Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Polizeivirus Österreich

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.11.2012, 22:43   #1
Montezuma32
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich



Hallo liebes Forum-Team!


Ich habe mir leider den Polizei-Virus Österreich-Variante eingefangen. Habe leider kein Screen-Shot gemacht konnte aber eine Viren-Datei isolieren. War die Variante mit der Webcam und man soll 100 Euro bezahlen damit der Rechner wieder aufgemacht wird.

Verwende Windows 7 32-Bit Version, Virensoftware ist Bullguard. Habe ich gleich auch rüberfahren lassen, fand aber diese Datei nicht als Bedrohung. Nur einige Cookies. Heute hat er mir diese Datei angezeigt und in Quarantäne gestellt. Habe aber leider keine Ahnung was dieser Virus noch so alles geändert hat.

Also hier sind mal diese Log-Dateien:

OTL.Txt


Code:
ATTFilter
OTL logfile created on: 11/26/2012 9:26:48 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Monti23-7\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2.99 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 42.79% Memory free
5.98 Gb Paging File | 4.07 Gb Available in Paging File | 68.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1356.17 Gb Total Space | 1047.43 Gb Free Space | 77.23% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 21.08 Gb Free Space | 52.71% Space Free | Partition Type: NTFS
Drive E: | 5.41 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: MONTI23-7-PC | User Name: Monti23-7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/11/26 20:58:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Monti23-7\Desktop\OTL.exe
PRC - [2012/11/25 23:31:07 | 000,178,528 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
PRC - [2012/11/25 23:30:25 | 000,321,376 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
PRC - [2012/11/25 23:26:51 | 000,304,480 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
PRC - [2012/10/31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/10/14 03:31:00 | 000,417,792 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/10/14 03:30:34 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/08/04 16:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011/04/08 15:44:21 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/03/14 18:09:00 | 002,565,520 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/20 17:38:20 | 000,174,064 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/07 10:22:00 | 000,286,720 | ---- | M] (Babylon Ltd.) -- C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe
PRC - [2010/05/21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/04 04:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/11/02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/11/25 23:31:47 | 000,023,680 | ---- | M] () -- C:\Program Files\BullGuard Ltd\BullGuard\res\de\BackupShellNamespaceRes.dll
MOD - [2012/11/25 23:31:34 | 000,073,568 | ---- | M] () -- C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
MOD - [2012/11/25 23:30:13 | 000,450,400 | ---- | M] () -- C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll
MOD - [2012/11/18 11:28:21 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9f7b241c4cff24e6d0b554efb60aa8be\WindowsFormsIntegration.ni.dll
MOD - [2012/11/18 11:27:21 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll
MOD - [2012/11/18 11:26:05 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3a7eb7595728baf4078ec5f97b44180c\IAStorUtil.ni.dll
MOD - [2012/11/18 11:13:35 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll
MOD - [2012/11/18 11:13:25 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
MOD - [2012/11/18 11:13:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/18 11:13:19 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll
MOD - [2012/11/18 11:13:19 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4d7a457d9f9adcce4d201119b5179c29\System.Transactions.ni.dll
MOD - [2012/11/18 11:13:09 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
MOD - [2012/11/17 03:44:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/17 03:44:41 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/17 03:44:38 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012/11/17 03:44:25 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/17 03:44:17 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/17 03:44:13 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/17 03:44:12 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/17 03:43:53 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/11/02 22:12:13 | 000,189,952 | ---- | M] () -- C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromePI.dll
MOD - [2012/10/31 23:15:05 | 000,460,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
MOD - [2012/10/31 23:15:04 | 012,455,448 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
MOD - [2012/10/31 23:15:02 | 004,007,448 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
MOD - [2012/10/31 23:13:47 | 000,587,288 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\libglesv2.dll
MOD - [2012/10/31 23:13:46 | 000,123,928 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\libegl.dll
MOD - [2012/10/31 23:13:35 | 000,156,712 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\avutil-51.dll
MOD - [2012/10/31 23:13:34 | 000,274,984 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\avformat-54.dll
MOD - [2012/10/31 23:13:32 | 002,168,360 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll
MOD - [2012/02/17 19:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2011/10/13 15:01:00 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/06/17 10:51:53 | 000,296,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
MOD - [2010/11/13 01:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010/11/13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 02:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/05/12 14:13:05 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/11/02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/06/10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012/11/26 12:12:22 | 000,398,688 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy)
SRV - [2012/11/26 12:12:20 | 000,218,976 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain)
SRV - [2012/11/25 23:31:37 | 000,060,256 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll -- (BsBackup)
SRV - [2012/11/25 23:31:07 | 000,178,528 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner)
SRV - [2012/11/25 23:31:05 | 000,227,168 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV - [2012/11/25 23:30:25 | 000,321,376 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe -- (BsBhvScan)
SRV - [2012/11/25 23:26:51 | 000,304,480 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate)
SRV - [2012/11/01 20:31:20 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/10 00:16:29 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/10/14 03:30:34 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/12/01 18:38:57 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012/11/25 23:31:47 | 000,020,040 | ---- | M] (NovaShield, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NSNetmon.sys -- (NovaShieldTDIDriver)
DRV - [2012/11/25 23:31:16 | 000,216,136 | ---- | M] (NovaShield, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\NSKernel.sys -- (NovaShieldFilterDriver)
DRV - [2012/11/25 23:30:49 | 000,308,296 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Trufos.sys -- (Trufos)
DRV - [2011/10/18 00:40:44 | 000,085,520 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/10/14 04:36:14 | 008,852,992 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/10/14 02:52:32 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/04/11 14:32:31 | 000,061,152 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\System32\drivers\BdSpy.sys -- (BdSpy)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/05 03:13:10 | 000,602,728 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010/05/06 10:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/04/27 17:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/04/27 17:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=a06ed3ee000000000000485d6019665d&tlver=1.4.19.19&ss=1&affID=17395
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKCU\..\SearchScopes,DefaultScope = {4B90DA04-78FE-41DC-867E-8CD2C5E65D0D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=a06ed3ee000000000000485d6019665d&tlver=1.4.19.19&ss=1&affID=17395
IE - HKCU\..\SearchScopes\{4B90DA04-78FE-41DC-867E-8CD2C5E65D0D}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/08 15:44:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\Spamfilter\TbSpamfilter [2012/11/25 23:37:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin [2012/11/25 23:37:48 | 000,000,000 | ---D | M]
 
[2011/04/08 15:41:41 | 000,002,428 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Babylon Translator = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3\
CHR - Extension: Google Mail = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TaskTray]  File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Monti23-7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Monti23-7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra Button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{732048A9-7E8D-428F-9AF3-D5BE1F66BC7A}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A295CD5-A244-421C-A8EF-9E3A343737CB}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/11/26 20:58:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Monti23-7\Desktop\OTL.exe
[2012/11/25 23:32:19 | 000,308,296 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\Trufos.sys
[2012/11/25 23:31:54 | 000,100,216 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\BgGamingMonitor.dll
[2012/11/25 23:31:54 | 000,054,624 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll
[2012/11/25 23:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BullGuard Ltd
[2012/11/25 21:46:17 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012/11/08 00:10:54 | 000,000,000 | ---D | C] -- C:\Users\Monti23-7\Documents\My Games
 
========== Files - Modified Within 30 Days ==========
 
[2012/11/26 21:26:17 | 000,000,000 | ---- | M] () -- C:\Users\Monti23-7\defogger_reenable
[2012/11/26 21:20:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/26 21:19:54 | 000,302,592 | ---- | M] () -- C:\Users\Monti23-7\Desktop\fhguvvlq.exe
[2012/11/26 20:58:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Monti23-7\Desktop\OTL.exe
[2012/11/26 20:58:24 | 000,050,477 | ---- | M] () -- C:\Users\Monti23-7\Desktop\Defogger.exe
[2012/11/26 20:51:09 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/26 20:29:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/26 20:15:06 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/26 20:15:06 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/26 20:11:10 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/11/26 20:11:10 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/26 20:11:10 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/11/26 20:11:10 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/26 20:08:27 | 000,000,512 | ---- | M] () -- C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2012/11/26 20:06:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/26 20:06:22 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/25 23:31:47 | 000,020,040 | ---- | M] (NovaShield, Inc.) -- C:\Windows\System32\drivers\NSNetmon.sys
[2012/11/25 23:31:37 | 000,054,624 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll
[2012/11/25 23:31:33 | 000,100,216 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\BgGamingMonitor.dll
[2012/11/25 23:31:16 | 000,216,136 | ---- | M] (NovaShield, Inc.) -- C:\Windows\System32\drivers\NSKernel.sys
[2012/11/25 23:30:49 | 000,308,296 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\Trufos.sys
[2012/11/25 21:49:25 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012/11/25 21:46:19 | 000,000,792 | ---- | M] () -- C:\Users\Monti23-7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/11/17 03:43:09 | 000,405,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/07 21:19:33 | 000,000,216 | ---- | M] () -- C:\Users\Monti23-7\Desktop\XCOM Enemy Unknown.url
[2012/11/07 20:33:09 | 000,002,775 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2012/11/26 21:26:17 | 000,000,000 | ---- | C] () -- C:\Users\Monti23-7\defogger_reenable
[2012/11/26 21:19:52 | 000,302,592 | ---- | C] () -- C:\Users\Monti23-7\Desktop\fhguvvlq.exe
[2012/11/26 20:58:22 | 000,050,477 | ---- | C] () -- C:\Users\Monti23-7\Desktop\Defogger.exe
[2012/11/26 20:08:27 | 000,000,512 | ---- | C] () -- C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2012/11/25 21:46:19 | 000,000,792 | ---- | C] () -- C:\Users\Monti23-7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/11/25 21:46:18 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012/11/17 03:02:56 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/17 03:02:00 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/07 21:19:33 | 000,000,216 | ---- | C] () -- C:\Users\Monti23-7\Desktop\XCOM Enemy Unknown.url
[2012/06/04 21:35:09 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012/06/04 21:35:09 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012/06/04 21:35:08 | 000,239,869 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/06/04 21:35:08 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2012/05/30 17:54:32 | 000,272,629 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/02/01 18:33:38 | 000,491,520 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2011/10/13 14:53:18 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011/10/13 14:53:02 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll
[2011/07/25 23:22:30 | 000,000,900 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/07/21 14:45:34 | 000,000,000 | ---- | C] () -- C:\Users\Monti23-7\AppData\Local\{5A8C793E-48C2-4D39-A1FC-75CD8ABCBDE9}
[2011/06/17 10:57:17 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/06/17 10:57:16 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/06/17 10:57:16 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/06/17 10:57:16 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/06/17 10:57:16 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/06/17 10:57:16 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/06/17 10:57:16 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/06/17 10:57:16 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/06/17 10:57:16 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/06/17 10:57:16 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/06/17 10:57:16 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011/06/17 10:57:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/06/17 10:57:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/06/17 10:57:16 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/06/17 10:57:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/06/17 10:57:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/06/17 10:57:16 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011/06/17 10:57:16 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011/06/17 10:57:16 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/03/27 23:42:34 | 000,000,237 | ---- | C] () -- C:\Windows\RomeTW.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/02/27 20:01:12 | 000,000,000 | ---D | M] -- C:\Users\Monti23-7\AppData\Roaming\BullGuard
[2012/05/09 21:09:34 | 000,000,000 | ---D | M] -- C:\Users\Monti23-7\AppData\Roaming\Canon
[2011/07/25 22:17:49 | 000,000,000 | ---D | M] -- C:\Users\Monti23-7\AppData\Roaming\CD-LabelPrint
[2010/12/15 19:20:35 | 000,000,000 | ---D | M] -- C:\Users\Monti23-7\AppData\Roaming\OpenOffice.org
[2011/02/27 20:01:12 | 000,000,000 | ---D | M] -- C:\Users\Monti23-7\AppData\Roaming\Software Inspection Library
[2011/03/23 19:59:53 | 000,000,000 | ---D | M] -- C:\Users\Monti23-7\AppData\Roaming\The Creative Assembly
[2010/12/12 00:09:15 | 000,000,000 | ---D | M] -- C:\Users\Monti23-7\AppData\Roaming\TS3Client
 
========== Purity Check ==========
 
 

