USB Stick zeigt nur Verknüpfungen

annaeli · 25.04.2013, 11:45

Hallo liebe Leute,

ich habe die Befürchtung, dass gestern mein Skype Account gehackt wurde, da meine Kontake eine seltsame Nachricht mit Anhang von "mir" bekommen haben. Als ich, nachdem ich darüber informiert wurde, einen Virsenscan gestartet habe wurde mir auch prompt angezeigt, dass sich wohl ein Trojaner eingeschlichen hat. Ich habe dann mittels Virenprogram versucht, das Problem zu lösen und im Anschluss daran wichtige Daten auf USB Sticks speichern wollen. Gestern Abend ist mir schon aufgefallen, dass jedoch die Ordner auf den USB Sticks nur noch Verknüpfungen anzeigen und heute Morgen, als ich das Ganze noch mit einem anderen USB Stick versucht habe, war das Resultat das Gleiche. Ich vermute, dass es eventuell ein ähnliches Problem ist wie in folgendem Thread beschrieben: MP3 Player und USB Stick zeigen nur noch Verknüpfungen. Natürlich will ich langfristig das Problem lösen, aber da ich nächste Woche Freitag eine wichtige Arbeit abgeben muss, möchte ich vor allem wissen ob ich gefahrlos mit meinem Laptop weiterarbeiten kann ohne dass mit Daten verloren gehen?
Vielen Dank

PS: Mein Wissen und Können was solche Dinge angeht ist absolut minimal...Ich gehöre zu den Leuten, die dann mit dem PC zurecht kommen wenn alles so läuft wie es soll. Ich hoffe ich habe die Situation daher angemessen beschrieben.

cosinus · 25.04.2013, 12:18

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

annaeli · 25.04.2013, 13:02

Code:

ATTFilter

Virenprüfung mit G Data AntiVirus 2013
Version 23.0.0.19 (03.02.2012)
Virensignaturen vom 
Startzeit: 24.04.2013 23:15:26
Engine(s): Engine A, Engine B
Heuristik: Ein
Archive: Ein
Systembereiche: Ein
RootKits prüfen: Ein

Prüfung der Systembereiche...
Prüfung aller im Speicher befindlichen Prozesse und Verweise im Autostart...
Prüfung auf RootKits...
Prüfung aller lokalen Festplatten...
Analyse vollständig durchgeführt: 25.04.2013 01:45:17
    217851 Dateien überprüft
    5 infizierte Dateien gefunden
    0 verdächtige Dateien gefunden


Objekt: B13C.tmp.exe
	Pfad: C:\Users\LaraAnna\AppData\Local\Temp
	Status: Virus entfernt
	Virus: Trojan.GenericKDZ.14738 (Engine A)

Objekt: firefox.exe
	Pfad: C:\Users\LaraAnna\AppData\Local\Temp
	Status: Virus entfernt
	Virus: Trojan.GenericKDZ.14738 (Engine A)

Archiv: jar_cache221074366157950420.tmp
	Pfad: C:\Users\LaraAnna\AppData\Local\Temp
	Status: Virus gefunden
	Virus: Java:Agent-DEJ [Trj] (Engine B)
Objekt: critical\securityupdate.class
	In Archiv: C:\Users\LaraAnna\AppData\Local\Temp\jar_cache221074366157950420.tmp
	Status: Virus gefunden
	Virus: Java:Agent-DEJ [Trj] (Engine B)

Archiv: jar_cache5925633512068707019.tmp
	Pfad: C:\Users\LaraAnna\AppData\Local\Temp
	Status: Virus gefunden
	Virus: Java:Agent-DBM [Trj] (2x) (Engine B)
Objekt: oracle\dearthsSerailPinner.class
	In Archiv: C:\Users\LaraAnna\AppData\Local\Temp\jar_cache5925633512068707019.tmp
	Status: Virus gefunden
	Virus: Java:Agent-DBM [Trj] (Engine B)
Objekt: oracle\spearedTermly.class
	In Archiv: C:\Users\LaraAnna\AppData\Local\Temp\jar_cache5925633512068707019.tmp
	Status: Virus gefunden
	Virus: Java:Agent-DBM [Trj] (Engine B)

Objekt: icardagt.exe
	Pfad: C:\Users\LaraAnna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EXRTRBZ2\static.awempire.com\flash\custom-freechat
	Status: Virus entfernt
	Virus: Trojan.GenericKDV.938284 (Engine A)

