Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Computer wurde gesperrt zahlen sie 100€ bei Ukash

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.10.2012, 10:19   #1
anitaerdbeer
 
Computer wurde gesperrt zahlen sie 100€ bei Ukash - Standard

Computer wurde gesperrt zahlen sie 100€ bei Ukash



Hallo, habe mir den Virus eingefangen wo ich an einer Tankstelle 100€ bezahlen soll um dann die Codes eingeben zu können.
Habe dies natürlich nicht gemacht.
Habe die OTL.exe runtergeladen und den Scan durchgeführt.
Hier sind die OTL Logfiles:

Code:
ATTFilter
OTL logfile created on: 2012-10-19 10:32:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Media Expert\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
3,48 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,64% Memory free
6,95 Gb Paging File | 5,19 Gb Available in Paging File | 74,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683,89 Gb Total Space | 636,63 Gb Free Space | 93,09% Space Free | Partition Type: NTFS
Drive E: | 14,93 Gb Total Space | 8,08 Gb Free Space | 54,11% Space Free | Partition Type: FAT32
 
Computer Name: MEDIAEXPERT | User Name: Media Expert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Media Expert\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\lsass.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\ipla\ipla.exe (Redefine Sp z o.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe ()
PRC - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
PRC - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe ()
PRC - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe ()
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
MOD - C:\Program Files (x86)\ipla\MediaFileScanner.dll ()
MOD - C:\Program Files (x86)\ipla\jabberoo.dll ()
MOD - C:\Program Files (x86)\ipla\lua.dll ()
MOD - C:\Program Files (x86)\ipla\ziplib.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\DataService.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll ()
MOD - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
MOD - C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe ()
MOD - C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (AVG Security Toolbar Service) -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (PCDSRVC{1E208CE0-FB7451FF-06020200}_0) -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000&st=18&barid={764B5734-49B4-11E1-A455-1803737F6D3C}
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={764B5734-49B4-11E1-A455-1803737F6D3C}
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111126102622150&tb_oid=26-11-2011&tb_mrud=26-11-2011
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1265808342-323366298-159849674-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1265808342-323366298-159849674-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1265808342-323366298-159849674-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1265808342-323366298-159849674-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.wp.pl/ [binary data]
IE - HKU\S-1-5-21-1265808342-323366298-159849674-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.pl/
IE - HKU\S-1-5-21-1265808342-323366298-159849674-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1265808342-323366298-159849674-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1265808342-323366298-159849674-1001\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
IE - HKU\S-1-5-21-1265808342-323366298-159849674-1001\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKU\S-1-5-21-1265808342-323366298-159849674-1001\..\SearchScopes\{00B8222B-3D95-4A0C-9941-32B95A1C0AA8}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1265808342-323366298-159849674-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear
IE - HKU\S-1-5-21-1265808342-323366298-159849674-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={38AF3E46-E556-4953-B89A-2360B7A2D0D0}&mid=11c35f73da164b23bd77b1561ed19818-94bb305a3a87b8a6d212ca46d0f8856b893e96e3&lang=pl&ds=AVG&pr=fr&d=2011-12-12 16:21:06&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1265808342-323366298-159849674-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={764B5734-49B4-11E1-A455-1803737F6D3C}
IE - HKU\S-1-5-21-1265808342-323366298-159849674-1001\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111126102622150&tb_oid=26-11-2011&tb_mrud=26-11-2011
IE - HKU\S-1-5-21-1265808342-323366298-159849674-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012-09-17 18:53:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012-01-16 21:59:54 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~2\ALLPLA~1\Iplex\IPLEXT~1.DLL (ALLCinema Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1265808342-323366298-159849674-1001..\Run: [ALLUpdate] C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe ()
O4 - HKU\S-1-5-21-1265808342-323366298-159849674-1001..\Run: [IPLA!] C:\Program Files (x86)\ipla\ipla.exe (Redefine Sp z o.o.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Media Expert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Media Expert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Wyślij do interfejsu Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Wyślij do urządzenia &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1265808342-323366298-159849674-1001\..Trusted Domains: sharepoint.com ([vermittlung] https in Trusted sites)
O15 - HKU\S-1-5-21-1265808342-323366298-159849674-1001\..Trusted Domains: sharepoint.com ([vermittlung-admin] https in Trusted sites)
O15 - HKU\S-1-5-21-1265808342-323366298-159849674-1001\..Trusted Domains: sharepoint.com ([vermittlung-my] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/PL/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A7F8C31-4E71-4143-AFB7-70233A3F2667}: DhcpNameServer = 172.7.1.161
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62B10C3C-51DB-4CF3-A9D9-B2C8BF137FA3}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Security Packages - (msoidssp) - C:\windows\SysNative\msoidssp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (msoidssp) - C:\windows\SysWow64\msoidssp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012-10-19 10:31:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Media Expert\Desktop\OTL.exe
[2012-10-14 12:58:46 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012-10-10 22:34:52 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012-10-10 22:34:51 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012-10-10 22:34:49 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012-10-10 22:34:42 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2012-10-10 22:34:41 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2012-10-10 22:34:41 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2012-10-10 22:34:41 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2012-10-10 22:34:41 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2012-10-10 22:34:41 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2012-10-10 22:34:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2012-10-10 22:34:41 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2012-10-10 22:34:41 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2012-10-10 22:34:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2012-10-10 22:34:41 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2012-10-10 22:34:41 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012-10-10 22:34:41 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2012-10-10 22:34:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012-10-10 22:34:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012-10-10 22:34:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012-10-10 22:34:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012-10-10 22:34:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012-10-10 22:34:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012-10-10 22:34:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012-10-10 22:34:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012-10-10 22:34:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012-10-10 22:34:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012-10-10 22:34:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012-10-10 22:34:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012-10-10 22:34:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012-10-10 22:34:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012-10-10 22:34:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012-10-10 22:34:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012-10-10 22:34:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012-10-10 22:34:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012-10-10 22:34:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012-10-10 22:34:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012-10-10 22:34:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012-10-10 22:34:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012-10-10 22:34:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012-10-10 22:34:40 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012-10-10 22:34:40 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012-10-10 22:34:40 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012-10-10 22:34:40 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012-10-10 22:34:40 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012-10-10 22:34:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012-10-10 22:34:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012-10-10 22:34:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012-10-10 22:34:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012-10-10 22:34:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012-10-10 22:34:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012-10-10 22:34:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012-10-10 22:34:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012-10-10 22:34:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012-10-10 22:34:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012-10-10 22:34:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012-10-10 22:34:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012-10-10 22:34:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012-10-10 22:34:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012-10-10 22:34:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012-10-10 22:34:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012-10-10 22:34:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012-10-10 22:34:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012-10-10 22:34:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012-10-10 22:34:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012-10-10 22:34:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012-10-10 22:34:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012-10-10 22:34:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012-10-10 22:34:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012-10-10 22:34:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012-10-10 22:34:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012-10-10 22:34:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012-10-10 22:34:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2012-10-10 22:34:30 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2012-10-10 22:34:13 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2012-10-10 22:34:13 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2012-09-26 18:19:01 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\OxpsConverter.exe
[2012-09-24 21:29:16 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012-09-24 21:29:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012-09-24 21:29:14 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012-09-24 21:29:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012-09-24 21:29:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012-09-24 21:29:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012-09-24 21:29:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012-09-24 21:29:13 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012-09-24 21:29:13 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012-09-24 21:29:13 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012-09-24 21:29:12 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012-09-24 21:29:12 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012-09-24 21:29:10 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012-09-24 21:29:10 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012-09-24 21:29:09 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012-10-19 10:34:21 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-10-19 10:34:21 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-10-19 10:30:56 | 001,662,556 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012-10-19 10:30:56 | 000,737,980 | ---- | M] () -- C:\windows\SysNative\perfh015.dat
[2012-10-19 10:30:56 | 000,652,148 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012-10-19 10:30:56 | 000,154,636 | ---- | M] () -- C:\windows\SysNative\perfc015.dat
[2012-10-19 10:30:56 | 000,121,080 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012-10-19 10:28:49 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012-10-19 10:24:37 | 2799,648,768 | -HS- | M] () -- C:\hiberfil.sys
[2012-10-19 10:24:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Media Expert\Desktop\OTL.exe
[2012-10-19 06:30:58 | 083,023,306 | ---- | M] () -- C:\ProgramData\epyks.pad
[2012-10-18 17:59:23 | 097,701,046 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012-10-17 18:52:25 | 000,292,059 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2012-10-14 12:58:48 | 000,000,812 | ---- | M] () -- C:\Users\Media Expert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012-10-14 12:58:46 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
 
========== Files Created - No Company Name ==========
 
[2012-10-14 12:58:48 | 000,000,812 | ---- | C] () -- C:\Users\Media Expert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012-10-14 12:58:47 | 083,023,306 | ---- | C] () -- C:\ProgramData\epyks.pad
[2012-01-28 15:49:05 | 000,005,504 | ---- | C] () -- C:\Users\Media Expert\buw32.lc
[2012-01-28 15:35:37 | 000,000,010 | ---- | C] () -- C:\Users\Media Expert\AppData\Roaming\hhxprot5
[2011-11-06 19:59:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011-10-31 21:39:38 | 000,003,584 | ---- | C] () -- C:\Users\Media Expert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-10-31 19:04:52 | 000,258,048 | ---- | C] () -- C:\windows\SysWow64\libFLAC.dll
[2011-10-31 19:02:49 | 000,165,376 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2011-10-31 19:02:48 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini
[2011-10-31 19:02:47 | 000,810,496 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2011-10-31 19:02:47 | 000,183,808 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2011-10-31 19:02:47 | 000,080,896 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2011-09-11 17:55:19 | 000,003,155 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011-09-11 17:54:06 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2011-09-11 17:54:01 | 000,000,324 | ---- | C] () -- C:\windows\Prelaunch.ini
[2011-09-11 17:54:01 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2011-09-11 17:54:01 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2011-09-11 17:54:01 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2011-09-11 17:54:01 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2011-09-11 15:58:09 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011-09-11 15:53:11 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
[2011-09-11 15:43:17 | 001,638,694 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011-07-29 13:40:44 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2011-07-29 13:40:44 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
[2011-07-14 01:55:06 | 000,053,760 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012-01-28 15:38:02 | 000,000,000 | ---D | M] -- C:\Users\Media Expert\AppData\Roaming\103.gif
[2011-10-31 18:57:02 | 000,000,000 | ---D | M] -- C:\Users\Media Expert\AppData\Roaming\AVG10
[2011-10-31 18:42:05 | 000,000,000 | ---D | M] -- C:\Users\Media Expert\AppData\Roaming\Fingertapps
[2011-11-07 22:49:17 | 000,000,000 | ---D | M] -- C:\Users\Media Expert\AppData\Roaming\foobar2000
[2011-11-20 20:11:38 | 000,000,000 | ---D | M] -- C:\Users\Media Expert\AppData\Roaming\IDT
[2012-10-19 10:25:14 | 000,000,000 | ---D | M] -- C:\Users\Media Expert\AppData\Roaming\ipla
[2011-10-31 18:41:46 | 000,000,000 | ---D | M] -- C:\Users\Media Expert\AppData\Roaming\Leadertech
[2012-09-16 20:18:16 | 000,000,000 | ---D | M] -- C:\Users\Media Expert\AppData\Roaming\OpenOffice.org
[2011-11-07 21:40:01 | 000,000,000 | ---D | M] -- C:\Users\Media Expert\AppData\Roaming\PCDr
[2011-11-21 22:26:05 | 000,000,000 | ---D | M] -- C:\Users\Media Expert\AppData\Roaming\ZinioReader4
 