< End of report >
         
gmer.log

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-26 21:56:17
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD15 rev.51.0
Running: fhguvvlq.exe; Driver: C:\Users\MONTI2~1\AppData\Local\Temp\pwdiruoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                             82C3EA49 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                               82C784D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                             section is writeable [0x91826000, 0x3B80E5, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Real\RealPlayer\Update\realsched.exe[368] kernel32.dll!SetUnhandledExceptionFilter  7769F4FB 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtCreateFile + 6               77A355CE 4 Bytes  [28, 98, C3, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtCreateFile + B               77A355D3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtMapViewOfSection + 6         77A35C2E 4 Bytes  [28, 9B, C3, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtMapViewOfSection + B         77A35C33 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenFile + 6                 77A35CDE 4 Bytes  [68, 98, C3, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenFile + B                 77A35CE3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcess + 6              77A35D8E 4 Bytes  [A8, 99, C3, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcess + B              77A35D93 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcessToken + B         77A35DA3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcessTokenEx + 6       77A35DAE 4 Bytes  [A8, 9A, C3, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcessTokenEx + B       77A35DB3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThread + 6               77A35E0E 4 Bytes  [68, 99, C3, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThread + B               77A35E13 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThreadToken + 6          77A35E1E 4 Bytes  [68, 9A, C3, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThreadToken + B          77A35E23 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThreadTokenEx + B        77A35E33 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtQueryAttributesFile + 6      77A35F3E 4 Bytes  [A8, 98, C3, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtQueryAttributesFile + B      77A35F43 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtQueryFullAttributesFile + B  77A35FF3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtSetInformationFile + 6       77A3663E 4 Bytes  [28, 99, C3, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtSetInformationFile + B       77A36643 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtSetInformationThread + 6     77A3669E 4 Bytes  [28, 9A, C3, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtSetInformationThread + B     77A366A3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtUnmapViewOfSection + 6       77A369BE 4 Bytes  [68, 9B, C3, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtUnmapViewOfSection + B       77A369C3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtCreateFile + 6               77A355CE 4 Bytes  [28, 88, 12, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtCreateFile + B               77A355D3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtMapViewOfSection + 6         77A35C2E 4 Bytes  [28, 8B, 12, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtMapViewOfSection + B         77A35C33 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenFile + 6                 77A35CDE 4 Bytes  [68, 88, 12, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenFile + B                 77A35CE3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenProcess + 6              77A35D8E 4 Bytes  [A8, 89, 12, 00] {TEST AL, 0x89; ADC AL, [EAX]}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenProcess + B              77A35D93 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenProcessToken + B         77A35DA3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenProcessTokenEx + 6       77A35DAE 4 Bytes  [A8, 8A, 12, 00] {TEST AL, 0x8a; ADC AL, [EAX]}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenProcessTokenEx + B       77A35DB3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenThread + 6               77A35E0E 4 Bytes  [68, 89, 12, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenThread + B               77A35E13 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenThreadToken + 6          77A35E1E 4 Bytes  [68, 8A, 12, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenThreadToken + B          77A35E23 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenThreadTokenEx + B        77A35E33 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtQueryAttributesFile + 6      77A35F3E 4 Bytes  [A8, 88, 12, 00] {TEST AL, 0x88; ADC AL, [EAX]}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtQueryAttributesFile + B      77A35F43 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtQueryFullAttributesFile + B  77A35FF3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtSetInformationFile + 6       77A3663E 4 Bytes  [28, 89, 12, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtSetInformationFile + B       77A36643 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtSetInformationThread + 6     77A3669E 4 Bytes  [28, 8A, 12, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtSetInformationThread + B     77A366A3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtUnmapViewOfSection + 6       77A369BE 4 Bytes  [68, 8B, 12, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtUnmapViewOfSection + B       77A369C3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtCreateFile + 6               77A355CE 4 Bytes  [28, 5C, 8E, 00] {SUB [ESI+ECX*4+0x0], BL}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtCreateFile + B               77A355D3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtMapViewOfSection + 6         77A35C2E 4 Bytes  [28, 5F, 8E, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtMapViewOfSection + B         77A35C33 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenFile + 6                 77A35CDE 4 Bytes  [68, 5C, 8E, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenFile + B                 77A35CE3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenProcess + 6              77A35D8E 4 Bytes  [A8, 5D, 8E, 00] {TEST AL, 0x5d; MOV ES, [EAX]}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenProcess + B              77A35D93 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenProcessToken + B         77A35DA3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenProcessTokenEx + 6       77A35DAE 4 Bytes  [A8, 5E, 8E, 00] {TEST AL, 0x5e; MOV ES, [EAX]}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenProcessTokenEx + B       77A35DB3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenThread + 6               77A35E0E 4 Bytes  [68, 5D, 8E, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenThread + B               77A35E13 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenThreadToken + 6          77A35E1E 4 Bytes  [68, 5E, 8E, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenThreadToken + B          77A35E23 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenThreadTokenEx + B        77A35E33 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtQueryAttributesFile + 6      77A35F3E 4 Bytes  [A8, 5C, 8E, 00] {TEST AL, 0x5c; MOV ES, [EAX]}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtQueryAttributesFile + B      77A35F43 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtQueryFullAttributesFile + B  77A35FF3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtSetInformationFile + 6       77A3663E 4 Bytes  [28, 5D, 8E, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtSetInformationFile + B       77A36643 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtSetInformationThread + 6     77A3669E 4 Bytes  [28, 5E, 8E, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtSetInformationThread + B     77A366A3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtUnmapViewOfSection + 6       77A369BE 4 Bytes  [68, 5F, 8E, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtUnmapViewOfSection + B       77A369C3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtCreateFile + 6               77A355CE 4 Bytes  [28, E0, D3, 00] {SUB AL, AH; ROL DWORD [EAX], CL}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtCreateFile + B               77A355D3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtMapViewOfSection + 6         77A35C2E 4 Bytes  [28, E3, D3, 00] {SUB BL, AH; ROL DWORD [EAX], CL}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtMapViewOfSection + B         77A35C33 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenFile + 6                 77A35CDE 4 Bytes  [68, E0, D3, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenFile + B                 77A35CE3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcess + 6              77A35D8E 4 Bytes  [A8, E1, D3, 00] {TEST AL, 0xe1; ROL DWORD [EAX], CL}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcess + B              77A35D93 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcessToken + B         77A35DA3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcessTokenEx + 6       77A35DAE 4 Bytes  [A8, E2, D3, 00] {TEST AL, 0xe2; ROL DWORD [EAX], CL}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcessTokenEx + B       77A35DB3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThread + 6               77A35E0E 4 Bytes  [68, E1, D3, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThread + B               77A35E13 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThreadToken + 6          77A35E1E 4 Bytes  [68, E2, D3, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThreadToken + B          77A35E23 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThreadTokenEx + B        77A35E33 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtQueryAttributesFile + 6      77A35F3E 4 Bytes  [A8, E0, D3, 00] {TEST AL, 0xe0; ROL DWORD [EAX], CL}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtQueryAttributesFile + B      77A35F43 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtQueryFullAttributesFile + B  77A35FF3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationFile + 6       77A3663E 4 Bytes  [28, E1, D3, 00] {SUB CL, AH; ROL DWORD [EAX], CL}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationFile + B       77A36643 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationThread + 6     77A3669E 4 Bytes  [28, E2, D3, 00] {SUB DL, AH; ROL DWORD [EAX], CL}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationThread + B     77A366A3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtUnmapViewOfSection + 6       77A369BE 4 Bytes  [68, E3, D3, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtUnmapViewOfSection + B       77A369C3 1 Byte  [E2]

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000045                                                                    halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                              NSNetmon.sys (NovaShield Kernel Module  /NovaShield, Inc.)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                               fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                               fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                               fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                               fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                               fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                               fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                               fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Udp                                                                              NSNetmon.sys (NovaShield Kernel Module  /NovaShield, Inc.)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                            NSNetmon.sys (NovaShield Kernel Module  /NovaShield, Inc.)

---- EOF - GMER 1.0.15 ----
         
Eine Extra.txt hab ich nicht bekommen.

Alt 27.11.2012, 12:50   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________

__________________

Alt 28.11.2012, 21:38   #3
Montezuma32
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich



So, habe jetzt diese Scans durchgeführt. Lief alles ohne Komplikationen. Hier die Berichte

aswMBR:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-28 20:55:23
-----------------------------
20:55:23.415    OS Version: Windows 6.1.7601 Service Pack 1
20:55:23.415    Number of processors: 4 586 0x2505
20:55:23.417    ComputerName: MONTI23-7-PC  UserName: Monti23-7
20:55:52.677    Initialize success
21:00:46.944    AVAST engine defs: 12112800
21:01:08.974    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:01:08.979    Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
21:01:09.001    Disk 0 MBR read successfully
21:01:09.005    Disk 0 MBR scan
21:01:09.047    Disk 0 unknown MBR code
21:01:09.050    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
21:01:09.062    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS      1388713 MB offset 206848
21:01:09.095    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        40960 MB offset 2844291072
21:01:09.113    Disk 0 Partition 4 00     12  Compaq diag NTFS         1024 MB offset 2928177152
21:01:09.132    Disk 0 scanning sectors +2930275120
21:01:09.220    Disk 0 scanning C:\Windows\system32\drivers
21:01:21.636    Service scanning
21:01:40.904    Modules scanning
21:01:44.681    Disk 0 trace - called modules:
21:01:44.725    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
21:01:44.736    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e0d7c8]
21:01:44.747    3 CLASSPNP.SYS[8b5ad59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x862cd028]
21:01:47.889    AVAST engine scan C:\Windows
21:01:51.578    AVAST engine scan C:\Windows\system32
21:05:32.549    AVAST engine scan C:\Windows\system32\drivers
21:05:46.625    AVAST engine scan C:\Users\Monti23-7
21:15:08.690    AVAST engine scan C:\ProgramData
21:19:50.201    Scan finished successfully
21:29:08.729    Disk 0 MBR has been saved successfully to "C:\Users\Monti23-7\Desktop\MBR.dat"
21:29:08.762    The log file has been saved successfully to "C:\Users\Monti23-7\Desktop\aswMBR.txt"
         
TDSS-Killer:

Code:
ATTFilter
21:33:23.0959 6064  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:33:24.0183 6064  ============================================================
21:33:24.0183 6064  Current date / time: 2012/11/28 21:33:24.0183
21:33:24.0183 6064  SystemInfo:
21:33:24.0183 6064  
21:33:24.0183 6064  OS Version: 6.1.7601 ServicePack: 1.0
21:33:24.0183 6064  Product type: Workstation
21:33:24.0183 6064  ComputerName: MONTI23-7-PC
21:33:24.0183 6064  UserName: Monti23-7
21:33:24.0183 6064  Windows directory: C:\Windows
21:33:24.0183 6064  System windows directory: C:\Windows
21:33:24.0183 6064  Processor architecture: Intel x86
21:33:24.0183 6064  Number of processors: 4
21:33:24.0183 6064  Page size: 0x1000
21:33:24.0183 6064  Boot type: Normal boot
21:33:24.0183 6064  ============================================================
21:33:24.0569 6064  Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:33:24.0623 6064  ============================================================
21:33:24.0623 6064  \Device\Harddisk0\DR0:
21:33:24.0623 6064  MBR partitions:
21:33:24.0623 6064  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:33:24.0623 6064  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xA9854800
21:33:24.0623 6064  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xA9887000, BlocksNum 0x5000000
21:33:24.0623 6064  ============================================================
21:33:24.0698 6064  C: <-> \Device\Harddisk0\DR0\Partition2
21:33:24.0812 6064  D: <-> \Device\Harddisk0\DR0\Partition3
21:33:24.0812 6064  ============================================================
21:33:24.0812 6064  Initialize success
21:33:24.0812 6064  ============================================================
21:33:43.0939 5836  ============================================================
21:33:43.0939 5836  Scan started
21:33:43.0939 5836  Mode: Manual; SigCheck; TDLFS; 
21:33:43.0939 5836  ============================================================
21:33:44.0362 5836  ================ Scan system memory ========================
21:33:44.0362 5836  System memory - ok
21:33:44.0363 5836  ================ Scan services =============================
21:33:44.0483 5836  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:33:44.0583 5836  1394ohci - ok
21:33:44.0614 5836  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:33:44.0634 5836  ACPI - ok
21:33:44.0648 5836  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:33:44.0739 5836  AcpiPmi - ok
21:33:44.0812 5836  [ 0D4C486A24A711A45FD83ACDF4D18506 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:33:44.0837 5836  AdobeFlashPlayerUpdateSvc - ok
21:33:44.0877 5836  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
21:33:44.0897 5836  adp94xx - ok
21:33:44.0922 5836  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
21:33:44.0940 5836  adpahci - ok
21:33:44.0974 5836  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
21:33:44.0990 5836  adpu320 - ok
21:33:45.0017 5836  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:33:45.0052 5836  AeLookupSvc - ok
21:33:45.0096 5836  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
21:33:45.0156 5836  AFD - ok
21:33:45.0170 5836  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
21:33:45.0192 5836  agp440 - ok
21:33:45.0208 5836  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
21:33:45.0219 5836  aic78xx - ok
21:33:45.0230 5836  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
21:33:45.0305 5836  ALG - ok
21:33:45.0321 5836  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:33:45.0342 5836  aliide - ok
21:33:45.0364 5836  [ 2B207D12162F6A831564BE4F72307032 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:33:45.0415 5836  AMD External Events Utility - ok
21:33:45.0426 5836  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
21:33:45.0441 5836  amdagp - ok
21:33:45.0457 5836  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:33:45.0467 5836  amdide - ok
21:33:45.0481 5836  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:33:45.0539 5836  AmdK8 - ok
21:33:45.0725 5836  [ E652316A5C46E19766B4D6066A1D9F74 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:33:45.0972 5836  amdkmdag - ok
21:33:45.0990 5836  [ 1BE5B3052FFDE789B72C37FA3EC48CD5 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
21:33:46.0030 5836  amdkmdap - ok
21:33:46.0062 5836  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:33:46.0099 5836  AmdPPM - ok
21:33:46.0140 5836  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:33:46.0162 5836  amdsata - ok
21:33:46.0169 5836  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:33:46.0193 5836  amdsbs - ok
21:33:46.0219 5836  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:33:46.0238 5836  amdxata - ok
21:33:46.0252 5836  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
21:33:46.0398 5836  AppID - ok
21:33:46.0442 5836  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:33:46.0485 5836  AppIDSvc - ok
21:33:46.0543 5836  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
21:33:46.0586 5836  Appinfo - ok
21:33:46.0597 5836  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
21:33:46.0609 5836  arc - ok
21:33:46.0627 5836  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:33:46.0638 5836  arcsas - ok
21:33:46.0653 5836  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:33:46.0749 5836  AsyncMac - ok
21:33:46.0768 5836  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
21:33:46.0778 5836  atapi - ok
21:33:46.0806 5836  [ 7725AECCEDDF81BD8374C77157E450EA ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
21:33:46.0822 5836  AtiHDAudioService - ok
21:33:46.0863 5836  [ 8DF873D0587596C1D35A9CECECC61DA1 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
21:33:46.0875 5836  AtiHdmiService - ok
21:33:46.0900 5836  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:33:46.0936 5836  AudioEndpointBuilder - ok
21:33:46.0943 5836  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
21:33:46.0967 5836  Audiosrv - ok
21:33:47.0009 5836  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:33:47.0092 5836  AxInstSV - ok
21:33:47.0120 5836  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
21:33:47.0178 5836  b06bdrv - ok
21:33:47.0186 5836  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
21:33:47.0209 5836  b57nd60x - ok
21:33:47.0267 5836  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:33:47.0319 5836  BDESVC - ok
21:33:47.0344 5836  [ FE7D7035833981F5B4EE746805E9C30E ] BdSpy           C:\Windows\system32\DRIVERS\BdSpy.sys
21:33:47.0361 5836  BdSpy - ok
21:33:47.0367 5836  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:33:47.0414 5836  Beep - ok
21:33:47.0449 5836  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
21:33:47.0545 5836  BFE - ok
21:33:47.0574 5836  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
21:33:47.0615 5836  BITS - ok
21:33:47.0627 5836  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:33:47.0640 5836  blbdrive - ok
21:33:47.0665 5836  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:33:47.0716 5836  bowser - ok
21:33:47.0732 5836  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:33:47.0785 5836  BrFiltLo - ok
21:33:47.0809 5836  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:33:47.0839 5836  BrFiltUp - ok
21:33:47.0863 5836  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
21:33:47.0904 5836  Browser - ok
21:33:47.0919 5836  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:33:47.0973 5836  Brserid - ok
21:33:47.0988 5836  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:33:48.0023 5836  BrSerWdm - ok
21:33:48.0027 5836  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:33:48.0047 5836  BrUsbMdm - ok
21:33:48.0059 5836  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:33:48.0081 5836  BrUsbSer - ok
21:33:48.0191 5836  [ 0271B8667BCDE590A6F6205209359EEF ] BsBackup        C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll
21:33:48.0207 5836  BsBackup - ok
21:33:48.0250 5836  [ FB283DFF8DB224359AC43BE70BB8902B ] BsBhvScan       C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
21:33:48.0271 5836  BsBhvScan - ok
21:33:48.0332 5836  [ A1FB74B2CBBF373AFCFB647894341F73 ] BsFileScan      C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll
21:33:48.0357 5836  BsFileScan - ok
21:33:48.0419 5836  [ 0E643E31DA025BDB793515312E8A4B60 ] BsMailProxy     C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll
21:33:48.0450 5836  BsMailProxy - ok
21:33:48.0484 5836  [ C32DD6470CF0C877DBC424C4A0D355A3 ] BsMain          C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll
21:33:48.0538 5836  BsMain - ok
21:33:48.0549 5836  [ 69D38B2E736F8E8BC97D4638B682DEEF ] BsScanner       C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
21:33:48.0571 5836  BsScanner - ok
21:33:48.0609 5836  [ 0AEC20CDC63860592ACAFA886B01599A ] BsUpdate        C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
21:33:48.0633 5836  BsUpdate - ok
21:33:48.0654 5836  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:33:48.0687 5836  BTHMODEM - ok
21:33:48.0718 5836  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
21:33:48.0773 5836  bthserv - ok
21:33:48.0798 5836  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:33:48.0839 5836  cdfs - ok
21:33:48.0879 5836  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
21:33:48.0902 5836  cdrom - ok
21:33:48.0935 5836  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:33:48.0963 5836  CertPropSvc - ok
21:33:48.0992 5836  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:33:49.0028 5836  circlass - ok
21:33:49.0048 5836  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
21:33:49.0063 5836  CLFS - ok
21:33:49.0134 5836  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:33:49.0155 5836  clr_optimization_v2.0.50727_32 - ok
21:33:49.0203 5836  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:33:49.0239 5836  clr_optimization_v4.0.30319_32 - ok
21:33:49.0245 5836  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:33:49.0275 5836  CmBatt - ok
21:33:49.0297 5836  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:33:49.0310 5836  cmdide - ok
21:33:49.0338 5836  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
21:33:49.0370 5836  CNG - ok
21:33:49.0395 5836  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:33:49.0406 5836  Compbatt - ok
21:33:49.0551 5836  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:33:49.0579 5836  CompositeBus - ok
21:33:49.0583 5836  COMSysApp - ok
21:33:49.0602 5836  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
21:33:49.0617 5836  crcdisk - ok
21:33:49.0655 5836  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:33:49.0685 5836  CryptSvc - ok
21:33:49.0724 5836  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:33:49.0783 5836  DcomLaunch - ok
21:33:49.0804 5836  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
21:33:49.0853 5836  defragsvc - ok
21:33:49.0863 5836  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:33:49.0920 5836  DfsC - ok
21:33:49.0940 5836  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:33:49.0974 5836  Dhcp - ok
21:33:49.0991 5836  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
21:33:50.0038 5836  discache - ok
21:33:50.0054 5836  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
21:33:50.0068 5836  Disk - ok
21:33:50.0098 5836  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:33:50.0147 5836  Dnscache - ok
21:33:50.0169 5836  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:33:50.0212 5836  dot3svc - ok
21:33:50.0231 5836  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
21:33:50.0280 5836  DPS - ok
21:33:50.0309 5836  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:33:50.0334 5836  drmkaud - ok
21:33:50.0365 5836  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:33:50.0393 5836  DXGKrnl - ok
21:33:50.0410 5836  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
21:33:50.0451 5836  EapHost - ok
21:33:50.0515 5836  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
21:33:50.0611 5836  ebdrv - ok
21:33:50.0633 5836  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
21:33:50.0657 5836  EFS - ok
21:33:50.0698 5836  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:33:50.0752 5836  ehRecvr - ok
21:33:50.0776 5836  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
21:33:50.0812 5836  ehSched - ok
21:33:50.0847 5836  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
21:33:50.0874 5836  elxstor - ok
21:33:50.0887 5836  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:33:50.0902 5836  ErrDev - ok
21:33:50.0937 5836  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
21:33:50.0980 5836  EventSystem - ok
21:33:50.0997 5836  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
21:33:51.0024 5836  exfat - ok
21:33:51.0034 5836  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:33:51.0075 5836  fastfat - ok
21:33:51.0116 5836  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
21:33:51.0174 5836  Fax - ok
21:33:51.0211 5836  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:33:51.0233 5836  fdc - ok
21:33:51.0239 5836  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
21:33:51.0328 5836  fdPHost - ok
21:33:51.0331 5836  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
21:33:51.0358 5836  FDResPub - ok
21:33:51.0391 5836  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:33:51.0402 5836  FileInfo - ok
21:33:51.0413 5836  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:33:51.0452 5836  Filetrace - ok
21:33:51.0483 5836  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:33:51.0521 5836  flpydisk - ok
21:33:51.0539 5836  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:33:51.0558 5836  FltMgr - ok
21:33:51.0602 5836  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
21:33:51.0677 5836  FontCache - ok
21:33:51.0717 5836  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:33:51.0734 5836  FontCache3.0.0.0 - ok
21:33:51.0752 5836  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:33:51.0766 5836  FsDepends - ok
21:33:51.0784 5836  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:33:51.0797 5836  Fs_Rec - ok
21:33:51.0816 5836  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:33:51.0835 5836  fvevol - ok
21:33:51.0850 5836  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
21:33:51.0865 5836  gagp30kx - ok
21:33:51.0887 5836  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:33:51.0925 5836  gpsvc - ok
21:33:51.0963 5836  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
21:33:51.0972 5836  gupdate - ok
21:33:51.0986 5836  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
21:33:51.0994 5836  gupdatem - ok
21:33:51.0997 5836  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:33:52.0037 5836  hcw85cir - ok
21:33:52.0067 5836  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:33:52.0096 5836  HdAudAddService - ok
21:33:52.0127 5836  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:33:52.0165 5836  HDAudBus - ok
21:33:52.0184 5836  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
21:33:52.0218 5836  HidBatt - ok
21:33:52.0248 5836  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:33:52.0279 5836  HidBth - ok
21:33:52.0297 5836  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
21:33:52.0319 5836  HidIr - ok
21:33:52.0336 5836  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
21:33:52.0384 5836  hidserv - ok
21:33:52.0398 5836  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:33:52.0412 5836  HidUsb - ok
21:33:52.0430 5836  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:33:52.0461 5836  hkmsvc - ok
