 - ok
17:15:01.0392 2876 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
17:15:01.0439 2876 CmBatt - ok
17:15:01.0486 2876 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
17:15:01.0502 2876 cmdide - ok
17:15:01.0611 2876 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
17:15:01.0689 2876 CNG - ok
17:15:01.0751 2876 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
17:15:01.0767 2876 Compbatt - ok
17:15:01.0814 2876 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
17:15:01.0860 2876 CompositeBus - ok
17:15:01.0892 2876 COMSysApp - ok
17:15:01.0907 2876 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
17:15:01.0938 2876 crcdisk - ok
17:15:02.0001 2876 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
17:15:02.0063 2876 CryptSvc - ok
17:15:02.0266 2876 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:15:02.0313 2876 cvhsvc - ok
17:15:02.0422 2876 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
17:15:02.0516 2876 DcomLaunch - ok
17:15:02.0578 2876 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
17:15:02.0687 2876 defragsvc - ok
17:15:02.0765 2876 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
17:15:02.0843 2876 DfsC - ok
17:15:02.0921 2876 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
17:15:03.0030 2876 Dhcp - ok
17:15:03.0062 2876 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
17:15:03.0155 2876 discache - ok
17:15:03.0171 2876 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
17:15:03.0202 2876 Disk - ok
17:15:03.0249 2876 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
17:15:03.0311 2876 Dnscache - ok
17:15:03.0374 2876 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
17:15:03.0483 2876 dot3svc - ok
17:15:03.0545 2876 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
17:15:03.0639 2876 DPS - ok
17:15:03.0686 2876 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
17:15:03.0732 2876 drmkaud - ok
17:15:03.0842 2876 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
17:15:03.0888 2876 DXGKrnl - ok
17:15:03.0951 2876 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
17:15:04.0029 2876 EapHost - ok
17:15:04.0294 2876 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
17:15:04.0434 2876 ebdrv - ok
17:15:04.0590 2876 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
17:15:04.0637 2876 EFS - ok
17:15:04.0746 2876 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
17:15:04.0840 2876 ehRecvr - ok
17:15:04.0887 2876 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
17:15:04.0949 2876 ehSched - ok
17:15:05.0074 2876 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
17:15:05.0105 2876 elxstor - ok
17:15:05.0121 2876 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
17:15:05.0168 2876 ErrDev - ok
17:15:05.0261 2876 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
17:15:05.0370 2876 EventSystem - ok
17:15:05.0433 2876 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
17:15:05.0511 2876 exfat - ok
17:15:05.0558 2876 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
17:15:05.0651 2876 fastfat - ok
17:15:05.0745 2876 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
17:15:05.0854 2876 Fax - ok
17:15:05.0885 2876 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
17:15:05.0916 2876 fdc - ok
17:15:05.0948 2876 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
17:15:06.0057 2876 fdPHost - ok
17:15:06.0072 2876 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
17:15:06.0135 2876 FDResPub - ok
17:15:06.0197 2876 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
17:15:06.0228 2876 FileInfo - ok
17:15:06.0260 2876 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
17:15:06.0338 2876 Filetrace - ok
17:15:06.0384 2876 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
17:15:06.0416 2876 flpydisk - ok
17:15:06.0494 2876 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
17:15:06.0540 2876 FltMgr - ok
17:15:06.0681 2876 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
17:15:06.0759 2876 FontCache - ok
17:15:06.0837 2876 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:15:06.0852 2876 FontCache3.0.0.0 - ok
17:15:06.0899 2876 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
17:15:06.0915 2876 FsDepends - ok
17:15:06.0962 2876 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
17:15:06.0977 2876 Fs_Rec - ok
17:15:07.0055 2876 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
17:15:07.0086 2876 fvevol - ok
17:15:07.0133 2876 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
17:15:07.0164 2876 gagp30kx - ok
17:15:07.0258 2876 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
17:15:07.0352 2876 gpsvc - ok
17:15:07.0367 2876 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
17:15:07.0430 2876 hcw85cir - ok
17:15:07.0523 2876 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
17:15:07.0570 2876 HdAudAddService - ok
17:15:07.0617 2876 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
17:15:07.0664 2876 HDAudBus - ok
17:15:07.0695 2876 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
17:15:07.0710 2876 HidBatt - ok
17:15:07.0726 2876 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
17:15:07.0773 2876 HidBth - ok
17:15:07.0804 2876 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
17:15:07.0835 2876 HidIr - ok
17:15:07.0866 2876 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
17:15:07.0944 2876 hidserv - ok