========== Purity Check ==========
 
 

< End of report >
         

hier die OTL extra logfiles:

Code:
ATTFilter
OTL Extras logfile created on: 2012-10-19 10:32:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Media Expert\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
3,48 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,64% Memory free
6,95 Gb Paging File | 5,19 Gb Available in Paging File | 74,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683,89 Gb Total Space | 636,63 Gb Free Space | 93,09% Space Free | Partition Type: NTFS
Drive E: | 14,93 Gb Total Space | 8,08 Gb Free Space | 54,11% Space Free | Partition Type: FAT32
 
Computer Name: MEDIAEXPERT | User Name: Media Expert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C760500-1532-4CFC-93F3-C2B9ED34B026}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 |
"{101A08E8-168B-47D1-BDDA-C424A644C862}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{15BA5428-5D26-453D-9CF2-FA55599CC9C1}" = rport=137 | protocol=17 | dir=out | app=system |
"{19663210-1A5C-4527-B4C8-278B118C9D52}" = rport=138 | protocol=17 | dir=out | app=system |
"{210CA8B4-42BD-4C4B-B593-7170093B5AF3}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 |
"{30031780-956B-48FC-871E-B88DD0DB7867}" = rport=139 | protocol=6 | dir=out | app=system |
"{353F5D08-26D7-4BCD-B825-ECCB44205F23}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{366AAC81-74C9-4AD5-A4DD-663DA89D77D4}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{3A8690AD-855E-4538-A62B-7400E3554AE6}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 |
"{54C7C7DE-25E0-4616-9423-3BC415F7DE4D}" = lport=137 | protocol=17 | dir=in | app=system |
"{5DD89AFE-5A7D-4B29-84E8-CCBE37F7D3B9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{64CFD763-9A5A-4B97-BCF1-99C01D29D2BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{740459A7-45CF-4D98-80BB-7CBFE18599F0}" = rport=445 | protocol=6 | dir=out | app=system |
"{76FC40F5-0F59-4FC4-BFD3-6D6EE2BDA07A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7D48C048-D529-4B4C-9AE6-72ECD24BB64B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{879613F2-354C-4029-B1B4-07F70FF764A7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9F3E2142-BD5B-4ED6-9258-B67DD64BA0BA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{ABDC8D97-6D9F-4B21-BD6B-913C56867D29}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BE1644D6-52F8-4729-9FD7-CA661D1C8F8B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C042057F-CF20-456E-BD38-92DC2DE1C7B2}" = lport=138 | protocol=17 | dir=in | app=system |
"{CF40A9C6-D0FB-4047-B5A7-80259329F5D4}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 |
"{DCDF8793-98B5-405E-8206-B9D1C753CE86}" = lport=139 | protocol=6 | dir=in | app=system |
"{E26353AC-472F-4DD1-B7AE-256CC2EF027E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E6A09882-E5B8-490A-B23B-4B22834CEE02}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F1195302-6A2A-41DC-A071-E02CBE21CD4A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F506C586-9C37-4846-9357-158FFAA3A126}" = lport=445 | protocol=6 | dir=in | app=system |
"{F69787F0-4C1C-4457-9385-7F054C1442D1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FD6DD6AB-027D-4BE6-97D5-F3176A5AEA9C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C1CEE8-ACBB-4982-A9A2-24232CC3CDEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0BA4F21F-E978-42D2-BCED-C0758523EC25}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{0F8E5726-61EE-4924-A741-A16877B9C66E}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{1093E6AA-A704-4DB6-9666-13FB3EC6195F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1A529711-124F-4A32-B947-07A9E5BAA4A0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{25E20A3D-3B22-4DD7-8315-4DE1C745441B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{277EF518-725F-4EFB-A7F7-2AF3F8CF8D8D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2BFF59EC-5F53-420E-9AC3-31A71E74A6C2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{2D67E90B-11F5-4E57-9833-6E0CE061D2D3}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{30B5E40F-7F68-45E3-B09C-DB039324F9EE}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{3123AF27-D563-405A-B7A6-773068AA924E}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{31E4D2AC-2D47-456C-B82E-1FD0EA53F61F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{34746852-8CA5-4FD4-8B88-B25AB8901411}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{36C4FB06-4CCE-4C4A-B1F3-03333D8674A6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3E2B3DFC-9DE7-464E-88F5-4C622BBDAC5D}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
"{40477E9F-042B-443D-A21A-F18BBE47EEB3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{40EDCDCD-3803-4499-811F-935F8B93E400}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{50C35CCB-FA04-4674-8BA7-2EFB5CC6CB9B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{560DF3CB-B225-44B8-8BCF-FFC815586A45}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{5690CD98-04D3-479E-8633-7972174B7435}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{57A31417-2499-4485-9916-A43DBF5BF566}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5B936A23-B3D6-41C8-816C-472770A253A0}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
"{6C98C141-A3C3-4EDE-A55A-1B779089127F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6DEA6AE0-D298-4CD5-A0A1-52F66965A3DC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{9201E638-DE62-4060-AF6C-356C45FD55CC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{94153CE5-54F4-4DA8-AC03-9722E4523AB2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{96BF7FA1-9EB9-4B5A-961C-CBC84CAB56A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9ADF8C4E-5B92-4908-9317-E960FDA36879}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9D7059AC-15F0-4CC0-A2D8-6C4855CF4032}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{9E9FE66B-BCDB-44CA-97E3-28BC40B1D50D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AAC77ADD-CB59-4AB4-9AAC-519C529D3ADD}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{AB158467-A597-4EC2-928D-146C3A343533}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
"{AE01A798-47AA-4C8C-83AC-A53FF87A29F2}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{B1909AB8-31A9-4B87-AC0E-B656E16171D4}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{B2B661E9-06A2-4E91-AACA-C2095858C227}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{B59EE2E0-FDDD-4BAD-AFB0-091387AB50EF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{BAD220AF-B577-4B67-A81C-64D6E251D972}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{C28C4D5A-50FF-4F73-B503-57B599D85CCF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C786F085-44E5-4046-AAA5-C40E884923C6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{CC9B835F-5767-4189-BD9D-FBC4BF2602D2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D19F7526-AE55-4BC3-BF71-A1C28134EE4B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{D7BB98BB-84FE-4A13-9EFE-735CF1365D7F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DA42381B-64DB-424B-B121-8E70384D3894}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{DCB64EC3-D253-4289-AD9F-10F7AC2D9CA0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DF8441E6-C5E9-4A9E-85A8-E8D4FADCD260}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EB7AFD3B-DA83-4E05-A8F6-9A7AD5AB803B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EBE384D8-CE34-436D-B9C4-294A7C58406B}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{EF3E7459-0E82-46F4-950B-B3F52696E719}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{F0BF2516-70FE-4F18-80DB-0ECB151347CF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FCB4E1DF-728F-4C63-8512-25069D8EFBB2}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{FEEDC8C1-93E8-4475-8D30-1935B55E4EC1}" = protocol=6 | dir=out | app=system |
"TCP Query User{9F004744-8E0F-44E4-A49F-BCF2EB82CB96}C:\program files (x86)\k-lite codec pack\media player classic\mpc-hc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\k-lite codec pack\media player classic\mpc-hc.exe |
"UDP Query User{FB45340B-AB8A-4553-A32E-FFF92C2C3E6A}C:\program files (x86)\k-lite codec pack\media player classic\mpc-hc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\k-lite codec pack\media player classic\mpc-hc.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{122CFA16-E9CF-488D-9D4E-60D81F619724}" = AVG 2011
"{183292C5-5F6B-A5D5-50E8-97AC1BF1EA18}" = AMD Catalyst Install Manager
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{3CDD044C-70DD-6275-488B-67695A2616A8}" = AMD AVIVO64 Codecs
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{46E637E2-AC34-4B45-B5DF-D20903A3DB61}" = Asystent logowania w witrynie Microsoft Online Services
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{902DCF72-EB95-4154-A81B-81000969927E}" = AVG 2011
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4627D4B-E3E5-B7ED-68CD-AE400B05E22F}" = AMD Media Foundation Decoders
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EBCB2E77-396F-2A4D-0AED-5D3709FF3AE5}" = ccc-utility64
"{F3C0A3DE-C927-95F0-85B2-19BCF27698E8}" = AMD Fuel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2011
"DW WLAN Card Utility" = DW WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PC-Doctor for Windows" = Dell Support Center
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{025951D6-A0AE-9CBE-7D93-A45FF838736A}" = CCC Help Norwegian
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{16FB82E9-1208-81F4-22BC-A4D57367D42A}" = CCC Help Polish
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1AD32757-4B94-1A7C-AC10-C05DC5F12121}" = CCC Help Finnish
"{1D7653C8-63CF-5717-3F65-79317727E64D}" = Catalyst Control Center Profiles Mobile
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2220B74A-8F67-2E6D-8F00-08068479101E}" = CCC Help Dutch
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28139736-EB4B-0406-BF5C-B607A5A6912F}" = CCC Help Korean
"{2A0F2CC5-3065-492C-8380-B03AA7106B1A}" = Dell Product Registration
"{2AE5650F-9FBF-A048-9B3B-039F7D681EEC}" = Catalyst Control Center InstallProxy
"{2B4E3318-B04B-32FD-E68E-0836B628CF0B}" = Catalyst Control Center Graphics Previews Common
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2D3C5C1C-352E-C942-B9C8-68DDA42F6983}" = CCC Help Portuguese
"{2F2FDC0B-A4E7-1EBB-91C3-B0C49943793B}" = CCC Help Spanish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{42B0407C-7A58-24AC-5352-3F3229AD886B}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{5A25E35A-9025-90A3-AE2F-C3711F1A4233}" = CCC Help Danish
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7D05FE31-B45D-3CC7-EC55-56B1F1D13760}" = CCC Help Hungarian
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{821E3745-8275-6FD7-04E9-1F7FBC392DDD}" = CCC Help German
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B234375-EFB1-4024-8B53-EA7C745A6687}" = Adobe Flash Player 10 Plugin
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FEA5690-C23C-7873-89CB-A2D6A0818D0B}" = CCC Help Japanese
"{9027AE90-8FD3-5520-20D4-D33BE2FC71C9}" = AMD VISION Engine Control Center
"{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1F9129-0667-418E-7051-C005C472359A}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0329934-5FE2-F341-5EB9-960154093EAA}" = CCC Help Russian
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A5D24600-DD2C-1EE5-7EFE-61F13153DD29}" = CCC Help Swedish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2
"{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{AF4D3C63-009B-4A17-B02E-D395065DD3F0}" = Dell Stage Remote
"{AFEA7544-6B97-4867-A94D-1C39BA61B64F}" = Catalyst Control Center - Branding
"{AFF57A60-FA41-1102-6643-D183DB80779D}" = CCC Help English
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B5EBBA47-C7CB-0556-7A76-3F8A7A3C8663}" = CCC Help Italian
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C8A6CA2A-18E4-36E9-7EB7-C920FDB96C7D}" = CCC Help Greek
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE1B6AD5-3841-BD60-550A-380F2CBBFD79}" = CCC Help Czech
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DBC79257-1A1B-7145-D5E7-807B521EADD0}" = CCC Help Thai
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}" = Dell Stage
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E40FFD57-E1B2-6216-1B40-8A8FA37D5D27}" = Catalyst Control Center Localization All
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E7310F2E-C551-4FAB-BA07-EAC2E158B1BB}" = IKEA Home Planner
"{EB25124D-732E-2BC7-351E-227E544C74E9}" = CCC Help Chinese Standard
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB87675F-5281-4767-A54B-31931794C23D}" = OpenOffice.org 3.3
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F15D3C58-F2A4-8B94-0CD9-3A449C60B895}" = CCC Help Turkish
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"ALLPlayer_is1" = ALLPlayer V4.X
"Dell Webcam Central" = Dell Webcam Central
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"foobar2000" = foobar2000 v0.9.6.9
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"ipla" = ipla 2.3.5
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Basic)
"Picasa 3" = Picasa 3
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Super Kulki_is1" = Super Kulki
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinLiveSuite" = Podstawowe programy Windows Live
"ZinioReader4" = Zinio Reader 4
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1265808342-323366298-159849674-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Detektor Winampa
"Winamp Toolbar" = Winamp Toolbar
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2012-09-05 10:33:16 | Computer Name = MediaExpert | Source = WinMgmt | ID = 10
Description =
 