21:33:52.0480 5836  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:33:52.0513 5836  HomeGroupListener - ok
21:33:52.0535 5836  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:33:52.0576 5836  HomeGroupProvider - ok
21:33:52.0589 5836  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:33:52.0604 5836  HpSAMD - ok
21:33:52.0623 5836  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:33:52.0651 5836  HTTP - ok
21:33:52.0669 5836  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:33:52.0681 5836  hwpolicy - ok
21:33:52.0718 5836  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:33:52.0746 5836  i8042prt - ok
21:33:52.0770 5836  [ 26541A068572F650A2FA490726FE81BE ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
21:33:52.0786 5836  iaStor - ok
21:33:52.0849 5836  [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:33:52.0865 5836  IAStorDataMgrSvc - ok
21:33:52.0887 5836  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:33:52.0909 5836  iaStorV - ok
21:33:52.0955 5836  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:33:52.0990 5836  idsvc - ok
21:33:53.0004 5836  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
21:33:53.0015 5836  iirsp - ok
21:33:53.0039 5836  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
21:33:53.0076 5836  IKEEXT - ok
21:33:53.0178 5836  [ B35F19AFF279E08B567B281FB2E94291 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:33:53.0296 5836  IntcAzAudAddService - ok
21:33:53.0299 5836  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:33:53.0309 5836  intelide - ok
21:33:53.0336 5836  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:33:53.0372 5836  intelppm - ok
21:33:53.0385 5836  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:33:53.0431 5836  IPBusEnum - ok
21:33:53.0450 5836  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:33:53.0483 5836  IpFilterDriver - ok
21:33:53.0546 5836  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:33:53.0594 5836  iphlpsvc - ok
21:33:53.0605 5836  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:33:53.0620 5836  IPMIDRV - ok
21:33:53.0632 5836  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:33:53.0675 5836  IPNAT - ok
21:33:53.0697 5836  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:33:53.0737 5836  IRENUM - ok
21:33:53.0757 5836  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:33:53.0770 5836  isapnp - ok
21:33:53.0784 5836  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:33:53.0801 5836  iScsiPrt - ok
21:33:53.0826 5836  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
21:33:53.0838 5836  kbdclass - ok
21:33:53.0866 5836  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
21:33:53.0894 5836  kbdhid - ok
21:33:53.0909 5836  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
21:33:53.0923 5836  KeyIso - ok
21:33:53.0949 5836  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:33:53.0964 5836  KSecDD - ok
21:33:53.0980 5836  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:33:53.0996 5836  KSecPkg - ok
21:33:54.0014 5836  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:33:54.0069 5836  KtmRm - ok
21:33:54.0088 5836  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:33:54.0115 5836  LanmanServer - ok
21:33:54.0133 5836  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:33:54.0170 5836  LanmanWorkstation - ok
21:33:54.0209 5836  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:33:54.0267 5836  lltdio - ok
21:33:54.0287 5836  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:33:54.0316 5836  lltdsvc - ok
21:33:54.0328 5836  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:33:54.0384 5836  lmhosts - ok
21:33:54.0412 5836  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
21:33:54.0424 5836  LSI_FC - ok
21:33:54.0445 5836  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
21:33:54.0457 5836  LSI_SAS - ok
21:33:54.0475 5836  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:33:54.0487 5836  LSI_SAS2 - ok
21:33:54.0507 5836  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:33:54.0520 5836  LSI_SCSI - ok
21:33:54.0535 5836  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
21:33:54.0563 5836  luafv - ok
21:33:54.0601 5836  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:33:54.0614 5836  Mcx2Svc - ok
21:33:54.0629 5836  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
21:33:54.0641 5836  megasas - ok
21:33:54.0660 5836  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
21:33:54.0675 5836  MegaSR - ok
21:33:54.0687 5836  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
21:33:54.0715 5836  MMCSS - ok
21:33:54.0750 5836  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
21:33:54.0803 5836  Modem - ok
21:33:54.0842 5836  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:33:54.0857 5836  monitor - ok
21:33:54.0878 5836  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
21:33:54.0889 5836  mouclass - ok
21:33:54.0910 5836  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:33:54.0937 5836  mouhid - ok
21:33:54.0956 5836  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:33:54.0971 5836  mountmgr - ok
21:33:54.0983 5836  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:33:54.0998 5836  mpio - ok
21:33:55.0009 5836  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:33:55.0044 5836  mpsdrv - ok
21:33:55.0052 5836  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:33:55.0096 5836  MpsSvc - ok
21:33:55.0105 5836  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:33:55.0133 5836  MRxDAV - ok
21:33:55.0157 5836  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:33:55.0207 5836  mrxsmb - ok
21:33:55.0238 5836  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:33:55.0261 5836  mrxsmb10 - ok
21:33:55.0284 5836  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:33:55.0313 5836  mrxsmb20 - ok
21:33:55.0336 5836  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
21:33:55.0353 5836  msahci - ok
21:33:55.0373 5836  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:33:55.0392 5836  msdsm - ok
21:33:55.0405 5836  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
21:33:55.0428 5836  MSDTC - ok
21:33:55.0441 5836  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:33:55.0482 5836  Msfs - ok
21:33:55.0497 5836  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:33:55.0531 5836  mshidkmdf - ok
21:33:55.0541 5836  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:33:55.0551 5836  msisadrv - ok
21:33:55.0582 5836  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:33:55.0615 5836  MSiSCSI - ok
21:33:55.0617 5836  msiserver - ok
21:33:55.0638 5836  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:33:55.0681 5836  MSKSSRV - ok
21:33:55.0706 5836  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:33:55.0748 5836  MSPCLOCK - ok
21:33:55.0757 5836  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:33:55.0781 5836  MSPQM - ok
21:33:55.0790 5836  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:33:55.0802 5836  MsRPC - ok
21:33:55.0806 5836  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:33:55.0816 5836  mssmbios - ok
21:33:55.0819 5836  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:33:55.0842 5836  MSTEE - ok
21:33:55.0863 5836  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
21:33:55.0881 5836  MTConfig - ok
21:33:55.0900 5836  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:33:55.0911 5836  Mup - ok
21:33:55.0927 5836  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
21:33:55.0966 5836  napagent - ok
21:33:56.0003 5836  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:33:56.0036 5836  NativeWifiP - ok
21:33:56.0083 5836  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:33:56.0112 5836  NDIS - ok
21:33:56.0122 5836  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:33:56.0147 5836  NdisCap - ok
21:33:56.0157 5836  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:33:56.0193 5836  NdisTapi - ok
21:33:56.0223 5836  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:33:56.0247 5836  Ndisuio - ok
21:33:56.0263 5836  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:33:56.0289 5836  NdisWan - ok
21:33:56.0313 5836  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:33:56.0347 5836  NDProxy - ok
21:33:56.0350 5836  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:33:56.0424 5836  NetBIOS - ok
21:33:56.0429 5836  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:33:56.0470 5836  NetBT - ok
21:33:56.0477 5836  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
21:33:56.0488 5836  Netlogon - ok
21:33:56.0524 5836  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
21:33:56.0555 5836  Netman - ok
21:33:56.0576 5836  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
21:33:56.0613 5836  netprofm - ok
21:33:56.0629 5836  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:33:56.0640 5836  NetTcpPortSharing - ok
21:33:56.0673 5836  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
21:33:56.0685 5836  nfrd960 - ok
21:33:56.0714 5836  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:33:56.0745 5836  NlaSvc - ok
21:33:56.0798 5836  [ 180CFA1E54449869D9DCF2C29F8FEE85 ] NovaShieldFilterDriver C:\Windows\system32\DRIVERS\NSKernel.sys
21:33:56.0822 5836  NovaShieldFilterDriver - ok
21:33:56.0841 5836  [ 987F64C7989324B2353B4EB1D20D2DFD ] NovaShieldTDIDriver C:\Windows\system32\DRIVERS\NSNetmon.sys
21:33:56.0852 5836  NovaShieldTDIDriver - ok
21:33:56.0860 5836  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:33:56.0894 5836  Npfs - ok
21:33:56.0902 5836  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
21:33:56.0927 5836  nsi - ok
21:33:56.0930 5836  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:33:56.0952 5836  nsiproxy - ok
21:33:56.0997 5836  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:33:57.0058 5836  Ntfs - ok
21:33:57.0076 5836  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
21:33:57.0118 5836  Null - ok
21:33:57.0136 5836  [ 03AD379554B50FA1802BE4EC2E291E92 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
21:33:57.0147 5836  nusb3hub - ok
21:33:57.0179 5836  [ 06FE87C9D181AF5F04D192E604E10E6C ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:33:57.0192 5836  nusb3xhc - ok
21:33:57.0220 5836  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:33:57.0235 5836  nvraid - ok
21:33:57.0256 5836  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:33:57.0272 5836  nvstor - ok
21:33:57.0276 5836  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:33:57.0291 5836  nv_agp - ok
21:33:57.0306 5836  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:33:57.0334 5836  ohci1394 - ok
21:33:57.0347 5836  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:33:57.0380 5836  p2pimsvc - ok
21:33:57.0394 5836  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:33:57.0414 5836  p2psvc - ok
21:33:57.0430 5836  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:33:57.0447 5836  Parport - ok
21:33:57.0455 5836  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:33:57.0469 5836  partmgr - ok
21:33:57.0475 5836  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
21:33:57.0487 5836  Parvdm - ok
21:33:57.0506 5836  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:33:57.0524 5836  PcaSvc - ok
21:33:57.0531 5836  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
21:33:57.0545 5836  pci - ok
21:33:57.0553 5836  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
21:33:57.0573 5836  pciide - ok
21:33:57.0620 5836  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:33:57.0648 5836  pcmcia - ok
21:33:57.0660 5836  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
21:33:57.0673 5836  pcw - ok
21:33:57.0687 5836  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:33:57.0721 5836  PEAUTH - ok
21:33:57.0767 5836  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
21:33:57.0844 5836  pla - ok
21:33:57.0876 5836  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:33:57.0916 5836  PlugPlay - ok
21:33:57.0928 5836  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:33:57.0950 5836  PNRPAutoReg - ok
21:33:57.0956 5836  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:33:57.0973 5836  PNRPsvc - ok
21:33:57.0992 5836  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:33:58.0035 5836  PolicyAgent - ok
21:33:58.0040 5836  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
21:33:58.0071 5836  Power - ok
21:33:58.0091 5836  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:33:58.0118 5836  PptpMiniport - ok
21:33:58.0132 5836  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
21:33:58.0154 5836  Processor - ok
21:33:58.0187 5836  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
21:33:58.0234 5836  ProfSvc - ok
21:33:58.0253 5836  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:33:58.0268 5836  ProtectedStorage - ok
21:33:58.0292 5836  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:33:58.0338 5836  Psched - ok
21:33:58.0390 5836  [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2       c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
21:33:58.0412 5836  PSI_SVC_2 - ok
21:33:58.0458 5836  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
21:33:58.0474 5836  PxHelp20 - ok
21:33:58.0511 5836  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
21:33:58.0554 5836  ql2300 - ok
21:33:58.0587 5836  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
21:33:58.0599 5836  ql40xx - ok
21:33:58.0611 5836  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
21:33:58.0638 5836  QWAVE - ok
21:33:58.0652 5836  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:33:58.0685 5836  QWAVEdrv - ok
21:33:58.0715 5836  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:33:58.0745 5836  RasAcd - ok
21:33:58.0770 5836  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:33:58.0794 5836  RasAgileVpn - ok
21:33:58.0803 5836  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
21:33:58.0831 5836  RasAuto - ok
21:33:58.0846 5836  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:33:58.0885 5836  Rasl2tp - ok
21:33:58.0899 5836  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
21:33:58.0943 5836  RasMan - ok
21:33:58.0960 5836  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:33:58.0992 5836  RasPppoe - ok
21:33:59.0007 5836  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:33:59.0061 5836  RasSstp - ok
21:33:59.0082 5836  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:33:59.0107 5836  rdbss - ok
21:33:59.0114 5836  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:33:59.0133 5836  rdpbus - ok
21:33:59.0157 5836  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:33:59.0180 5836  RDPCDD - ok
21:33:59.0188 5836  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:33:59.0228 5836  RDPENCDD - ok
21:33:59.0232 5836  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:33:59.0269 5836  RDPREFMP - ok
21:33:59.0292 5836  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:33:59.0314 5836  RDPWD - ok
21:33:59.0350 5836  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:33:59.0364 5836  rdyboost - ok
21:33:59.0390 5836  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:33:59.0420 5836  RemoteAccess - ok
21:33:59.0427 5836  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:33:59.0469 5836  RemoteRegistry - ok
21:33:59.0500 5836  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:33:59.0525 5836  RpcEptMapper - ok
21:33:59.0547 5836  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
21:33:59.0560 5836  RpcLocator - ok
21:33:59.0576 5836  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
21:33:59.0602 5836  RpcSs - ok
21:33:59.0611 5836  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:33:59.0635 5836  rspndr - ok