Der Zugriff auf die folgenden Dateien wurde verweigert:
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG2
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{cce7b767-e062-11e1-83da-60eb697e825f}.TM.blf
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{cce7b767-e062-11e1-83da-60eb697e825f}.TMContainer00000000000000000001.regtrans-ms
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{cce7b767-e062-11e1-83da-60eb697e825f}.TMContainer00000000000000000002.regtrans-ms
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0040fafcd971333b5707e26b1be00ced_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0065f3afdc15da9785ca8e9729ec551c_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0098987dd55394376fe951f5c32a2c2a_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\00a7ae4576f618e98a378ea7e2049a41_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\01e5468181a0757f3d993ed8699eb209_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\02cbdc7b27237a933f7d8749410a9f05_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\032bb5516fce007a2b3d5633ab877b13_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\041babbd1b97be413c05be716bdd2aa2_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\04298b6a9dba83273559ad3188fcfa72_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\04588d4ed9431cc63346cd6347c1aead_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\05412c8ecdd198c9632e4a23169beae0_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\05cae56fb5a3e6cf573b667f13b74984_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0619a59d28c2e515387c920f9fd409e0_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\063cbffbcc436353fbada2e080c68202_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0674b57a3f151ace019e7084f3394338_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\06bb24f6a9968b82efa524550ca84d1a_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\06d39f62696191f93b5b89d13348e24d_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\072c410eebeee9644d9cc083aaf62e98_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\073e0099a1e7b89f1cc907d6517244ff_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0747543e5126952df7a6a7b018981130_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\075fa83da29a7d0dbaf6f1fdee06a754_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0805663c1755bc7cc66f88b7856826b3_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\080c6ed3505d15df46e8c9150018fa02_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0821de2e791f07822f8712e903c88e5e_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\084187c6f33eab8723d01136a59f1dac_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\08eca26e3d63ef05de7c912e3579292c_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\09603b7f7a002ff7c5eea0d68fd6c7b2_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\09adbe9a6feb1dcc4629cb760fed99f1_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0a428e72e55e1d0a61b6bac782a46476_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0bd4d11ea4bd11afa286baae380f0e9a_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0c10ea0c05bce2c2fc0b30345e45b2bf_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0c87910f73c91be42cecb60fe1a35a6c_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0e3a28cce106a26d6e2ec622389c5aa5_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0ec57223b9a7e8fd4415521277f1e692_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0f4db12ee74377c2dc93e2d63d1b6473_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1038a169ac2bc4c0394c410d585ab15a_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1188b7d63dd94dd95269d905365905d3_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\11a1f4b2a730c4aa92a1912202b26750_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\121b48ab1588750927d6e491416ed52c_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\129709f0f6385d9cd24fce1ff0eeac0b_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\129e75da26622260be6624755f403855_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\12c8f3f7813ec345f8ed32305b05bfa5_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\142749eb677501030ee91f5bfdb2bff7_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\150288329a7e2754791ed1849c121d2e_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\15030294144c91f0574cd854c94ac9d0_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\156ca6885b581f29b7d3caa5f5bd10a0_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\15f8a13d5709bc18ebb876d495ca2a70_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\160e0f12af0b461745aad4b03b691c6f_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1738109a8d70ddf025c7f2c6ada03e58_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1770afc1fea0da46ec0f9eb09a720960_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\17779cd3866339045425eaa858a1a1f7_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\19247937fb8195f7826a92a447fc2c1b_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\19254aa15da46c4df7a194ef5ebc5c05_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1a600345f2c1623494c20d1daff7b3c0_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1b0bb1a5c76361aa8d682245652b7c14_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1b1d98f2eb4675c211ad8fbc73c19c1c_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1b3966228d1e4a557600426b442bf7cb_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1baa3c305a29bdfb31e99907d83d9ef0_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1bf9de80e7a29360d697305d2e8ca70a_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1c3ca0c820202c5338745224624c1ca2_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1cdbb608623983eeb967b044c7212204_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1d4a204b397942ee961d4632f01e96e0_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1db5a4fc3dacfa0e1114ee8909fbdf3b_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1db92e99fa906d365618a55e1521e039_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1e37a273ba04f8dd4d2786fc33d970b3_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1e6958ed1ca88ca5f045bc4cd04de6c3_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1e6aa63f8974d17f0e4933cb90e0f33b_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1eb27f7e2ee826d3f7d29d817c638048_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1f735b3a7781ebaa4a458e0a117aff4f_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\205b7fdb7ae73d2e2f593d8f211bb8b6_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214e5873a33b7ccd4c14331809d84856_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\21c66368cc2d158c9da999c2a8ddb771_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\22dab7781c6ea30a85e92804494ac69e_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\230309c02067c484b6a6cb63772a11f9_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\239bf0e5030148b73bb26fd819948a01_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\23dd02e7bfeaf20e0f82909325f9282a_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\248442a704e515f63e50c51b67a572ae_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\256aaf64b28f27c60fcae518b6645b64_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\257312aa9169b826f1011ed9042b163c_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\25dbccd25ee4dd0b1611fe46d9e45527_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2630cf419e5a86b3804141c887abc75b_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\27a30f4a7c04779a8082250dafc180d8_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\27b667283c28aaeeb3e9370ed826db76_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2800a71036ba103d9de7095d51c72ea4_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\28524598420df6f019a288707644be72_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\288ea449238b82d5e536cd32225e2e0d_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\295dff8768a6d88d8b4a1c30d245956a_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\29bbbc66827ae438419596cf263560e4_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\29cc496da0f5e5c7eba147c980e81ec7_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\29ead595b7c3bd1c5fcd4bda743f37a7_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2af9deb9ca9ef4b15d2e875524c7ba7c_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2ba2e0b74b74b948823054637c976fb3_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2bd6682d1af050590f8d3d17712c1256_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2bf6513f4e63789a341c15fa526d6094_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2bfd78dc47ee05a1684800e18accf675_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2c7992ba65a81ba73aa0795ea432810f_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2d4ef22277d2aa261fcea3068ebff232_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2d5fafb462768d405de18b27c683863e_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2d95e467cca8d6a5727a3ba6db36277c_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2da57e702d72293aa770af287ac9f570_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2daebfca7ae74dc474fed423ed09b622_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2dcfe702c1c2e8624871cfdbf23fb5cd_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2e28b3b3e3bb35cf5c22411b07501f63_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2fe678c6edc12359950f04f32dd9c1a1_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2fe764657d3b092dc65628aaee8fd7c9_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\30e29440b94b7e2090d6e7f4e88b4303_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\326322654db6dd9edbccb63a075197ce_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3280e0e4992b5de91e0c8fc1ce8f18e3_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3349d14201fcd9aed7e8ee02e3ac701f_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\347832f52674227bc3d2f1521e87e01b_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\34cf88a314badede9c0a8e2dec00d738_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\34ffdbc801536cd72977961269b99844_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\35536ad021ddbe6e140948befb4bbfad_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3616a9f184cc2bb2c4a3387314fd3be7_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\37258f6e7e5073a26277c9bc806163e5_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3791c8ffff419a6f0df1e912969c8b2d_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\37ef6b0c672142ff4e8fe64494454fa7_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3adcaff9fdeb26b5c4aee217d17908cd_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3aec03043f049a1384d4bffb901e9494_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3b5721bd2fa5472037f3f7bd6297fd03_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3ba1fd4eb573e1e62ea0f887bf03c9b7_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3ba6dc5314cf27117798a67bed62f395_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3bc3cdcc34828b3607bafb5e86417dc8_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3d57fca04dc0e760a85373540e7503c9_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3d6154356cefa45d2351d812afc13ee4_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3dbfe1d7f42098d8fd4a6652b84ce362_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3dfdb3d30900b4698b26e020920b5b26_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3ec885088fa0332130cc9230d2699b8a_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3ef1609e005471d1c24a697083692516_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3f0b7d37b114024ec1bb78c0c8e2ef78_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3fd14dee073c2b3cb9d1ea022b81c936_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\404cd67348b739f6d82e0fabbcb0490b_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\41133712f996f0df46bc9c0be11afeea_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\41144951aabfc2d318c893bba1308f9a_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\415618949c6ffd48a765a9c2ac718370_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\416901b4df0bf5b2a3939caff42e0581_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\41c76c7550ac02a1d0f76568f75e3ad5_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\424789e8f27f00d77eb1cb4ef55cb8f0_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4283cf8dccf5b14cbea686e50545e974_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\42e74c02861121f50796a0b483c3a99d_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\436a627ae23799c2fc8bbcf5c917a0b7_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\44e605ec4158627ea595a265ea1c7245_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\451228e669968c080443580559150c2d_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\45a431a203845eff69e97d9126a10297_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4666deb37f5b44b8cb3384b6451d4557_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\467545d37b9a7dea69e2233732902824_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\46a9e6d4c22d27db4a76b509e6f327c2_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\471f1d3b9041427a58ba78cd21b7faef_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\493b73e8f5ad487b389d54516ca391a5_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\499a8150e6c2c44c82652063dbf56bf5_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\49ba9c672ef712579bee11bba54f07d1_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4ac163b74f14387687ee5c81a8ba0336_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4b11385ec84eb482c4732d689368b7bc_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4b37ee77c5ffdda24d2a14e525ee8b1f_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4b737f60ffc81946a3e350bca11f0654_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4c28f1736730587f569864ffecc2cda2_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4cc50a44eae6fb49a9309ce04c9f0c07_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4cf84db79bd7f4d43b0a24363c5a91bf_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4dc1dd9ecd60c610ac6cfd2514d4b656_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4e53fb848e44a039e52f3fa6c6376f27_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4e9dd51f1a73af477f7b772afc34ddc8_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4eba1c00744a8ac50e47660a24711bf3_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4fe84544ccf735c7b8cba4f9689bf7e0_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\506e7500d93363f05ef30deb9c1e7dd5_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5236184f4c83bc52eaadb2f896e89a57_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\52cbaaee9bb72dc29261129c81d8ab37_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5360b79171573dcfd1b3bb7d30a6176b_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\53841c5c222be144bd11867f6626674e_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\554418a716e9023450dc1e1de565dde8_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\558aaf79aa512fec0657ad380e3d4acc_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\571e97a4051dcfd8b9cbdafc4fe5b2a9_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\573c6f30c765b03bb8da0d7d8c9e97e0_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\57a4de11d3347684f2c2d840b129db4a_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\57c092a08ffc810a9f7836f4de4a2966_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5860ee1f2ba154759bb7c853f3385edf_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\59ec92466a5e473b40022788f1af058a_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5a7242b7e9a212d8cb7630a104603b92_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5c7666cf27c7e963640ddc5d1515318a_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5c82a573bfff9c85df63c824a4e0c58e_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5d91ef23dbc780497e82c0bb72435093_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5daac8fcd102927be938708fa78dce87_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5e880d694e35b4949348d59111a3f318_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5ec530ac646e629d76df614eea8a5472_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5ed1ce2d3fe66e92d2d4d7c3f78e222c_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5ed553221eedb6935681676c707a89c7_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\600858656e7839f95664cf659f8ea484_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\601654b4eb314adfebf63cc2ffb5dc81_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\618cd8c56a72ea4cfee089c73d5b6a94_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\625d1f62eb214b80930d6b68131eb94e_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\631bed87336a7e7a4fe02486f18b7594_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\631d621f9af03e817c1ffe7213e0ae53_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\63ad36be84b8a7b9156483747fd51fbc_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\63c54fb72ab3d22ab06481dfd6c99669_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6432c631ba97e38dafe90c1722cd0909_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\645769fce10e5562f567a69c7f06b5ac_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\65c467c689912814c2d8c5f1f19de748_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\66ce506705e1ba2b274e65e5e9accadf_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6775ff5aa1a038e03d86a742893bae4e_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6789a1770500b6b29a91c2f753fe7018_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\67a30a267bf530411df8e0aa19dbdab0_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\68195cd2555480e5ee3986d9f4454a30_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\68846ca46ceb5184861a2b1db6be27fc_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\690aa3560674b3ae96cea63806bc0ef1_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6926b5e298b6c2da54e26673d56d5efa_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\693d6dfc62ae2402d1d5e086fbf6b2a0_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6944085e680f22bd1c960c6e09970da9_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6a13b7b4e3d3d4e19c8604226550884f_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6a5f9239f9250d17d6d35445ea14eb9c_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6af10f40f892c18b0757091e0f338915_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6afe4db5d55378a4ef8ffc431c059633_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b13b5dc7444ac25c8130ce9f0c87f54_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b3c0cc0a05a31f6658774d0cde69ac1_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6cc3946d364574bce9acbbf425cd1a83_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6de2216d687a410ef43eb9a64de6a092_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6e0c9d7ffff8ffec3b11d5c666f93579_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6f3612f049e5edf6f7eaa3f436591397_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\704803313ff592fa379b37f6a66b86f2_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\70afb5628a07596e05db9008fb20000e_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7155678faf2b2cc24e49eff00afbeb36_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7199dbbc5cf32e8fc31c513e82880506_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\71de8ced35374313e4273f632f2e78ae_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\722e7f242dc20399f9643b3c2074be39_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\72cd697152b37524dc58bf830bbeb4c5_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7383eaa5ff92340dec0fbe6b153a9a3b_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\73f988275ec4a6b6d989ee4396bbba9d_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7565787529ef6e504c9f0af66b97cda2_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\759344285b2e587dbaeed6a49db62207_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\76f90a5f5fe4f7961352d417fb08a359_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\772d86233e009948d26190d109ec0f19_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\77637cce9b89dbd636cee4ffc8a5bb0e_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\79076a9ea1251090fc944f1c5a8b99ea_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7976c784a49b0cf0ec3d032f53a5a00c_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\79cdb370dac1a69a2087bd2f6696d05c_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7a7e61c87fc2640435b89973962cea15_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7adb5b6540ff0800c22b25aca01d7177_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7ae3f008930f00cd9ab1ee1d7b9a79f3_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7c21a38fdd24b04d67b94f6fc05d22b9_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7e26bfd0aba73d1c6bcab9b1a8085abb_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7e2c731e9e0bfb16fda895490d1669b6_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7f3c4192afdcf2dd5cf64d7ced55fd20_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7fa0ae389cbfcd991cb33a207b248523_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\807f4bf2b42e047e50e46938190c0b02_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\81090ae2ca185698d3e5de5ad58283df_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\81c8660515f49a41505b182d6ff5e838_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\81f566469adf3ddf39626a335bed3485_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\82040a09a0c2470ff1f40633dcc5965c_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\82987b8dd74324bc99728279a245604b_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\83c637ac88efd4957cde69913dc113ec_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\83c6bb9c2f999728d5643f6c5a8011bb_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\83f4e05016a96faee0df2066bd299e30_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\83f8daa8bd89d7cdb19f3497bf5f11ea_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\842349a2cfd30a21d37824591f622005_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\844da1d29d59813bd61c3b1246f6a638_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\84ca7ca57b0dc4d95b6bebd64fbaab40_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8508680ac13f3dfec61234666e7cd47b_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\85be9d72a147199ce5358a0e63ad7616_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\862c790267dae1323fc3eb6f7a79c070_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8631ab304a628573f0901b5d701436c2_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\86782994e8c4c926b99bb36592cddd90_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\86fb89e1df37a4e12dd2daac56c02113_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8728fed0f7e17f0b9de96b3b89b14499_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8787e30d149fc0116ae4c26b2aebe2c0_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\887804d8799bd94a0397abaf5d5bee5d_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\88f60d5295a8052c4cfb7b1a5fa784d4_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\890c542198bb8641cc191de04aaaf73d_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\89102724710729fc737ded30de1ebe3f_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\898f654c5e2cb21854e1f90965614402_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8a3afbe6d25cd30ae5bbd748d9e353ae_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8a685ca7d1b351b14f686285bab115e3_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8a6c006c52cfd795c39c3941faaa580e_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8affa432fc6d90f098be1ffd783c8429_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8b1e0078489e2eff33ec8b81658c4b9e_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8cbddb11be0f77ded2abecf39e273a6a_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8d8028ce4a84a96c3db225d3ef65963b_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8d83e62f2ce9c77e4716b78eea33f77a_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8df7840ef4f715e180eb14f024d3041a_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8e6602187922a747b3bca0b91adf33c2_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8e7824c401fef579b5461cd0361a32ea_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8ea62a4a051cecfdf84cd7bbc534b7c9_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8ed75934518592ff3da41789419f77d5_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8f2d4ee8ecb3d330640a70d40abbf47b_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8f4d5dacbcb89d56496c0b882e02f114_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8fdc13c641d73bba71e81212451922bb_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8fe9929859722f6006147554510ce725_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\900799c3213002c9a2035af001b4c0aa_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9042417c312127cbc7bbfd3e46e82947_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\90e1c7928c50159c1602ba9ef27975f7_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\92da53919f2b8328c76dbdaa39e87a39_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9354eec2fc192d0f111bb19d06461401_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\93a5d473cb60014a6ba2ae0d95f7fe02_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\93c713c531ce07db24dabc85c9979a4f_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9452b1c4cdbd07e6af9dee73fe779e6b_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\94fc13ada54fe8581d28176da75cd9e2_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\961921db0056bab4dc8b451014d2f771_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9673b8d87bd52eca4a6eb09cef044b45_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\969a9646a4a3d5ba444058cce3f5b26e_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\979077d6d164fc7bb11f3aeda02cc878_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\97a1dfde37ab1baaf508d80ea7d4e8e5_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\97ab7cb9df3175fc1ff0c680f7dc5669_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\97cbfc284a3d3961a0956bc976454eae_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9887ad9b3842f58931b80cbe9163c0d6_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\98a59dc74ebad1e5e5361c94f406ee56_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\99018b99128c866b36a1bfa7f79014d3_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9990a107b60cac84cdcfa5c321e266e2_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9a0a8a5f7431e95473d56b3ba08eb9ca_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9a13d1c82cd758e114fae1f07fd9541d_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9a9109002c561a12325eff8ac2f69697_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9ac7eb24fed23f609a9e76ac4220e37b_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9b8f690ec3a761a34954f22d42ba7a89_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9bfa1bfb8af9ba53461061e61c52fa99_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9c84c97d67538c2e3ec95fa32811a7ca_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9d2bc6cd42c7e1137a072efc21a142db_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9d4e03e27570c1776dcb20fed9aa28f2_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9d96d35aa1373106b43ccbd285dfaaee_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9e0d53135183b53c246e72d794da741a_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9e5ed56dda5fc6376d0744bf413e753d_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9eb6d584de0cdb693ee6d518ffaf18b4_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9f5f79b26bc2386221a9ba387fdca109_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9f70fe0415b6ed1ef7cd660e19a0bd93_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a07013aa6333eeee061f41bbcc78d5ab_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a1b9b8ec86ece2a37420ad9ad757253c_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a1f402c21b83dbcbb4248649952fa189_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a2447ca98ab355d068ff5df3de7c26dc_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a5528591ccc6bcf54736842e4baaa3a2_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a5b3bfdc0d0af0c5942001c14a7ac072_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a610a08787527fd71314047484c58117_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a63bc7da7b8b27d78765a6da0b93e7d3_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a6643a9f83a526065b00a8aba3cb8a52_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a6876f09ca6015158e56d13c8f60447f_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a6d2550fb27350cba9f50a58fb44a65e_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a7e1cae88460d84d0772593c733274b8_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a8496288689f64c1e1355da432e577ad_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a85078574cf8fdbd2b3238ab22c67578_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a985eef3f85602e24cf0a5a8df5f7f3c_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a99b39ac16861ba878f858ae9910991b_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aa5d63425180bdd7207331004689327f_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ab0ccef1b51d5c407b857feae32c39b9_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\abebcbf855bb477357f4057f383758af_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ac4ae106c855c4e42a3cd57d42bcbf15_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ad40f7b5e356a777fdc426969ec93f52_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ad59ff0aba838df0bd774d8830c5c856_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\add24d1e0ce335617183dfe213b79bd5_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ae37e62c166c6c0997548683a519c50b_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ae3ea9b206a7aeeed6bad06fe5edbd59_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aee10d9eb1a18519f4fdd65fdc67c739_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\af4dd8c0c4e0c3b207a36af458ca858b_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\afde2b866f4a52bd7672b75dab1ad16a_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b09ab915ddc7804948fc9d630eefb88a_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b1d048966f125d1d79c59466ddb13eaf_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b2d2c79b7eff9b6cff840c637e2879fb_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b34631b5071db81cbb7785cf2fd623a4_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b377fd3a8ea0e39abb262469c0ee229f_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b401869515c94a479cf5330f8b2ec881_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b6c4d1e05fa8bd600bfa7a5dda8f26a7_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b752564476b686ca6c728257bd412e96_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b7e9a7ccdc017be2ada9841f8cddd1a2_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b886ed08b85fd5947242eb20df603ecc_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b8e45a8ab195d02b1dcc3ad61c56cb56_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b8ef5b03019bec8a97050fa90560d066_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b9c86c7396d48ed08a746f8f30dd81da_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b9cfa1251dc1333503d28b0a34ef74ef_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bafd4ed57268ec61967e94359f4d184d_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bbd53a4f9b3e877e069fc66b1cb6ce0c_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bd252905c15e2dafe0ca8b09cf4d3649_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bd98ccaca59fc654177e2485e16ae1f5_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\be12a609d115567afde67e113bcfce06_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\be1d550e547549f6e375790dca368c3c_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\be3ed3f18294f2825dba6d89e8529815_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bea05072095fce0bbc5b374a1da4322f_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bf489b1f7b0f6d63da84f1b0ce158d4e_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bf94ddf093ae437df883b4d4538b2aa2_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bfbad084c5fa5387acece4781ee0d62d_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c059f602491603d221ce5f0cc461482d_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c0dd4802e2434ba4b8f0deaf7885a9e7_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c0ef35750a197054c6d6b0472322a27b_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c14c1394e3fcdc3bbcd291e54d0d695b_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c227706dbf64ad2f19b8f1e2022e3e7f_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c2465128b9679fd1c4a6a1a2bca739ab_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c28b3033557f10b4e47156f3064e5454_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c30b927ffba1e41beaf833b5f430e191_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c3bf25611f2573ba88b51509029d31d0_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c3c33de95c0e7263737fe12c48b7937f_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c3d339eda799d6ba79f4bfd65ef9312a_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c4a8c0f23d3f56553ee0f1e7631b0b2e_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c4e6239b20611599bb49f6a47e684235_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c58add13298bc824591fa24d7f8add30_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c6cec723a5ab46a4790ded1d06a8847b_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c73bee6a2598bc6b2c3407fbbb483224_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c8d94916aeb840ea362bc186df70e3c8_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ca632313b48df2503a2a7f25ab817cd6_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cb43ed401255c6c3d6bc553e902c0bac_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cb598d9cf911ee2c29090e7286fb4f50_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cb5a46dff53edf62c6d4e9b359c44c6b_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cbad05881779028aec5778968066516a_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cbb858c5ec03ccc11cc42b3c76bc652f_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ccf7103a0f66197930d1177802382a96_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cd0f790ca2d6fc98b25513df03762739_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cd7f41bf939426f5a5377a8f0f4adb0c_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cd8940e9fa1c918619a1cdb8afdaf6ae_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cdca40c832e537f7e21280bc51a5e727_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cf510fe368b758a9a3cde73dd53fe5c4_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d0143b918c85a9fda3c9194cab5da42a_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d08c476f50f8489f50e4648fb5d0fecd_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d1a00c01d4514a0c67eaa4f81a57d5c6_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d1c795cc830f08b4b21f73d3d8a17095_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d1ce42b0604291646c8816d93cdd8d9f_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d1d2c52d393f0abe8b59a1d927f89322_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d3953b86e062f83f674d989187c45ebd_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d45ee901a20309c392feb262403cab0c_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d4a8823588361921c62cd2dbfada0cb0_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d4ff4654b75ec40577c3d0dc1b2bb44f_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d5ca701244ae3ab4ce3324376e86b7eb_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d75518fa62b58f7ef314788736f4a42e_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d7acaa091a4806d7c352081d4f5e03bb_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d875e62f36d3c9866d2998de8f5f46f0_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d8807957026478fd3f90096bb8588f24_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d994589ed54d58684d35066e0e6e28cf_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\da07c711ad90a5a049b213c0b77c187f_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\da189887c29185393f121d2c62aedebb_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\da3ed54888af3cee024e298a56914f21_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\da5722fe510e89f3aef8490f93c13b5b_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\daae892b7d208c5040ca97e4431b9327_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\daaf6991cea99b8c9d0e184a5e08e945_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dadc1d9b33ac7952cf44c253235d143c_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\db22b1e74f4132d5165b823253fa1ef2_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\db412ebdf5d7c371d7281cabef8db41b_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dc928afa3087181111c2cc987a523ebd_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ddca5367bfa4f21838f53a475e040423_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ddefbc05ccdf3fa5b40cd95257739cd6_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\de8c1349715ea8be1e373fd052f0929e_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\df10b33a40961708286c603f5cb1599e_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\df420792b50240d4f199ef59532dd66b_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\df4b81a172d2398ddde7ab8cd1afebdc_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\df8517745fa2500e975804e77fe4f0e9_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e00b737677e0bf7aecb155ad8b0b1446_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e049e687fccfbaee234ff486cf5b1202_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e0d78ac8aff850878ecef73bf010e33e_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e1bef04aad8453f4cbee33c7f4eac1b2_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e24c7f1769496e7346110ba5349667a0_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e53992eab8c6a2073b93375f4e6b9bf5_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e55af697b64006a9d559c86a6737e1b2_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e5645d59f57a8f4ed7f334cb228bf837_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e595a173f300b8aed667b2388c4cda31_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e5e4a3ebc1accf062228b185e8f9658e_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e6a01ad47dbf7d176cda20bf67d6615e_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e7c53866c1c4d25463c185b1fb50c3e1_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e885a7b2da609e82f650c6b5e0e294e4_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e91ebfc4733daee33f17a145bffa04e3_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e9558be956b599234d3b4c23d3894109_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e9f0fc6a481661f2fa0070a10f211183_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ead7993e67d6cac633d681284b4f986b_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\eb9b2fa0d2d7a6792ff9ed18bd8e3542_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ebc058e8c880f947e1a8d8fc67b1b677_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ec878d88ab947e85b0559991ea032060_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ed3c75a82d9389dfe0253ccab3d709f2_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ed842f13d1368dc7cdc5815dbfc0b02c_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\eebcd75a61dcb6c00a94da980a66bc97_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ef6029c1abaaf4c076780f75b39c5091_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f1415fbb4bff121ec7cb9b2ec7a37e60_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f2465055e56c40814b25558668fb875f_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f25bb8469ebd01fb6fcf6184a67aeed8_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f2909963293ad68a20c05cdbe4fe25e8_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f2cdca85106e8a9375245409d69a8922_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f3079cd4726136028ebca23f2708e13e_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f329cb3dc119b50205b21fc982dd554c_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f3d9290d29aff6fbe3169def4e86d998_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f405f35c30ad8e8bacbb43df22e1ccb7_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f47316a118d1ccfef46342629871cc12_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f47ee514504308ab3e1a2dec39107750_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f5c81dc2ab3c1c1c62030425b2cafb80_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f640697a9268bede8b0620d89365855e_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f68aeadf8b4f6b1a82a409606edc32a5_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f7255d905a594ad16592f395101b18a9_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f75d0bb574302284d82b2172d63d6971_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f794a35a2de9512a32936d506d9981ce_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f7c624c53a26a9476d0254dfabd4221b_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f84ccdadb84255e8c33f038fe174d233_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f84cf95687c814c68a6b2fe3d64a41e0_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f950ef15e574290d62e43690296986f3_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f96981289fea07a359068089ad789bb5_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fa284fdfe6120b2be7dc52365c2138b1_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fac04b352d38a4579310e0e05f910a6f_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fb0bbbb18f65da1b59c7af97c0b28a5e_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fb564cccc685ba4919ea6f9fb21a86ff_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc0b567f24f48f2c4d2190f9cff6914a_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc48fb382f2801eea5762332f5092ff1_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fd9417c604383ade14c3104a5d7c756f_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fdc147b12455ccbd08f8f5717e282498_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fe288a56ca21488f13d0c410108d0622_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ff5c0d6ff3408ddc2191acdf382e8e91_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ffd6859274dd432c1d49a1b39359c601_46ef2a76-7d10-479b-9ffc-db523d8d0f0a
C:\System Volume Information\MountPointManagerRemoteDatabase
C:\System Volume Information\Syscache.hve
C:\System Volume Information\Syscache.hve.LOG1
C:\System Volume Information\Syscache.hve.LOG2
Q:\System Volume Information\MountPointManagerRemoteDatabase