Error - 2012-09-05 14:51:17 | Computer Name = MediaExpert | Source = WinMgmt | ID = 10
Description =
 
Error - 2012-09-06 12:01:39 | Computer Name = MediaExpert | Source = WinMgmt | ID = 10
Description =
 
Error - 2012-09-06 14:21:17 | Computer Name = MediaExpert | Source = WinMgmt | ID = 10
Description =
 
Error - 2012-09-07 10:39:32 | Computer Name = MediaExpert | Source = WinMgmt | ID = 10
Description =
 
Error - 2012-09-07 14:09:50 | Computer Name = MediaExpert | Source = WinMgmt | ID = 10
Description =
 
Error - 2012-09-08 10:19:56 | Computer Name = MediaExpert | Source = WinMgmt | ID = 10
Description =
 
Error - 2012-09-08 14:30:08 | Computer Name = MediaExpert | Source = WinMgmt | ID = 10
Description =
 
Error - 2012-09-09 03:46:37 | Computer Name = MediaExpert | Source = WinMgmt | ID = 10
Description =
 
Error - 2012-09-10 14:03:38 | Computer Name = MediaExpert | Source = WinMgmt | ID = 10
Description =
 
[ Broadcom Wireless LAN Events ]
Error - 2012-09-24 15:24:33 | Computer Name = MediaExpert | Source = WLAN-Tray | ID = 0
Description = 21:24:33, Mon, Sep 24, 12 Error - Unable to set enhanced country code

 
Error - 2012-09-25 12:03:37 | Computer Name = MediaExpert | Source = WLAN-Tray | ID = 0
Description = 18:03:37, Tue, Sep 25, 12 Error - Unable to set enhanced country code

 
Error - 2012-09-25 16:11:12 | Computer Name = MediaExpert | Source = WLAN-Tray | ID = 0
Description = 22:11:12, Tue, Sep 25, 12 Error - Unable to set enhanced country code

 
Error - 2012-09-26 12:13:03 | Computer Name = MediaExpert | Source = WLAN-Tray | ID = 0
Description = 18:13:03, Wed, Sep 26, 12 Error - Unable to set enhanced country code

 
Error - 2012-10-03 15:39:04 | Computer Name = MediaExpert | Source = WLAN-Tray | ID = 0
Description = 21:39:03, Wed, Oct 03, 12 Error - Unable to gain access to user store

 
Error - 2012-10-07 04:27:48 | Computer Name = MediaExpert | Source = WLAN-Tray | ID = 0
Description = 10:27:47, Sun, Oct 07, 12 Error - Unable to gain access to user store

 
Error - 2012-10-11 12:29:25 | Computer Name = MediaExpert | Source = WLAN-Tray | ID = 0
Description = 18:29:25, Thu, Oct 11, 12 Error - Unable to set enhanced country code

 
Error - 2012-10-16 12:02:06 | Computer Name = MediaExpert | Source = WLAN-Tray | ID = 0
Description = 18:02:06, Tue, Oct 16, 12 Error - Unable to set enhanced country code

 
Error - 2012-10-18 11:53:58 | Computer Name = MediaExpert | Source = WLAN-Tray | ID = 0
Description = 17:53:58, Thu, Oct 18, 12 Error - Unable to set enhanced country code

 
Error - 2012-10-19 00:29:34 | Computer Name = MediaExpert | Source = WLAN-Tray | ID = 0
Description = 06:29:34, Fri, Oct 19, 12 Error - Unable to set enhanced country code

 
[ System Events ]
Error - 2012-10-14 06:54:44 | Computer Name = MediaExpert | Source = Service Control Manager | ID = 7011
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji
 z usługi SftService.
 
Error - 2012-10-17 10:38:01 | Computer Name = MediaExpert | Source = Service Control Manager | ID = 7011
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji
 z usługi SftService.
 
Error - 2012-10-18 11:54:12 | Computer Name = MediaExpert | Source = Service Control Manager | ID = 7011
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji
 z usługi SftService.
 
Error - 2012-10-18 11:54:42 | Computer Name = MediaExpert | Source = Service Control Manager | ID = 7011
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji
 z usługi SftService.
 
Error - 2012-10-19 00:29:18 | Computer Name = MediaExpert | Source = Service Control Manager | ID = 7011
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji
 z usługi SftService.
 
Error - 2012-10-19 00:29:48 | Computer Name = MediaExpert | Source = Service Control Manager | ID = 7011
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji
 z usługi SftService.
 
Error - 2012-10-19 03:59:16 | Computer Name = MediaExpert | Source = Service Control Manager | ID = 7011
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji
 z usługi SftService.
 
Error - 2012-10-19 03:59:46 | Computer Name = MediaExpert | Source = Service Control Manager | ID = 7011
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji
 z usługi SftService.
 
Error - 2012-10-19 04:25:25 | Computer Name = MediaExpert | Source = Service Control Manager | ID = 7011
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji
 z usługi SftService.
 
Error - 2012-10-19 04:29:50 | Computer Name = MediaExpert | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1.
 
 
< End of report >
         

Ist der PC jetzt bereinigt oder was muss ich weiter tun??

Danke!

Alt 19.10.2012, 13:23   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer wurde gesperrt zahlen sie 100€ bei Ukash - Standard

Computer wurde gesperrt zahlen sie 100€ bei Ukash



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 07.11.2012, 11:53   #3
anitaerdbeer
 
Computer wurde gesperrt zahlen sie 100€ bei Ukash - Standard

Computer wurde gesperrt zahlen sie 100€ bei Ukash



Hallo, habe den Vollscan mit Malwarebytes durchgefuehrt

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.06.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Media Expert :: MEDIAEXPERT [Administrator]

Schutz: Aktiviert

2012-11-06 17:02:55
mbam-log-2012-11-06 (17-02-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 356893
Laufzeit: 1 Stunde(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\ProgramData\lsass.exe (Trojan.Delf) -> 3772 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Media Expert\AppData\Local\Temp\skype.dll (Trojan.Agent.SZ) -> Löschen bei Neustart.
C:\ProgramData\lsass.exe (Trojan.Delf) -> Löschen bei Neustart.
C:\Users\Media Expert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
der ESET Scan hat nicht funktioniert. Fehlermeldung bei Step 2 von 4:
"unexpected error 2002"

Was soll ich nun tun?
__________________

Alt 07.11.2012, 12:42   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer wurde gesperrt zahlen sie 100€ bei Ukash - Standard

Computer wurde gesperrt zahlen sie 100€ bei Ukash



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.11.2012, 09:49   #5
anitaerdbeer
 
