Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   und noch einer: "windowssystem... blockiert... bezahlen... runterladen" (https://www.trojaner-board.de/106576-noch-windowssystem-blockiert-bezahlen-runterladen.html)

qwertz999 19.12.2011 23:11
und noch einer: "windowssystem... blockiert... bezahlen... runterladen"
 
nu hats mich auch erwischt. :schrei:
hier der bericht vom aktuellen malwarebyte:
------------------------------------------
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8399

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421

19.12.2011 21:49:07
mbam-log-2011-12-19 (21-49-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 546805
Laufzeit: 45 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
d:\docs\PUK\misc\Progs\freeripmp3.exe (Adware.MyWaySearch) -> No action taken.
c:\Users\Admin\AppData\Local\Temp\0.4609722247639225.exe (Exploit.Drop.2) -> No action taken.
-----------------------------------------------------------------------
ich hab dann problembehebung gem. malwarebyte ausgeführt.
system lief dann wieder kurze zeit normal, dann der allseits beliebte schwarze bildschirm mit der nachricht, s. titel.

hab dann also otl gemacht, anbei die files.
mache e-banking auf dem pc...

ist es bereits gefährlich, mich mit dem noch ins internet zu begeben (wie jetzt)?
hiiiilfee!:balla:
und viiieeelen dank schonmal!!
:dankeschoen:

ps: gezipptes file folgt gleich nach!

qwertz999 19.12.2011 23:38
und hier noch die zip-files...
thx!

cosinus 20.12.2011 00:58
Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

qwertz999 20.12.2011 19:33
uff, gerade von der arbeit gekommen, gleich an den havarierten pc.
ok, habs glaub kapiert.

OTL EXTRAS Logfile:
Code:
OTL logfile created on: 19.12.2011 23:14:36 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,84 Gb Available Physical Memory | 85,76% Memory free
15,96 Gb Paging File | 15,07 Gb Available in Paging File | 94,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,90 Gb Total Space | 83,74 Gb Free Space | 55,87% Space Free | Partition Type: NTFS
Drive D: | 390,76 Gb Total Space | 315,34 Gb Free Space | 80,70% Space Free | Partition Type: NTFS
Drive E: | 390,76 Gb Total Space | 148,36 Gb Free Space | 37,97% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 587,92 Gb Free Space | 63,11% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.19 21:59:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.10.22 20:00:56 | 000,156,248 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011.10.22 20:00:54 | 000,190,256 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011.02.04 12:10:20 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto | Stopped] -- C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe -- (NitroReaderDriverReadSpool)
SRV:64bit: - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.08.12 14:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007.07.19 15:46:17 | 000,777,576 | ---- | M] (CODEMASTERS) [Auto | Stopped] -- C:\Windows\SysNative\pr2ah4nb.exe -- (pr2ah4nb)
SRV:64bit: - [2007.05.18 20:53:45 | 000,754,288 | ---- | M] (CODEMASTERS) [Auto | Stopped] -- C:\Windows\SysNative\pr2ah4nc.exe -- (pr2ah4nc)
SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.09.01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- D:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011.08.24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Stopped] -- D:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.09 21:48:53 | 000,066,872 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.04.23 21:28:33 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.03.01 17:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011.03.01 08:56:36 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2011.01.12 15:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- D:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2011.01.12 07:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2010.10.27 15:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Stopped] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010.05.14 13:02:54 | 000,246,256 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- D:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 21:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- E:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.08.10 20:04:48 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- D:\Program Files\SiSoftware Sandra Profi Business 2011.SP1\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.06.26 18:09:36 | 000,167,936 | ---- | M] () [Auto | Stopped] -- d:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe -- (WlanWpsSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.10.27 02:25:54 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011.10.27 02:25:54 | 000,095,928 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011.10.22 20:00:56 | 000,281,544 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011.10.22 20:00:56 | 000,097,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011.10.22 20:00:55 | 000,607,152 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011.10.22 20:00:55 | 000,217,696 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011.10.22 20:00:54 | 000,153,952 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011.08.19 16:01:33 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 02:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.27 14:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010.10.27 14:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010.10.27 14:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010.10.27 14:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010.10.27 14:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010.10.27 14:50:28 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010.10.27 14:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010.10.27 14:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.09.30 06:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.09.30 06:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.09.29 05:01:46 | 000,695,400 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010.09.22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.09.21 07:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2010.03.23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.03.19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007.07.19 15:45:45 | 000,072,296 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pe3ah4nb.sys -- (pe3ah4nb) DiRT Environment Driver (pe3ah4nb)
DRV:64bit: - [2007.07.19 15:43:49 | 000,102,000 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ps6ah4nb.sys -- (ps6ah4nb) DiRT Synchronization Driver (ps6ah4nb)
DRV:64bit: - [2007.05.18 20:53:12 | 000,072,560 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pe3ah4nc.sys -- (pe3ah4nc) DiRT Environment Driver (pe3ah4nc)
DRV:64bit: - [2007.05.18 20:52:49 | 000,077,176 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ps6ah4nc.sys -- (ps6ah4nc) DiRT Synchronization Driver (ps6ah4nc)
DRV - [2011.08.19 16:01:33 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011.04.09 09:48:08 | 000,027,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Admin\AppData\Local\Temp\GPU-Z.sys -- (GPU-Z)
DRV - [2010.12.18 12:03:58 | 000,025,280 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2009.08.07 21:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- D:\Program Files\SiSoftware Sandra Profi Business 2011.SP1\WNt500x64\sandra.sys -- (SANDRA)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = E:\temp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 3B C3 DD F3 01 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.ncbi.nlm.nih.gov/sites/entrez"
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://www.uzh.ch/id/proxy/config.pac"
FF - prefs.js..network.proxy.backup.ftp: "proxy.uzh.ch "
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.socks: "proxy.uzh.ch "
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "proxy.uzh.ch "
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "proxy.uzh.ch "
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "proxy.uzh.ch "
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.uzh.ch "
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "proxy.uzh.ch "
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 1
 