Die folgenden Dateien sind Passwortgeschützt:
C:\SWTOOLS\APPS\rnr\Z902ZAB1025AR00.TVT
C:\SWTOOLS\APPS\rnr\Z902ZAB1025BR00.TVT
C:\SWTOOLS\APPS\rnr\Z902ZAB1025CZ00.TVT
C:\SWTOOLS\APPS\rnr\Z902ZAB1025DK00.TVT
C:\SWTOOLS\APPS\rnr\Z902ZAB1025FI00.TVT
C:\SWTOOLS\APPS\rnr\Z902ZAB1025FR00.TVT
C:\SWTOOLS\APPS\rnr\Z902ZAB1025GK00.TVT
C:\SWTOOLS\APPS\rnr\Z902ZAB1025GR00.TVT
C:\SWTOOLS\APPS\rnr\Z902ZAB1025HB00.TVT
C:\SWTOOLS\APPS\rnr\Z902ZAB1025HK00.TVT
C:\SWTOOLS\APPS\rnr\Z902ZAB1025HU00.TVT
C:\SWTOOLS\APPS\rnr\Z902ZAB1025IT00.TVT
C:\SWTOOLS\APPS\rnr\Z902ZAB1025JP00.TVT
C:\SWTOOLS\APPS\rnr\Z902ZAB1025KR00.TVT
C:\SWTOOLS\APPS\rnr\Z902ZAB1025NL00.TVT
C:\SWTOOLS\APPS\rnr\Z902ZAB1025NO00.TVT
C:\SWTOOLS\APPS\rnr\Z902ZAB1025PL00.TVT
C:\SWTOOLS\APPS\rnr\Z902ZAB1025PO00.TVT
C:\SWTOOLS\APPS\rnr\Z902ZAB1025RU00.TVT
C:\SWTOOLS\APPS\rnr\Z902ZAB1025SC00.TVT
C:\SWTOOLS\APPS\rnr\Z902ZAB1025SP00.TVT
C:\SWTOOLS\APPS\rnr\Z902ZAB1025SV00.TVT
C:\SWTOOLS\APPS\rnr\Z902ZAB1025TC00.TVT
C:\SWTOOLS\APPS\rnr\Z902ZAB1025TR00.TVT
C:\SWTOOLS\APPS\rnr\Z902ZAB1025US00.TVT

Ich hoffe das ist richtig? Ich hatte bis vor einigen Stunden keine Ahnung, dass Logs existieren.Tut mir Leid, wenn ich hier unnötgen Stuss poste.

cosinus · 25.04.2013, 15:49

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

annaeli · 25.04.2013, 17:35

Code:

ATTFilter

OTL Extras logfile created on: 25.04.2013 16:59:24 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\LaraAnna\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,84 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 38,30% Memory free
7,68 Gb Paging File | 4,92 Gb Available in Paging File | 64,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286,66 Gb Total Space | 100,99 Gb Free Space | 35,23% Space Free | Partition Type: NTFS
Drive D: | 7,47 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive Q: | 10,25 Gb Total Space | 4,64 Gb Free Space | 45,29% Space Free | Partition Type: NTFS
 
Computer Name: ***_THINKPAD | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-1762070021-391940355-1678069908-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005D827F-ADB8-4F35-BA9F-E0B8DA4C262F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{140A38BC-844A-48B6-B8B7-CADBDEDA851C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{234413B0-34BF-40BD-B1C9-38659E1A8C9E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3620C4D6-0BF6-4484-BF00-0D6BB901A721}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{376D996B-6DEB-4709-A884-4AF938052A92}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{42BBD999-A0CB-46CD-8E85-7837F00D7918}" = rport=139 | protocol=6 | dir=out | app=system | 
"{47011BCB-1A3F-44E8-8307-3BA30B09B0CD}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4A9D496B-54EF-46A6-9631-E2ED0BC885B3}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5D174F62-CD14-4A7D-979B-22A59E853E7A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{64D001CB-4D64-4E21-9FFF-C92B44B69BD3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6F269583-EC17-4FFF-8C9D-4A566D8545F2}" = lport=139 | protocol=6 | dir=in | app=system | 
"{72B0230F-D96E-4C54-AEF5-60DBCA9A4974}" = lport=138 | protocol=17 | dir=in | app=system | 
"{74AD471B-1255-4BB8-A3C8-9411ADB15CF8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{795ABD0D-AFF0-40FF-9E1C-458F469EDEBE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8827BC18-EE0E-4EA1-AE43-8CED464514F3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8B06F735-A33C-4A41-B2F4-98FED0D4FABE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8E52599A-1F84-4D96-8A58-8C3566076EE3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8E8234A4-DCDD-4AAF-B7FE-DBBA3CC70417}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A4CF06F6-8BD9-4718-BEBE-533C944BDDD0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A83374E2-B1DA-4A82-980D-E919610DB043}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BAF68E57-BA64-45E2-851F-0E30F1E247E6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C289EBED-D689-493D-82EB-12E70347A9E6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{E14B84FA-0052-4473-8450-9D0B470C3E47}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E28EF76C-7F07-4D10-87B7-8A0C0645E8B9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C7DA21-54D0-43F9-A886-68F5C886664C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0D01C143-7510-489E-818A-837673CA39DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{157577BF-45B1-4F6F-AA64-9A0E1A937404}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{18B6B768-A2EB-437F-90BB-CA6DE24B13CA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{1905D2E1-025B-4DCB-B505-AB2A15A06C41}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1D55F5E4-6234-407B-98D2-37543EAC5464}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1F5E71C1-C87C-48D4-8ED8-07C169234E31}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{21AB1251-4DDD-428F-B559-8EDBA596F258}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{2666887A-ED04-4D24-A7EA-F0F76B234B1A}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{338B7128-994D-4E3D-9D93-51C9CED52698}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{41E74FAA-0C3B-4781-B14D-AD58FB39E0AD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4AA0E3A4-C1EE-4606-A334-A3E4BD26C236}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{52095715-F980-4245-8B0B-4817E3A28FB0}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{53952C17-3933-4200-9069-022D751BEC91}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe | 
"{54D9F561-17CF-4EB2-B387-E3BFDB389D95}" = protocol=6 | dir=out | app=system | 
"{58107C71-7B51-40C7-A0F4-B261E25A12FC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{59FEBC00-2724-4F57-BC45-86E7594FFBF9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{5A062EEE-1BA9-4038-AABC-A8861455BF6B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{5A7F7054-A31B-46EE-9E54-CBAC0447F81F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5C4DB566-124A-4B6E-972B-65D9D0FFCAD6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{657CB5F1-8247-4113-9847-55320BA49421}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{664F5462-BC9E-4A76-9B20-D48A480DF6EE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{67A92984-EDEE-465F-9708-5F98559AADF8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{6B3AFDF6-67D5-4D25-8444-E09B77A3CE59}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{86E4C30A-2CDB-4E2D-B9B4-3421CB212797}" = protocol=17 | dir=in | app=c:\users\laraanna\appdata\roaming\dropbox\bin\dropbox.exe | 
"{989C1C52-C4E8-453D-9266-8C5B844B337C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9CFA6D78-D50C-4DB7-9E28-7133F42B2071}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9FDCE421-80C6-4345-B0E3-CE61E190E71D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A0490123-FF03-464F-910B-2F867EB8E324}" = protocol=58 | dir=in | app=system | 
"{A1A7CA60-C30E-437F-81FF-55212CF91A50}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{A1ABF27F-2DA6-4D04-BEC9-C029A9A9FAF8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A32989A0-FC71-402D-8E29-E6D96CD0EEF8}" = protocol=6 | dir=in | app=c:\users\laraanna\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C4AE0EF3-71DD-4D15-BD4A-AA21055A86A9}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe | 
"{C67EAC1C-2195-4B44-9D25-05B5E1E7CCA8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C868BA2B-E090-40AC-9760-45F3452F3495}" = protocol=17 | dir=in | app=c:\program files (x86)\scan assistant\usdagent.exe | 
"{D0B25F14-9EEA-4F2F-B9FB-B8E92ADECEE6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D103120A-4105-4758-AAB7-B7711739EC83}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe | 
"{D494DF74-CA6F-4CB9-844B-8882D46AA1CB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{D9FDDBDC-EBC2-408C-83DA-918503ED9315}" = protocol=6 | dir=in | app=c:\program files (x86)\scan assistant\usdagent.exe | 
"{DD04A699-3720-497A-A555-30EC46735C3D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{E0B32894-C841-4B46-ACFC-6E4C29F03E06}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E438C5AD-EC32-4926-8985-AEB3C1D46050}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E5F5691B-7A28-4539-A4EA-24E347B9573A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EBFE1F10-6AAE-41FA-AC84-650F60DF9DA0}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe | 
"{F85B59F1-D428-4438-8C0D-E68B4A2AD7C3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{FFEF7C75-4CD1-4518-BA13-BD298B4DEB12}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"TCP Query User{0A279841-167B-404E-8151-D0E6F386741F}C:\users\laraanna\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\laraanna\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{8966A697-A29F-48B8-A80E-998F9D3770E8}C:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe | 
"TCP Query User{CE3172BE-A476-42C3-9DBF-FA59CD313D6B}C:\program files\ibm\spss\statistics\19\stats.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\19\stats.exe | 
"UDP Query User{1375EC78-08A6-412F-A156-B93A9BC68CCC}C:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe | 
"UDP Query User{BF45735B-ABF5-4392-B860-855DAD086407}C:\program files\ibm\spss\statistics\19\stats.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\19\stats.exe | 
"UDP Query User{FE3546E7-3BFF-4865-B468-5F7FE9C8C161}C:\users\laraanna\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\laraanna\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0D12EED917642F81501AB8731CEFC39641FB12CF" = Windows-Treiberpaket - Realtek Semiconductor Corp. HD Audio Driver (07/10/2009 6.0.1.5892)
"112AA64E0C8CC704E307FE914F7DEC1C0035598E" = Windows-Treiberpaket - Lenovo 1.55 (08/18/2009 1.55)
"1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31" = Windows-Treiberpaket - Intel hdc  (06/04/2009 7.0.0.1013)
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows-Treiberpaket - Intel System  (06/04/2009 1.0.0.0002)
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"W7DevOR" =  Registry Patch to arrange icons in Device and Printers folder of Windows 7
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Small Business Edition
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5C111F14-D9BE-459D-B0B6-B4D082F03749}" = Mobile Broadband Connect
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A408D56-A9CF-4219-9F78-23E6B48A1C0D}" = Verizon Wireless Mobile Broadband Self Activation
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B0F08ACB-6BBA-49A8-8BE9-BBB4C2D8B574}" = G Data AntiVirus 2013
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E8A54984-9776-4283-ACE2-782BA850A1C0}" = Roxio Creator Small Business Edition
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"BrowserCompanion" = BrowserCompanion
"CampusNet" = CampusNet Uninstall
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"ENTERPRISE" = Microsoft Office Enterprise 2007
"iDRS(tm) OCR Software by I.R.I.S" = iDRS(tm) OCR Software by I.R.I.S
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"Lenovo Welcome_is1" = Lenovo Welcome
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.15.1748" = Opera 12.15
"phase-6" = phase-6 2.2.0c
"Samsung Scan Assistant" = Samsung Scan Assistant
"Samsung Universal Scan Driver" = Samsung Universal Scan Driver
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1762070021-391940355-1678069908-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.03.2013 13:03:02 | Computer Name = ***_ThinkPad | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.03.2013 13:03:02 | Computer Name = ***_ThinkPad | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15569
 
Error - 14.03.2013 13:03:02 | Computer Name = ***_ThinkPad | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15569
 
Error - 15.03.2013 04:46:09 | Computer Name = ***_ThinkPad | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe"
 in Zeile 19.  Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
 ist ungültig.
 
Error - 15.03.2013 04:46:49 | Computer Name = ***_ThinkPad | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Lenovo\Access Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0.  Ungültige
 XML-Syntax.
 
Error - 15.03.2013 04:48:20 | Computer Name = ***_ThinkPad | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll"
 in Zeile 19.  Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
 ist ungültig.
 
Error - 17.03.2013 08:03:32 | Computer Name = ***_ThinkPad | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe"
 in Zeile 19.  Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
 ist ungültig.
 
Error - 17.03.2013 08:04:16 | Computer Name = ***_ThinkPad | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Lenovo\Access Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0.  Ungültige
 XML-Syntax.
 
Error - 17.03.2013 08:05:46 | Computer Name = ***_ThinkPad | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll"
 in Zeile 19.  Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
 ist ungültig.
 
Error - 18.03.2013 11:25:55 | Computer Name = ***_ThinkPad | Source = RasClient | ID = 20227
Description = 
 
[ Lenovo-Message Center Plus/Admin Events ]
Error - 13.02.2013 05:29:25 | Computer Name = ***_ThinkPad | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
 does not have a Lenovo Digital Signature. The file will be deleted
 
Error - 21.02.2013 11:23:39 | Computer Name = ***_ThinkPad | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
 does not have a Lenovo Digital Signature. The file will be deleted
 
[ OSession Events ]
Error - 10.03.2013 07:23:46 | Computer Name = ***_ThinkPad | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 19.04.2013 11:59:27 | Computer Name = ***_ThinkPad | Source = bowser | ID = 8003
Description = 
 
Error - 20.04.2013 04:47:22 | Computer Name = ***_ThinkPad | Source = bowser | ID = 8003
Description = 
 
Error - 20.04.2013 04:53:29 | Computer Name = ***_ThinkPad | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.143.74  registriert werden. Der Computer mit IP-Adresse 192.168.143.39
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 20.04.2013 06:20:18 | Computer Name = ***_ThinkPad | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.143.74  registriert werden. Der Computer mit IP-Adresse 192.168.143.39
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 20.04.2013 07:48:34 | Computer Name = ***_ThinkPad | Source = bowser | ID = 8003
Description = 
 
Error - 21.04.2013 20:39:43 | Computer Name = ***_ThinkPad | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 25.04.2013 04:30:19 | Computer Name = ***_ThinkPad | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 25.04.2013 04:44:39 | Computer Name = ***_ThinkPad | Source = bowser | ID = 8003
Description = 
 
Error - 25.04.2013 04:56:45 | Computer Name = ***_ThinkPad | Source = bowser | ID = 8003
Description = 
 
Error - 25.04.2013 05:08:36 | Computer Name = Lara_ThinkPad | Source = bowser | ID = 8003
Description = 
 
 
< End of report >

Code:

ATTFilter

OTL logfile created on: 25.04.2013 16:59:24 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\LaraAnna\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,84 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 38,30% Memory free
7,68 Gb Paging File | 4,92 Gb Available in Paging File | 64,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286,66 Gb Total Space | 100,99 Gb Free Space | 35,23% Space Free | Partition Type: NTFS
Drive D: | 7,47 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive Q: | 10,25 Gb Total Space | 4,64 Gb Free Space | 45,29% Space Free | Partition Type: NTFS
 