Computer wurde gesperrt zahlen sie 100€ bei Ukash - Standard

Computer wurde gesperrt zahlen sie 100€ bei Ukash



hier ist die aswMBR.txt:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-09 09:54:27
-----------------------------
09:54:27.997    OS Version: Windows x64 6.1.7601 Service Pack 1
09:54:27.997    Number of processors: 2 586 0x100
09:54:27.999    ComputerName: MEDIAEXPERT  UserName: 
09:54:34.191    Initialize success
10:00:39.931    AVAST engine defs: 12110801
10:02:15.471    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
10:02:15.476    Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 11
10:02:15.491    Disk 0 MBR read successfully
10:02:15.494    Disk 0 MBR scan
10:02:15.527    Disk 0 Windows 7 default MBR code
10:02:15.531    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0      100 MB offset 2048
10:02:15.545    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 206848
10:02:15.567    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       700302 MB offset 30926848
10:02:15.621    Disk 0 scanning C:\windows\system32\drivers
10:02:25.222    Service scanning
10:02:50.135    Modules scanning
10:02:50.154    Disk 0 trace - called modules:
10:02:50.177    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys 
10:02:50.185    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004dee060]
10:02:50.191    3 CLASSPNP.SYS[fffff8800194f43f] -> nt!IofCallDriver -> [0xfffffa8004c81ac0]
10:02:50.197    5 amd_xata.sys[fffff88001064b3f] -> nt!IofCallDriver -> \Device\00000069[0xfffffa8004c8f420]
10:02:53.210    AVAST engine scan C:\windows
10:02:57.699    AVAST engine scan C:\windows\system32
10:06:30.194    AVAST engine scan C:\windows\system32\drivers
10:06:45.548    AVAST engine scan C:\Users\Media Expert
10:32:53.154    AVAST engine scan C:\ProgramData
10:35:14.442    Scan finished successfully
10:43:51.046    Disk 0 MBR has been saved successfully to "C:\Users\Media Expert\Desktop\MBR.dat"
10:43:51.052    The log file has been saved successfully to "C:\Users\Media Expert\Desktop\aswMBR.txt"
         
und hier das Log vom TDSS-Killer:

Code:
ATTFilter
11:06:03.0384 11592  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:06:03.0621 11592  ============================================================
11:06:03.0621 11592  Current date / time: 2012/11/09 11:06:03.0621
11:06:03.0621 11592  SystemInfo:
11:06:03.0621 11592  
11:06:03.0621 11592  OS Version: 6.1.7601 ServicePack: 1.0
11:06:03.0621 11592  Product type: Workstation
11:06:03.0621 11592  ComputerName: MEDIAEXPERT
11:06:03.0621 11592  UserName: Media Expert
11:06:03.0621 11592  Windows directory: C:\windows
11:06:03.0621 11592  System windows directory: C:\windows
11:06:03.0621 11592  Running under WOW64
11:06:03.0621 11592  Processor architecture: Intel x64
11:06:03.0621 11592  Number of processors: 2
11:06:03.0621 11592  Page size: 0x1000
11:06:03.0621 11592  Boot type: Normal boot
11:06:03.0621 11592  ============================================================
11:06:04.0203 11592  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:06:04.0278 11592  ============================================================
11:06:04.0278 11592  \Device\Harddisk0\DR0:
11:06:04.0279 11592  MBR partitions:
11:06:04.0279 11592  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
11:06:04.0279 11592  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x557C76F0
11:06:04.0279 11592  ============================================================
11:06:04.0341 11592  C: <-> \Device\Harddisk0\DR0\Partition2
11:06:04.0341 11592  ============================================================
11:06:04.0341 11592  Initialize success
11:06:04.0341 11592  ============================================================
11:06:25.0695 11468  ============================================================
11:06:25.0695 11468  Scan started
11:06:25.0695 11468  Mode: Manual; SigCheck; TDLFS; 
11:06:25.0695 11468  ============================================================
11:06:26.0153 11468  ================ Scan system memory ========================
11:06:26.0153 11468  System memory - ok
11:06:26.0154 11468  ================ Scan services =============================
11:06:26.0394 11468  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
11:06:26.0509 11468  1394ohci - ok
11:06:26.0566 11468  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
11:06:26.0614 11468  ACPI - ok
11:06:26.0644 11468  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
11:06:26.0705 11468  AcpiPmi - ok
11:06:26.0732 11468  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
11:06:26.0759 11468  adp94xx - ok
11:06:26.0768 11468  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\drivers\adpahci.sys
11:06:26.0795 11468  adpahci - ok
11:06:26.0802 11468  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\drivers\adpu320.sys
11:06:26.0822 11468  adpu320 - ok
11:06:26.0878 11468  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
11:06:26.0965 11468  AeLookupSvc - ok
11:06:27.0076 11468  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Program Files\IDT\WDM\AESTSr64.exe
11:06:27.0122 11468  AESTFilters - ok
11:06:27.0217 11468  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
11:06:27.0306 11468  AFD - ok
11:06:27.0374 11468  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
11:06:27.0399 11468  agp440 - ok
11:06:27.0451 11468  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
11:06:27.0506 11468  ALG - ok
11:06:27.0522 11468  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
11:06:27.0539 11468  aliide - ok
11:06:27.0596 11468  [ 8D99E7EF02F8E2CAE176F76CBE6DE242 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
11:06:27.0634 11468  AMD External Events Utility - ok
11:06:27.0669 11468  AMD FUEL Service - ok
11:06:27.0687 11468  [ F1A84D67A03F7536EBDA9DB426EF0E00 ] amdhub30        C:\windows\system32\DRIVERS\amdhub30.sys
11:06:27.0726 11468  amdhub30 - ok
11:06:27.0763 11468  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
11:06:27.0778 11468  amdide - ok
11:06:27.0809 11468  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\windows\system32\DRIVERS\amdiox64.sys
11:06:27.0824 11468  amdiox64 - ok
11:06:27.0839 11468  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
11:06:27.0873 11468  AmdK8 - ok
11:06:28.0073 11468  [ C7B1CF8162E0960EC239C1A4695B839A ] amdkmdag        C:\windows\system32\DRIVERS\atikmdag.sys
11:06:28.0375 11468  amdkmdag - ok
11:06:28.0415 11468  [ 9204E6FD4CA15522FDF27E3454FDCEBF ] amdkmdap        C:\windows\system32\DRIVERS\atikmpag.sys
11:06:28.0451 11468  amdkmdap - ok
11:06:28.0487 11468  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
11:06:28.0529 11468  AmdPPM - ok
11:06:28.0556 11468  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
11:06:28.0591 11468  amdsata - ok
11:06:28.0599 11468  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
11:06:28.0619 11468  amdsbs - ok
11:06:28.0625 11468  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
11:06:28.0641 11468  amdxata - ok
11:06:28.0660 11468  [ D8C25FF90E2E8FC7CBE26E2203EC4757 ] amdxhc          C:\windows\system32\DRIVERS\amdxhc.sys
11:06:28.0677 11468  amdxhc - ok
11:06:28.0701 11468  [ BB4FE7889DB9CBBE61A308E99697F53C ] amd_sata        C:\windows\system32\DRIVERS\amd_sata.sys
11:06:28.0714 11468  amd_sata - ok
11:06:28.0741 11468  [ 5631CBA53F1CBEA3F9E88348E6723391 ] amd_xata        C:\windows\system32\DRIVERS\amd_xata.sys
11:06:28.0755 11468  amd_xata - ok
11:06:28.0801 11468  [ 24ED0EB2B2558970176ECEE680F8F806 ] ApfiltrService  C:\windows\system32\DRIVERS\Apfiltr.sys
11:06:28.0827 11468  ApfiltrService - ok
11:06:28.0862 11468  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
11:06:28.0912 11468  AppID - ok
11:06:28.0938 11468  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
11:06:29.0006 11468  AppIDSvc - ok
11:06:29.0020 11468  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\windows\System32\appinfo.dll
11:06:29.0077 11468  Appinfo - ok
11:06:29.0093 11468  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\drivers\arc.sys
11:06:29.0111 11468  arc - ok
11:06:29.0131 11468  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\drivers\arcsas.sys
11:06:29.0148 11468  arcsas - ok
11:06:29.0262 11468  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:06:29.0307 11468  aspnet_state - ok
11:06:29.0320 11468  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
11:06:29.0376 11468  AsyncMac - ok
11:06:29.0454 11468  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
11:06:29.0487 11468  atapi - ok
11:06:29.0541 11468  [ CBD14F698DEF12EE3557604B726CB8EB ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys
11:06:29.0574 11468  AtiHDAudioService - ok
11:06:29.0650 11468  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
11:06:29.0727 11468  AudioEndpointBuilder - ok
11:06:29.0740 11468  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
11:06:29.0790 11468  AudioSrv - ok
11:06:29.0836 11468  AVG Security Toolbar Service - ok
11:06:29.0888 11468  [ 3D1FFAA3358CA0D8A298DEA8BECFC468 ] Avgfwfd         C:\windows\system32\DRIVERS\avgfwd6a.sys
11:06:29.0914 11468  Avgfwfd - ok
11:06:30.0112 11468  [ 733D86815BEB34E2982BC7F561C35AE3 ] avgfws          C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
11:06:30.0157 11468  avgfws - ok
11:06:30.0293 11468  [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
11:06:30.0496 11468  AVGIDSAgent - ok
11:06:30.0529 11468  [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver    C:\windows\system32\DRIVERS\avgidsdrivera.sys
11:06:30.0555 11468  AVGIDSDriver - ok
11:06:30.0593 11468  [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA        C:\windows\system32\DRIVERS\avgidsha.sys
11:06:30.0620 11468  AVGIDSHA - ok
11:06:30.0648 11468  [ 5989592A91A17587799792A81E1541D4 ] Avgldx64        C:\windows\system32\DRIVERS\avgldx64.sys
11:06:30.0668 11468  Avgldx64 - ok
11:06:30.0733 11468  [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga         C:\windows\system32\DRIVERS\avgloga.sys
11:06:30.0761 11468  Avgloga - ok
11:06:30.0786 11468  [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64        C:\windows\system32\DRIVERS\avgmfx64.sys
11:06:30.0805 11468  Avgmfx64 - ok
11:06:30.0826 11468  [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64        C:\windows\system32\DRIVERS\avgrkx64.sys
11:06:30.0844 11468  Avgrkx64 - ok
11:06:30.0876 11468  [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia         C:\windows\system32\DRIVERS\avgtdia.sys
11:06:30.0897 11468  Avgtdia - ok
11:06:30.0931 11468  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
11:06:30.0953 11468  avgwd - ok
11:06:31.0010 11468  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
11:06:31.0044 11468  AxInstSV - ok
11:06:31.0096 11468  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
11:06:31.0162 11468  b06bdrv - ok
11:06:31.0211 11468  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
11:06:31.0253 11468  b57nd60a - ok
11:06:31.0289 11468  [ 801CE1CDF383492B927821C05CB6E8D5 ] BCM42RLY        C:\windows\system32\drivers\BCM42RLY.sys
11:06:31.0315 11468  BCM42RLY - ok
11:06:31.0419 11468  [ 783F1C7ED6B39454A8D1028D4F30768D ] BCM43XX         C:\windows\system32\DRIVERS\bcmwl664.sys
11:06:31.0585 11468  BCM43XX - ok
11:06:31.0648 11468  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
11:06:31.0714 11468  BDESVC - ok
11:06:31.0749 11468  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
11:06:31.0806 11468  Beep - ok
11:06:31.0849 11468  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
11:06:31.0922 11468  BFE - ok
11:06:31.0969 11468  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\System32\qmgr.dll
11:06:32.0052 11468  BITS - ok
11:06:32.0099 11468  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
11:06:32.0136 11468  blbdrive - ok
11:06:32.0171 11468  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
11:06:32.0199 11468  bowser - ok
11:06:32.0233 11468  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
11:06:32.0276 11468  BrFiltLo - ok
11:06:32.0286 11468  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
11:06:32.0318 11468  BrFiltUp - ok
11:06:32.0344 11468  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
11:06:32.0381 11468  Browser - ok
11:06:32.0390 11468  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
11:06:32.0465 11468  Brserid - ok
11:06:32.0474 11468  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
11:06:32.0512 11468  BrSerWdm - ok
11:06:32.0517 11468  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
11:06:32.0546 11468  BrUsbMdm - ok
11:06:32.0564 11468  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
11:06:32.0604 11468  BrUsbSer - ok
11:06:32.0676 11468  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
11:06:32.0735 11468  BthEnum - ok
11:06:32.0754 11468  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
11:06:32.0788 11468  BTHMODEM - ok
11:06:32.0817 11468  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
11:06:32.0859 11468  BthPan - ok
11:06:32.0922 11468  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
11:06:32.0987 11468  BTHPORT - ok
11:06:33.0022 11468  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
11:06:33.0087 11468  bthserv - ok
11:06:33.0121 11468  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
11:06:33.0162 11468  BTHUSB - ok
11:06:33.0202 11468  [ A0DFB69ADE3444C78B17636FCF28E898 ] BTWAMPFL        C:\windows\system32\DRIVERS\btwampfl.sys
11:06:33.0222 11468  BTWAMPFL - ok
11:06:33.0256 11468  [ 7CF028CE78696882B327FF13D2DFA534 ] btwaudio        C:\windows\system32\drivers\btwaudio.sys
11:06:33.0271 11468  btwaudio - ok
11:06:33.0285 11468  [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt         C:\windows\system32\drivers\btwavdt.sys
11:06:33.0300 11468  btwavdt - ok
11:06:33.0375 11468  [ 3D5E7FB2CB69A6186C7954C0859173F4 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
11:06:33.0414 11468  btwdins - ok
11:06:33.0428 11468  [ 346B4051B3D7FF70E8F027869B8ECA6E ] btwl2cap        C:\windows\system32\DRIVERS\btwl2cap.sys
11:06:33.0442 11468  btwl2cap - ok
11:06:33.0461 11468  [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid        C:\windows\system32\DRIVERS\btwrchid.sys
11:06:33.0473 11468  btwrchid - ok
11:06:33.0492 11468  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
11:06:33.0561 11468  cdfs - ok
11:06:33.0608 11468  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
11:06:33.0641 11468  cdrom - ok
11:06:33.0671 11468  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
11:06:33.0750 11468  CertPropSvc - ok
11:06:33.0773 11468  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\drivers\circlass.sys
11:06:33.0809 11468  circlass - ok
11:06:33.0833 11468  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
11:06:33.0861 11468  CLFS - ok
11:06:33.0928 11468  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:06:33.0959 11468  clr_optimization_v2.0.50727_32 - ok
11:06:33.0987 11468  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:06:34.0020 11468  clr_optimization_v2.0.50727_64 - ok
11:06:34.0110 11468  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:06:34.0201 11468  clr_optimization_v4.0.30319_32 - ok
11:06:34.0219 11468  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:06:34.0236 11468  clr_optimization_v4.0.30319_64 - ok
11:06:34.0264 11468  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
11:06:34.0305 11468  CmBatt - ok
11:06:34.0319 11468  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
11:06:34.0336 11468  cmdide - ok
11:06:34.0401 11468  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\windows\system32\Drivers\cng.sys
11:06:34.0506 11468  CNG - ok
11:06:34.0553 11468  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
11:06:34.0570 11468  Compbatt - ok
11:06:34.0581 11468  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
11:06:34.0634 11468  CompositeBus - ok
11:06:34.0655 11468  COMSysApp - ok
11:06:34.0675 11468  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
11:06:34.0694 11468  crcdisk - ok
11:06:34.0735 11468  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\windows\system32\cryptsvc.dll
11:06:34.0815 11468  CryptSvc - ok
11:06:34.0866 11468  [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt        C:\windows\system32\DRIVERS\CtClsFlt.sys
11:06:34.0909 11468  CtClsFlt - ok
11:06:34.0960 11468  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
11:06:35.0069 11468  DcomLaunch - ok
11:06:35.0104 11468  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
11:06:35.0173 11468  defragsvc - ok
11:06:35.0186 11468  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
11:06:35.0244 11468  DfsC - ok
11:06:35.0285 11468  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
11:06:35.0421 11468  Dhcp - ok
11:06:35.0492 11468  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
11:06:35.0555 11468  discache - ok
11:06:35.0587 11468  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\drivers\disk.sys
11:06:35.0616 11468  Disk - ok
11:06:35.0650 11468  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
11:06:35.0714 11468  Dnscache - ok
11:06:35.0736 11468  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
11:06:35.0794 11468  dot3svc - ok
11:06:35.0802 11468  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
11:06:35.0857 11468  DPS - ok
11:06:35.0900 11468  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
11:06:35.0933 11468  drmkaud - ok
11:06:35.0963 11468  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
11:06:36.0016 11468  DXGKrnl - ok
11:06:36.0033 11468  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
11:06:36.0095 11468  EapHost - ok
11:06:36.0166 11468  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\drivers\evbda.sys
11:06:36.0271 11468  ebdrv - ok
11:06:36.0298 11468  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
11:06:36.0359 11468  EFS - ok
11:06:36.0432 11468  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
11:06:36.0492 11468  ehRecvr - ok
11:06:36.0503 11468  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
11:06:36.0536 11468  ehSched - ok
11:06:36.0565 11468  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\drivers\elxstor.sys
11:06:36.0593 11468  elxstor - ok
11:06:36.0599 11468  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
11:06:36.0624 11468  ErrDev - ok
11:06:36.0658 11468  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
11:06:36.0715 11468  EventSystem - ok
11:06:36.0751 11468  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
11:06:36.0820 11468  exfat - ok
11:06:36.0846 11468  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
11:06:36.0909 11468  fastfat - ok
11:06:36.0960 11468  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
11:06:37.0009 11468  Fax - ok
11:06:37.0032 11468  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\drivers\fdc.sys
11:06:37.0076 11468  fdc - ok
11:06:37.0110 11468  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
11:06:37.0173 11468  fdPHost - ok
11:06:37.0193 11468  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
11:06:37.0238 11468  FDResPub - ok
11:06:37.0268 11468  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
11:06:37.0284 11468  FileInfo - ok
11:06:37.0298 11468  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
11:06:37.0397 11468  Filetrace - ok
11:06:37.0411 11468  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
11:06:37.0428 11468  flpydisk - ok
11:06:37.0454 11468  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
11:06:37.0477 11468  FltMgr - ok
11:06:37.0519 11468  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\windows\system32\FntCache.dll
11:06:37.0584 11468  FontCache - ok
11:06:37.0626 11468  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:06:37.0652 11468  FontCache3.0.0.0 - ok
11:06:37.0672 11468  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