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.100: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2011.10.27 21:26:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.06.02 21:00:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2011.09.04 13:42:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vuk64sm6.default\extensions
[2011.06.27 22:30:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vuk64sm6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.10.12 22:06:35 | 000,000,000 | ---D | M] (Swisscom Quick Help) -- D:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{6A6114A5-EEF5-45F4-BCD1-B00A7B33E04B}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: getPlusPlus for Adobe 162100 (Enabled) = C:\Program Files (x86)\NOS\bin\np_gp.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111022210200.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - d:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111022210200.dll (McAfee, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - d:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - d:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [McAfeeUpdaterUI] D:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [{FAF5E1EA-5FA4-11E0-9955-806E6F6E6963}] C:\Users\Admin\AppData\Roaming\Microsoft\dllhsts.exe (Mozilla Foundation)
O4 - HKCU..\Run: [KiesHelper] D:\Program Files (x86)\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] D:\Program Files (x86)\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &Download by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Download by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: blank ([]about in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.230.1.103 194.230.1.39
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A45037E-F0E3-43B0-8CD4-367D5BEF7EBC}: DhcpNameServer = 194.230.1.103 194.230.1.39
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{013b4801-225b-11e1-bb73-14d64d08d690}\Shell - "" = AutoRun
O33 - MountPoints2\{013b4801-225b-11e1-bb73-14d64d08d690}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{6a36b305-1e50-11e1-b929-bcaec5761180}\Shell - "" = AutoRun
O33 - MountPoints2\{6a36b305-1e50-11e1-b929-bcaec5761180}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{6a36b309-1e50-11e1-b929-bcaec5761180}\Shell - "" = AutoRun
O33 - MountPoints2\{6a36b309-1e50-11e1-b929-bcaec5761180}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{85afecf5-a40d-11e0-82c6-bcaec5761180}\Shell - "" = AutoRun
O33 - MountPoints2\{85afecf5-a40d-11e0-82c6-bcaec5761180}\Shell\AutoRun\command - "" = J:\Startme.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.19 22:10:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.12.19 21:59:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2011.12.19 20:53:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.19 10:38:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FB6D394B-9FAD-4E2F-88C2-8740F538A7AE}
[2011.12.19 10:38:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C5680412-9369-47F8-9322-7492982C9332}
[2011.12.18 15:42:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E7D742AF-FAB1-4D50-9825-A3C6B4EB315B}
[2011.12.18 15:41:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1F87DA29-2486-4906-BC8B-4EE7475AEFE5}
[2011.12.18 12:08:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F73E9B8F-3222-494D-A315-D971686064FF}
[2011.12.17 15:06:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BAAB6E8C-2118-4F04-97F2-A77FBC8B6508}
[2011.12.17 15:06:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{81C6544F-06D6-4F5E-B24D-CA51B353B3B0}
[2011.12.17 15:01:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{DF62C9D6-8B70-479D-A0F5-40C1CD051F7D}
[2011.12.17 15:01:21 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{B5C3044E-C717-4DD1-9F8F-08A14F2C8DF7}
[2011.12.17 12:48:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BBA3143C-72F4-4BA5-A17F-6FA476FE9956}
[2011.12.16 23:25:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6974EDFB-EC5D-45BB-897E-5FB43E0CF286}
[2011.12.16 08:44:24 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{15E13E43-85F0-49EB-AFB3-66CFCBC12194}
[2011.12.16 08:44:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FA2EFF7B-EB95-405D-BC3B-427F8EB89CFF}
[2011.12.15 22:12:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{CCABA481-55D9-4A62-8B3D-07531ADC852A}
[2011.12.15 22:12:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{609FE1FD-0AF8-46E5-B04E-B1CE3D65D59A}
[2011.12.15 10:01:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{73298416-BD81-464E-8DF5-2433D9558C78}
[2011.12.15 10:01:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5AF2E172-F265-4D4C-9690-2651073961DB}