Computer Name: ***_THINKPAD | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.)
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Citavi 3\bin\Citavi.exe (Swiss Academic Software)
PRC - C:\Windows\SysWOW64\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Users\***\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - c:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe ()
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\tpnumlk.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3abd733e8fa28fafbfc99458fdf691da\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Citavi 3\bin\System.Data.SQLite.dll ()
MOD - C:\Program Files (x86)\Citavi 3\bin\SwissAcademic.RegularExpressions.dll ()
MOD - C:\Program Files (x86)\Citavi 3\bin\Hunspell.dll ()
MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Users\LaraAnna\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo)
SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe (G Data Software AG)
SRV - (AVKService) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SUService) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (AcSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (RoxLiveShare10) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
SRV - (RoxWatch10) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
SRV - (RoxMediaDB10) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG)
DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG)
DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG)
DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG)
DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS ()
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.sys (Samsung Electronics)
DRV:64bit: - (NETw1v64) -- C:\Windows\SysNative\drivers\NETw1v64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)
DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)
DRV - (PCDSRVC{184E4FA0-DE8C26D4-06000000}_0) -- c:\Programme\PC-Doctor\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {1D806B27-E66A-4090-B93C-8C383A43838D}
IE:64bit: - HKLM\..\SearchScopes\{1D806B27-E66A-4090-B93C-8C383A43838D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {223CA5A8-0B0C-43E1-B47C-6E7D65539B6D}
IE - HKLM\..\SearchScopes\{223CA5A8-0B0C-43E1-B47C-6E7D65539B6D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1762070021-391940355-1678069908-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
IE - HKU\S-1-5-21-1762070021-391940355-1678069908-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-1762070021-391940355-1678069908-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchplusnetwork.com/?sp=vit4
IE - HKU\S-1-5-21-1762070021-391940355-1678069908-1001\..\SearchScopes,DefaultScope = {223CA5A8-0B0C-43E1-B47C-6E7D65539B6D}
IE - HKU\S-1-5-21-1762070021-391940355-1678069908-1001\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
IE - HKU\S-1-5-21-1762070021-391940355-1678069908-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.13 13:35:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.04.13 13:36:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LaraAnna\AppData\Roaming\mozilla\Extensions
[2013.04.13 13:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.10 07:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.04.10 09:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.10 09:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.04.10 09:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.10 09:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.10 09:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.10 09:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( )
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1762070021-391940355-1678069908-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe File not found
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe File not found
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1762070021-391940355-1678069908-1001..\Run: [1aba155937fa] C:\Users\LaraAnna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EXRTRBZ2\www.mojo24.com\findstr.exe ()
O4 - HKU\S-1-5-21-1762070021-391940355-1678069908-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\LaraAnna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\LaraAnna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\LaraAnna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\LaraAnna\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1762070021-391940355-1678069908-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 10.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 139.153.30.1 139.153.30.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50597A27-A4BA-4603-B752-E1E354CC82A3}: Domain = stir.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50597A27-A4BA-4603-B752-E1E354CC82A3}: NameServer = 139.153.30.1 139.153.30.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A183DCF-D17E-4810-9DCE-2FB1D27B417E}: DhcpNameServer = 139.153.30.1 139.153.30.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B45EBB6-3E83-4C00-B9D4-E2BA977310FA}: DhcpNameServer = 139.153.30.1 139.153.30.2
O18:64bit: - Protocol\Handler\base64 - No CLSID value found
O18:64bit: - Protocol\Handler\chrome - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\prox - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.10 17:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{7a4776ee-33f5-11e2-8cf8-60eb697e825f}\Shell - "" = AutoRun
O33 - MountPoints2\{7a4776ee-33f5-11e2-8cf8-60eb697e825f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{dae0a3f3-cccb-11e1-8738-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dae0a3f3-cccb-11e1-8738-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 22:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.25 16:57:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\LaraAnna\Desktop\OTL.exe
[2013.04.25 11:08:31 | 000,000,000 | ---D | C] -- C:\Users\LaraAnna\AppData\Local\G DATA
[2013.04.25 10:39:22 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.04.25 10:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.04.25 10:39:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.13 13:38:07 | 000,000,000 | ---D | C] -- C:\Users\LaraAnna\AppData\Local\Macromedia
[2013.04.13 13:36:13 | 000,000,000 | ---D | C] -- C:\Users\LaraAnna\AppData\Local\Mozilla
[2013.04.13 13:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.04.13 13:35:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.04.13 13:35:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.12 11:28:14 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013.04.10 18:13:33 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.10 18:13:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.10 18:13:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.10 18:13:31 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.10 18:13:31 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.10 18:13:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.10 18:13:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.10 18:13:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.10 18:13:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.10 18:13:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.10 18:13:30 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.10 18:13:30 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.10 18:13:29 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.10 18:13:29 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.10 18:13:29 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.10 08:54:54 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.10 08:54:53 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.10 08:54:53 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.04.10 08:54:53 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.04.10 08:54:53 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.04.10 08:54:53 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.04.10 08:54:41 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 08:54:40 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 08:54:40 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 08:54:40 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 08:54:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 08:54:39 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.25 16:57:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LaraAnna\Desktop\OTL.exe
[2013.04.25 16:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.25 16:23:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.25 11:35:39 | 001,051,702 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2013.04.25 11:35:39 | 000,054,374 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2013.04.25 11:02:43 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.25 11:02:43 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.25 11:02:43 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.25 11:02:43 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.25 11:02:43 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.25 10:39:22 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.04.25 09:41:56 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.25 09:41:56 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.25 09:32:28 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.25 09:30:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.25 09:30:24 | 3092,926,464 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.22 10:40:11 | 000,049,246 | ---- | M] () -- C:\Users\LaraAnna\Desktop\amazon return_2.PNG
[2013.04.22 10:39:44 | 000,032,882 | ---- | M] () -- C:\Users\LaraAnna\Desktop\amazon return.PNG
[2013.04.13 13:35:58 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.11 09:09:29 | 000,000,000 | ---- | M] () -- C:\Users\LaraAnna\AppData\Roaming\SharedSettings.ccs
[2013.04.10 19:28:12 | 005,082,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.10 00:59:02 | 000,001,456 | ---- | M] () -- C:\Users\LaraAnna\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2013.04.04 08:26:05 | 000,001,069 | ---- | M] () -- C:\Users\LaraAnna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.04.04 08:25:43 | 000,001,043 | ---- | M] () -- C:\Users\LaraAnna\Desktop\Dropbox.lnk
 
========== Files Created - No Company Name ==========
 
[2013.04.25 10:39:22 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.04.22 10:40:11 | 000,049,246 | ---- | C] () -- C:\Users\LaraAnna\Desktop\amazon return_2.PNG
[2013.04.22 10:39:44 | 000,032,882 | ---- | C] () -- C:\Users\LaraAnna\Desktop\amazon return.PNG
[2013.04.13 13:35:57 | 000,001,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.04.13 13:35:57 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.11 09:09:29 | 000,000,000 | ---- | C] () -- C:\Users\LaraAnna\AppData\Roaming\SharedSettings.ccs
[2013.03.18 11:04:52 | 000,001,456 | ---- | C] () -- C:\Users\LaraAnna\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2012.10.18 17:01:27 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012.10.18 17:01:27 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2012.07.15 00:08:12 | 001,051,702 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.07.14 16:28:26 | 000,149,880 | ---- | C] () -- C:\Windows\wiainst64.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.23 16:04:57 | 000,000,000 | ---D | M] -- C:\Users\LaraAnna\AppData\Roaming\Amazon
[2013.04.25 17:22:46 | 000,000,000 | ---D | M] -- C:\Users\LaraAnna\AppData\Roaming\BrowserCompanion
[2013.03.13 16:55:49 | 000,000,000 | ---D | M] -- C:\Users\LaraAnna\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.04.25 09:34:02 | 000,000,000 | ---D | M] -- C:\Users\LaraAnna\AppData\Roaming\Dropbox
[2012.07.19 17:20:26 | 000,000,000 | ---D | M] -- C:\Users\LaraAnna\AppData\Roaming\InterVideo
[2012.07.14 16:26:27 | 000,000,000 | ---D | M] -- C:\Users\LaraAnna\AppData\Roaming\Opera
[2013.03.13 18:21:43 | 000,000,000 | ---D | M] -- C:\Users\LaraAnna\AppData\Roaming\PDAppFlex
[2012.07.14 17:11:00 | 000,000,000 | ---D | M] -- C:\Users\LaraAnna\AppData\Roaming\Phase6
[2013.03.14 23:48:56 | 000,000,000 | ---D | M] -- C:\Users\LaraAnna\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.02.02 18:22:08 | 000,000,000 | ---D | M] -- C:\Users\LaraAnna\AppData\Roaming\Swiss Academic Software
[2012.11.06 16:47:55 | 000,000,000 | ---D | M] -- C:\Users\LaraAnna\AppData\Roaming\www.rene-zeidler.de
 
========== Purity Check ==========
 
 

< End of report >

cosinus · 25.04.2013, 22:27

Rootkitscan mit GMER

Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

annaeli · 26.04.2013, 00:59

Nach erstem Durchlauf der mbar.exe

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.25.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
LaraAnna :: LARA_THINKPAD [limited]

26.04.2013 00:29:13
mbar-log-2013-04-26 (00-29-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31449
Time elapsed: 17 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 38
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\wit4ie.WitBHO.2 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\wit4ie.WitBHO (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\wit4ie.WitBHO (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\wit4ie.WitBHO.2 (PUP.Blabbers) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\tdataprotocol.CTData.1 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\tdataprotocol.CTData (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\tdataprotocol.CTData (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\tdataprotocol.CTData.1 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\updatebho.TimerBHO.1 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\updatebho.TimerBHO (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\updatebho.TimerBHO (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\updatebho.TimerBHO.1 (PUP.Blabbers) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BrowserCompanion (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Delete on reboot.

Registry Values Detected: 7
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|1aba155937fa (Trojan.Agent.ED) -> Data: C:\Users\LaraAnna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EXRTRBZ2\www.mojo24.com\findstr.exe -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\BASE64|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\CHROME|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\PROX|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\BASE64|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\CHROME|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\PROX|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
c:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Delete on reboot.

Files Detected: 212
c:\Users\LaraAnna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EXRTRBZ2\www.mojo24.com\findstr.exe (Trojan.Agent.ED) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\Local\Temp\download_document_610983.pdf.exe (Trojan.Agent.ED) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\terms.lnk.url (PUP.Blabbers) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\updater.ini (PUP.Blabbers) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cmpguid.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\fix4.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_71.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_71_2.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_83.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar183.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\xcodechange.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\0227dd5d240c9bdfb9504999e66c665b_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\0984d4fababb5d92394dc5b39b700075_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\0984d4fababb5d92394dc5b39b700075_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\1048fa0383ec8c1a4365d4bd4fed1de5 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\1048fa0383ec8c1a4365d4bd4fed1de5_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\150b7566b7871fb6e0ef44753d0c6dc3_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\dc9dc7eec614c4f09b8f012e4660cea0_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\e3cd5b2c64ca319aadec7c28c6c6feba_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\e3d0cf0d14d2e30505e2786e48906be4 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\e3d0cf0d14d2e30505e2786e48906be4_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\e6c109bf52ef89fe99f9a9379617ab0e_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\e72174145ae7671ff95578a2089c26b2 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\e72174145ae7671ff95578a2089c26b2_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\e7d8325da90d91d3c4e7720f0e629e17 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\e7d8325da90d91d3c4e7720f0e629e17_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\e7d8325da90d91d3c4e7720f0e629e17_version (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\53ddf5a366c4744e938cba26cd8998b0 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\53ddf5a366c4744e938cba26cd8998b0_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\5c07ce6ac7fa7b9ff2f3fd7a4d77eef8 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\5c07ce6ac7fa7b9ff2f3fd7a4d77eef8_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\5d2363890bbf5268e13448f8a75cef37 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\5d2363890bbf5268e13448f8a75cef37_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\62cce7d26ab5636bceb113b988d56c59_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\62fa933b365328fcb12137e9bf074578 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\62fa933b365328fcb12137e9bf074578_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\6496a43cad388e4b78f1ecce8fcffc27_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\6496a43cad388e4b78f1ecce8fcffc27_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\64f2ffe99c9841c0ce284e2ab27fd525 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\64f2ffe99c9841c0ce284e2ab27fd525_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\a6d4447986c4e442d92ed00b149c14f3_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\a6d4447986c4e442d92ed00b149c14f3_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\a95092a9bd34f5cfc98f78ca74502f36_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\a95092a9bd34f5cfc98f78ca74502f36_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\aa36bceec49c832079e270icmc219ats (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\adbb013efd3fd71cf048206629fae313_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\adbb013efd3fd71cf048206629fae313_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\adf275b6644b3fcac86a14ffe551dede (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\adf275b6644b3fcac86a14ffe551dede_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\2e0dda2d2281da01c330dc3e12b45a9d_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\2e0dda2d2281da01c330dc3e12b45a9d_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\2e74403c227112bec523796d5a77d77e (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\2e74403c227112bec523796d5a77d77e_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\2f44134d61194bdba24a9bc66027f44e_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\3518e1eac042730aa1274618984462b3_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\3518e1eac042730aa1274618984462b3_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\38207d71d9cc86fb6daebc118ce6286c_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\38207d71d9cc86fb6daebc118ce6286c_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\3b507b6d0186efd3615b9b9233c5f708 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\3b507b6d0186efd3615b9b9233c5f708_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\150b7566b7871fb6e0ef44753d0c6dc3_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\231785d024a11371bfc94ffff0a4b741_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\7989b29630f2dc383465b0346de5136a (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\b2b4e8937fa404b876cf8c88c3fe6329 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\cc21b9897ac8dfabd1e4dbf701784924 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\d87d174554b51fe072af6ad3a7a42f28 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\712c46454ce7a9ba511c8f02a771e538 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\712c46454ce7a9ba511c8f02a771e538_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\719f6985083c6f0c2a8fef7aa1f75d63 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\719f6985083c6f0c2a8fef7aa1f75d63_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\cc21b9897ac8dfabd1e4dbf701784924_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\d2458fd784f4eb7cff549c598cd14651 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\d2458fd784f4eb7cff549c598cd14651_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\d5747e13728fd7df356bc13545143ea6_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\d5747e13728fd7df356bc13545143ea6_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\d5baae4ef839769f8eb7e9f9d82d8a40_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\d6418e300158fb16d8396d122d4b423b_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\d6418e300158fb16d8396d122d4b423b_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\eeab68dd74d26245087956fb3caf6937_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\eeab68dd74d26245087956fb3caf6937_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\f1b12d7866611770f6b620072a5ec258_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\fe764433740cc4b1dfb6c45a6a6b628a (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\fe764433740cc4b1dfb6c45a6a6b628a_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\c1c44ca1d695da7ece0f59471a8950a1 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\c1c44ca1d695da7ece0f59471a8950a1_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\c6d8337e4b016a68fdbb60b29e7d254d (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\c6d8337e4b016a68fdbb60b29e7d254d_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\cbb647c72e5b13b52d1392c603dcfde6 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\cbb647c72e5b13b52d1392c603dcfde6_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\99369696a6ac1aab285d5f642e245dcd_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\9ab1b760fcd39a99d560e932efc027ae_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\9c2afdb0a6d9bf59b300144154b58c67_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\9c2afdb0a6d9bf59b300144154b58c67_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\9c3a4c3f7d10f85147fa09d19f610015_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\9c86b973456448ae01f1cbc0d6cf607a_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\9c86b973456448ae01f1cbc0d6cf607a_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\a227f4517bd7937e697182f46906a6b4_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\a227f4517bd7937e697182f46906a6b4_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\a3baaa00db0a8465f2248dab71ef2826_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\4713e82e27fb9719d76577d1585acb00_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\4713e82e27fb9719d76577d1585acb00_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\477bd5402a5bfa0f8ee61cd01f27470c_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\477f5134e73f0099219c494cb23f6657_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\477f5134e73f0099219c494cb23f6657_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\4c84596d3a88c66ad9d449a45c76dd89 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\4c84596d3a88c66ad9d449a45c76dd89_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\2328e1768b820b18ab2f301c9ff88e2c (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\2328e1768b820b18ab2f301c9ff88e2c_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\24fa30cb8996e4692833571384ae36d6 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\24fa30cb8996e4692833571384ae36d6_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\253712f62fa354f36c490a3f42ba9bfc_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\253712f62fa354f36c490a3f42ba9bfc_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\286965653b415f505622ea74d2bd3bbe_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\286965653b415f505622ea74d2bd3bbe_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\e92f376d6ebb0a4d5b63685c21828ba2 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\e92f376d6ebb0a4d5b63685c21828ba2_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\e9e14a99847657c53e1cc29cc55ab7af_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\e9e14a99847657c53e1cc29cc55ab7af_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\64fb2f1cc9977e0b100dbab874b3b89c_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\658987e48ed8b4a20fa71afdd0c84454_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\6b99fc04045eae98af76b6eb6a259cef_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\6d091eb0bf44b762a039ee138e6b165c_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\6d091eb0bf44b762a039ee138e6b165c_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\6f8b3140943075f95ae0c74c1a13b752_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\6f8b3140943075f95ae0c74c1a13b752_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\d87d174554b51fe072af6ad3a7a42f28_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\d965aead622233a60676ef2349956f38_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\db96ff26706a1a3d595ecb67266c2d94_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\b2b4e8937fa404b876cf8c88c3fe6329_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\b3688636ecfdc491aea728939c15f43e_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\b3688636ecfdc491aea728939c15f43e_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\b5080fd498f4580cd85cbf8ff41766c5_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\b5080fd498f4580cd85cbf8ff41766c5_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\ba5a261c6565bfb443aa6cbf828a753d (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\ba5a261c6565bfb443aa6cbf828a753d_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\1b56f16ed9915e2ddbdc7e781b9b40c4 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\1b56f16ed9915e2ddbdc7e781b9b40c4_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\21a6fdff5cdeec15248bec4975ed92cb (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\21a6fdff5cdeec15248bec4975ed92cb_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\231785d024a11371bfc94ffff0a4b741_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\7989b29630f2dc383465b0346de5136a_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\7acafe2d3e4c14a116bde4e028813ba7 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\7acafe2d3e4c14a116bde4e028813ba7_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\7e781915f58fe108a6af37bf82ba047b (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\7e781915f58fe108a6af37bf82ba047b_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\8fd0e5f2c42f56c41599ca329ef70350_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\8fd0e5f2c42f56c41599ca329ef70350_GB (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7 (PUP.Blabbers) -> Delete on reboot.
c:\Users\LaraAnna\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire (PUP.Blabbers) -> Delete on reboot.