11:06:37.0689 11468  FsDepends - ok
11:06:37.0728 11468  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
11:06:37.0748 11468  Fs_Rec - ok
11:06:37.0781 11468  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
11:06:37.0816 11468  fvevol - ok
11:06:37.0849 11468  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
11:06:37.0866 11468  gagp30kx - ok
11:06:37.0902 11468  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
11:06:37.0958 11468  gpsvc - ok
11:06:38.0010 11468  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:06:38.0043 11468  gusvc - ok
11:06:38.0061 11468  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
11:06:38.0109 11468  hcw85cir - ok
11:06:38.0141 11468  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
11:06:38.0188 11468  HdAudAddService - ok
11:06:38.0213 11468  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
11:06:38.0245 11468  HDAudBus - ok
11:06:38.0251 11468  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
11:06:38.0268 11468  HidBatt - ok
11:06:38.0284 11468  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\drivers\hidbth.sys
11:06:38.0311 11468  HidBth - ok
11:06:38.0319 11468  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\drivers\hidir.sys
11:06:38.0348 11468  HidIr - ok
11:06:38.0374 11468  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\system32\hidserv.dll
11:06:38.0430 11468  hidserv - ok
11:06:38.0463 11468  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
11:06:38.0480 11468  HidUsb - ok
11:06:38.0513 11468  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
11:06:38.0600 11468  hkmsvc - ok
11:06:38.0624 11468  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
11:06:38.0665 11468  HomeGroupListener - ok
11:06:38.0700 11468  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
11:06:38.0738 11468  HomeGroupProvider - ok
11:06:38.0757 11468  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
11:06:38.0774 11468  HpSAMD - ok
11:06:38.0805 11468  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
11:06:38.0868 11468  HTTP - ok
11:06:38.0888 11468  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
11:06:38.0903 11468  hwpolicy - ok
11:06:38.0933 11468  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
11:06:38.0967 11468  i8042prt - ok
11:06:38.0986 11468  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
11:06:39.0011 11468  iaStorV - ok
11:06:39.0078 11468  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:06:39.0116 11468  idsvc - ok
11:06:39.0123 11468  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\drivers\iirsp.sys
11:06:39.0140 11468  iirsp - ok
11:06:39.0197 11468  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
11:06:39.0276 11468  IKEEXT - ok
11:06:39.0286 11468  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
11:06:39.0302 11468  intelide - ok
11:06:39.0317 11468  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\drivers\intelppm.sys
11:06:39.0344 11468  intelppm - ok
11:06:39.0366 11468  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
11:06:39.0427 11468  IPBusEnum - ok
11:06:39.0442 11468  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
11:06:39.0487 11468  IpFilterDriver - ok
11:06:39.0517 11468  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
11:06:39.0595 11468  iphlpsvc - ok
11:06:39.0613 11468  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
11:06:39.0631 11468  IPMIDRV - ok
11:06:39.0643 11468  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
11:06:39.0702 11468  IPNAT - ok
11:06:39.0734 11468  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
11:06:39.0755 11468  IRENUM - ok
11:06:39.0761 11468  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
11:06:39.0778 11468  isapnp - ok
11:06:39.0796 11468  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
11:06:39.0818 11468  iScsiPrt - ok
11:06:39.0836 11468  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
11:06:39.0853 11468  kbdclass - ok
11:06:39.0859 11468  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
11:06:39.0893 11468  kbdhid - ok
11:06:39.0910 11468  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
11:06:39.0927 11468  KeyIso - ok
11:06:39.0963 11468  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
11:06:39.0981 11468  KSecDD - ok
11:06:40.0007 11468  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
11:06:40.0026 11468  KSecPkg - ok
11:06:40.0043 11468  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
11:06:40.0105 11468  ksthunk - ok
11:06:40.0138 11468  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
11:06:40.0211 11468  KtmRm - ok
11:06:40.0286 11468  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\system32\srvsvc.dll
11:06:40.0356 11468  LanmanServer - ok
11:06:40.0384 11468  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
11:06:40.0462 11468  LanmanWorkstation - ok
11:06:40.0505 11468  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
11:06:40.0588 11468  lltdio - ok
11:06:40.0619 11468  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
11:06:40.0687 11468  lltdsvc - ok
11:06:40.0703 11468  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
11:06:40.0761 11468  lmhosts - ok
11:06:40.0796 11468  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
11:06:40.0836 11468  LSI_FC - ok
11:06:40.0854 11468  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
11:06:40.0872 11468  LSI_SAS - ok
11:06:40.0879 11468  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
11:06:40.0898 11468  LSI_SAS2 - ok
11:06:40.0906 11468  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
11:06:40.0924 11468  LSI_SCSI - ok
11:06:40.0951 11468  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
11:06:41.0008 11468  luafv - ok
11:06:41.0068 11468  [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector   C:\windows\system32\drivers\mbam.sys
11:06:41.0106 11468  MBAMProtector - ok
11:06:41.0148 11468  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:06:41.0171 11468  MBAMScheduler - ok
11:06:41.0210 11468  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:06:41.0241 11468  MBAMService - ok
11:06:41.0269 11468  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
11:06:41.0307 11468  Mcx2Svc - ok
11:06:41.0327 11468  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\drivers\megasas.sys
11:06:41.0344 11468  megasas - ok
11:06:41.0358 11468  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
11:06:41.0381 11468  MegaSR - ok
11:06:41.0435 11468  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
11:06:41.0496 11468  MMCSS - ok
11:06:41.0521 11468  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
11:06:41.0577 11468  Modem - ok
11:06:41.0605 11468  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
11:06:41.0647 11468  monitor - ok
11:06:41.0662 11468  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
11:06:41.0679 11468  mouclass - ok
11:06:41.0700 11468  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
11:06:41.0730 11468  mouhid - ok
11:06:41.0745 11468  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
11:06:41.0763 11468  mountmgr - ok
11:06:41.0786 11468  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
11:06:41.0806 11468  mpio - ok
11:06:41.0812 11468  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
11:06:41.0858 11468  mpsdrv - ok
11:06:41.0907 11468  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
11:06:42.0004 11468  MpsSvc - ok
11:06:42.0012 11468  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
11:06:42.0053 11468  MRxDAV - ok
11:06:42.0077 11468  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
11:06:42.0122 11468  mrxsmb - ok
11:06:42.0159 11468  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
11:06:42.0189 11468  mrxsmb10 - ok
11:06:42.0218 11468  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
11:06:42.0234 11468  mrxsmb20 - ok
11:06:42.0264 11468  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys
11:06:42.0292 11468  msahci - ok
11:06:42.0310 11468  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
11:06:42.0329 11468  msdsm - ok
11:06:42.0345 11468  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
11:06:42.0378 11468  MSDTC - ok
11:06:42.0391 11468  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
11:06:42.0436 11468  Msfs - ok
11:06:42.0453 11468  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
11:06:42.0507 11468  mshidkmdf - ok
11:06:42.0525 11468  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
11:06:42.0541 11468  msisadrv - ok
11:06:42.0586 11468  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
11:06:42.0696 11468  MSiSCSI - ok
11:06:42.0702 11468  msiserver - ok
11:06:42.0739 11468  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
11:06:42.0805 11468  MSKSSRV - ok
11:06:42.0961 11468  [ 47A616802531735DF88CD331739D6E97 ] msoidsvc        C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
11:06:43.0044 11468  msoidsvc - ok
11:06:43.0075 11468  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
11:06:43.0141 11468  MSPCLOCK - ok
11:06:43.0191 11468  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
11:06:43.0258 11468  MSPQM - ok
11:06:43.0295 11468  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
11:06:43.0331 11468  MsRPC - ok
11:06:43.0360 11468  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
11:06:43.0377 11468  mssmbios - ok
11:06:43.0436 11468  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
11:06:43.0497 11468  MSTEE - ok
11:06:43.0513 11468  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
11:06:43.0542 11468  MTConfig - ok
11:06:43.0548 11468  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
11:06:43.0566 11468  Mup - ok
11:06:43.0597 11468  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
11:06:43.0665 11468  napagent - ok
11:06:43.0715 11468  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
11:06:43.0767 11468  NativeWifiP - ok
11:06:43.0915 11468  [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
11:06:43.0957 11468  NAUpdate - ok
11:06:44.0014 11468  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
11:06:44.0063 11468  NDIS - ok
11:06:44.0100 11468  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
11:06:44.0164 11468  NdisCap - ok
11:06:44.0189 11468  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
11:06:44.0232 11468  NdisTapi - ok
11:06:44.0238 11468  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
11:06:44.0292 11468  Ndisuio - ok
11:06:44.0299 11468  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
11:06:44.0363 11468  NdisWan - ok
11:06:44.0371 11468  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
11:06:44.0414 11468  NDProxy - ok
11:06:44.0431 11468  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
11:06:44.0489 11468  NetBIOS - ok
11:06:44.0498 11468  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
11:06:44.0544 11468  NetBT - ok
11:06:44.0565 11468  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
11:06:44.0581 11468  Netlogon - ok
11:06:44.0650 11468  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
11:06:44.0710 11468  Netman - ok
11:06:44.0739 11468  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:06:44.0756 11468  NetMsmqActivator - ok
11:06:44.0762 11468  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:06:44.0777 11468  NetPipeActivator - ok
11:06:44.0788 11468  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
11:06:44.0848 11468  netprofm - ok
11:06:44.0854 11468  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:06:44.0869 11468  NetTcpActivator - ok
11:06:44.0876 11468  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:06:44.0892 11468  NetTcpPortSharing - ok
11:06:44.0919 11468  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
11:06:44.0936 11468  nfrd960 - ok
11:06:44.0954 11468  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\windows\System32\nlasvc.dll
11:06:45.0013 11468  NlaSvc - ok
11:06:45.0029 11468  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
11:06:45.0073 11468  Npfs - ok
11:06:45.0086 11468  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
11:06:45.0132 11468  nsi - ok
11:06:45.0138 11468  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
11:06:45.0183 11468  nsiproxy - ok
11:06:45.0240 11468  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
11:06:45.0326 11468  Ntfs - ok
11:06:45.0343 11468  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
11:06:45.0387 11468  Null - ok
11:06:45.0411 11468  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
11:06:45.0430 11468  nvraid - ok
11:06:45.0441 11468  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
11:06:45.0462 11468  nvstor - ok
11:06:45.0469 11468  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
11:06:45.0487 11468  nv_agp - ok
11:06:45.0494 11468  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
11:06:45.0537 11468  ohci1394 - ok
11:06:45.0559 11468  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
11:06:45.0609 11468  p2pimsvc - ok
11:06:45.0655 11468  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
11:06:45.0694 11468  p2psvc - ok
11:06:45.0714 11468  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\drivers\parport.sys
11:06:45.0744 11468  Parport - ok
11:06:45.0770 11468  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
11:06:45.0786 11468  partmgr - ok
11:06:45.0794 11468  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
11:06:45.0832 11468  PcaSvc - ok
11:06:45.0951 11468  [ 4B5F5774FF1C577B9515FDD2B5C535C5 ] PCDSRVC{1E208CE0-FB7451FF-06020200}_0 c:\program files\dell support center\pcdsrvc_x64.pkms
11:06:45.0993 11468  PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - ok
11:06:46.0027 11468  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
11:06:46.0061 11468  pci - ok
11:06:46.0077 11468  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\drivers\pciide.sys
11:06:46.0093 11468  pciide - ok
11:06:46.0114 11468  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
11:06:46.0135 11468  pcmcia - ok
11:06:46.0142 11468  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
11:06:46.0158 11468  pcw - ok
11:06:46.0171 11468  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
11:06:46.0235 11468  PEAUTH - ok
11:06:46.0343 11468  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
11:06:46.0386 11468  PerfHost - ok
11:06:46.0453 11468  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
11:06:46.0579 11468  pla - ok
11:06:46.0645 11468  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
11:06:46.0694 11468  PlugPlay - ok
11:06:46.0726 11468  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
11:06:46.0768 11468  PNRPAutoReg - ok
11:06:46.0792 11468  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
11:06:46.0813 11468  PNRPsvc - ok
11:06:46.0843 11468  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
11:06:46.0899 11468  PolicyAgent - ok
11:06:46.0932 11468  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll
11:06:46.0993 11468  Power - ok
11:06:47.0028 11468  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
11:06:47.0080 11468  PptpMiniport - ok
11:06:47.0093 11468  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\drivers\processr.sys
11:06:47.0126 11468  Processor - ok
11:06:47.0162 11468  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
11:06:47.0208 11468  ProfSvc - ok
11:06:47.0220 11468  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
11:06:47.0236 11468  ProtectedStorage - ok
11:06:47.0301 11468  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
11:06:47.0360 11468  Psched - ok
11:06:47.0410 11468  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\drivers\ql2300.sys
11:06:47.0470 11468  ql2300 - ok
11:06:47.0494 11468  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
11:06:47.0512 11468  ql40xx - ok
11:06:47.0534 11468  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
11:06:47.0562 11468  QWAVE - ok
11:06:47.0573 11468  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
11:06:47.0617 11468  QWAVEdrv - ok
11:06:47.0654 11468  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
11:06:47.0725 11468  RasAcd - ok
11:06:47.0752 11468  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
11:06:47.0817 11468  RasAgileVpn - ok
11:06:47.0844 11468  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
11:06:47.0914 11468  RasAuto - ok
11:06:47.0948 11468  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
11:06:48.0000 11468  Rasl2tp - ok
11:06:48.0016 11468  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
11:06:48.0071 11468  RasMan - ok
11:06:48.0078 11468  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
11:06:48.0137 11468  RasPppoe - ok
11:06:48.0144 11468  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
11:06:48.0198 11468  RasSstp - ok
11:06:48.0208 11468  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
11:06:48.0255 11468  rdbss - ok
11:06:48.0273 11468  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
11:06:48.0302 11468  rdpbus - ok
11:06:48.0322 11468  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
11:06:48.0365 11468  RDPCDD - ok
11:06:48.0389 11468  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
11:06:48.0444 11468  RDPENCDD - ok
11:06:48.0463 11468  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
11:06:48.0506 11468  RDPREFMP - ok
11:06:48.0534 11468  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
11:06:48.0574 11468  RDPWD - ok
11:06:48.0629 11468  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
11:06:48.0667 11468  rdyboost - ok
11:06:48.0713 11468  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
11:06:48.0778 11468  RemoteAccess - ok
11:06:48.0796 11468  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