17:15:07.0991 2876 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
17:15:08.0007 2876 HidUsb - ok
17:15:08.0069 2876 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
17:15:08.0163 2876 hkmsvc - ok
17:15:08.0225 2876 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
17:15:08.0272 2876 HomeGroupListener - ok
17:15:08.0334 2876 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
17:15:08.0366 2876 HomeGroupProvider - ok
17:15:08.0428 2876 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
17:15:08.0444 2876 HpSAMD - ok
17:15:08.0568 2876 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
17:15:08.0646 2876 HTTP - ok
17:15:08.0678 2876 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
17:15:08.0693 2876 hwpolicy - ok
17:15:08.0756 2876 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
17:15:08.0787 2876 i8042prt - ok
17:15:08.0849 2876 iaStor (a5f72bb0d024e7e463344105be613ae4) C:\windows\system32\DRIVERS\iaStor.sys
17:15:09.0146 2876 iaStor - ok
17:15:09.0239 2876 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
17:15:09.0270 2876 iaStorV - ok
17:15:09.0411 2876 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:15:09.0458 2876 idsvc - ok
17:15:09.0926 2876 igfx (a87261ef1546325b559374f5689cf5bc) C:\windows\system32\DRIVERS\igdkmd64.sys
17:15:10.0144 2876 igfx - ok
17:15:10.0300 2876 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
17:15:10.0331 2876 iirsp - ok
17:15:10.0440 2876 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
17:15:10.0534 2876 IKEEXT - ok
17:15:10.0596 2876 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
17:15:10.0643 2876 Impcd - ok
17:15:10.0908 2876 IntcAzAudAddService (801946ce25dd2179fe68599826b0bb88) C:\windows\system32\drivers\RTKVHD64.sys
17:15:11.0018 2876 IntcAzAudAddService - ok
17:15:11.0189 2876 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
17:15:11.0220 2876 intelide - ok
17:15:11.0267 2876 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
17:15:11.0314 2876 intelppm - ok
17:15:11.0361 2876 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
17:15:11.0454 2876 IPBusEnum - ok
17:15:11.0517 2876 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
17:15:11.0610 2876 IpFilterDriver - ok
17:15:11.0704 2876 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
17:15:11.0813 2876 iphlpsvc - ok
17:15:11.0860 2876 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
17:15:11.0891 2876 IPMIDRV - ok
17:15:11.0938 2876 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
17:15:12.0032 2876 IPNAT - ok
17:15:12.0063 2876 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
17:15:12.0156 2876 IRENUM - ok
17:15:12.0219 2876 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
17:15:12.0234 2876 isapnp - ok
17:15:12.0297 2876 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
17:15:12.0328 2876 iScsiPrt - ok
17:15:12.0390 2876 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
17:15:12.0406 2876 kbdclass - ok
17:15:12.0468 2876 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
17:15:12.0500 2876 kbdhid - ok
17:15:12.0562 2876 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
17:15:12.0578 2876 KeyIso - ok
17:15:12.0640 2876 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
17:15:12.0656 2876 KSecDD - ok
17:15:12.0687 2876 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
17:15:12.0718 2876 KSecPkg - ok
17:15:12.0780 2876 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
17:15:12.0874 2876 ksthunk - ok
17:15:12.0936 2876 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
17:15:13.0030 2876 KtmRm - ok
17:15:13.0108 2876 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
17:15:13.0170 2876 LanmanServer - ok
17:15:13.0233 2876 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
17:15:13.0295 2876 LanmanWorkstation - ok
17:15:13.0342 2876 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
17:15:13.0436 2876 lltdio - ok
17:15:13.0482 2876 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
17:15:13.0560 2876 lltdsvc - ok
17:15:13.0607 2876 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
17:15:13.0701 2876 lmhosts - ok
17:15:13.0748 2876 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
17:15:13.0763 2876 LSI_FC - ok
17:15:13.0794 2876 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
17:15:13.0826 2876 LSI_SAS - ok
17:15:13.0857 2876 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
17:15:13.0872 2876 LSI_SAS2 - ok
17:15:13.0888 2876 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
17:15:13.0904 2876 LSI_SCSI - ok
17:15:13.0950 2876 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
17:15:14.0028 2876 luafv - ok
17:15:14.0091 2876 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
17:15:14.0122 2876 Mcx2Svc - ok
17:15:14.0138 2876 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
17:15:14.0169 2876 megasas - ok
17:15:14.0200 2876 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
17:15:14.0231 2876 MegaSR - ok
17:15:14.0278 2876 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
17:15:14.0372 2876 MMCSS - ok
17:15:14.0372 2876 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
17:15:14.0434 2876 Modem - ok
17:15:14.0465 2876 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
17:15:14.0512 2876 monitor - ok
17:15:14.0559 2876 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
17:15:14.0590 2876 mouclass - ok
17:15:14.0621 2876 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