21:33:59.0669 5836  [ 0516998076AD894AE7E362C3110AA071 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
21:33:59.0683 5836  RTL8167 - ok
21:33:59.0712 5836  [ 32E7500CF3CF957ECDA297E594221B9A ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
21:33:59.0758 5836  RTL8192su - ok
21:33:59.0762 5836  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
21:33:59.0777 5836  SamSs - ok
21:33:59.0820 5836  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:33:59.0843 5836  sbp2port - ok
21:33:59.0856 5836  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:33:59.0898 5836  SCardSvr - ok
21:33:59.0917 5836  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:33:59.0941 5836  scfilter - ok
21:33:59.0965 5836  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
21:34:00.0014 5836  Schedule - ok
21:34:00.0023 5836  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:34:00.0046 5836  SCPolicySvc - ok
21:34:00.0065 5836  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:34:00.0098 5836  SDRSVC - ok
21:34:00.0145 5836  [ 4A5809A1D796E2675AC0332BF7B0CB11 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
21:34:00.0172 5836  SeaPort - ok
21:34:00.0201 5836  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:34:00.0229 5836  secdrv - ok
21:34:00.0232 5836  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
21:34:00.0256 5836  seclogon - ok
21:34:00.0266 5836  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
21:34:00.0323 5836  SENS - ok
21:34:00.0340 5836  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:34:00.0383 5836  SensrSvc - ok
21:34:00.0401 5836  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:34:00.0440 5836  Serenum - ok
21:34:00.0452 5836  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:34:00.0475 5836  Serial - ok
21:34:00.0493 5836  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
21:34:00.0513 5836  sermouse - ok
21:34:00.0549 5836  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:34:00.0577 5836  SessionEnv - ok
21:34:00.0586 5836  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:34:00.0633 5836  sffdisk - ok
21:34:00.0644 5836  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:34:00.0670 5836  sffp_mmc - ok
21:34:00.0689 5836  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:34:00.0720 5836  sffp_sd - ok
21:34:00.0737 5836  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:34:00.0762 5836  sfloppy - ok
21:34:00.0798 5836  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:34:00.0845 5836  SharedAccess - ok
21:34:00.0877 5836  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:34:00.0906 5836  ShellHWDetection - ok
21:34:00.0912 5836  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
21:34:00.0924 5836  sisagp - ok
21:34:00.0946 5836  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:34:00.0958 5836  SiSRaid2 - ok
21:34:00.0970 5836  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
21:34:00.0983 5836  SiSRaid4 - ok
21:34:01.0036 5836  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
21:34:01.0058 5836  SkypeUpdate - ok
21:34:01.0075 5836  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:34:01.0110 5836  Smb - ok
21:34:01.0124 5836  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:34:01.0145 5836  SNMPTRAP - ok
21:34:01.0158 5836  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:34:01.0169 5836  spldr - ok
21:34:01.0194 5836  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
21:34:01.0229 5836  Spooler - ok
21:34:01.0309 5836  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
21:34:01.0462 5836  sppsvc - ok
21:34:01.0490 5836  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:34:01.0516 5836  sppuinotify - ok
21:34:01.0534 5836  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:34:01.0573 5836  srv - ok
21:34:01.0599 5836  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:34:01.0629 5836  srv2 - ok
21:34:01.0653 5836  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:34:01.0688 5836  srvnet - ok
21:34:01.0706 5836  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:34:01.0744 5836  SSDPSRV - ok
21:34:01.0753 5836  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:34:01.0790 5836  SstpSvc - ok
21:34:01.0808 5836  Steam Client Service - ok
21:34:01.0826 5836  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
21:34:01.0837 5836  stexstor - ok
21:34:01.0860 5836  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
21:34:01.0899 5836  StiSvc - ok
21:34:01.0926 5836  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:34:01.0939 5836  swenum - ok
21:34:01.0960 5836  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
21:34:02.0005 5836  swprv - ok
21:34:02.0037 5836  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
21:34:02.0085 5836  SysMain - ok
21:34:02.0102 5836  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:34:02.0143 5836  TabletInputService - ok
21:34:02.0164 5836  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:34:02.0208 5836  TapiSrv - ok
21:34:02.0223 5836  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
21:34:02.0270 5836  TBS - ok
21:34:02.0313 5836  [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:34:02.0351 5836  Tcpip - ok
21:34:02.0374 5836  [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:34:02.0399 5836  TCPIP6 - ok
21:34:02.0421 5836  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:34:02.0433 5836  tcpipreg - ok
21:34:02.0462 5836  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:34:02.0501 5836  TDPIPE - ok
21:34:02.0510 5836  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:34:02.0531 5836  TDTCP - ok
21:34:02.0553 5836  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:34:02.0597 5836  tdx - ok
21:34:02.0610 5836  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:34:02.0621 5836  TermDD - ok
21:34:02.0656 5836  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
21:34:02.0690 5836  TermService - ok
21:34:02.0696 5836  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
21:34:02.0710 5836  Themes - ok
21:34:02.0719 5836  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
21:34:02.0742 5836  THREADORDER - ok
21:34:02.0762 5836  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
21:34:02.0786 5836  TrkWks - ok
21:34:02.0832 5836  [ B1F9B01F90F08ED91AF5A7D3ED66148C ] Trufos          C:\Windows\system32\DRIVERS\Trufos.sys
21:34:02.0845 5836  Trufos - ok
21:34:02.0892 5836  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:34:02.0946 5836  TrustedInstaller - ok
21:34:02.0968 5836  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:34:02.0991 5836  tssecsrv - ok
21:34:03.0047 5836  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:34:03.0084 5836  TsUsbFlt - ok
21:34:03.0110 5836  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:34:03.0173 5836  tunnel - ok
21:34:03.0185 5836  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
21:34:03.0200 5836  uagp35 - ok
21:34:03.0217 5836  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:34:03.0259 5836  udfs - ok
21:34:03.0279 5836  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:34:03.0294 5836  UI0Detect - ok
21:34:03.0321 5836  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:34:03.0334 5836  uliagpkx - ok
21:34:03.0355 5836  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
21:34:03.0370 5836  umbus - ok
21:34:03.0397 5836  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
21:34:03.0430 5836  UmPass - ok
21:34:03.0448 5836  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
21:34:03.0488 5836  upnphost - ok
21:34:03.0519 5836  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:34:03.0553 5836  usbccgp - ok
21:34:03.0587 5836  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:34:03.0629 5836  usbcir - ok
21:34:03.0641 5836  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
21:34:03.0657 5836  usbehci - ok
21:34:03.0682 5836  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:34:03.0718 5836  usbhub - ok
21:34:03.0745 5836  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:34:03.0759 5836  usbohci - ok
21:34:03.0765 5836  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:34:03.0778 5836  usbprint - ok
21:34:03.0800 5836  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:34:03.0815 5836  usbscan - ok
21:34:03.0823 5836  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:34:03.0850 5836  USBSTOR - ok
21:34:03.0875 5836  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:34:03.0899 5836  usbuhci - ok
21:34:03.0916 5836  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
21:34:03.0960 5836  UxSms - ok
21:34:03.0977 5836  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
21:34:03.0991 5836  VaultSvc - ok
21:34:04.0009 5836  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:34:04.0023 5836  vdrvroot - ok
21:34:04.0056 5836  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
21:34:04.0101 5836  vds - ok
21:34:04.0116 5836  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:34:04.0130 5836  vga - ok
21:34:04.0140 5836  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:34:04.0163 5836  VgaSave - ok
21:34:04.0176 5836  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:34:04.0189 5836  vhdmp - ok
21:34:04.0211 5836  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
21:34:04.0223 5836  viaagp - ok
21:34:04.0230 5836  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
21:34:04.0251 5836  ViaC7 - ok
21:34:04.0268 5836  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
21:34:04.0279 5836  viaide - ok
21:34:04.0287 5836  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:34:04.0299 5836  volmgr - ok
21:34:04.0317 5836  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:34:04.0332 5836  volmgrx - ok
21:34:04.0341 5836  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:34:04.0356 5836  volsnap - ok
21:34:04.0368 5836  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
21:34:04.0381 5836  vsmraid - ok
21:34:04.0407 5836  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
21:34:04.0452 5836  VSS - ok
21:34:04.0464 5836  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:34:04.0477 5836  vwifibus - ok
21:34:04.0493 5836  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:34:04.0507 5836  vwififlt - ok
21:34:04.0524 5836  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
21:34:04.0538 5836  vwifimp - ok
21:34:04.0556 5836  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
21:34:04.0599 5836  W32Time - ok
21:34:04.0612 5836  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
21:34:04.0624 5836  WacomPen - ok
21:34:04.0649 5836  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:34:04.0675 5836  WANARP - ok
21:34:04.0677 5836  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:34:04.0699 5836  Wanarpv6 - ok
21:34:04.0752 5836  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
21:34:04.0788 5836  WatAdminSvc - ok
21:34:04.0815 5836  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
21:34:04.0870 5836  wbengine - ok
21:34:04.0882 5836  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:34:04.0915 5836  WbioSrvc - ok
21:34:04.0944 5836  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:34:04.0983 5836  wcncsvc - ok
21:34:04.0997 5836  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:34:05.0046 5836  WcsPlugInService - ok
21:34:05.0050 5836  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
21:34:05.0063 5836  Wd - ok
21:34:05.0090 5836  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:34:05.0117 5836  Wdf01000 - ok
21:34:05.0133 5836  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:34:05.0196 5836  WdiServiceHost - ok
21:34:05.0202 5836  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:34:05.0222 5836  WdiSystemHost - ok
21:34:05.0232 5836  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
21:34:05.0264 5836  WebClient - ok
21:34:05.0283 5836  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:34:05.0312 5836  Wecsvc - ok
21:34:05.0324 5836  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:34:05.0356 5836  wercplsupport - ok
21:34:05.0390 5836  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:34:05.0438 5836  WerSvc - ok
21:34:05.0469 5836  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:34:05.0514 5836  WfpLwf - ok
21:34:05.0526 5836  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:34:05.0536 5836  WIMMount - ok
21:34:05.0596 5836  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
21:34:05.0650 5836  WinDefend - ok
21:34:05.0654 5836  WinHttpAutoProxySvc - ok
21:34:05.0706 5836  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:34:05.0774 5836  Winmgmt - ok
21:34:05.0807 5836  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
21:34:05.0866 5836  WinRM - ok
21:34:05.0910 5836  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:34:05.0968 5836  Wlansvc - ok
21:34:05.0997 5836  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:34:06.0030 5836  WmiAcpi - ok
21:34:06.0046 5836  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:34:06.0070 5836  wmiApSrv - ok
21:34:06.0127 5836  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
21:34:06.0204 5836  WMPNetworkSvc - ok
21:34:06.0222 5836  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:34:06.0262 5836  WPCSvc - ok
21:34:06.0294 5836  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:34:06.0336 5836  WPDBusEnum - ok
21:34:06.0345 5836  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:34:06.0373 5836  ws2ifsl - ok
21:34:06.0384 5836  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
21:34:06.0410 5836  wscsvc - ok
21:34:06.0412 5836  WSearch - ok
21:34:06.0482 5836  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
21:34:06.0578 5836  wuauserv - ok
21:34:06.0627 5836  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:34:06.0681 5836  WudfPf - ok
21:34:06.0702 5836  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:34:06.0727 5836  WUDFRd - ok
21:34:06.0757 5836  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:34:06.0783 5836  wudfsvc - ok
21:34:06.0798 5836  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:34:06.0834 5836  WwanSvc - ok
21:34:06.0852 5836  ================ Scan global ===============================
21:34:06.0876 5836  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:34:06.0902 5836  [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
21:34:06.0911 5836  [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
21:34:06.0933 5836  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:34:06.0957 5836  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:34:06.0963 5836  [Global] - ok
21:34:06.0963 5836  ================ Scan MBR ==================================
21:34:06.0977 5836  [ 5D949EEA3BEEC2DF38A2D7900AD89A60 ] \Device\Harddisk0\DR0
21:34:08.0818 5836  \Device\Harddisk0\DR0 - ok
21:34:08.0819 5836  ================ Scan VBR ==================================
21:34:08.0822 5836  [ 4BA4FAB1AB1BB0938C5CE8CA9A40EC46 ] \Device\Harddisk0\DR0\Partition1
21:34:08.0824 5836  \Device\Harddisk0\DR0\Partition1 - ok
21:34:08.0851 5836  [ 6906C902F0E51AF117D14BDF3646A777 ] \Device\Harddisk0\DR0\Partition2
21:34:08.0853 5836  \Device\Harddisk0\DR0\Partition2 - ok
21:34:08.0885 5836  [ 4A6508FACEA94B9FCABE01BDC850863E ] \Device\Harddisk0\DR0\Partition3
21:34:08.0887 5836  \Device\Harddisk0\DR0\Partition3 - ok
21:34:08.0887 5836  ============================================================
21:34:08.0887 5836  Scan finished
21:34:08.0887 5836  ============================================================
21:34:08.0900 4612  Detected object count: 0
21:34:08.0900 4612  Actual detected object count: 0
         