(end)

Nach zweitem Durchlauf der mbar.exe

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.25.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
LaraAnna :: LARA_THINKPAD [administrator]

26.04.2013 00:55:44
mbar-log-2013-04-26 (00-55-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31058
Time elapsed: 18 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

cosinus · 26.04.2013, 08:09

Was ist mit GMER?

annaeli · 26.04.2013, 09:58

Sorry, total vergessen! Hier ist's nun.

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-26 00:02:38
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.02.0 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\LaraAnna\AppData\Local\Temp\pgtiraoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                     fffff80002feb000 45 bytes [00, 00, 12, 02, 48, 6F, 6F, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 606                                                                     fffff80002feb02e 8 bytes [5C, 00, 4D, 00, 41, 00, 43, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69         00000000746f1465 2 bytes [6F, 74]
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155        00000000746f14bb 2 bytes [6F, 74]
.text     ...                                                                                                                                    * 2
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69               00000000746f1465 2 bytes [6F, 74]
.text     C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155              00000000746f14bb 2 bytes [6F, 74]
.text     ...                                                                                                                                    * 2
.text     C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[3796] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                   00000000746f1465 2 bytes [6F, 74]
.text     C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe[3796] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                  00000000746f14bb 2 bytes [6F, 74]
.text     ...                                                                                                                                    * 2
.text     C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe[3436] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                              00000000746f1465 2 bytes [6F, 74]
.text     C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe[3436] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                             00000000746f14bb 2 bytes [6F, 74]
.text     ...                                                                                                                                    * 2
.text     C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe[3976] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                               00000000746f1465 2 bytes [6F, 74]
.text     C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe[3976] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                              00000000746f14bb 2 bytes [6F, 74]
.text     ...                                                                                                                                    * 2
.text     C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2036] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69   00000000746f1465 2 bytes [6F, 74]
.text     C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe[2036] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155  00000000746f14bb 2 bytes [6F, 74]
.text     ...                                                                                                                                    * 2
.text     C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[2672] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                               00000000746f1465 2 bytes [6F, 74]
.text     C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[2672] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                              00000000746f14bb 2 bytes [6F, 74]
.text     ...                                                                                                                                    * 2
.text     C:\Program Files\Lenovo\Zoom\TpScrex.exe[3144] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                 00000000746f1465 2 bytes [6F, 74]
.text     C:\Program Files\Lenovo\Zoom\TpScrex.exe[3144] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                00000000746f14bb 2 bytes [6F, 74]
.text     ...                                                                                                                                    * 2
.text     C:\Users\LaraAnna\AppData\Roaming\Dropbox\bin\Dropbox.exe[744] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                 00000000746f1465 2 bytes [6F, 74]
.text     C:\Users\LaraAnna\AppData\Roaming\Dropbox\bin\Dropbox.exe[744] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                00000000746f14bb 2 bytes [6F, 74]
.text     ...                                                                                                                                    * 2
.text     C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE[3376] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69            00000000746f1465 2 bytes [6F, 74]
.text     C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE[3376] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155           00000000746f14bb 2 bytes [6F, 74]
.text     ...                                                                                                                                    * 2
.text     C:\Users\LaraAnna\AppData\Roaming\BrowserCompanion\tbhcn.exe[3564] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69             00000000746f1465 2 bytes [6F, 74]
.text     C:\Users\LaraAnna\AppData\Roaming\BrowserCompanion\tbhcn.exe[3564] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155            00000000746f14bb 2 bytes [6F, 74]
.text     ...                                                                                                                                    * 2
.text     C:\Windows\SysWOW64\rundll32.exe[4024] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                         00000000746f1465 2 bytes [6F, 74]
.text     C:\Windows\SysWOW64\rundll32.exe[4024] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                        00000000746f14bb 2 bytes [6F, 74]
.text     ...                                                                                                                                    * 2
.text     C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe[4080] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69          00000000746f1465 2 bytes [6F, 74]
.text     C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe[4080] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155         00000000746f14bb 2 bytes [6F, 74]
.text     ...                                                                                                                                    * 2
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69           00000000746f1465 2 bytes [6F, 74]
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          00000000746f14bb 2 bytes [6F, 74]
.text     ...                                                                                                                                    * 2
.text     C:\Program Files (x86)\iTunes\iTunesHelper.exe[3820] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                           00000000746f1465 2 bytes [6F, 74]
.text     C:\Program Files (x86)\iTunes\iTunesHelper.exe[3820] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                          00000000746f14bb 2 bytes [6F, 74]
.text     ...                                                                                                                                    * 2
.text     C:\Windows\SysWOW64\jusched.exe[4060] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                          00000000746f1465 2 bytes [6F, 74]
.text     C:\Windows\SysWOW64\jusched.exe[4060] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                         00000000746f14bb 2 bytes [6F, 74]
.text     ...                                                                                                                                    * 2
.text     C:\Windows\SysWOW64\DllHost.exe[8408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                          00000000746f1465 2 bytes [6F, 74]
.text     C:\Windows\SysWOW64\DllHost.exe[8408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                         00000000746f14bb 2 bytes [6F, 74]
.text     ...                                                                                                                                    * 2
.text     C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe[11384] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69         00000000746f1465 2 bytes [6F, 74]
.text     C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe[11384] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155        00000000746f14bb 2 bytes [6F, 74]
.text     ...                                                                                                                                    * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\system32\svchost.exe [1040:4832]                                                                                            000007fef02984d8
Thread    C:\Windows\system32\svchost.exe [1040:4328]                                                                                            000007fef01523a8
Thread    C:\Windows\system32\svchost.exe [1040:4744]                                                                                            000007fef01b0d00
Thread    C:\Windows\system32\svchost.exe [1040:4296]                                                                                            000007fef00a9498
Thread    C:\Windows\system32\svchost.exe [1040:8812]                                                                                            000007fef3e54164
Thread    C:\Windows\system32\svchost.exe [1040:4364]                                                                                            000007fef1281ab0
Thread    C:\Windows\system32\svchost.exe [1996:3028]                                                                                            000007fef1bf8470
Thread    C:\Windows\system32\svchost.exe [1996:4648]                                                                                            000007fef1c02418
Thread    C:\Windows\system32\svchost.exe [1996:3424]                                                                                            000007feee97f130
Thread    C:\Windows\system32\svchost.exe [1996:5192]                                                                                            000007feee974734
Thread    C:\Windows\system32\svchost.exe [1996:8856]                                                                                            000007feee974734
Thread    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [3376:5312]                                                              00000000003e3cd6
Thread    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [3376:5316]                                                              00000000003f1404
Thread    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [3376:5500]                                                              00000000003ccd60
Thread    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [3376:5504]                                                              00000000003cf1ff
Thread    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [3376:5508]                                                              00000000003cf007
Thread    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [3376:5568]                                                              00000000005c3cd6
Thread    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [3376:11408]                                                             00000000005d1404
Thread    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [3376:7488]                                                              0000000002353cd6
Thread    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [3376:11940]                                                             0000000002361404
Thread    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [3376:3572]                                                              00000000005acd60
Thread    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [3376:8016]                                                              00000000005af1ff
Thread    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [3376:10132]                                                             00000000005af007
Thread    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [3376:5932]                                                              000000000233cd60
Thread    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [3376:4160]                                                              000000000233f1ff
Thread    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [3376:6996]                                                              000000000233f007
Thread    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [3376:5352]                                                              0000000002a53cd6
Thread    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [3376:2740]                                                              0000000002a61404
Thread    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [3376:7224]                                                              0000000002a3cd60
Thread    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [3376:4236]                                                              0000000002a3f1ff
Thread    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [3376:12832]                                                             0000000002a3f007
Thread    C:\Windows\SysWOW64\rundll32.exe [4024:5420]                                                                                           00000000001d3cd6
Thread    C:\Windows\SysWOW64\rundll32.exe [4024:5424]                                                                                           00000000001e1404
Thread    C:\Windows\SysWOW64\rundll32.exe [4024:5572]                                                                                           00000000001bcd60
Thread    C:\Windows\SysWOW64\rundll32.exe [4024:5576]                                                                                           00000000001bf1ff
Thread    C:\Windows\SysWOW64\rundll32.exe [4024:5580]                                                                                           00000000001bf007
Thread    C:\Windows\SysWOW64\rundll32.exe [4024:11128]                                                                                          0000000000653cd6
Thread    C:\Windows\SysWOW64\rundll32.exe [4024:11464]                                                                                          0000000000661404
Thread    C:\Windows\SysWOW64\rundll32.exe [4024:11808]                                                                                          0000000000a43cd6
Thread    C:\Windows\SysWOW64\rundll32.exe [4024:12072]                                                                                          0000000000a51404
Thread    C:\Windows\SysWOW64\rundll32.exe [4024:12108]                                                                                          000000000063cd60
Thread    C:\Windows\SysWOW64\rundll32.exe [4024:12260]                                                                                          000000000063f1ff
Thread    C:\Windows\SysWOW64\rundll32.exe [4024:6140]                                                                                           000000000063f007
Thread    C:\Windows\SysWOW64\rundll32.exe [4024:7996]                                                                                           0000000000a2cd60
Thread    C:\Windows\SysWOW64\rundll32.exe [4024:7876]                                                                                           0000000000a2f1ff
Thread    C:\Windows\SysWOW64\rundll32.exe [4024:7852]                                                                                           0000000000a2f007
Thread    C:\Windows\SysWOW64\rundll32.exe [4024:10732]                                                                                          0000000003223cd6
Thread    C:\Windows\SysWOW64\rundll32.exe [4024:12340]                                                                                          0000000003231404
Thread    C:\Windows\SysWOW64\rundll32.exe [4024:6292]                                                                                           000000000320cd60
Thread    C:\Windows\SysWOW64\rundll32.exe [4024:4100]                                                                                           000000000320f1ff
Thread    C:\Windows\SysWOW64\rundll32.exe [4024:3568]                                                                                           000000000320f007
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [4080:5696]                                                            00000000002e3cd6
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [4080:5700]                                                            00000000002f1404
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [4080:5732]                                                            00000000002ccd60
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [4080:5736]                                                            00000000002cf1ff
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [4080:5740]                                                            00000000002cf007
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [4080:11428]                                                           0000000000433cd6
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [4080:10708]                                                           0000000000441404
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [4080:11820]                                                           0000000002393cd6
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [4080:11896]                                                           00000000023a1404
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [4080:8196]                                                            000000000041cd60
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [4080:8992]                                                            000000000041f1ff
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [4080:8944]                                                            000000000041f007
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [4080:11280]                                                           000000000237cd60
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [4080:12192]                                                           000000000237f1ff
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [4080:4172]                                                            000000000237f007
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [4080:1932]                                                            0000000003173cd6
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [4080:6704]                                                            0000000003181404
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [4080:4996]                                                            000000000315cd60
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [4080:10544]                                                           000000000315f1ff
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [4080:10696]                                                           000000000315f007
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [5760:3656]                                                                         000007fefb9b2a7c
Thread    C:\Windows\System32\svchost.exe [5948:460]                                                                                             000007fefade9688
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [11384:4776]                                                           0000000000253b0c
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [11384:2440]                                                           0000000000243cd6
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [11384:6168]                                                           0000000000251404
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [11384:11788]                                                          000000000022cd60
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [11384:9392]                                                           0000000000246f2d
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [11384:11836]                                                          000000000022e045
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [11384:11640]                                                          00000000002499a5
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [11384:11636]                                                          000000000022d707
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [11384:11652]                                                          000000000022df61
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [11384:6068]                                                           000000000022eeb6
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [11384:11456]                                                          000000000022f007
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [11384:11120]                                                          00000000002497f5
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [11384:11708]                                                          00000000002497f5
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [11384:11856]                                                          00000000002497f5
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [11384:8256]                                                           00000000002497f5
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [11384:7860]                                                           00000000002497f5
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [11384:11780]                                                          00000000002497f5
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [11384:11732]                                                          00000000002497f5
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [11384:11916]                                                          00000000002497f5
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [11384:11736]                                                          00000000002497f5
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [11384:11980]                                                          00000000002497f5
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [11384:12040]                                                          00000000002497f5
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [11384:12076]                                                          00000000002497f5
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [11384:12096]                                                          00000000002497f5
Thread    C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe [11384:12004]                                                          00000000002497f5

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f74a                                                            
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\5cac4ccda7ac                                                            
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f74a (not active ControlSet)                                        
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\5cac4ccda7ac (not active ControlSet)                                        

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                                  unknown MBR code

---- EOF - GMER 2.1 ----

cosinus · 26.04.2013, 09:59

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

annaeli · 26.04.2013, 11:08

Hier schonmal die aswMBR.text

Code:

ATTFilter

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-26 10:46:51
-----------------------------
10:46:51.468    OS Version: Windows x64 6.1.7601 Service Pack 1
10:46:51.468    Number of processors: 2 586 0x170A
10:46:51.471    ComputerName: LARA_THINKPAD  UserName: LaraAnna
10:46:53.630    Initialize success
10:49:00.025    AVAST engine defs: 13042501
10:49:57.888    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:49:57.904    Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3
10:49:58.003    Disk 0 MBR read successfully
10:49:58.003    Disk 0 MBR scan
10:49:58.018    Disk 0 unknown MBR code
10:49:58.034    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS         1200 MB offset 2048
10:49:58.065    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       293543 MB offset 2459648
10:49:58.112    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        10500 MB offset 603635712
10:49:58.195    Disk 0 scanning C:\Windows\system32\drivers
10:50:15.987    Service scanning
10:51:04.921    Modules scanning
10:51:04.926    Disk 0 trace - called modules:
10:51:04.972    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
10:51:04.972    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005791060]
10:51:04.988    3 CLASSPNP.SYS[fffff88001a6543f] -> nt!IofCallDriver -> [0xfffffa800468a660]
10:51:04.988    5 ACPI.sys[fffff88000f917a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800468f050]
10:51:06.388    AVAST engine scan C:\Windows
10:51:09.175    AVAST engine scan C:\Windows\system32
10:57:34.744    AVAST engine scan C:\Windows\system32\drivers
10:58:17.893    AVAST engine scan C:\Users\LaraAnna
11:05:34.928    Disk 0 MBR has been saved successfully to "C:\Users\LaraAnna\Desktop\MBR.dat"
11:05:34.959    The log file has been saved successfully to "C:\Users\LaraAnna\Desktop\aswMBR.txt"