17:15:14.0652 2876 mouhid - ok
17:15:14.0715 2876 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
17:15:14.0746 2876 mountmgr - ok
17:15:14.0808 2876 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys
17:15:14.0840 2876 MpFilter - ok
17:15:14.0871 2876 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
17:15:14.0902 2876 mpio - ok
17:15:14.0933 2876 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
17:15:14.0980 2876 mpsdrv - ok
17:15:15.0089 2876 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
17:15:15.0214 2876 MpsSvc - ok
17:15:15.0261 2876 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
17:15:15.0308 2876 MRxDAV - ok
17:15:15.0339 2876 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
17:15:15.0386 2876 mrxsmb - ok
17:15:15.0432 2876 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
17:15:15.0464 2876 mrxsmb10 - ok
17:15:15.0495 2876 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
17:15:15.0510 2876 mrxsmb20 - ok
17:15:15.0557 2876 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
17:15:15.0573 2876 msahci - ok
17:15:15.0620 2876 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
17:15:15.0651 2876 msdsm - ok
17:15:15.0698 2876 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
17:15:15.0744 2876 MSDTC - ok
17:15:15.0838 2876 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
17:15:15.0916 2876 Msfs - ok
17:15:15.0963 2876 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
17:15:16.0025 2876 mshidkmdf - ok
17:15:16.0056 2876 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
17:15:16.0056 2876 msisadrv - ok
17:15:16.0103 2876 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
17:15:16.0181 2876 MSiSCSI - ok
17:15:16.0181 2876 msiserver - ok
17:15:16.0228 2876 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
17:15:16.0290 2876 MSKSSRV - ok
17:15:16.0400 2876 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
17:15:16.0431 2876 MsMpSvc - ok
17:15:16.0478 2876 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
17:15:16.0556 2876 MSPCLOCK - ok
17:15:16.0556 2876 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
17:15:16.0602 2876 MSPQM - ok
17:15:16.0649 2876 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
17:15:16.0680 2876 MsRPC - ok
17:15:16.0712 2876 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
17:15:16.0727 2876 mssmbios - ok
17:15:16.0758 2876 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
17:15:16.0821 2876 MSTEE - ok
17:15:16.0836 2876 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
17:15:16.0852 2876 MTConfig - ok
17:15:16.0868 2876 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
17:15:16.0883 2876 Mup - ok
17:15:16.0946 2876 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
17:15:17.0024 2876 napagent - ok
17:15:17.0102 2876 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
17:15:17.0148 2876 NativeWifiP - ok
17:15:17.0258 2876 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
17:15:17.0320 2876 NDIS - ok
17:15:17.0367 2876 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
17:15:17.0460 2876 NdisCap - ok
17:15:17.0492 2876 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
17:15:17.0554 2876 NdisTapi - ok
17:15:17.0585 2876 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
17:15:17.0632 2876 Ndisuio - ok
17:15:17.0679 2876 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
17:15:17.0772 2876 NdisWan - ok
17:15:17.0819 2876 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
17:15:17.0928 2876 NDProxy - ok
17:15:17.0975 2876 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
17:15:18.0022 2876 NetBIOS - ok
17:15:18.0084 2876 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
17:15:18.0178 2876 NetBT - ok
17:15:18.0240 2876 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
17:15:18.0256 2876 Netlogon - ok
17:15:18.0334 2876 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
17:15:18.0428 2876 Netman - ok
17:15:18.0474 2876 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
17:15:18.0599 2876 netprofm - ok
17:15:18.0693 2876 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:15:18.0708 2876 NetTcpPortSharing - ok
17:15:18.0755 2876 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
17:15:18.0786 2876 nfrd960 - ok
17:15:18.0833 2876 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys
17:15:18.0849 2876 NisDrv - ok
17:15:18.0989 2876 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
17:15:19.0036 2876 NisSrv - ok
17:15:19.0114 2876 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
17:15:19.0192 2876 NlaSvc - ok
17:15:19.0223 2876 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
17:15:19.0254 2876 Npfs - ok
17:15:19.0286 2876 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
17:15:19.0364 2876 nsi - ok
17:15:19.0395 2876 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
17:15:19.0473 2876 nsiproxy - ok
17:15:19.0644 2876 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
17:15:19.0769 2876 Ntfs - ok
17:15:19.0910 2876 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
17:15:20.0003 2876 Null - ok
17:15:20.0050 2876 NVHDA (cb599955ce2ce9694721562f9481cd84) C:\windows\system32\drivers\nvhda64v.sys
17:15:20.0081 2876 NVHDA - ok
17:15:20.0877 2876 nvlddmkm (a518a34f345abf771e66ac48932ffea8) C:\windows\system32\DRIVERS\nvlddmkm.sys
17:15:21.0267 2876 nvlddmkm - ok
17:15:21.0438 2876 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