__________________

Alt 29.11.2012, 11:02   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich



Bitte ein Log mit CF machen

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.11.2012, 16:53   #5
Montezuma32
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich



So, hier ist das Logfile:


Code:
ATTFilter
ComboFix 12-11-30.02 - Monti23-7 30.11.2012  16:24:54.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.3063.1800 [GMT 1:00]
ausgeführt von:: c:\users\Monti23-7\Desktop\ComboFix.exe
AV: BullGuard Antivirus *Disabled/Updated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}
SP: BullGuard Antispyware *Disabled/Updated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Internet Explorer
c:\internet explorer\Custom\eBay.ico
c:\programdata\dsgsdgdsgdsgw.pad
c:\programdata\lsass.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-28 bis 2012-11-30  ))))))))))))))))))))))))))))))
.
.
2012-11-30 15:34 . 2012-11-30 15:35	--------	d-----w-	c:\users\Monti23-7\AppData\Local\temp
2012-11-30 15:34 . 2012-11-30 15:34	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-30 15:19 . 2012-11-30 15:19	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC7AB152-13CB-494E-90D7-BE3E66EC4423}\offreg.dll
2012-11-30 14:12 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC7AB152-13CB-494E-90D7-BE3E66EC4423}\mpengine.dll
2012-11-25 22:32 . 2012-11-25 22:30	308296	----a-w-	c:\windows\system32\drivers\Trufos.sys
2012-11-25 22:31 . 2012-11-25 22:31	54624	----a-w-	c:\windows\system32\BGLsp.dll
2012-11-25 22:31 . 2012-11-25 22:31	100216	----a-w-	c:\windows\system32\BgGamingMonitor.dll
2012-11-25 22:26 . 2012-11-25 22:26	--------	d-----w-	c:\program files\Common Files\BullGuard Ltd
2012-11-17 02:02 . 2012-07-26 03:39	526952	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-11-17 02:02 . 2012-07-26 03:39	47720	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-11-17 02:02 . 2012-07-26 02:46	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-11-17 02:02 . 2012-07-26 03:21	196608	----a-w-	c:\windows\system32\WUDFHost.exe
2012-11-17 02:02 . 2012-07-26 03:20	73216	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-11-17 02:02 . 2012-07-26 03:20	613888	----a-w-	c:\windows\system32\WUDFx.dll
2012-11-17 02:02 . 2012-07-26 03:20	38912	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-11-17 02:02 . 2012-07-26 03:20	172032	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-11-17 02:02 . 2012-07-26 02:33	66560	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-11-17 02:02 . 2012-07-26 02:32	155136	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 23:07 . 2012-09-25 22:47	78336	----a-w-	c:\windows\system32\synceng.dll
2012-11-16 23:07 . 2012-10-03 16:58	1293680	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-11-16 23:07 . 2012-10-03 16:42	242176	----a-w-	c:\windows\system32\nlasvc.dll
2012-11-16 23:07 . 2012-10-03 16:42	175104	----a-w-	c:\windows\system32\netcorehc.dll
2012-11-16 23:07 . 2012-10-03 16:42	156672	----a-w-	c:\windows\system32\ncsi.dll
2012-11-16 23:07 . 2012-10-03 16:40	499712	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-11-16 23:07 . 2012-10-03 16:42	52224	----a-w-	c:\windows\system32\nlaapi.dll
2012-11-16 23:07 . 2012-10-03 16:42	18944	----a-w-	c:\windows\system32\netevent.dll
2012-11-16 23:07 . 2012-10-03 15:21	35328	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-11-16 23:06 . 2012-10-18 17:59	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-11-16 23:06 . 2012-10-09 17:40	44032	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-11-16 23:06 . 2012-10-09 17:40	193536	----a-w-	c:\windows\system32\dhcpcore6.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-25 22:31 . 2011-05-04 17:57	20040	----a-w-	c:\windows\system32\drivers\NSNetmon.sys
2012-11-25 22:31 . 2011-05-04 17:57	216136	----a-w-	c:\windows\system32\drivers\NSKernel.sys
2012-10-16 07:39 . 2012-11-28 19:11	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-09-14 18:28 . 2012-10-10 18:35	2048	----a-w-	c:\windows\system32\tzres.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Steam"="c:\program files\Steam\Steam.exe" [2012-08-04 1353080]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\BullGuard.exe" [2012-11-26 1714528]
"BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" [2010-11-07 286720]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-04-08 273544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2565520]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-03-27 10967656]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-13 343168]
.
c:\users\Monti23-7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ctfmon.lnk - c:\programdata\lsass.exe [N/A]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-6-17 174064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@="Service"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys [x]
S1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\DRIVERS\NSKernel.sys [x]
S1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\DRIVERS\NSNetmon.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BsBackup;BullGuard backup service;c:\windows\System32\SvcHost.exe [x]
S2 BsBhvScan;BullGuard behavioural detection service;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [x]
S2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe [x]
S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe [x]
S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe [x]
S2 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [x]
S2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard_Main	REG_MULTI_SZ   	BsMain
BullGuard	REG_MULTI_SZ   	BsFileScan
BullGuard_LowPriv	REG_MULTI_SZ   	BsBrowser
BullGuard_Backup	REG_MULTI_SZ   	BsBackup
BullGuard_Proxy	REG_MULTI_SZ   	BsMailProxy
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 23:16]
.
2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 18:23]
.
2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 18:23]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aldi.com
mStart Page = about:blank
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4
LSP: c:\windows\system32\BGLsp.dll
TCP: DhcpNameServer = 10.0.0.138
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-TaskTray - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-30  16:36:13
ComboFix-quarantined-files.txt  2012-11-30 15:36
.
Vor Suchlauf: 13 Verzeichnis(se), 1.125.879.410.688 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 1.126.646.124.544 Bytes frei
.
- - End Of File - - 366F5E0B269DA44B2DBD937D8BC0B5CE
         


Alt 30.11.2012, 21:20   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
--> Polizeivirus Österreich

Alt 02.12.2012, 23:58   #7
Montezuma32
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich



Hier ist das Logfile:


Code:
ATTFilter
# AdwCleaner v2.011 - Datei am 02/12/2012 um 23:57:59 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Monti23-7 - MONTI23-7-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Monti23-7\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Ordner Gefunden : C:\Program Files\BabylonToolbar
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Ordner Gefunden : C:\Users\Monti23-7\AppData\LocalLow\BabylonToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\BabylonToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\BabylonToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gefunden : HKU\S-1-5-21-4177358873-602087415-1262994133-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BabylonToolbar]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v23.0.1271.95

Datei : C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [6065 octets] - [02/12/2012 23:57:59]

########## EOF - C:\AdwCleaner[R1].txt - [6125 octets] ##########
         

Alt 03.12.2012, 13:30   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich



Versuch bitte alle im adwCleaner-Log erwähnten Einträge (wie zB BabylonToolbar) über die Systemsteuerung zu deinstallieren, danach ein neues Suchlog mit dem adwCleaner machen.
Reste und was sich nicht deinstallieren lassen will machen wir mit dem adwCleaner weg.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.12.2012, 21:10   #9
Montezuma32
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich



Habe jetzt das Toolbar deinstalliert. Im neuen Suchlog zeigt er mir das dennoch weiterhin an. Welche Programme sind es denn noch? Auch jene bei den Schlüsseln?

Bekam außerdem eine C++-Fehlermeldung beim Neustart des Systems betreffend dieses Toolbars.

Geändert von Montezuma32 (05.12.2012 um 21:39 Uhr)

Alt 05.12.2012, 21:42   #10
Montezuma32
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich



So schaut diese Fehlermeldung aus.


-fehler.jpg


Kommt bei jedem Neustart seit ich das deinstalliert habe.

Alt 06.12.2012, 12:21   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich



Diese Fehlermeldung interessiert jetzt erstmal nicht, ich will ein neues adwCleaner Log
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.12.2012, 23:31   #12
Montezuma32
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich



Hier ist das Log:


Code:
ATTFilter
# AdwCleaner v2.011 - Datei am 06/12/2012 um 23:27:02 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Monti23-7 - MONTI23-7-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Monti23-7\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Ordner Gefunden : C:\Program Files\BabylonToolbar
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Monti23-7\AppData\LocalLow\BabylonToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gefunden : HKU\S-1-5-21-4177358873-602087415-1262994133-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BabylonToolbar]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v23.0.1271.95

Datei : C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [6194 octets] - [02/12/2012 23:57:59]
AdwCleaner[R2].txt - [2913 octets] - [05/12/2012 21:07:57]
AdwCleaner[R3].txt - [3099 octets] - [05/12/2012 21:16:52]
AdwCleaner[R4].txt - [2902 octets] - [06/12/2012 23:27:03]

########## EOF - C:\AdwCleaner[R4].txt - [2962 octets] ##########
         

Alt 07.12.2012, 10:24   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.12.2012, 19:25   #14
Montezuma32
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich



Hier die Logs:

adwcleaner:

Code:
ATTFilter
# AdwCleaner v2.011 - Datei am 09/12/2012 um 19:00:50 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Monti23-7 - MONTI23-7-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Monti23-7\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Ordner Gelöscht : C:\Program Files\BabylonToolbar
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Monti23-7\AppData\LocalLow\BabylonToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BabylonToolbar]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v23.0.1271.95

Datei : C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [6194 octets] - [02/12/2012 23:57:59]
AdwCleaner[R2].txt - [2913 octets] - [05/12/2012 21:07:57]
AdwCleaner[R3].txt - [3099 octets] - [05/12/2012 21:16:52]
AdwCleaner[R4].txt - [3031 octets] - [06/12/2012 23:27:03]
AdwCleaner[S1].txt - [2803 octets] - [09/12/2012 19:00:50]