11:06:48.0845 11468  RemoteRegistry - ok
11:06:48.0892 11468  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
11:06:48.0938 11468  RFCOMM - ok
11:06:48.0960 11468  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
11:06:49.0022 11468  RpcEptMapper - ok
11:06:49.0048 11468  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
11:06:49.0088 11468  RpcLocator - ok
11:06:49.0113 11468  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
11:06:49.0163 11468  RpcSs - ok
11:06:49.0200 11468  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
11:06:49.0260 11468  rspndr - ok
11:06:49.0305 11468  [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR       C:\windows\system32\Drivers\RtsUStor.sys
11:06:49.0336 11468  RSUSBSTOR - ok
11:06:49.0375 11468  [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
11:06:49.0419 11468  RTL8167 - ok
11:06:49.0431 11468  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
11:06:49.0446 11468  SamSs - ok
11:06:49.0464 11468  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
11:06:49.0482 11468  sbp2port - ok
11:06:49.0503 11468  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
11:06:49.0555 11468  SCardSvr - ok
11:06:49.0577 11468  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
11:06:49.0637 11468  scfilter - ok
11:06:49.0678 11468  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
11:06:49.0750 11468  Schedule - ok
11:06:49.0769 11468  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
11:06:49.0812 11468  SCPolicySvc - ok
11:06:49.0840 11468  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\windows\system32\DRIVERS\sdbus.sys
11:06:49.0874 11468  sdbus - ok
11:06:49.0891 11468  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
11:06:49.0937 11468  SDRSVC - ok
11:06:49.0977 11468  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
11:06:50.0037 11468  secdrv - ok
11:06:50.0053 11468  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
11:06:50.0106 11468  seclogon - ok
11:06:50.0121 11468  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\System32\sens.dll
11:06:50.0180 11468  SENS - ok
11:06:50.0208 11468  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
11:06:50.0250 11468  SensrSvc - ok
11:06:50.0290 11468  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\drivers\serenum.sys
11:06:50.0327 11468  Serenum - ok
11:06:50.0335 11468  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\drivers\serial.sys
11:06:50.0399 11468  Serial - ok
11:06:50.0406 11468  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\drivers\sermouse.sys
11:06:50.0427 11468  sermouse - ok
11:06:50.0471 11468  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
11:06:50.0523 11468  SessionEnv - ok
11:06:50.0529 11468  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
11:06:50.0552 11468  sffdisk - ok
11:06:50.0558 11468  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
11:06:50.0584 11468  sffp_mmc - ok
11:06:50.0590 11468  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
11:06:50.0636 11468  sffp_sd - ok
11:06:50.0642 11468  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
11:06:50.0658 11468  sfloppy - ok
11:06:50.0741 11468  [ 74EC60E20516AAA573BE74F31175270F ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
11:06:50.0845 11468  SftService - ok
11:06:50.0873 11468  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
11:06:50.0943 11468  SharedAccess - ok
11:06:50.0983 11468  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
11:06:51.0037 11468  ShellHWDetection - ok
11:06:51.0063 11468  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
11:06:51.0079 11468  SiSRaid2 - ok
11:06:51.0099 11468  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
11:06:51.0117 11468  SiSRaid4 - ok
11:06:51.0180 11468  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
11:06:51.0212 11468  SkypeUpdate - ok
11:06:51.0240 11468  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
11:06:51.0306 11468  Smb - ok
11:06:51.0349 11468  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
11:06:51.0392 11468  SNMPTRAP - ok
11:06:51.0423 11468  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
11:06:51.0439 11468  spldr - ok
11:06:51.0478 11468  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
11:06:51.0527 11468  Spooler - ok
11:06:51.0629 11468  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
11:06:51.0853 11468  sppsvc - ok
11:06:51.0870 11468  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
11:06:51.0916 11468  sppuinotify - ok
11:06:51.0953 11468  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
11:06:51.0999 11468  srv - ok
11:06:52.0019 11468  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
11:06:52.0058 11468  srv2 - ok
11:06:52.0080 11468  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
11:06:52.0105 11468  srvnet - ok
11:06:52.0141 11468  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
11:06:52.0210 11468  SSDPSRV - ok
11:06:52.0219 11468  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
11:06:52.0265 11468  SstpSvc - ok
11:06:52.0336 11468  [ BD4C956A46A017B647D3A634230B39C4 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
11:06:52.0362 11468  STacSV - ok
11:06:52.0385 11468  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\drivers\stexstor.sys
11:06:52.0401 11468  stexstor - ok
11:06:52.0430 11468  [ 03D7E6AC7953F2BE24073327CBEDBB85 ] STHDA           C:\windows\system32\DRIVERS\stwrt64.sys
11:06:52.0467 11468  STHDA - ok
11:06:52.0513 11468  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
11:06:52.0569 11468  stisvc - ok
11:06:52.0613 11468  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
11:06:52.0638 11468  swenum - ok
11:06:52.0676 11468  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
11:06:52.0753 11468  swprv - ok
11:06:52.0809 11468  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
11:06:52.0910 11468  SysMain - ok
11:06:52.0924 11468  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
11:06:52.0949 11468  TabletInputService - ok
11:06:52.0969 11468  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
11:06:53.0031 11468  TapiSrv - ok
11:06:53.0052 11468  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
11:06:53.0107 11468  TBS - ok
11:06:53.0197 11468  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\windows\system32\drivers\tcpip.sys
11:06:53.0307 11468  Tcpip - ok
11:06:53.0370 11468  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
11:06:53.0420 11468  TCPIP6 - ok
11:06:53.0489 11468  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
11:06:53.0550 11468  tcpipreg - ok
11:06:53.0564 11468  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
11:06:53.0609 11468  TDPIPE - ok
11:06:53.0655 11468  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
11:06:53.0700 11468  TDTCP - ok
11:06:53.0718 11468  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
11:06:53.0762 11468  tdx - ok
11:06:53.0768 11468  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
11:06:53.0785 11468  TermDD - ok
11:06:53.0826 11468  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
11:06:53.0898 11468  TermService - ok
11:06:53.0923 11468  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
11:06:53.0946 11468  Themes - ok
11:06:53.0978 11468  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
11:06:54.0022 11468  THREADORDER - ok
11:06:54.0033 11468  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
11:06:54.0086 11468  TrkWks - ok
11:06:54.0137 11468  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
11:06:54.0223 11468  TrustedInstaller - ok
11:06:54.0242 11468  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
11:06:54.0297 11468  tssecsrv - ok
11:06:54.0307 11468  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
11:06:54.0333 11468  TsUsbFlt - ok
11:06:54.0366 11468  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
11:06:54.0394 11468  TsUsbGD - ok
11:06:54.0420 11468  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
11:06:54.0470 11468  tunnel - ok
11:06:54.0477 11468  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\drivers\uagp35.sys
11:06:54.0494 11468  uagp35 - ok
11:06:54.0503 11468  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
11:06:54.0569 11468  udfs - ok
11:06:54.0620 11468  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
11:06:54.0659 11468  UI0Detect - ok
11:06:54.0666 11468  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
11:06:54.0683 11468  uliagpkx - ok
11:06:54.0701 11468  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
11:06:54.0734 11468  umbus - ok
11:06:54.0740 11468  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\drivers\umpass.sys
11:06:54.0766 11468  UmPass - ok
11:06:54.0790 11468  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
11:06:54.0851 11468  upnphost - ok
11:06:54.0858 11468  [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
11:06:54.0893 11468  usbccgp - ok
11:06:54.0906 11468  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
11:06:54.0929 11468  usbcir - ok
11:06:54.0935 11468  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
11:06:54.0959 11468  usbehci - ok
11:06:55.0000 11468  [ 573D192E268F0C5B486B7E96F661E538 ] usbfilter       C:\windows\system32\DRIVERS\usbfilter.sys
11:06:55.0027 11468  usbfilter - ok
11:06:55.0062 11468  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
11:06:55.0096 11468  usbhub - ok
11:06:55.0102 11468  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\DRIVERS\usbohci.sys
11:06:55.0119 11468  usbohci - ok
11:06:55.0134 11468  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\drivers\usbprint.sys
11:06:55.0154 11468  usbprint - ok
11:06:55.0169 11468  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
11:06:55.0207 11468  USBSTOR - ok
11:06:55.0215 11468  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
11:06:55.0242 11468  usbuhci - ok
11:06:55.0274 11468  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
11:06:55.0296 11468  usbvideo - ok
11:06:55.0317 11468  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
11:06:55.0365 11468  UxSms - ok
11:06:55.0397 11468  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
11:06:55.0421 11468  VaultSvc - ok
11:06:55.0446 11468  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
11:06:55.0463 11468  vdrvroot - ok
11:06:55.0533 11468  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
11:06:55.0644 11468  vds - ok
11:06:55.0665 11468  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
11:06:55.0684 11468  vga - ok
11:06:55.0691 11468  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
11:06:55.0743 11468  VgaSave - ok
11:06:55.0751 11468  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
11:06:55.0772 11468  vhdmp - ok
11:06:55.0779 11468  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
11:06:55.0796 11468  viaide - ok
11:06:55.0803 11468  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
11:06:55.0820 11468  volmgr - ok
11:06:55.0830 11468  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
11:06:55.0853 11468  volmgrx - ok
11:06:55.0863 11468  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\windows\system32\drivers\volsnap.sys
11:06:55.0885 11468  volsnap - ok
11:06:55.0912 11468  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
11:06:55.0931 11468  vsmraid - ok
11:06:55.0981 11468  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
11:06:56.0089 11468  VSS - ok
11:06:56.0095 11468  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
11:06:56.0123 11468  vwifibus - ok
11:06:56.0135 11468  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
11:06:56.0172 11468  vwififlt - ok
11:06:56.0208 11468  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
11:06:56.0260 11468  W32Time - ok
11:06:56.0280 11468  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\drivers\wacompen.sys
11:06:56.0303 11468  WacomPen - ok
11:06:56.0329 11468  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
11:06:56.0386 11468  WANARP - ok
11:06:56.0402 11468  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
11:06:56.0445 11468  Wanarpv6 - ok
11:06:56.0517 11468  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
11:06:56.0597 11468  WatAdminSvc - ok
11:06:56.0658 11468  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
11:06:56.0780 11468  wbengine - ok
11:06:56.0811 11468  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
11:06:56.0838 11468  WbioSrvc - ok
11:06:56.0861 11468  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
11:06:56.0894 11468  wcncsvc - ok
11:06:56.0912 11468  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
11:06:56.0948 11468  WcsPlugInService - ok
11:06:56.0971 11468  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\drivers\wd.sys
11:06:57.0004 11468  Wd - ok
11:06:57.0028 11468  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
11:06:57.0059 11468  Wdf01000 - ok
11:06:57.0080 11468  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
11:06:57.0187 11468  WdiServiceHost - ok
11:06:57.0192 11468  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
11:06:57.0223 11468  WdiSystemHost - ok
11:06:57.0268 11468  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
11:06:57.0318 11468  WebClient - ok
11:06:57.0335 11468  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
11:06:57.0394 11468  Wecsvc - ok
11:06:57.0409 11468  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
11:06:57.0455 11468  wercplsupport - ok
11:06:57.0470 11468  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
11:06:57.0517 11468  WerSvc - ok
11:06:57.0548 11468  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
11:06:57.0593 11468  WfpLwf - ok
11:06:57.0639 11468  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\windows\system32\DRIVERS\wimfltr.sys
11:06:57.0668 11468  WimFltr - ok
11:06:57.0677 11468  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
11:06:57.0693 11468  WIMMount - ok
11:06:57.0718 11468  WinDefend - ok
11:06:57.0729 11468  WinHttpAutoProxySvc - ok
11:06:57.0783 11468  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
11:06:57.0853 11468  Winmgmt - ok
11:06:57.0931 11468  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
11:06:58.0067 11468  WinRM - ok
11:06:58.0121 11468  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
11:06:58.0142 11468  WinUsb - ok
11:06:58.0188 11468  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
11:06:58.0244 11468  Wlansvc - ok
11:06:58.0275 11468  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:06:58.0289 11468  wlcrasvc - ok
11:06:58.0389 11468  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:06:58.0489 11468  wlidsvc - ok
11:06:58.0554 11468  [ 6F253B09280462D1F7E794DCC02DB9A1 ] wltrysvc        C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
11:06:58.0579 11468  wltrysvc ( UnsignedFile.Multi.Generic ) - warning
11:06:58.0579 11468  wltrysvc - detected UnsignedFile.Multi.Generic (1)
11:06:58.0614 11468  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\DRIVERS\wmiacpi.sys
11:06:58.0654 11468  WmiAcpi - ok
11:06:58.0699 11468  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
11:06:58.0743 11468  wmiApSrv - ok
11:06:58.0775 11468  WMPNetworkSvc - ok
11:06:58.0808 11468  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
11:06:58.0843 11468  WPCSvc - ok
11:06:58.0865 11468  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
11:06:58.0886 11468  WPDBusEnum - ok
11:06:58.0906 11468  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
11:06:58.0950 11468  ws2ifsl - ok
11:06:58.0968 11468  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\System32\wscsvc.dll
11:06:58.0994 11468  wscsvc - ok
11:06:58.0999 11468  WSearch - ok
11:06:59.0098 11468  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
11:06:59.0210 11468  wuauserv - ok
11:06:59.0227 11468  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
11:06:59.0304 11468  WudfPf - ok
11:06:59.0328 11468  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
11:06:59.0384 11468  WUDFRd - ok
11:06:59.0411 11468  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
11:06:59.0456 11468  wudfsvc - ok
11:06:59.0470 11468  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\windows\System32\wwansvc.dll
11:06:59.0509 11468  WwanSvc - ok
11:06:59.0537 11468  ================ Scan global ===============================
11:06:59.0556 11468  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
11:06:59.0601 11468  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
11:06:59.0621 11468  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
11:06:59.0663 11468  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
11:06:59.0696 11468  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
11:06:59.0706 11468  [Global] - ok
11:06:59.0707 11468  ================ Scan MBR ==================================
11:06:59.0724 11468  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:07:00.0274 11468  \Device\Harddisk0\DR0 - ok
11:07:00.0279 11468  ================ Scan VBR ==================================
11:07:00.0283 11468  [ 17E6064B18AA88ED8319B3238FE06A25 ] \Device\Harddisk0\DR0\Partition1
11:07:00.0286 11468  \Device\Harddisk0\DR0\Partition1 - ok
11:07:00.0322 11468  [ 02D3C531AC736F85F2D45F0E1FD3F66F ] \Device\Harddisk0\DR0\Partition2
11:07:00.0325 11468  \Device\Harddisk0\DR0\Partition2 - ok
11:07:00.0325 11468  ============================================================
11:07:00.0325 11468  Scan finished
11:07:00.0325 11468  ============================================================
11:07:00.0346 11448  Detected object count: 1
11:07:00.0346 11448  Actual detected object count: 1
11:08:10.0940 11448  wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:08:10.0940 11448  wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
         