17:15:21.0470 2876 nvraid - ok
17:15:21.0532 2876 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
17:15:21.0548 2876 nvstor - ok
17:15:21.0626 2876 nvsvc (5fdeb48cd1a35c6754f6e345308b99d5) C:\windows\system32\nvvsvc.exe
17:15:21.0657 2876 nvsvc - ok
17:15:21.0704 2876 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
17:15:21.0735 2876 nv_agp - ok
17:15:21.0766 2876 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
17:15:21.0813 2876 ohci1394 - ok
17:15:21.0938 2876 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:15:21.0969 2876 ose - ok
17:15:22.0452 2876 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:15:22.0640 2876 osppsvc - ok
17:15:22.0796 2876 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
17:15:22.0874 2876 p2pimsvc - ok
17:15:22.0920 2876 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
17:15:22.0952 2876 p2psvc - ok
17:15:23.0045 2876 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
17:15:23.0092 2876 Parport - ok
17:15:23.0139 2876 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
17:15:23.0154 2876 partmgr - ok
17:15:23.0201 2876 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
17:15:23.0248 2876 PcaSvc - ok
17:15:23.0279 2876 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
17:15:23.0310 2876 pci - ok
17:15:23.0342 2876 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
17:15:23.0357 2876 pciide - ok
17:15:23.0420 2876 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
17:15:23.0451 2876 pcmcia - ok
17:15:23.0466 2876 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
17:15:23.0498 2876 pcw - ok
17:15:23.0544 2876 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
17:15:23.0638 2876 PEAUTH - ok
17:15:23.0747 2876 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
17:15:23.0794 2876 PerfHost - ok
17:15:24.0028 2876 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
17:15:24.0184 2876 pla - ok
17:15:24.0262 2876 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
17:15:24.0324 2876 PlugPlay - ok
17:15:24.0340 2876 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
17:15:24.0387 2876 PNRPAutoReg - ok
17:15:24.0434 2876 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
17:15:24.0465 2876 PNRPsvc - ok
17:15:24.0543 2876 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
17:15:24.0605 2876 PolicyAgent - ok
17:15:24.0652 2876 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
17:15:24.0730 2876 Power - ok
17:15:24.0824 2876 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
17:15:24.0902 2876 PptpMiniport - ok
17:15:24.0933 2876 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
17:15:24.0964 2876 Processor - ok
17:15:25.0042 2876 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
17:15:25.0104 2876 ProfSvc - ok
17:15:25.0151 2876 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
17:15:25.0167 2876 ProtectedStorage - ok
17:15:25.0214 2876 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
17:15:25.0292 2876 Psched - ok
17:15:25.0463 2876 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
17:15:25.0557 2876 ql2300 - ok
17:15:25.0697 2876 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
17:15:25.0728 2876 ql40xx - ok
17:15:25.0775 2876 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
17:15:25.0822 2876 QWAVE - ok
17:15:25.0838 2876 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
17:15:25.0900 2876 QWAVEdrv - ok
17:15:25.0916 2876 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
17:15:25.0978 2876 RasAcd - ok
17:15:26.0040 2876 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
17:15:26.0103 2876 RasAgileVpn - ok
17:15:26.0150 2876 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
17:15:26.0243 2876 RasAuto - ok
17:15:26.0290 2876 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
17:15:26.0384 2876 Rasl2tp - ok
17:15:26.0462 2876 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
17:15:26.0555 2876 RasMan - ok
17:15:26.0602 2876 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
17:15:26.0680 2876 RasPppoe - ok
17:15:26.0711 2876 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
17:15:26.0774 2876 RasSstp - ok
17:15:26.0836 2876 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
17:15:26.0930 2876 rdbss - ok
17:15:26.0961 2876 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
17:15:27.0008 2876 rdpbus - ok
17:15:27.0039 2876 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
17:15:27.0101 2876 RDPCDD - ok
17:15:27.0132 2876 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
17:15:27.0164 2876 RDPENCDD - ok
17:15:27.0179 2876 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
17:15:27.0242 2876 RDPREFMP - ok
17:15:27.0304 2876 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
17:15:27.0366 2876 RDPWD - ok
17:15:27.0429 2876 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
17:15:27.0460 2876 rdyboost - ok
17:15:27.0507 2876 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
17:15:27.0585 2876 RemoteAccess - ok
17:15:27.0663 2876 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
17:15:27.0725 2876 RemoteRegistry - ok
17:15:27.0881 2876 Rezip (f85ae59a52885f4b09aadafb23001a3b) C:\windows\SysWOW64\Rezip.exe
17:15:27.0912 2876 Rezip ( UnsignedFile.Multi.Generic ) - warning
17:15:27.0912 2876 Rezip - detected UnsignedFile.Multi.Generic (1)
17:15:28.0006 2876 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
17:15:28.0037 2876 RFCOMM - ok