########## EOF - C:\AdwCleaner[S1].txt - [2863 octets] ##########
         

Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 12/9/2012 7:12:09 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Monti23-7\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2.99 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 56.98% Memory free
5.98 Gb Paging File | 4.38 Gb Available in Paging File | 73.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1356.17 Gb Total Space | 1049.38 Gb Free Space | 77.38% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 21.08 Gb Free Space | 52.71% Space Free | Partition Type: NTFS
Drive E: | 5.41 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: MONTI23-7-PC | User Name: Monti23-7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{095B75BE-6ACE-4E6C-9948-E9CF7C0C9847}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{0E5CB5E2-E0A5-4C71-B0F6-3459A8C4498A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1E4CD0BC-C40D-478B-B09C-90DDAF1BD517}" = lport=445 | protocol=6 | dir=in | app=system | 
"{25C2FAB8-1284-4ED8-A06E-260DFAA11061}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2BBFA712-376C-4E2A-B9E3-1400885F4290}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2E34804B-47BD-41AE-B2EC-8DAF769C4B2F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{39DB30C6-E0D1-474C-9F15-2F94F2AFCBEA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4A50A0CB-6264-469B-BEB9-1DD93544D812}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4E322661-92FC-4F95-8CF2-C221E91944FB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{529F0FAC-3F59-4568-BB9B-CB32398DE15A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{546A38A2-6D45-41BE-AEC1-D15253706773}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{63B09FFF-8B14-444B-8F5C-074CA5A0D47F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8138EA98-9D0D-4253-B11E-610842B9ACD8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8258FA72-FCC5-4E29-A8BA-DAF0A551EBF1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{844BE915-2940-4548-85EC-14B2642344BC}" = lport=137 | protocol=17 | dir=in | app=system | 
"{97B46D87-24CB-4E5E-A548-58DEBC180C17}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{9AE8598D-B772-4CE3-9424-2198523F4897}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B1FDE213-EF97-4C8F-A187-B12C8D25A9AD}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{BC272107-47DE-4D54-AAC5-362F2FFB91DC}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D3364243-F036-46A2-8F96-3E27F09542F9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E044B1C3-B4BE-462C-904A-F16F219B5630}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E4CC73DB-C257-4D64-B7F0-AB25145E2ACB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{EFDF64DB-86E3-467A-B710-A03D5779E1BB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EFF94207-C59E-4944-9E84-ABE3B5E91567}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F1EB9843-B242-45BE-B6AC-E693ABF5751E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01DD296E-AF5B-49D5-BF5D-07CF3818F6DB}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{0B0B996A-04FB-4A2F-A9AD-893F29088ACD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{19B4BEF0-32DE-44D2-85E3-366A229436C7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{216DE15A-C473-4713-94A2-6C17078087ED}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{33AC9147-07CE-4B30-B17E-D4B202CC4A49}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{340D6DD8-A09F-4FC0-92AC-B55AC7058EC3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{37A82748-6D74-4BFB-86D8-E7EBF722FCA6}" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | 
"{3D1602B3-BF6E-4EF1-9ECE-31A7930520E3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3FB37BE3-A1B5-438A-9DC5-AF75212DD67F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{42C4FA76-A2D7-4969-822D-2A0604F07BA8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{42D7DADB-1AB6-4387-91CB-1763905E65E2}" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | 
"{48F69DD0-3220-4BB9-9510-251DBCCE5865}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{4F22CAF4-B931-4BA5-A47F-99DB3B8FE2CD}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{521C6AE6-B190-44F5-B966-A34361B5F722}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{5A13C1BA-16F7-4D59-BA24-5567A43DC153}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5AD9923C-5C7D-473A-9071-292E0F17AE38}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6185BE2A-C525-4C27-9E65-AF4BEE79823F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\napoleon total war\napoleon.exe | 
"{63F0BEEE-56C2-4426-A312-FCE73083ECC7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{6746855D-04DD-420A-8FEE-D99D41E700B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{71FA2C60-79C5-4BB1-A3FA-5B7789505872}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe | 
"{75636887-8AB0-446A-A112-F735D6434ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7842F221-79E7-41C5-81B7-A54CE885CBE8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{7A8DADB4-E296-4826-AEA9-E2174CFB1F6C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{8619045B-77A7-4BF1-AE70-FA914080A1D4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{88CAC040-C3C4-4CEF-BC7A-03F5D89DC088}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8F6FE7C2-BF70-4448-9084-A79F7A7BA60F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\napoleon total war\napoleon.exe | 
"{911E8B36-2F73-426B-89BF-CFDB86FE8875}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{9147EA70-957B-4700-8B4D-E47465115878}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{91FD2B5A-43FF-4080-95E0-4699453BF495}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{9B6EEB89-44CA-4DC0-9C85-3D9B3D69B6B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AA1A017F-0042-4C91-AF01-0C92F0AF544C}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"{AD9C948E-BBA2-498F-89C8-9BBFE65E179F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{AE68CF6F-E74E-470C-8055-3F0EF8F6A389}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B6FB6951-D6F0-4C85-81CA-9B3743B22D9B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{BA830FE3-1CB5-49AB-9FC3-6FE5F6D61A3E}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{C4D8B5AF-3408-44AB-97D2-FFA1C1C4A00A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe | 
"{E21052AD-0178-4FB9-923C-03221392EB6F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 
"{E99CF9A6-AEB6-4C27-AD55-0BDD4BC292B2}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"{EB783370-8426-4A46-8E05-778366B0C274}" = protocol=6 | dir=out | app=system | 
"{EEDCF77E-60FA-41D3-BC2E-0AFBC06C2C76}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F3432B0B-F71A-49DD-80DB-02DECA762B72}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F7050563-5F40-43D8-8FB0-61BAEC582FBE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 
"{FB402150-EF8A-443F-8801-B5006EA55BA7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FDC88E28-9BA6-4573-947F-7CA23BCCC670}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"TCP Query User{09BFF196-4E2D-4927-805F-5B545CD592B6}C:\program files\real\realplayer\recordingmanager.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\recordingmanager.exe | 
"TCP Query User{10CA4D13-D8C5-4995-AEBF-625BA5000F3C}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{26667692-933D-4AAC-9B5E-CE211BCE5AD1}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{2876C127-EB13-448A-B1B9-84567023697C}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe | 
"TCP Query User{32699936-6D66-4CB2-8CAF-1CF533612F85}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 
"TCP Query User{397F491A-EBC6-49B9-A740-D454880A7F2E}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe | 
"TCP Query User{3992AF7D-60AE-4286-9795-81F4FDAFB0BE}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"TCP Query User{437D6135-47F3-4E3E-8B0F-9E4D84E1D41C}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 
"TCP Query User{5C0E79FC-2FFF-4039-BBCC-E3EC0482A051}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{5DC26BC4-FC4C-403E-8364-A3135AB47658}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe | 
"TCP Query User{5E80089E-68B8-4BA6-8CB4-6B8F649430CB}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | 
"TCP Query User{7D943853-BE9A-46C9-A875-1E1771E47A40}C:\users\monti23-7\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\monti23-7\appdata\local\temp\gw2.exe | 
"TCP Query User{831E7277-7A25-46F8-AE98-C00842FE2EC2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{92D4D211-B3F2-43D0-BEB1-11C411EE63B8}C:\program files\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files\guild wars 2\gw2.exe | 
"TCP Query User{9B6D7C2A-6575-4E0F-8A27-245427EECD1E}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe | 
"TCP Query User{AEC557F3-CE1B-4853-AF14-C07967705536}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | 
"TCP Query User{B6DE7E7B-7720-4D88-BF93-3B8AFD140583}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"TCP Query User{CE51D67F-B543-40F2-82A2-B03100E780B2}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | 
"UDP Query User{0315E635-316A-4005-A67E-1F1674010262}C:\users\monti23-7\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\monti23-7\appdata\local\temp\gw2.exe | 
"UDP Query User{04372BAC-0A64-4FAD-A865-2D0FE993AF32}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe | 
"UDP Query User{09DF77D4-A45F-4333-9797-34C5CAC2C0F4}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 
"UDP Query User{10B3AD52-09D6-4E2E-B8EE-819D0716BA0C}C:\program files\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files\guild wars 2\gw2.exe | 
"UDP Query User{1BEBAF54-4906-4113-90B2-23245E735FE2}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{3886DD9E-D40E-46BD-B949-B598A3EB5AA3}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe | 
"UDP Query User{80348BC3-43B9-4C27-99A4-72F2925E3E3E}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"UDP Query User{80C27B4C-C1F4-4FA6-8F62-7DAD985AC28C}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe | 
"UDP Query User{A707CFA5-721E-48A3-8432-33CB4AEC12A7}C:\program files\real\realplayer\recordingmanager.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\recordingmanager.exe | 
"UDP Query User{AC3FC5D3-D8D6-4274-8AED-226391D0A4D5}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe | 
"UDP Query User{D8C60831-D333-42D2-9F19-3AE07EC7E376}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 
"UDP Query User{E4AAB933-BA4D-43B2-BE56-7AE7945C75E3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{E91FB76E-EA95-46D3-B8AF-25B17D4277F1}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | 
"UDP Query User{ED3339D7-F15E-4BB8-AD63-7CB83B5E5DCC}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"UDP Query User{ED6EA2BD-6C61-405F-9B9F-E4F0D08F1307}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{FD358B09-9CC1-4B46-A040-C412311DBEE3}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | 
"UDP Query User{FEA5E445-1C93-4677-A088-093E259ED3BF}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{FF7684B2-19DA-485D-A0D1-41C9B8D5A625}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{000A90E0-6736-6DCE-141F-01CCE8F54F8B}" = CCC Help Spanish
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{032BDCB5-9B4C-E2CB-43C9-C77C0B7A81CC}" = ccc-utility
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{050E08AE-5A97-99BC-7929-EBF7B0839BFE}" = CCC Help English
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBA1F27-DED3-EDF3-6326-834902369DA3}" = CCC Help Japanese
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{44E6F2E0-E52F-A6C4-E314-5978AB46DC81}" = CCC Help Norwegian
"{45D77EDE-0D5B-30EA-E2D7-85DD18E2088A}" = Catalyst Control Center InstallProxy
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{474218AC-4EE2-E8C5-DA15-AB74EA54B926}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EE6ADEE-5770-5D5D-C8D4-83DE1BF7A75D}" = AMD Catalyst Install Manager
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{6597BADF-5C25-00F9-5ED6-809218CCF3A2}" = CCC Help Finnish
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CB2BF2B-EE3E-0E1C-A357-1C628D7E947D}" = CCC Help Dutch
"{6FA6B993-5E5A-49DF-8AA3-A2BD0649F9A7}" = MovieJack 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{7E653036-DE31-4BFD-96BB-421CC72E06FC}" = PHOTOfunSTUDIO 6.1 HD Lite Edition
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{87622654-DDEB-5AA1-581A-48447C740C35}" = CCC Help Swedish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91A0DC22-AAEC-6615-5F6C-2AB3879142C8}" = Catalyst Control Center Localization All
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5D65411-8E73-4C85-AD80-9FE8B7391CF9}" = Rome Total War - patch 1.3
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC589470-884E-4E15-96D8-437780F8185D}" = Super LoiLoScope WebShortcut
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.4 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B5E0CAE3-385B-AA57-9FA5-E4394D22272D}" = AMD Drag and Drop Transcoding
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCD98EDB-A8F7-298C-A934-03AE1C764A40}" = AMD Media Foundation Decoders
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2E41E17-AE7E-7128-1035-D8AF4211A980}" = CCC Help German
"{D4DB5A3E-6474-1EEA-CE26-5384D9261490}" = CCC Help Danish
"{DE801D58-6BD6-4C8A-EFEF-FCAFA69865D6}" = CCC Help Italian
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F3229854-F6D4-55AB-C920-20B5A771DDB8}" = Catalyst Control Center
"{FEF62B76-68B6-1585-A0C5-36665529C2AA}" = AMD AVIVO Codecs
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BullGuard" = BullGuard
"Canon MG5300 series Benutzerregistrierung" = Canon MG5300 series Benutzerregistrierung
"Canon MG5300 series On-screen Manual" = Canon MG5300 series On-screen Manual
"Canon MP630 series Benutzerregistrierung" = Canon MP630 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Diablo III" = Diablo III
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Google Chrome" = Google Chrome
"Guild Wars 2" = Guild Wars 2
"Hardware Helper_is1" = Hardware Helper
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"RealPlayer 12.0" = RealPlayer
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"Steam App 10500" = Empire: Total War
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 34030" = Napoleon: Total War
"Steam App 34330" = Total War: SHOGUN 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 1.1.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
"World of Warcraft" = World of Warcraft
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4177358873-602087415-1262994133-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/30/2012 7:36:08 PM | Computer Name = Monti23-7-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 11/30/2012 7:37:14 PM | Computer Name = Monti23-7-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Canon\mp
 navigator ex 5.0\mpnmlif64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/2/2012 6:51:51 PM | Computer Name = Monti23-7-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 12/4/2012 3:27:34 PM | Computer Name = Monti23-7-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 12/4/2012 3:28:45 PM | Computer Name = Monti23-7-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Canon\mp
 navigator ex 5.0\mpnmlif64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/5/2012 5:22:52 PM | Computer Name = Monti23-7-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 12/5/2012 5:24:01 PM | Computer Name = Monti23-7-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Canon\mp
 navigator ex 5.0\mpnmlif64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/9/2012 1:39:16 PM | Computer Name = Monti23-7-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 12/9/2012 1:40:23 PM | Computer Name = Monti23-7-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Canon\mp
 navigator ex 5.0\mpnmlif64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/9/2012 2:03:49 PM | Computer Name = Monti23-7-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Steam.exe, Version: 1.0.1595.686,
 Zeitstempel: 0x50b7ef0d  Name des fehlerhaften Moduls: tier0_s.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x50bbc0d4  Ausnahmecode: 0xc0000005  Fehleroffset: 0x026e8240
ID
 des fehlerhaften Prozesses: 0xbb8  Startzeit der fehlerhaften Anwendung: 0x01cdd63765ac559c
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Steam\Steam.exe  Pfad des fehlerhaften
 Moduls: tier0_s.dll  Berichtskennung: c833d561-422a-11e2-8e1e-6c626d8ae4e1
 
[ System Events ]
Error - 12/30/2011 11:15:01 AM | Computer Name = Monti23-7-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?30.?12.?2011 um 16:13:40 unerwartet heruntergefahren.
 
Error - 12/30/2011 11:17:32 AM | Computer Name = Monti23-7-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst BsMailProxy erreicht.
 
Error - 12/30/2011 11:18:02 AM | Computer Name = Monti23-7-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Winmgmt erreicht.
 
Error - 12/30/2011 7:11:32 PM | Computer Name = Monti23-7-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?30.?12.?2011 um 19:12:30 unerwartet heruntergefahren.
 
Error - 1/3/2012 4:42:17 PM | Computer Name = Monti23-7-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?01.?2012 um 03:18:09 unerwartet heruntergefahren.
 
Error - 1/7/2012 7:53:05 PM | Computer Name = Monti23-7-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?07.?01.?2012 um 12:57:37 unerwartet heruntergefahren.
 