Hier TDSSKiller

Code:

ATTFilter

11:11:16.0601 5208  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:11:17.0678 5208  ============================================================
11:11:17.0678 5208  Current date / time: 2013/04/26 11:11:17.0678
11:11:17.0678 5208  SystemInfo:
11:11:17.0678 5208  
11:11:17.0678 5208  OS Version: 6.1.7601 ServicePack: 1.0
11:11:17.0678 5208  Product type: Workstation
11:11:17.0693 5208  ComputerName: LARA_THINKPAD
11:11:17.0693 5208  UserName: LaraAnna
11:11:17.0693 5208  Windows directory: C:\Windows
11:11:17.0693 5208  System windows directory: C:\Windows
11:11:17.0693 5208  Running under WOW64
11:11:17.0693 5208  Processor architecture: Intel x64
11:11:17.0693 5208  Number of processors: 2
11:11:17.0693 5208  Page size: 0x1000
11:11:17.0693 5208  Boot type: Normal boot
11:11:17.0693 5208  ============================================================
11:11:25.0899 5208  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:11:25.0914 5208  ============================================================
11:11:25.0914 5208  \Device\Harddisk0\DR0:
11:11:25.0930 5208  MBR partitions:
11:11:25.0930 5208  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
11:11:25.0930 5208  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x23D53800
11:11:25.0930 5208  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23FAC000, BlocksNum 0x14822B0
11:11:25.0930 5208  ============================================================
11:11:25.0977 5208  C: <-> \Device\Harddisk0\DR0\Partition2
11:11:26.0039 5208  Q: <-> \Device\Harddisk0\DR0\Partition3
11:11:26.0039 5208  ============================================================
11:11:26.0039 5208  Initialize success
11:11:26.0039 5208  ============================================================
11:11:46.0399 3124  ============================================================
11:11:46.0399 3124  Scan started
11:11:46.0399 3124  Mode: Manual; SigCheck; TDLFS; 
11:11:46.0399 3124  ============================================================
11:11:48.0973 3124  ================ Scan system memory ========================
11:11:48.0973 3124  System memory - ok
11:11:48.0973 3124  ================ Scan services =============================
11:11:49.0332 3124  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
11:11:50.0689 3124  1394ohci - ok
11:11:50.0720 3124  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:11:50.0876 3124  ACPI - ok
11:11:50.0892 3124  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
11:11:51.0110 3124  AcpiPmi - ok
11:11:51.0204 3124  [ 3D9F4E95B9E88360329D3DB011935BA3 ] AcPrfMgrSvc     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
11:11:51.0344 3124  AcPrfMgrSvc - ok
11:11:51.0360 3124  [ 859891A43D538A43FA02651F65ECE22F ] AcSvc           C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
11:11:51.0516 3124  AcSvc - ok
11:11:51.0594 3124  [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:11:51.0734 3124  AdobeARMservice - ok
11:11:51.0875 3124  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:11:52.0015 3124  AdobeFlashPlayerUpdateSvc - ok
11:11:52.0079 3124  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
11:11:52.0266 3124  adp94xx - ok
11:11:52.0297 3124  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
11:11:52.0453 3124  adpahci - ok
11:11:52.0469 3124  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
11:11:52.0625 3124  adpu320 - ok
11:11:52.0671 3124  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:11:52.0890 3124  AeLookupSvc - ok
11:11:52.0952 3124  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
11:11:53.0139 3124  AFD - ok
11:11:53.0171 3124  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
11:11:53.0311 3124  agp440 - ok
11:11:53.0358 3124  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
11:11:53.0529 3124  ALG - ok
11:11:53.0576 3124  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:11:53.0717 3124  aliide - ok
11:11:53.0732 3124  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
11:11:53.0873 3124  amdide - ok
11:11:53.0935 3124  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
11:11:54.0107 3124  AmdK8 - ok
11:11:54.0122 3124  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
11:11:54.0294 3124  AmdPPM - ok
11:11:54.0341 3124  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
11:11:54.0481 3124  amdsata - ok
11:11:54.0528 3124  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
11:11:54.0668 3124  amdsbs - ok
11:11:54.0699 3124  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
11:11:54.0840 3124  amdxata - ok
11:11:54.0887 3124  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
11:11:55.0074 3124  AppID - ok
11:11:55.0105 3124  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:11:55.0340 3124  AppIDSvc - ok
11:11:55.0387 3124  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
11:11:55.0590 3124  Appinfo - ok
11:11:55.0699 3124  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:11:55.0839 3124  Apple Mobile Device - ok
11:11:55.0870 3124  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
11:11:56.0011 3124  arc - ok
11:11:56.0026 3124  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
11:11:56.0167 3124  arcsas - ok
11:11:56.0182 3124  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:11:56.0432 3124  AsyncMac - ok
11:11:56.0479 3124  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
11:11:56.0635 3124  atapi - ok
11:11:56.0682 3124  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:11:56.0931 3124  AudioEndpointBuilder - ok
11:11:56.0947 3124  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
11:11:57.0134 3124  AudioSrv - ok
11:11:57.0259 3124  [ BF3B991E0E22F9E6A82CCF6512CB51D0 ] AVKProxy        C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
11:11:57.0430 3124  AVKProxy - ok
11:11:57.0493 3124  [ 29DA2D5958B352022A1BB5CE6FDB427C ] AVKService      C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
11:11:57.0649 3124  AVKService - ok
11:11:57.0696 3124  [ BD66948F382D077AC9833B6414D1F06E ] AVKWCtl         C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe
11:11:58.0242 3124  AVKWCtl - ok
11:11:58.0320 3124  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:11:58.0554 3124  AxInstSV - ok
11:11:58.0616 3124  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
11:11:58.0788 3124  b06bdrv - ok
11:11:58.0834 3124  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
11:11:58.0990 3124  b57nd60a - ok
11:11:59.0115 3124  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
11:11:59.0271 3124  BBSvc - ok
11:11:59.0287 3124  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
11:11:59.0458 3124  BBUpdate - ok
11:11:59.0521 3124  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
11:11:59.0692 3124  BDESVC - ok
11:11:59.0708 3124  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:11:59.0926 3124  Beep - ok
11:11:59.0989 3124  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
11:12:00.0254 3124  BFE - ok
11:12:00.0316 3124  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
11:12:00.0550 3124  BITS - ok
11:12:00.0582 3124  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
11:12:00.0769 3124  blbdrive - ok
11:12:00.0862 3124  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:12:01.0003 3124  Bonjour Service - ok
11:12:01.0050 3124  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:12:01.0221 3124  bowser - ok
11:12:01.0237 3124  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:12:01.0471 3124  BrFiltLo - ok
11:12:01.0486 3124  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:12:01.0658 3124  BrFiltUp - ok
11:12:01.0674 3124  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
11:12:01.0845 3124  Browser - ok
11:12:01.0892 3124  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
11:12:02.0110 3124  Brserid - ok
11:12:02.0126 3124  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:12:02.0298 3124  BrSerWdm - ok
11:12:02.0313 3124  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:12:02.0485 3124  BrUsbMdm - ok
11:12:02.0500 3124  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:12:02.0656 3124  BrUsbSer - ok
11:12:02.0703 3124  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
11:12:02.0922 3124  BthEnum - ok
11:12:02.0937 3124  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
11:12:03.0093 3124  BTHMODEM - ok
11:12:03.0109 3124  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
11:12:03.0265 3124  BthPan - ok
11:12:03.0312 3124  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
11:12:03.0514 3124  BTHPORT - ok
11:12:03.0546 3124  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
11:12:03.0717 3124  bthserv - ok
11:12:03.0733 3124  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
11:12:03.0889 3124  BTHUSB - ok
11:12:03.0951 3124  [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
11:12:04.0060 3124  btwaudio - ok
11:12:04.0123 3124  [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
11:12:04.0248 3124  btwavdt - ok
11:12:04.0326 3124  [ D65AA164ACD0F6706DBCFBBCC9731584 ] btwdins         C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
11:12:04.0482 3124  btwdins - ok
11:12:04.0528 3124  [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
11:12:04.0653 3124  btwl2cap - ok
11:12:04.0700 3124  [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
11:12:04.0840 3124  btwrchid - ok
11:12:04.0872 3124  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:12:05.0043 3124  cdfs - ok
11:12:05.0090 3124  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:12:05.0293 3124  cdrom - ok
11:12:05.0355 3124  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
11:12:05.0527 3124  CertPropSvc - ok
11:12:05.0558 3124  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
11:12:05.0714 3124  circlass - ok
11:12:05.0761 3124  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
11:12:05.0932 3124  CLFS - ok
11:12:05.0995 3124  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:12:06.0135 3124  clr_optimization_v2.0.50727_32 - ok
11:12:06.0198 3124  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:12:06.0338 3124  clr_optimization_v2.0.50727_64 - ok
11:12:06.0416 3124  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:12:06.0619 3124  clr_optimization_v4.0.30319_32 - ok
11:12:06.0666 3124  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:12:06.0806 3124  clr_optimization_v4.0.30319_64 - ok
11:12:06.0837 3124  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
11:12:07.0040 3124  CmBatt - ok
11:12:07.0071 3124  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:12:07.0212 3124  cmdide - ok
11:12:07.0258 3124  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
11:12:07.0446 3124  CNG - ok
11:12:07.0477 3124  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
11:12:07.0617 3124  Compbatt - ok
11:12:07.0664 3124  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
11:12:07.0836 3124  CompositeBus - ok
11:12:07.0867 3124  COMSysApp - ok
11:12:07.0882 3124  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
11:12:08.0023 3124  crcdisk - ok
11:12:08.0085 3124  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:12:08.0304 3124  CryptSvc - ok
11:12:08.0350 3124  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:12:08.0631 3124  DcomLaunch - ok
11:12:08.0678 3124  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
11:12:08.0896 3124  defragsvc - ok
11:12:08.0959 3124  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:12:09.0193 3124  DfsC - ok
11:12:09.0255 3124  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:12:09.0427 3124  Dhcp - ok
11:12:09.0458 3124  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
11:12:09.0676 3124  discache - ok
11:12:09.0723 3124  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
11:12:09.0864 3124  Disk - ok
11:12:09.0895 3124  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:12:10.0066 3124  Dnscache - ok
11:12:10.0113 3124  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:12:10.0300 3124  dot3svc - ok
11:12:10.0347 3124  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
11:12:10.0566 3124  DPS - ok
11:12:10.0612 3124  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:12:10.0768 3124  drmkaud - ok
11:12:10.0815 3124  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:12:11.0018 3124  DXGKrnl - ok
11:12:11.0065 3124  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
11:12:11.0283 3124  EapHost - ok
11:12:11.0377 3124  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
11:12:11.0673 3124  ebdrv - ok
11:12:11.0720 3124  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
11:12:11.0907 3124  EFS - ok
11:12:12.0048 3124  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:12:12.0282 3124  ehRecvr - ok
11:12:12.0328 3124  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
11:12:12.0531 3124  ehSched - ok
11:12:12.0578 3124  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
11:12:12.0765 3124  elxstor - ok
11:12:12.0796 3124  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:12:12.0984 3124  ErrDev - ok
11:12:13.0046 3124  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
11:12:13.0264 3124  EventSystem - ok
11:12:13.0280 3124  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
11:12:13.0467 3124  exfat - ok
11:12:13.0483 3124  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:12:13.0686 3124  fastfat - ok
11:12:13.0748 3124  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
11:12:13.0935 3124  Fax - ok
11:12:13.0951 3124  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
11:12:14.0091 3124  fdc - ok
11:12:14.0138 3124  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
11:12:14.0341 3124  fdPHost - ok
11:12:14.0356 3124  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:12:14.0575 3124  FDResPub - ok
11:12:14.0606 3124  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:12:14.0746 3124  FileInfo - ok
11:12:14.0778 3124  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:12:14.0980 3124  Filetrace - ok
11:12:15.0074 3124  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
11:12:15.0261 3124  flpydisk - ok
11:12:15.0324 3124  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:12:15.0480 3124  FltMgr - ok
11:12:15.0542 3124  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
11:12:15.0776 3124  FontCache - ok
11:12:15.0838 3124  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:12:15.0979 3124  FontCache3.0.0.0 - ok
11:12:15.0994 3124  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
11:12:16.0150 3124  FsDepends - ok
11:12:16.0166 3124  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:12:16.0322 3124  Fs_Rec - ok
11:12:16.0353 3124  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:12:16.0509 3124  fvevol - ok
11:12:16.0540 3124  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
11:12:16.0681 3124  gagp30kx - ok
11:12:16.0728 3124  [ 116F4672A804DA33E1159C005AE88B9C ] GDBehave        C:\Windows\system32\drivers\GDBehave.sys
11:12:16.0868 3124  GDBehave - ok
11:12:16.0899 3124  [ E02AC68F1FC31D38EAD729E00BD68C93 ] GDMnIcpt        C:\Windows\system32\drivers\MiniIcpt.sys
11:12:17.0040 3124  GDMnIcpt - ok
11:12:17.0055 3124  [ 290DDB8C97249F99569B77E9DF2F76FC ] GDPkIcpt        C:\Windows\system32\drivers\PktIcpt.sys
11:12:17.0211 3124  GDPkIcpt - ok
11:12:17.0258 3124  [ B7D4DF09A86A5DC98F74A2FA2875C154 ] GDScan          C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
11:12:17.0430 3124  GDScan - ok
11:12:17.0461 3124  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:12:17.0601 3124  GEARAspiWDM - ok
11:12:17.0648 3124  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
11:12:17.0882 3124  gpsvc - ok
11:12:17.0976 3124  [ 9580CBF03D2EE08BD1C0D701AAE4092A ] GRD             C:\Windows\system32\drivers\GRD.sys
11:12:18.0116 3124  GRD - ok
11:12:18.0210 3124  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:12:18.0350 3124  gupdate - ok
11:12:18.0366 3124  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:12:18.0506 3124  gupdatem - ok
11:12:18.0537 3124  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:12:18.0740 3124  hcw85cir - ok
11:12:18.0771 3124  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:12:18.0958 3124  HdAudAddService - ok
11:12:18.0990 3124  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
11:12:19.0161 3124  HDAudBus - ok
11:12:19.0161 3124  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
11:12:19.0349 3124  HidBatt - ok
11:12:19.0364 3124  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
11:12:19.0536 3124  HidBth - ok
11:12:19.0551 3124  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
11:12:19.0739 3124  HidIr - ok
11:12:19.0770 3124  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
11:12:19.0957 3124  hidserv - ok
11:12:19.0988 3124  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:12:20.0175 3124  HidUsb - ok
11:12:20.0285 3124  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:12:20.0503 3124  hkmsvc - ok
11:12:20.0550 3124  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:12:20.0753 3124  HomeGroupListener - ok
11:12:20.0799 3124  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:12:20.0987 3124  HomeGroupProvider - ok
11:12:21.0018 3124  [ 3CD18F0B3681FB267E67763CC3152D4E ] HookCentre      C:\Windows\system32\drivers\HookCentre.sys
11:12:21.0158 3124  HookCentre - ok
11:12:21.0205 3124  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
11:12:21.0345 3124  HpSAMD - ok
11:12:21.0408 3124  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:12:21.0642 3124  HTTP - ok
11:12:21.0689 3124  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:12:21.0829 3124  hwpolicy - ok
11:12:21.0876 3124  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
11:12:22.0063 3124  i8042prt - ok
11:12:22.0141 3124  [ 0E899D0DB39617AA0B2F992E7E95B5EB ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
11:12:22.0297 3124  IAANTMON - ok
11:12:22.0344 3124  [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
11:12:22.0484 3124  iaStor - ok
11:12:22.0531 3124  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
11:12:22.0703 3124  iaStorV - ok
11:12:22.0734 3124  [ B8E7CA64FFF8B71636DEA3A845CC23E5 ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
11:12:22.0874 3124  IBMPMDRV - ok
11:12:22.0890 3124  [ 6DAEDF692B52B7C238C7199419318D16 ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
11:12:23.0030 3124  IBMPMSVC - ok
11:12:23.0108 3124  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:12:23.0280 3124  idsvc - ok
11:12:23.0467 3124  [ DFEAF0A1D98D397035012C8E28D1520F ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
11:12:23.0966 3124  igfx - ok
11:12:24.0013 3124  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
11:12:24.0138 3124  iirsp - ok
11:12:24.0185 3124  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
11:12:24.0465 3124  IKEEXT - ok
11:12:24.0559 3124  [ 3111A658416DC464BA1E48E3B2169952 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:12:24.0777 3124  IntcAzAudAddService - ok
11:12:24.0902 3124  [ D485D3BD3E2179AA86853A182F70699F ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
11:12:25.0058 3124  IntcHdmiAddService - ok
11:12:25.0089 3124  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
11:12:25.0230 3124  intelide - ok
11:12:25.0261 3124  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:12:25.0417 3124  intelppm - ok
11:12:25.0433 3124  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:12:25.0620 3124  IPBusEnum - ok
11:12:25.0667 3124  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:12:25.0854 3124  IpFilterDriver - ok
11:12:25.0916 3124  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:12:26.0135 3124  iphlpsvc - ok
11:12:26.0166 3124  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
11:12:26.0369 3124  IPMIDRV - ok
11:12:26.0384 3124  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
11:12:26.0603 3124  IPNAT - ok
11:12:26.0665 3124  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
11:12:26.0821 3124  iPod Service - ok
11:12:26.0852 3124  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:12:27.0024 3124  IRENUM - ok
11:12:27.0039 3124  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:12:27.0195 3124  isapnp - ok
11:12:27.0227 3124  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
11:12:27.0383 3124  iScsiPrt - ok
11:12:27.0445 3124  [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr       C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
11:12:27.0585 3124  IviRegMgr - ok
11:12:27.0648 3124  [ 80A1DE467ADF200390134D63E359937A ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
11:12:27.0835 3124  JMCR - ok
11:12:27.0882 3124  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
11:12:28.0022 3124  kbdclass - ok
11:12:28.0053 3124  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
11:12:28.0225 3124  kbdhid - ok
11:12:28.0256 3124  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
11:12:28.0459 3124  KeyIso - ok
11:12:28.0537 3124  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:12:28.0693 3124  KSecDD - ok
11:12:28.0709 3124  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
11:12:28.0865 3124  KSecPkg - ok
11:12:28.0896 3124  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
11:12:29.0083 3124  ksthunk - ok
11:12:29.0130 3124  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:12:29.0333 3124  KtmRm - ok
11:12:29.0395 3124  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
11:12:29.0613 3124  LanmanServer - ok
11:12:29.0660 3124  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:12:29.0847 3124  LanmanWorkstation - ok
11:12:29.0894 3124  [ D584216C7767DCFB4B812B9B60A4A4E7 ] LENOVO.MICMUTE  C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
11:12:30.0035 3124  LENOVO.MICMUTE - ok
11:12:30.0066 3124  [ 5ACFF5823634BC2C4EBF559C3B33E18E ] lenovo.smi      C:\Windows\system32\DRIVERS\smiifx64.sys
11:12:30.0206 3124  lenovo.smi - ok
11:12:30.0253 3124  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:12:30.0487 3124  lltdio - ok
11:12:30.0534 3124  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:12:30.0768 3124  lltdsvc - ok
11:12:30.0815 3124  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:12:31.0002 3124  lmhosts - ok
11:12:31.0049 3124  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
11:12:31.0189 3124  LSI_FC - ok
11:12:31.0205 3124  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
11:12:31.0345 3124  LSI_SAS - ok
11:12:31.0361 3124  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:12:31.0501 3124  LSI_SAS2 - ok
11:12:31.0532 3124  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:12:31.0673 3124  LSI_SCSI - ok
11:12:31.0704 3124  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
11:12:31.0938 3124  luafv - ok
11:12:31.0969 3124  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:12:32.0141 3124  Mcx2Svc - ok
11:12:32.0141 3124  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
11:12:32.0297 3124  megasas - ok
11:12:32.0312 3124  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
11:12:32.0468 3124  MegaSR - ok
11:12:32.0562 3124  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
11:12:32.0702 3124  Microsoft Office Groove Audit Service - ok
11:12:32.0733 3124  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
11:12:32.0967 3124  MMCSS - ok
11:12:32.0967 3124  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
11:12:33.0155 3124  Modem - ok
11:12:33.0186 3124  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:12:33.0389 3124  monitor - ok
11:12:33.0420 3124  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:12:33.0560 3124  mouclass - ok
11:12:33.0576 3124  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:12:33.0747 3124  mouhid - ok
11:12:33.0794 3124  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:12:33.0950 3124  mountmgr - ok
11:12:34.0028 3124  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:12:34.0184 3124  MozillaMaintenance - ok
11:12:34.0215 3124  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:12:34.0356 3124  mpio - ok
11:12:34.0387 3124  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:12:34.0590 3124  mpsdrv - ok
11:12:34.0652 3124  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:12:34.0917 3124  MpsSvc - ok
11:12:34.0949 3124  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:12:35.0136 3124  MRxDAV - ok
11:12:35.0183 3124  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:12:35.0354 3124  mrxsmb - ok
11:12:35.0385 3124  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:12:35.0541 3124  mrxsmb10 - ok
11:12:35.0573 3124  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:12:35.0729 3124  mrxsmb20 - ok
11:12:35.0744 3124  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
11:12:35.0885 3124  msahci - ok
11:12:35.0916 3124  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:12:36.0072 3124  msdsm - ok
11:12:36.0103 3124  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
11:12:36.0275 3124  MSDTC - ok
11:12:36.0321 3124  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:12:36.0493 3124  Msfs - ok
11:12:36.0509 3124  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
11:12:36.0680 3124  mshidkmdf - ok
11:12:36.0711 3124  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:12:36.0821 3124  msisadrv - ok
11:12:36.0867 3124  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:12:37.0055 3124  MSiSCSI - ok
11:12:37.0055 3124  msiserver - ok
11:12:37.0086 3124  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:12:37.0242 3124  MSKSSRV - ok
11:12:37.0273 3124  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:12:37.0429 3124  MSPCLOCK - ok
11:12:37.0445 3124  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:12:37.0601 3124  MSPQM - ok
11:12:37.0647 3124  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:12:37.0757 3124  MsRPC - ok
11:12:37.0772 3124  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
11:12:37.0928 3124  mssmbios - ok
11:12:37.0944 3124  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:12:38.0163 3124  MSTEE - ok
11:12:38.0179 3124  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
11:12:38.0319 3124  MTConfig - ok
11:12:38.0350 3124  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
11:12:38.0491 3124  Mup - ok
11:12:38.0538 3124  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
11:12:38.0787 3124  napagent - ok
11:12:38.0818 3124  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:12:38.0990 3124  NativeWifiP - ok
11:12:39.0069 3124  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:12:39.0225 3124  NDIS - ok
11:12:39.0256 3124  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
11:12:39.0397 3124  NdisCap - ok
11:12:39.0428 3124  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:12:39.0568 3124  NdisTapi - ok
11:12:39.0615 3124  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:12:39.0771 3124  Ndisuio - ok