17:15:28.0146 2876 RichVideo (7ccaebcab6fc1ed0206c07e083e79207) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
17:15:28.0178 2876 RichVideo - ok
17:15:28.0224 2876 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
17:15:28.0318 2876 RpcEptMapper - ok
17:15:28.0349 2876 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
17:15:28.0396 2876 RpcLocator - ok
17:15:28.0490 2876 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
17:15:28.0552 2876 RpcSs - ok
17:15:28.0614 2876 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
17:15:28.0677 2876 rspndr - ok
17:15:28.0739 2876 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\windows\system32\DRIVERS\Rt64win7.sys
17:15:28.0786 2876 RTL8167 - ok
17:15:28.0911 2876 rtport (4ca0dba9e224473d664c25e411f5a3bd) C:\windows\SysWOW64\drivers\rtport.sys
17:15:28.0926 2876 rtport - ok
17:15:28.0989 2876 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys
17:15:29.0051 2876 SABI - ok
17:15:29.0082 2876 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
17:15:29.0098 2876 SamSs - ok
17:15:29.0145 2876 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
17:15:29.0176 2876 sbp2port - ok
17:15:29.0223 2876 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
17:15:29.0316 2876 SCardSvr - ok
17:15:29.0348 2876 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
17:15:29.0394 2876 scfilter - ok
17:15:29.0519 2876 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
17:15:29.0613 2876 Schedule - ok
17:15:29.0660 2876 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
17:15:29.0706 2876 SCPolicySvc - ok
17:15:29.0753 2876 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
17:15:29.0816 2876 SDRSVC - ok
17:15:29.0894 2876 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
17:15:29.0956 2876 secdrv - ok
17:15:29.0987 2876 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
17:15:30.0034 2876 seclogon - ok
17:15:30.0081 2876 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
17:15:30.0174 2876 SENS - ok
17:15:30.0206 2876 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
17:15:30.0237 2876 SensrSvc - ok
17:15:30.0299 2876 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
17:15:30.0330 2876 Serenum - ok
17:15:30.0377 2876 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
17:15:30.0408 2876 Serial - ok
17:15:30.0455 2876 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
17:15:30.0502 2876 sermouse - ok
17:15:30.0549 2876 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
17:15:30.0642 2876 SessionEnv - ok
17:15:30.0674 2876 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
17:15:30.0736 2876 sffdisk - ok
17:15:30.0736 2876 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
17:15:30.0767 2876 sffp_mmc - ok
17:15:30.0767 2876 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
17:15:30.0814 2876 sffp_sd - ok
17:15:30.0861 2876 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
17:15:30.0876 2876 sfloppy - ok
17:15:31.0017 2876 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
17:15:31.0064 2876 Sftfs - ok
17:15:31.0235 2876 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:15:31.0266 2876 sftlist - ok
17:15:31.0329 2876 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
17:15:31.0360 2876 Sftplay - ok
17:15:31.0391 2876 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
17:15:31.0407 2876 Sftredir - ok
17:15:31.0422 2876 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
17:15:31.0438 2876 Sftvol - ok
17:15:31.0500 2876 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:15:31.0532 2876 sftvsa - ok
17:15:31.0625 2876 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
17:15:31.0719 2876 SharedAccess - ok
17:15:31.0781 2876 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
17:15:31.0859 2876 ShellHWDetection - ok
17:15:31.0922 2876 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
17:15:31.0937 2876 SiSRaid2 - ok
17:15:31.0968 2876 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
17:15:32.0000 2876 SiSRaid4 - ok
17:15:32.0031 2876 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
17:15:32.0093 2876 Smb - ok
17:15:32.0156 2876 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
17:15:32.0202 2876 SNMPTRAP - ok
17:15:32.0218 2876 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
17:15:32.0234 2876 spldr - ok
17:15:32.0327 2876 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
17:15:32.0405 2876 Spooler - ok
17:15:32.0733 2876 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
17:15:32.0842 2876 sppsvc - ok
17:15:32.0982 2876 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
17:15:33.0076 2876 sppuinotify - ok
17:15:33.0170 2876 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
17:15:33.0216 2876 srv - ok
17:15:33.0279 2876 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
17:15:33.0310 2876 srv2 - ok
17:15:33.0341 2876 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
17:15:33.0357 2876 srvnet - ok
17:15:33.0419 2876 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
17:15:33.0513 2876 SSDPSRV - ok
17:15:33.0544 2876 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
17:15:33.0638 2876 SstpSvc - ok
17:15:33.0669 2876 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
17:15:33.0684 2876 stexstor - ok
17:15:33.0778 2876 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
17:15:33.0825 2876 stisvc - ok
17:15:33.0856 2876 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