Alt 09.11.2012, 18:23   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer wurde gesperrt zahlen sie 100€ bei Ukash - Standard

Computer wurde gesperrt zahlen sie 100€ bei Ukash



Mach bitte einen CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:
ATTFilter
msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Computer wurde gesperrt zahlen sie 100€ bei Ukash

Antwort

Themen zu Computer wurde gesperrt zahlen sie 100€ bei Ukash
100€ bezahle, adobe flash player, autorun, avg, avg secure search, avg security toolbar, bho, cid, computer, defender, explorer, firefox, flash player, format, gesperrt, helper, home, install.exe, realtek, registry, rundll, scan, secure search, security, software, super, svchost.exe, sweetim, udp, usb 2.0, virus, visual studio, windows, wlan



Ähnliche Themen: Computer wurde gesperrt zahlen sie 100€ bei Ukash


  1. UKASH-Virus/ Ihr Computer wurde gesperrt!
    Plagegeister aller Art und deren Bekämpfung - 04.03.2013 (14)
  2. Ihr Computer wurde gesperrt. UKash
    Log-Analyse und Auswertung - 12.12.2012 (15)
  3. Trojaner: GVU - Ihr Computer wurde gesperrt / 100 € zahlen / Zugriff auf ebcam
    Plagegeister aller Art und deren Bekämpfung - 06.12.2012 (4)
  4. Ihr Computer wurde gesperrt - UKASH
    Log-Analyse und Auswertung - 17.11.2012 (1)
  5. Ihr Computer wurde gesperrt 100€ zu zahlen
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (2)
  6. Ihr Computer wurde gesperrt - Bundespolizei - UKASH
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (22)
  7. Ihr Computer wurde gesperrt! Ukash
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (6)
  8. Bundespolizei/Ukash/Ihr Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (2)
  9. Computer wurde gesperrt zahlen sie 100€ bei Ukash
    Plagegeister aller Art und deren Bekämpfung - 03.08.2012 (20)
  10. Ihr Computer wurde gesperrt + Polizei + Ukash
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  11. Bundespolizei - Ihr Computer wurde gesperrt, Ukash
    Log-Analyse und Auswertung - 06.07.2012 (32)
  12. Ihr computer wurde gesperrt - bundespolizei - ukash
    Plagegeister aller Art und deren Bekämpfung - 02.07.2012 (3)
  13. Windows Security Center - Achtung Ihr Computer wurde gesperrt - 100€ zahlen
    Log-Analyse und Auswertung - 16.04.2012 (5)
  14. Ukash-Trojaner, Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 02.04.2012 (28)
  15. Ihr Computer wurde gesperrt - Zahlen Sie EUR 100 über Ukash
    Plagegeister aller Art und deren Bekämpfung - 19.03.2012 (3)
  16. Windows Security Center (100 euro zahlen) Achtung Ihr Computer wurde gesperrt
    Log-Analyse und Auswertung - 14.03.2012 (1)
  17. Der PC wurde gesperrt, zahlen Sie 100 € per UKash
    Plagegeister aller Art und deren Bekämpfung - 05.02.2012 (1)

Zum Thema Computer wurde gesperrt zahlen sie 100€ bei Ukash - Hallo, habe mir den Virus eingefangen wo ich an einer Tankstelle 100€ bezahlen soll um dann die Codes eingeben zu können. Habe dies natürlich nicht gemacht. Habe die OTL.exe runtergeladen - Computer wurde gesperrt zahlen sie 100€ bei Ukash...
Archiv
Du betrachtest: Computer wurde gesperrt zahlen sie 100€ bei Ukash auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.