11:12:39.0802 3124  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:12:39.0958 3124  NdisWan - ok
11:12:39.0989 3124  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:12:40.0130 3124  NDProxy - ok
11:12:40.0177 3124  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:12:40.0317 3124  NetBIOS - ok
11:12:40.0364 3124  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
11:12:40.0489 3124  NetBT - ok
11:12:40.0520 3124  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
11:12:40.0645 3124  Netlogon - ok
11:12:40.0676 3124  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
11:12:40.0847 3124  Netman - ok
11:12:40.0879 3124  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
11:12:41.0035 3124  netprofm - ok
11:12:41.0050 3124  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:12:41.0144 3124  NetTcpPortSharing - ok
11:12:41.0315 3124  [ E72F4522801FFB8F0456924FB0017BFF ] NETw1v64        C:\Windows\system32\DRIVERS\NETw1v64.sys
11:12:41.0752 3124  NETw1v64 - ok
11:12:41.0924 3124  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
11:12:42.0361 3124  netw5v64 - ok
11:12:42.0392 3124  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
11:12:42.0532 3124  nfrd960 - ok
11:12:42.0595 3124  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:12:42.0766 3124  NlaSvc - ok
11:12:42.0782 3124  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:12:43.0016 3124  Npfs - ok
11:12:43.0031 3124  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
11:12:43.0219 3124  nsi - ok
11:12:43.0250 3124  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:12:43.0453 3124  nsiproxy - ok
11:12:43.0546 3124  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:12:43.0796 3124  Ntfs - ok
11:12:43.0811 3124  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
11:12:44.0045 3124  Null - ok
11:12:44.0108 3124  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:12:44.0248 3124  nvraid - ok
11:12:44.0279 3124  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:12:44.0435 3124  nvstor - ok
11:12:44.0467 3124  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:12:44.0607 3124  nv_agp - ok
11:12:44.0701 3124  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:12:44.0888 3124  odserv - ok
11:12:44.0919 3124  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
11:12:45.0106 3124  ohci1394 - ok
11:12:45.0184 3124  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:12:45.0325 3124  ose - ok
11:12:45.0356 3124  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:12:45.0543 3124  p2pimsvc - ok
11:12:45.0574 3124  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:12:45.0746 3124  p2psvc - ok
11:12:45.0777 3124  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
11:12:45.0933 3124  Parport - ok
11:12:45.0964 3124  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:12:46.0105 3124  partmgr - ok
11:12:46.0136 3124  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:12:46.0307 3124  PcaSvc - ok
11:12:46.0448 3124  [ 51209FBDB13A46E05C1B0077A9310264 ] PCDSRVC{184E4FA0-DE8C26D4-06000000}_0 c:\progra~1\pc-doc~1\pcdsrvc_x64.pkms
11:12:46.0931 3124  PCDSRVC{184E4FA0-DE8C26D4-06000000}_0 - ok
11:12:46.0963 3124  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
11:12:47.0119 3124  pci - ok
11:12:47.0150 3124  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
11:12:47.0290 3124  pciide - ok
11:12:47.0337 3124  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
11:12:47.0493 3124  pcmcia - ok
11:12:47.0509 3124  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
11:12:47.0649 3124  pcw - ok
11:12:47.0680 3124  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:12:48.0023 3124  PEAUTH - ok
11:12:48.0101 3124  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
11:12:48.0304 3124  PerfHost - ok
11:12:48.0382 3124  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
11:12:48.0679 3124  pla - ok
11:12:48.0741 3124  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:12:48.0928 3124  PlugPlay - ok
11:12:48.0944 3124  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
11:12:49.0147 3124  PNRPAutoReg - ok
11:12:49.0178 3124  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
11:12:49.0334 3124  PNRPsvc - ok
11:12:49.0396 3124  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:12:49.0646 3124  PolicyAgent - ok
11:12:49.0677 3124  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
11:12:49.0880 3124  Power - ok
11:12:49.0942 3124  [ BF179CFCFDB28B9E28397835BEAFE332 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
11:12:50.0083 3124  Power Manager DBC Service - ok
11:12:50.0129 3124  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:12:50.0379 3124  PptpMiniport - ok
11:12:50.0410 3124  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
11:12:50.0613 3124  Processor - ok
11:12:50.0660 3124  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
11:12:50.0847 3124  ProfSvc - ok
11:12:50.0878 3124  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:12:51.0034 3124  ProtectedStorage - ok
11:12:51.0065 3124  [ 515A7C5A0886FCC60901916785EFD549 ] psadd           C:\Windows\system32\DRIVERS\psadd.sys
11:12:51.0206 3124  psadd - ok
11:12:51.0253 3124  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:12:51.0502 3124  Psched - ok
11:12:51.0533 3124  [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
11:12:51.0674 3124  PxHlpa64 - ok
11:12:51.0736 3124  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
11:12:51.0970 3124  ql2300 - ok
11:12:52.0017 3124  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
11:12:52.0173 3124  ql40xx - ok
11:12:52.0235 3124  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
11:12:52.0485 3124  QWAVE - ok
11:12:52.0501 3124  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:12:52.0703 3124  QWAVEdrv - ok
11:12:52.0703 3124  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:12:52.0937 3124  RasAcd - ok
11:12:53.0015 3124  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
11:12:53.0234 3124  RasAgileVpn - ok
11:12:53.0265 3124  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
11:12:53.0499 3124  RasAuto - ok
11:12:53.0546 3124  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:12:53.0733 3124  Rasl2tp - ok
11:12:53.0795 3124  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
11:12:54.0045 3124  RasMan - ok
11:12:54.0076 3124  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:12:54.0279 3124  RasPppoe - ok
11:12:54.0310 3124  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:12:54.0544 3124  RasSstp - ok
11:12:54.0607 3124  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:12:54.0778 3124  rdbss - ok
11:12:54.0794 3124  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
11:12:54.0965 3124  rdpbus - ok
11:12:54.0997 3124  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:12:55.0215 3124  RDPCDD - ok
11:12:55.0246 3124  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:12:55.0480 3124  RDPENCDD - ok
11:12:55.0496 3124  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:12:55.0714 3124  RDPREFMP - ok
11:12:55.0792 3124  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:12:55.0964 3124  RDPWD - ok
11:12:56.0026 3124  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:12:56.0135 3124  rdyboost - ok
11:12:56.0182 3124  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:12:56.0401 3124  RemoteAccess - ok
11:12:56.0432 3124  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:12:56.0666 3124  RemoteRegistry - ok
11:12:56.0713 3124  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
11:12:56.0915 3124  RFCOMM - ok
11:12:57.0025 3124  [ 14A99FD851272C73B758546EF8F0E641 ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
11:12:57.0165 3124  Roxio UPnP Renderer 10 - ok
11:12:57.0196 3124  [ BA917F2F2BD5033E70823797C73CDFCB ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
11:12:57.0352 3124  Roxio Upnp Server 10 - ok
11:12:57.0430 3124  [ 8986D20CF294D794A79FB18FF697B68B ] RoxLiveShare10  C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
11:12:57.0586 3124  RoxLiveShare10 - ok
11:12:57.0633 3124  [ D8C44229EB2495E774350529ED9BE08D ] RoxMediaDB10    C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
11:12:57.0836 3124  RoxMediaDB10 - ok
11:12:57.0883 3124  [ 53716357F4B3C99112CF0A21932C5688 ] RoxWatch10      C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
11:12:58.0023 3124  RoxWatch10 - ok
11:12:58.0148 3124  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:12:58.0335 3124  RpcEptMapper - ok
11:12:58.0366 3124  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
11:12:58.0553 3124  RpcLocator - ok
11:12:58.0585 3124  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
11:12:58.0819 3124  RpcSs - ok
11:12:58.0897 3124  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:12:59.0146 3124  rspndr - ok
11:12:59.0193 3124  [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
11:12:59.0411 3124  RTL8167 - ok
11:12:59.0427 3124  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
11:12:59.0599 3124  SamSs - ok
11:12:59.0630 3124  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:12:59.0786 3124  sbp2port - ok
11:12:59.0817 3124  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:13:00.0004 3124  SCardSvr - ok
11:13:00.0035 3124  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:13:00.0207 3124  scfilter - ok
11:13:00.0269 3124  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
11:13:00.0566 3124  Schedule - ok
11:13:00.0597 3124  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:13:00.0800 3124  SCPolicySvc - ok
11:13:00.0893 3124  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
11:13:01.0081 3124  sdbus - ok
11:13:01.0127 3124  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:13:01.0299 3124  SDRSVC - ok
11:13:01.0346 3124  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:13:01.0533 3124  secdrv - ok
11:13:01.0580 3124  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
11:13:01.0736 3124  seclogon - ok
11:13:01.0767 3124  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
11:13:01.0954 3124  SENS - ok
11:13:02.0001 3124  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:13:02.0126 3124  SensrSvc - ok
11:13:02.0157 3124  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
11:13:02.0297 3124  Serenum - ok
11:13:02.0329 3124  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
11:13:02.0485 3124  Serial - ok
11:13:02.0516 3124  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
11:13:02.0656 3124  sermouse - ok
11:13:02.0703 3124  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:13:02.0906 3124  SessionEnv - ok
11:13:02.0937 3124  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
11:13:03.0093 3124  sffdisk - ok
11:13:03.0109 3124  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:13:03.0280 3124  sffp_mmc - ok
11:13:03.0296 3124  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
11:13:03.0421 3124  sffp_sd - ok
11:13:03.0452 3124  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
11:13:03.0608 3124  sfloppy - ok
11:13:03.0639 3124  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:13:03.0842 3124  SharedAccess - ok
11:13:03.0889 3124  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:13:04.0091 3124  ShellHWDetection - ok
11:13:04.0123 3124  [ 5A5346931CE61EA85F8338F7A03131F7 ] Shockprf        C:\Windows\system32\DRIVERS\Apsx64.sys
11:13:04.0232 3124  Shockprf - ok
11:13:04.0247 3124  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:13:04.0372 3124  SiSRaid2 - ok
11:13:04.0388 3124  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
11:13:04.0528 3124  SiSRaid4 - ok
11:13:04.0622 3124  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
11:13:04.0762 3124  SkypeUpdate - ok
11:13:04.0793 3124  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:13:05.0012 3124  Smb - ok
11:13:05.0074 3124  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:13:05.0261 3124  SNMPTRAP - ok
11:13:05.0277 3124  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:13:05.0433 3124  spldr - ok
11:13:05.0480 3124  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
11:13:05.0651 3124  Spooler - ok
11:13:05.0776 3124  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
11:13:06.0057 3124  sppsvc - ok
11:13:06.0088 3124  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
11:13:06.0307 3124  sppuinotify - ok
11:13:06.0338 3124  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:13:06.0556 3124  srv - ok
11:13:06.0587 3124  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:13:06.0790 3124  srv2 - ok
11:13:06.0853 3124  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:13:07.0071 3124  SrvHsfHDA - ok
11:13:07.0118 3124  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:13:07.0352 3124  SrvHsfV92 - ok
11:13:07.0399 3124  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:13:07.0617 3124  SrvHsfWinac - ok
11:13:07.0648 3124  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:13:07.0804 3124  srvnet - ok
11:13:07.0851 3124  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:13:08.0038 3124  SSDPSRV - ok
11:13:08.0069 3124  [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
11:13:08.0225 3124  SSPORT - ok
11:13:08.0241 3124  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:13:08.0475 3124  SstpSvc - ok
11:13:08.0537 3124  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
11:13:08.0693 3124  stexstor - ok
11:13:08.0725 3124  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
11:13:08.0896 3124  StillCam - ok
11:13:08.0959 3124  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
11:13:09.0208 3124  stisvc - ok
11:13:09.0239 3124  [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr        C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
11:13:09.0380 3124  stllssvr - ok
11:13:09.0442 3124  [ 91403353D039DC6D3D81644A68422649 ] SUService       c:\Program Files (x86)\Lenovo\System Update\SUService.exe
11:13:09.0583 3124  SUService ( UnsignedFile.Multi.Generic ) - warning
11:13:09.0583 3124  SUService - detected UnsignedFile.Multi.Generic (1)
11:13:09.0629 3124  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
11:13:09.0785 3124  swenum - ok
11:13:09.0832 3124  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
11:13:10.0097 3124  swprv - ok
11:13:10.0160 3124  [ 929C9FA0B18AD2EBC8340591C4BF00FF ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
11:13:10.0316 3124  SynTP - ok
11:13:10.0394 3124  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
11:13:10.0675 3124  SysMain - ok
11:13:10.0721 3124  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:13:10.0893 3124  TabletInputService - ok
11:13:10.0940 3124  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:13:11.0205 3124  TapiSrv - ok
11:13:11.0221 3124  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
11:13:11.0423 3124  TBS - ok
11:13:11.0517 3124  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:13:11.0751 3124  Tcpip - ok
11:13:11.0860 3124  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:13:12.0063 3124  TCPIP6 - ok
11:13:12.0141 3124  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:13:12.0297 3124  tcpipreg - ok
11:13:12.0359 3124  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:13:12.0531 3124  TDPIPE - ok
11:13:12.0562 3124  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:13:12.0781 3124  TDTCP - ok
11:13:12.0827 3124  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:13:13.0061 3124  tdx - ok
11:13:13.0124 3124  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
11:13:13.0280 3124  TermDD - ok
11:13:13.0327 3124  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
11:13:13.0545 3124  TermService - ok
11:13:13.0592 3124  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
11:13:13.0763 3124  Themes - ok
11:13:13.0826 3124  [ 39AC444E07FDBD8C2E8E291A65D515D3 ] ThinkVantage Registry Monitor Service C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
11:13:14.0029 3124  ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - warning
11:13:14.0029 3124  ThinkVantage Registry Monitor Service - detected UnsignedFile.Multi.Generic (1)
11:13:14.0122 3124  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
11:13:14.0356 3124  THREADORDER - ok
11:13:14.0419 3124  [ 7E25F9AE51DAAC0791DF1EB949A58DBE ] TPDIGIMN        C:\Windows\system32\DRIVERS\ApsHM64.sys
11:13:14.0543 3124  TPDIGIMN - ok
11:13:14.0575 3124  [ DD96DE244CB186207149BC897E67217A ] TPHDEXLGSVC     C:\Windows\system32\TPHDEXLG64.exe
11:13:14.0715 3124  TPHDEXLGSVC - ok
11:13:14.0793 3124  [ A2080872EFB7582B43762141AE8D61B9 ] TPHKSVC         C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
11:13:14.0933 3124  TPHKSVC - ok
11:13:14.0980 3124  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
11:13:15.0167 3124  TPM - ok
11:13:15.0214 3124  [ 2C067E01D6BBCCC88B233B868E210907 ] TPPWRIF         C:\Windows\system32\drivers\Tppwr64v.sys
11:13:15.0355 3124  TPPWRIF - ok
11:13:15.0401 3124  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
11:13:15.0604 3124  TrkWks - ok
11:13:15.0667 3124  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:13:15.0854 3124  TrustedInstaller - ok
11:13:15.0963 3124  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:13:16.0135 3124  tssecsrv - ok
11:13:16.0197 3124  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
11:13:16.0415 3124  TsUsbFlt - ok
11:13:16.0478 3124  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:13:16.0727 3124  tunnel - ok
11:13:16.0790 3124  [ B56DA1AA776C15043D10F82B32AA000D ] TVT Backup Service C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
11:13:17.0180 3124  TVT Backup Service ( UnsignedFile.Multi.Generic ) - warning
11:13:17.0180 3124  TVT Backup Service - detected UnsignedFile.Multi.Generic (1)
11:13:17.0211 3124  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
11:13:17.0367 3124  uagp35 - ok
11:13:17.0414 3124  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:13:17.0601 3124  udfs - ok
11:13:17.0695 3124  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:13:17.0851 3124  UI0Detect - ok
11:13:17.0882 3124  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:13:18.0038 3124  uliagpkx - ok
11:13:18.0085 3124  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
11:13:18.0256 3124  umbus - ok
11:13:18.0272 3124  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
11:13:18.0428 3124  UmPass - ok
11:13:18.0459 3124  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
11:13:18.0677 3124  upnphost - ok
11:13:18.0740 3124  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
11:13:18.0958 3124  USBAAPL64 - ok
11:13:18.0989 3124  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:13:19.0161 3124  usbccgp - ok
11:13:19.0208 3124  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:13:19.0364 3124  usbcir - ok
11:13:19.0411 3124  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
11:13:19.0582 3124  usbehci - ok
11:13:19.0629 3124  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:13:19.0816 3124  usbhub - ok
11:13:19.0847 3124  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
11:13:20.0035 3124  usbohci - ok
11:13:20.0081 3124  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:13:20.0253 3124  usbprint - ok
11:13:20.0284 3124  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
11:13:20.0456 3124  usbscan - ok
11:13:20.0471 3124  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:13:20.0690 3124  USBSTOR - ok
11:13:20.0721 3124  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
11:13:20.0893 3124  usbuhci - ok
11:13:20.0924 3124  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
11:13:21.0095 3124  usbvideo - ok
11:13:21.0127 3124  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
11:13:21.0376 3124  UxSms - ok
11:13:21.0407 3124  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
11:13:21.0579 3124  VaultSvc - ok
11:13:21.0610 3124  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
11:13:21.0766 3124  vdrvroot - ok
11:13:21.0813 3124  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
11:13:22.0047 3124  vds - ok
11:13:22.0141 3124  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:13:22.0297 3124  vga - ok
11:13:22.0328 3124  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:13:22.0562 3124  VgaSave - ok
11:13:22.0593 3124  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
11:13:22.0749 3124  vhdmp - ok
11:13:22.0796 3124  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
11:13:22.0936 3124  viaide - ok
11:13:22.0967 3124  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:13:23.0108 3124  volmgr - ok
11:13:23.0155 3124  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:13:23.0326 3124  volmgrx - ok
11:13:23.0342 3124  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:13:23.0513 3124  volsnap - ok
11:13:23.0560 3124  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
11:13:23.0701 3124  vsmraid - ok
11:13:23.0794 3124  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
11:13:24.0091 3124  VSS - ok
11:13:24.0106 3124  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
11:13:24.0293 3124  vwifibus - ok
11:13:24.0340 3124  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
11:13:24.0543 3124  W32Time - ok
11:13:24.0637 3124  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
11:13:24.0808 3124  WacomPen - ok
11:13:24.0886 3124  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
11:13:25.0136 3124  WANARP - ok
11:13:25.0136 3124  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:13:25.0339 3124  Wanarpv6 - ok
11:13:25.0510 3124  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
11:13:25.0713 3124  WatAdminSvc - ok
11:13:25.0791 3124  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
11:13:26.0025 3124  wbengine - ok
11:13:26.0056 3124  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
11:13:26.0243 3124  WbioSrvc - ok
11:13:26.0290 3124  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:13:26.0509 3124  wcncsvc - ok
11:13:26.0524 3124  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:13:26.0711 3124  WcsPlugInService - ok
11:13:26.0727 3124  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
11:13:26.0883 3124  Wd - ok
11:13:26.0930 3124  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:13:27.0133 3124  Wdf01000 - ok
11:13:27.0148 3124  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:13:27.0398 3124  WdiServiceHost - ok
11:13:27.0413 3124  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:13:27.0632 3124  WdiSystemHost - ok
11:13:27.0710 3124  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
11:13:27.0913 3124  WebClient - ok
11:13:27.0944 3124  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:13:28.0193 3124  Wecsvc - ok
11:13:28.0225 3124  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:13:28.0427 3124  wercplsupport - ok
11:13:28.0474 3124  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:13:28.0661 3124  WerSvc - ok
11:13:28.0708 3124  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
11:13:28.0942 3124  WfpLwf - ok
11:13:28.0958 3124  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
11:13:29.0114 3124  WIMMount - ok
11:13:29.0145 3124  WinDefend - ok
11:13:29.0161 3124  WinHttpAutoProxySvc - ok
11:13:29.0223 3124  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:13:29.0426 3124  Winmgmt - ok
11:13:29.0551 3124  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
11:13:29.0878 3124  WinRM - ok
11:13:29.0956 3124  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
11:13:30.0128 3124  WinUsb - ok
11:13:30.0175 3124  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:13:30.0424 3124  Wlansvc - ok
11:13:30.0471 3124  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
11:13:30.0643 3124  WmiAcpi - ok
11:13:30.0705 3124  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:13:30.0877 3124  wmiApSrv - ok
11:13:30.0908 3124  WMPNetworkSvc - ok
11:13:30.0955 3124  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:13:31.0142 3124  WPCSvc - ok
11:13:31.0173 3124  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:13:31.0360 3124  WPDBusEnum - ok
11:13:31.0376 3124  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:13:31.0610 3124  ws2ifsl - ok
11:13:31.0641 3124  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
11:13:31.0797 3124  wscsvc - ok
11:13:31.0813 3124  WSearch - ok
11:13:31.0891 3124  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
11:13:32.0079 3124  wuauserv - ok
11:13:32.0126 3124  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:13:32.0266 3124  WudfPf - ok
11:13:32.0297 3124  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:13:32.0469 3124  WUDFRd - ok
11:13:32.0500 3124  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:13:32.0656 3124  wudfsvc - ok
11:13:32.0687 3124  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
11:13:32.0890 3124  WwanSvc - ok
11:13:32.0937 3124  ================ Scan global ===============================
11:13:32.0969 3124  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:13:33.0016 3124  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:13:33.0031 3124  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:13:33.0063 3124  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:13:33.0094 3124  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:13:33.0094 3124  [Global] - ok
11:13:33.0094 3124  ================ Scan MBR ==================================
11:13:33.0109 3124  [ 917EB0F08C6DC978D646440C825D52EE ] \Device\Harddisk0\DR0
11:13:33.0484 3124  \Device\Harddisk0\DR0 - ok
11:13:33.0484 3124  ================ Scan VBR ==================================
11:13:33.0484 3124  [ EE9AC0FFEA44A8D9B6F2AA59B1462D9D ] \Device\Harddisk0\DR0\Partition1
11:13:33.0484 3124  \Device\Harddisk0\DR0\Partition1 - ok
11:13:33.0531 3124  [ 76B4A99E42387A5EC1D6E136259B6848 ] \Device\Harddisk0\DR0\Partition2
11:13:33.0531 3124  \Device\Harddisk0\DR0\Partition2 - ok
11:13:33.0562 3124  [ 9C938B38B235D2E5E8E17F0273AE40F6 ] \Device\Harddisk0\DR0\Partition3
11:13:33.0562 3124  \Device\Harddisk0\DR0\Partition3 - ok
11:13:33.0562 3124  ============================================================
11:13:33.0562 3124  Scan finished
11:13:33.0562 3124  ============================================================
11:13:33.0577 4300  Detected object count: 3
11:13:33.0577 4300  Actual detected object count: 3
11:14:08.0896 4300  SUService ( UnsignedFile.Multi.Generic ) - skipped by user
11:14:08.0896 4300  SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:14:08.0896 4300  ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:14:08.0896 4300  ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:14:08.0896 4300  TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:14:08.0896 4300  TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:15:43.0971 2000  Deinitialize success