17:15:33.0872 2876 swenum - ok
17:15:33.0934 2876 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
17:15:34.0043 2876 swprv - ok
17:15:34.0121 2876 SynTP (3c80203c725c28cea5713d1ab242880a) C:\windows\system32\DRIVERS\SynTP.sys
17:15:34.0152 2876 SynTP - ok
17:15:34.0340 2876 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
17:15:34.0480 2876 SysMain - ok
17:15:34.0620 2876 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
17:15:34.0683 2876 TabletInputService - ok
17:15:34.0730 2876 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
17:15:34.0823 2876 TapiSrv - ok
17:15:34.0870 2876 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
17:15:34.0995 2876 TBS - ok
17:15:35.0213 2876 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
17:15:35.0338 2876 Tcpip - ok
17:15:35.0666 2876 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
17:15:35.0744 2876 TCPIP6 - ok
17:15:35.0900 2876 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
17:15:35.0962 2876 tcpipreg - ok
17:15:35.0993 2876 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
17:15:36.0040 2876 TDPIPE - ok
17:15:36.0071 2876 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
17:15:36.0102 2876 TDTCP - ok
17:15:36.0149 2876 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
17:15:36.0258 2876 tdx - ok
17:15:36.0305 2876 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
17:15:36.0321 2876 TermDD - ok
17:15:36.0461 2876 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
17:15:36.0602 2876 TermService - ok
17:15:36.0633 2876 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
17:15:36.0695 2876 Themes - ok
17:15:36.0726 2876 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
17:15:36.0789 2876 THREADORDER - ok
17:15:36.0820 2876 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
17:15:36.0929 2876 TrkWks - ok
17:15:37.0007 2876 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
17:15:37.0101 2876 TrustedInstaller - ok
17:15:37.0148 2876 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
17:15:37.0226 2876 tssecsrv - ok
17:15:37.0288 2876 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
17:15:37.0335 2876 TsUsbFlt - ok
17:15:37.0413 2876 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
17:15:37.0506 2876 tunnel - ok
17:15:37.0538 2876 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
17:15:37.0569 2876 uagp35 - ok
17:15:37.0616 2876 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
17:15:37.0709 2876 udfs - ok
17:15:37.0740 2876 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
17:15:37.0772 2876 UI0Detect - ok
17:15:37.0834 2876 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
17:15:37.0865 2876 uliagpkx - ok
17:15:37.0928 2876 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
17:15:37.0974 2876 umbus - ok
17:15:38.0006 2876 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
17:15:38.0021 2876 UmPass - ok
17:15:38.0084 2876 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
17:15:38.0162 2876 upnphost - ok
17:15:38.0208 2876 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
17:15:38.0286 2876 usbccgp - ok
17:15:38.0349 2876 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
17:15:38.0380 2876 usbcir - ok
17:15:38.0411 2876 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
17:15:38.0427 2876 usbehci - ok
17:15:38.0474 2876 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
17:15:38.0520 2876 usbhub - ok
17:15:38.0552 2876 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
17:15:38.0598 2876 usbohci - ok
17:15:38.0630 2876 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
17:15:38.0661 2876 usbprint - ok
17:15:38.0708 2876 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
17:15:38.0770 2876 USBSTOR - ok
17:15:38.0801 2876 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
17:15:38.0848 2876 usbuhci - ok
17:15:38.0910 2876 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
17:15:38.0957 2876 usbvideo - ok
17:15:38.0988 2876 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
17:15:39.0082 2876 UxSms - ok
17:15:39.0129 2876 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
17:15:39.0160 2876 VaultSvc - ok
17:15:39.0222 2876 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
17:15:39.0254 2876 vdrvroot - ok
17:15:39.0332 2876 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
17:15:39.0441 2876 vds - ok
17:15:39.0472 2876 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
17:15:39.0519 2876 vga - ok
17:15:39.0550 2876 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
17:15:39.0628 2876 VgaSave - ok
17:15:39.0690 2876 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
17:15:39.0722 2876 vhdmp - ok
17:15:39.0737 2876 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
17:15:39.0768 2876 viaide - ok
17:15:39.0815 2876 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
17:15:39.0831 2876 volmgr - ok
17:15:39.0909 2876 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
17:15:39.0940 2876 volmgrx - ok
17:15:39.0987 2876 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
17:15:40.0002 2876 volsnap - ok
17:15:40.0065 2876 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
17:15:40.0096 2876 vsmraid - ok
17:15:40.0252 2876 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
17:15:40.0408 2876 VSS - ok
17:15:40.0564 2876 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
17:15:40.0611 2876 vwifibus - ok