 
< End of report >
         
OTL.txt

Code:
ATTFilter
OTL logfile created on: 12/9/2012 7:12:09 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Monti23-7\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2.99 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 56.98% Memory free
5.98 Gb Paging File | 4.38 Gb Available in Paging File | 73.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1356.17 Gb Total Space | 1049.38 Gb Free Space | 77.38% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 21.08 Gb Free Space | 52.71% Space Free | Partition Type: NTFS
Drive E: | 5.41 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: MONTI23-7-PC | User Name: Monti23-7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\Monti23-7\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.)
PRC - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe (BullGuard Ltd.)
PRC - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe (BullGuard Ltd.)
PRC - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (BullGuard Ltd.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\libglesv2.dll ()
MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\libegl.dll ()
MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\avutil-51.dll ()
MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll ()
MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\avformat-54.dll ()
MOD - C:\Program Files\BullGuard Ltd\BullGuard\res\de\BpInspectorRes.dll ()
MOD - C:\Program Files\BullGuard Ltd\BullGuard\res\de\BpMainRes.dll ()
MOD - C:\Program Files\BullGuard Ltd\BullGuard\res\de\BpBackupRes.dll ()
MOD - C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll ()
MOD - C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll ()
MOD - C:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9f7b241c4cff24e6d0b554efb60aa8be\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3a7eb7595728baf4078ec5f97b44180c\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4d7a457d9f9adcce4d201119b5179c29\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (BsMailProxy) -- C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll (BullGuard Ltd.)
SRV - (BsMain) -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll (BullGuard Ltd.)
SRV - (BsBackup) -- C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll (BullGuard Ltd.)
SRV - (BsScanner) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe (BullGuard Ltd.)
SRV - (BsFileScan) -- C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll (BullGuard Ltd.)
SRV - (BsBhvScan) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe (BullGuard Ltd.)
SRV - (BsUpdate) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (BullGuard Ltd.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\MONTI2~1\AppData\Local\Temp\catchme.sys File not found
DRV - (NovaShieldTDIDriver) -- C:\Windows\System32\drivers\NSNetmon.sys (NovaShield, Inc.)
DRV - (NovaShieldFilterDriver) -- C:\Windows\System32\drivers\NSKernel.sys (NovaShield, Inc.)
DRV - (Trufos) -- C:\Windows\System32\drivers\Trufos.sys (BitDefender S.R.L.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (BdSpy) -- C:\Windows\System32\drivers\BdSpy.sys (BullGuard Ltd.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4177358873-602087415-1262994133-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4177358873-602087415-1262994133-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\S-1-5-21-4177358873-602087415-1262994133-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4177358873-602087415-1262994133-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4177358873-602087415-1262994133-1000\..\SearchScopes\{4B90DA04-78FE-41DC-867E-8CD2C5E65D0D}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393
IE - HKU\S-1-5-21-4177358873-602087415-1262994133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/08 15:44:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: c:\program files\bullguard ltd\bullguard\Antiphishing\FF\antiphishing@bullguard\ [2012/11/25 23:37:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\Spamfilter\TbSpamfilter [2012/11/25 23:37:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin [2012/11/25 23:37:48 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3\
CHR - Extension: Google Mail = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012/11/30 16:35:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-4177358873-602087415-1262994133-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Monti23-7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk =  File not found
O4 - Startup: C:\Users\Monti23-7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4177358873-602087415-1262994133-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4177358873-602087415-1262994133-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - c:\program files\bullguard ltd\bullguard\Antiphishing\IE\BGAntiphishingIE.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{732048A9-7E8D-428F-9AF3-D5BE1F66BC7A}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A295CD5-A244-421C-A8EF-9E3A343737CB}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (BgGamingMonitor.dll) - C:\Windows\System32\BgGamingMonitor.dll (BullGuard Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/12/04 20:48:21 | 000,000,000 | ---D | C] -- C:\Users\Monti23-7\Tracing
[2012/11/30 16:36:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/30 16:36:15 | 000,000,000 | ---D | C] -- C:\Users\Monti23-7\AppData\Local\temp
[2012/11/30 16:22:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/30 16:22:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/30 16:22:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/30 16:18:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/30 16:18:15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/30 16:08:35 | 005,009,213 | R--- | C] (Swearware) -- C:\Users\Monti23-7\Desktop\ComboFix.exe
[2012/11/28 21:30:02 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Monti23-7\Desktop\tdsskiller.exe
[2012/11/28 20:54:14 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Monti23-7\Desktop\aswMBR.exe
[2012/11/26 20:58:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Monti23-7\Desktop\OTL.exe
[2012/11/25 23:32:19 | 000,308,296 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\Trufos.sys
[2012/11/25 23:31:54 | 000,100,216 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\BgGamingMonitor.dll
[2012/11/25 23:31:54 | 000,054,624 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll
[2012/11/25 23:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BullGuard Ltd
[2012/11/17 03:02:44 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012/11/17 03:02:44 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012/11/17 03:02:00 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012/11/17 03:02:00 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012/11/17 03:02:00 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012/11/17 03:01:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/11/17 03:01:22 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/11/17 03:01:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/11/17 03:01:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/11/17 03:01:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/11/17 03:01:20 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/11/17 03:01:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/11/17 03:01:19 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/11/17 00:07:12 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012/11/17 00:07:09 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2012/11/17 00:07:09 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012/11/17 00:07:08 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012/11/17 00:06:57 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/11/17 00:06:54 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2012/11/17 00:06:54 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/12/09 19:09:56 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/09 19:09:56 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/09 19:04:23 | 000,000,512 | ---- | M] () -- C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2012/12/09 19:03:44 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/09 19:02:24 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/09 19:02:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/09 19:02:18 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/09 18:20:05 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/05 21:37:32 | 000,041,695 | ---- | M] () -- C:\Users\Monti23-7\Desktop\Fehler.JPG
[2012/12/04 20:08:15 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/12/04 20:08:15 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/04 20:08:15 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/12/04 20:08:15 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/02 23:56:33 | 000,540,743 | ---- | M] () -- C:\Users\Monti23-7\Desktop\adwcleaner.exe
[2012/12/01 00:21:25 | 000,002,775 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/30 16:35:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/11/30 16:09:03 | 005,009,213 | R--- | M] (Swearware) -- C:\Users\Monti23-7\Desktop\ComboFix.exe
[2012/11/28 21:30:10 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Monti23-7\Desktop\tdsskiller.exe
[2012/11/28 21:29:08 | 000,000,512 | ---- | M] () -- C:\Users\Monti23-7\Desktop\MBR.dat
[2012/11/28 20:54:49 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Monti23-7\Desktop\aswMBR.exe
[2012/11/26 21:26:17 | 000,000,000 | ---- | M] () -- C:\Users\Monti23-7\defogger_reenable
[2012/11/26 21:19:54 | 000,302,592 | ---- | M] () -- C:\Users\Monti23-7\Desktop\fhguvvlq.exe
[2012/11/26 20:58:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Monti23-7\Desktop\OTL.exe
[2012/11/26 20:58:24 | 000,050,477 | ---- | M] () -- C:\Users\Monti23-7\Desktop\Defogger.exe
[2012/11/25 23:31:47 | 000,020,040 | ---- | M] (NovaShield, Inc.) -- C:\Windows\System32\drivers\NSNetmon.sys
[2012/11/25 23:31:37 | 000,054,624 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll
[2012/11/25 23:31:33 | 000,100,216 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\BgGamingMonitor.dll
[2012/11/25 23:31:16 | 000,216,136 | ---- | M] (NovaShield, Inc.) -- C:\Windows\System32\drivers\NSKernel.sys
[2012/11/25 23:30:49 | 000,308,296 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\Trufos.sys
[2012/11/25 21:46:19 | 000,000,792 | ---- | M] () -- C:\Users\Monti23-7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/11/17 03:43:09 | 000,405,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012/12/09 19:04:23 | 000,000,512 | ---- | C] () -- C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2012/12/05 21:37:32 | 000,041,695 | ---- | C] () -- C:\Users\Monti23-7\Desktop\Fehler.JPG
[2012/12/02 23:56:25 | 000,540,743 | ---- | C] () -- C:\Users\Monti23-7\Desktop\adwcleaner.exe
[2012/11/30 16:22:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/30 16:22:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/30 16:22:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/30 16:22:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/30 16:22:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/28 21:29:08 | 000,000,512 | ---- | C] () -- C:\Users\Monti23-7\Desktop\MBR.dat
[2012/11/26 21:26:17 | 000,000,000 | ---- | C] () -- C:\Users\Monti23-7\defogger_reenable
[2012/11/26 21:19:52 | 000,302,592 | ---- | C] () -- C:\Users\Monti23-7\Desktop\fhguvvlq.exe
[2012/11/26 20:58:22 | 000,050,477 | ---- | C] () -- C:\Users\Monti23-7\Desktop\Defogger.exe
[2012/11/25 21:46:19 | 000,000,792 | ---- | C] () -- C:\Users\Monti23-7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/11/17 03:02:56 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/17 03:02:00 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/06/04 21:35:09 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012/06/04 21:35:09 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012/06/04 21:35:08 | 000,239,869 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/06/04 21:35:08 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2012/05/30 17:54:32 | 000,272,629 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/02/01 18:33:38 | 000,491,520 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2011/10/13 14:53:18 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011/10/13 14:53:02 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll
[2011/07/25 23:22:30 | 000,000,900 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/07/21 14:45:34 | 000,000,000 | ---- | C] () -- C:\Users\Monti23-7\AppData\Local\{5A8C793E-48C2-4D39-A1FC-75CD8ABCBDE9}
[2011/06/17 10:57:17 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/06/17 10:57:16 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/06/17 10:57:16 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/06/17 10:57:16 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/06/17 10:57:16 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/06/17 10:57:16 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/06/17 10:57:16 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/06/17 10:57:16 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/06/17 10:57:16 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/06/17 10:57:16 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/06/17 10:57:16 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011/06/17 10:57:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/06/17 10:57:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/06/17 10:57:16 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/06/17 10:57:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/06/17 10:57:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/06/17 10:57:16 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011/06/17 10:57:16 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011/06/17 10:57:16 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/03/27 23:42:34 | 000,000,237 | ---- | C] () -- C:\Windows\RomeTW.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         

Alt 09.12.2012, 19:26   #15
Montezuma32
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich



Irrtümlich 2mal gepostet

Antwort

Themen zu Polizeivirus Österreich
adobe, adobe flash player, autorun, babylontoolbar, bho, defender, downloader, euro, explorer, firefox, flash player, format, google, harddisk, home, homepage, logfile, lsass.exe, microsoft, ntdll.dll, object, realtek, registry, scan, software, udp, windows



Ähnliche Themen: Polizeivirus Österreich


  1. Polizeivirus Österreich
    Plagegeister aller Art und deren Bekämpfung - 10.06.2013 (13)
  2. Polizeivirus Österreich
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (17)
  3. Polizeivirus Österreich
    Alles rund um Windows - 30.03.2013 (1)
  4. Polizeivirus Österreich
    Log-Analyse und Auswertung - 07.02.2013 (9)
  5. Polizeivirus Österreich
    Plagegeister aller Art und deren Bekämpfung - 13.12.2012 (3)
  6. polizeivirus! österreich
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (10)
  7. Polizeivirus (Österreich)
    Plagegeister aller Art und deren Bekämpfung - 27.10.2012 (2)
  8. Polizeivirus Österreich, 20.08.12
    Log-Analyse und Auswertung - 05.10.2012 (4)
  9. Polizeivirus Österreich
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (23)
  10. Polizeivirus Österreich
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (11)
  11. Polizeivirus österreich
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  12. Polizeivirus Österreich
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (4)
  13. Polizeivirus Österreich...
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (14)
  14. Polizeivirus Österreich
    Log-Analyse und Auswertung - 02.09.2012 (13)
  15. Polizeivirus Österreich, 20.08.12
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (2)
  16. Polizeivirus Österreich vom 2.8.12
    Log-Analyse und Auswertung - 16.08.2012 (49)
  17. Polizeivirus Österreich
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (13)

Zum Thema Polizeivirus Österreich - Hallo liebes Forum-Team! Ich habe mir leider den Polizei-Virus Österreich-Variante eingefangen. Habe leider kein Screen-Shot gemacht konnte aber eine Viren-Datei isolieren. War die Variante mit der Webcam und man soll - Polizeivirus Österreich...
Archiv
Du betrachtest: Polizeivirus Österreich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.