cosinus · 26.04.2013, 15:09

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

annaeli · 26.04.2013, 15:53

Hallo,
ich habe Combofix wie beschrieben ausgeführt und folgende Fehlermeldung zwischendurch erhalten diese jedoch ignoriert:

Fehler beim Überschreiben der Datei:
"C:\32788R22FWJFW\License\iexplore.exe"

Ich kann jedoch nirgends eine log Datei finden. Ist habe unbeabsichtigt die Internetverbindung getrennt, weil ich ans Lan Kabel gekommen bin...Liegts vielleicht daran?

cosinus · 26.04.2013, 15:54

Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal - lass die Internetverbindung bitte aktiv

annaeli · 26.04.2013, 20:35

Ist es normal, dass Combofix jetzt schon seit mehr als 4 h laeuft? Zwischendurch hatte ich folgende Meldung auf dem Bildschrim: PEV.exe funktioniert nicht mehr. Da Combofix aber weiter gelaufen ist habe ich nichts unternommen und die Meldung ist verschwunden.

26.04.2013, 08:09	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	USB Stick zeigt nur Verknüpfungen Was ist mit GMER? __________________ Logfiles bitte immer in CODE-Tags posten

26.04.2013, 15:54	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	USB Stick zeigt nur Verknüpfungen Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal - lass die Internetverbindung bitte aktiv __________________ Logfiles bitte immer in CODE-Tags posten

USB Stick zeigt nur Verknüpfungen

Plagegeister aller Art und deren Bekämpfung: USB Stick zeigt nur Verknüpfungen