17:15:40.0658 2876 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
17:15:40.0720 2876 vwififlt - ok
17:15:40.0751 2876 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
17:15:40.0767 2876 vwifimp - ok
17:15:40.0860 2876 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
17:15:40.0954 2876 W32Time - ok
17:15:40.0985 2876 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
17:15:41.0016 2876 WacomPen - ok
17:15:41.0063 2876 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
17:15:41.0126 2876 WANARP - ok
17:15:41.0126 2876 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
17:15:41.0172 2876 Wanarpv6 - ok
17:15:41.0344 2876 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
17:15:41.0438 2876 wbengine - ok
17:15:41.0578 2876 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
17:15:41.0625 2876 WbioSrvc - ok
17:15:41.0687 2876 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
17:15:41.0765 2876 wcncsvc - ok
17:15:41.0796 2876 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
17:15:41.0859 2876 WcsPlugInService - ok
17:15:41.0906 2876 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
17:15:41.0921 2876 Wd - ok
17:15:41.0999 2876 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
17:15:42.0046 2876 Wdf01000 - ok
17:15:42.0077 2876 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
17:15:42.0186 2876 WdiServiceHost - ok
17:15:42.0202 2876 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
17:15:42.0233 2876 WdiSystemHost - ok
17:15:42.0280 2876 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
17:15:42.0327 2876 WebClient - ok
17:15:42.0374 2876 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
17:15:42.0436 2876 Wecsvc - ok
17:15:42.0467 2876 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
17:15:42.0545 2876 wercplsupport - ok
17:15:42.0608 2876 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
17:15:42.0686 2876 WerSvc - ok
17:15:42.0764 2876 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
17:15:42.0826 2876 WfpLwf - ok
17:15:42.0873 2876 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
17:15:42.0873 2876 WIMMount - ok
17:15:42.0904 2876 WinDefend - ok
17:15:42.0904 2876 WinHttpAutoProxySvc - ok
17:15:42.0974 2876 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
17:15:43.0074 2876 Winmgmt - ok
17:15:43.0254 2876 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
17:15:43.0394 2876 WinRM - ok
17:15:43.0574 2876 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
17:15:43.0604 2876 WinUsb - ok
17:15:43.0704 2876 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
17:15:43.0784 2876 Wlansvc - ok
17:15:43.0884 2876 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:15:43.0904 2876 wlcrasvc - ok
17:15:44.0184 2876 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:15:44.0314 2876 wlidsvc - ok
17:15:44.0444 2876 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
17:15:44.0474 2876 WmiAcpi - ok
17:15:44.0534 2876 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
17:15:44.0584 2876 wmiApSrv - ok
17:15:44.0644 2876 WMPNetworkSvc - ok
17:15:44.0664 2876 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
17:15:44.0704 2876 WPCSvc - ok
17:15:44.0744 2876 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
17:15:44.0784 2876 WPDBusEnum - ok
17:15:44.0804 2876 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
17:15:44.0904 2876 ws2ifsl - ok
17:15:44.0940 2876 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
17:15:44.0991 2876 wscsvc - ok
17:15:45.0001 2876 WSearch - ok
17:15:45.0221 2876 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
17:15:45.0361 2876 wuauserv - ok
17:15:45.0531 2876 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
17:15:45.0611 2876 WudfPf - ok
17:15:45.0661 2876 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
17:15:45.0731 2876 WUDFRd - ok
17:15:45.0781 2876 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
17:15:45.0851 2876 wudfsvc - ok
17:15:45.0901 2876 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
17:15:45.0971 2876 WwanSvc - ok
17:15:46.0041 2876 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\windows\system32\DRIVERS\yk62x64.sys
17:15:46.0121 2876 yukonw7 - ok
17:15:46.0211 2876 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
17:15:46.0761 2876 \Device\Harddisk0\DR0 - ok
17:15:46.0791 2876 Boot (0x1200) (377d7e08fdf136635779511095f2ca43) \Device\Harddisk0\DR0\Partition0
17:15:46.0791 2876 \Device\Harddisk0\DR0\Partition0 - ok
17:15:46.0801 2876 Boot (0x1200) (1608caa69b621a25e90b904fce25436d) \Device\Harddisk0\DR0\Partition1
17:15:46.0811 2876 \Device\Harddisk0\DR0\Partition1 - ok
17:15:46.0831 2876 Boot (0x1200) (bc6562f0acc264748576274eb5934ab7) \Device\Harddisk0\DR0\Partition2
17:15:46.0831 2876 \Device\Harddisk0\DR0\Partition2 - ok
17:15:46.0841 2876 ============================================================
17:15:46.0841 2876 Scan finished
17:15:46.0841 2876 ============================================================
17:15:46.0851 4148 Detected object count: 2
17:15:46.0851 4148 Actual detected object count: 2
17:16:15.0382 4148 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
17:16:15.0382 4148 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
17:16:15.0392 4148 Rezip ( UnsignedFile.Multi.Generic ) - skipped by user
17:16:15.0392 4148 Rezip ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 19.07.2012, 17:24   #9
markusg
/// Malware-holic
 
Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi) - Standard

Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi)



führe mal bitte eset online scan aus, poste das log.
http://www.trojaner-board.de/80603-e...ner-nod32.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.07.2012, 13:29   #10
Curly89
 
Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi) - Standard

Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi)



Leider habe ich der Beschreibung nach den Log nicht gefunden.

Vielleicht kannst du hiermit was anfangen. Das habe ich bei dem Scanner rauskopiert. Oder soll ich das noch mal machen?


C:\Microgaming\Casino\Colosseum\install.exe Variante von Win32/PrimeCasino Anwendung Gesäubert durch Löschen - in Quarantäne kopiert
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll Variante von Win32/Toolbar.Babylon Anwendung Gesäubert durch Löschen - in Quarantäne kopiert
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon Anwendung Gesäubert durch Löschen - in Quarantäne kopiert
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe möglicherweise Variante von Win32/Toolbar.Babylon Anwendung Gesäubert durch Löschen - in Quarantäne kopiert
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon Anwendung Gesäubert durch Löschen - in Quarantäne kopiert
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon Anwendung Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\Curly\AppData\Local\Temp\246F1A97-BAB0-7891-8585-92C945994A01\MyBabylonTB.exe Win32/Toolbar.Babylon Anwendung Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\Curly\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon Anwendung Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\Curly\Downloads\colosseum.exe Variante von Win32/PrimeCasino Anwendung Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\Curly\Downloads\DivxUpdate (1).exe Win32/Adware.ToolPlugin Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Curly\Downloads\DivxUpdate (2).exe Win32/Adware.ToolPlugin Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Curly\Downloads\DivxUpdate (3).exe Win32/Adware.ToolPlugin Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Curly\Downloads\DivxUpdate (4).exe Win32/Adware.ToolPlugin Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Curly\Downloads\DivxUpdate.exe Win32/Adware.ToolPlugin Anwendung gelöscht - in Quarantäne kopiert
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\upgrade[1].cab Variante von Win32/Adware.OneStep.AT Anwendung gelöscht - in Quarantäne kopiert
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\upgrade[1].cab Variante von Win32/Adware.OneStep.AT Anwendung gelöscht - in Quarantäne kopiert

Alt 25.07.2012, 20:43   #11
markusg
/// Malware-holic
 
Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi) - Standard

Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi)



hi
noch probleme aufgetreten?
lade den CCleaner standard:
CCleaner Download - CCleaner 3.20.1750
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi)
.dll, administrator, adware.bundler, adware.shoppingreport2, anti, anti-malware, appdata, autostart, browsermodifier, dateien, empfangen, explorer, fehler, firefox, forum, free, gelöscht, heuristiks/extra, heuristiks/shuriken, install.exe, kunde, malwarebytes, microsoft, mozilla, phishing-mail, roaming, scan, searchscopes, software, spyware, temp, trojan.phex.thagen, trojaner, win32, zip-datei, zufällig




Ähnliche Themen: Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi)


  1. Trojaner durch Fake- Deutsche Post Mail eingefangen
    Log-Analyse und Auswertung - 10.01.2015 (14)
  2. Windows 7: Zip-Datei aus Phishing-Mail runtergeladen und geöffnet,Trojaner: Trojan:Win32/Neop
    Plagegeister aller Art und deren Bekämpfung - 03.09.2013 (29)
  3. E-Mail Deutsche Post - ein Fehler in der Lieferanschrift
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (4)
  4. Deutsche Post Trojaner - Fehler in der Lieferanschrift
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (10)
  5. Misteriöse e-mail von: Deutsche Post !
    Diskussionsforum - 12.02.2013 (11)
  6. Deutsche Post Mail
    Plagegeister aller Art und deren Bekämpfung - 05.02.2013 (17)
  7. Deutsche Post E-Mail
    Plagegeister aller Art und deren Bekämpfung - 05.02.2013 (5)
  8. Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)
    Log-Analyse und Auswertung - 22.01.2013 (19)
  9. Deutsche Post Trojaner
    Log-Analyse und Auswertung - 05.01.2013 (18)
  10. Vermutlich Deutsche Post Trojaner
    Plagegeister aller Art und deren Bekämpfung - 02.01.2013 (19)
  11. Deutsche Post-mail mit Rogue.PCDefenderPlus
    Plagegeister aller Art und deren Bekämpfung - 25.12.2012 (20)
  12. Deutsche Post Fake email/ trojaner
    Log-Analyse und Auswertung - 29.11.2012 (15)
  13. Trojaner durch Deutsche Post E-Mail
    Log-Analyse und Auswertung - 14.11.2012 (3)
  14. Trojaner aus Deutsche Post Fake Mail
    Plagegeister aller Art und deren Bekämpfung - 12.11.2012 (22)
  15. Deutsche Post Mail-Attacke - Live Platinum Trojaner + Kazy Trojaner
    Log-Analyse und Auswertung - 02.10.2012 (5)
  16. E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift.
    Plagegeister aller Art und deren Bekämpfung - 03.08.2012 (33)
  17. Trojaner nach falscher Deutsche-Post e-mail.
    Log-Analyse und Auswertung - 13.06.2012 (1)

Zum Thema Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi) - Hallo Zusammen, leider gehör ich zu den Dummen, die auf die blöde Phishing-Mail der "deutschen Post" reingefallen ist. "Lieber Kunde, Es ist unserem Boten leider misslungen einen Postsendung an Ihre - Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi)...
Archiv
Du betrachtest: Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.