[2011.12.14 13:22:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{13F6C982-7463-4D34-96A1-230068DC0B62}
[2011.12.14 13:22:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{9AB84523-DEC1-409B-B26B-14F442B257E5}
[2011.12.14 11:14:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{00449953-7AAA-4F93-90BF-93CCB7672F43}
[2011.12.14 11:14:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3B310D71-7BB9-4802-BFB2-A36B6E383993}
[2011.12.13 16:42:39 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2011.12.13 16:42:39 | 000,095,928 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2011.12.13 16:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
[2011.12.13 16:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFree Codec
[2011.12.13 15:40:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\EndNote
[2011.12.13 15:28:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Risxtd
[2011.12.13 15:28:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ResearchSoft
[2011.12.13 15:28:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EndNote
[2011.12.13 15:27:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EndNote X2
[2011.12.13 15:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Thomson.ResearchSoft.Installers
[2011.12.13 11:56:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{76AB0FCA-DA96-41C3-BC1D-AA39A575FDD6}
[2011.12.13 11:56:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3F457537-FFD7-4FD8-8FAD-3ECBC3959E52}
[2011.12.09 00:22:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{534C6B28-B1DB-4ABB-9383-C87F76980DD5}
[2011.12.09 00:22:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C4F2BF72-054D-4F55-848F-A070866C29A6}
[2011.12.08 10:35:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5A45DD01-CD2C-4F86-862B-7ADA4D6A2F5E}
[2011.12.08 10:35:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{59F66153-6E08-4A59-8D48-9AC29971D0C4}
[2011.12.07 20:05:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7979C1F7-4F47-4140-83B6-3785FC25247F}
[2011.12.07 20:05:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5B69C74A-BD0A-485B-B3EC-40799A0B8BD1}
[2011.12.06 19:21:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1FAB0B94-DFAD-43DC-A257-9AE22B6AAE29}
[2011.12.06 19:21:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FE7C00A9-53E6-4D03-BE51-3D18632B124F}
[2011.12.05 12:15:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2E492456-0C85-479B-9D29-DFB0EDA605E5}
[2011.12.05 12:15:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{B801BCE5-9C17-47E0-91D3-348F70B9CBC1}
[2011.12.05 10:18:56 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.12.04 21:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2011.12.04 13:00:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{89CA8D3E-9A77-4B3F-A2A1-257785687238}
[2011.12.04 13:00:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2B6A5F9E-EF8D-4ADF-9D01-7BFF6327E5AC}
[2011.12.04 09:24:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{78CE0C36-BCC1-486B-A7F1-494D529430A4}
[2011.12.03 11:56:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A408568C-9E67-4CF7-8966-4302F85C37B3}
[2011.12.03 11:55:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{52B1D313-1D2F-49CF-B018-AF78CC05721C}
[2011.12.01 21:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011.12.01 20:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.12.01 20:34:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011.12.01 20:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2011.12.01 19:57:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{75D1E8B6-9997-4074-927C-5EC6B7DA2621}
[2011.11.30 20:25:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D027A15E-903B-4AAA-A89F-27284BA4286D}
[2011.11.30 20:25:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{DA29A98A-B26A-42B0-86E6-A4C21207C62A}
[2011.11.29 19:13:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6B5C106C-64EF-40FD-B42F-1B1FB20EBBA6}
[2011.11.29 19:12:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5B0078AF-4664-4E99-8A98-DDF13DB66072}
[2011.11.28 08:50:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{68A1D47A-BE9C-43AF-9720-9A275A5CD6A4}
[2011.11.28 08:50:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{AA9BE1E5-EC3F-4D3D-9595-281C6A257EBF}
[2011.11.26 09:03:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{DD8EAC9A-3B46-454E-B4CD-2E54FAC71D4E}
[2011.11.26 09:03:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2667AE30-3950-4C20-BE0E-D3F59793BEB2}
[2011.11.25 09:52:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{87BC6BF3-F258-4383-AA17-CEF9EAF755C4}
[2011.11.25 09:52:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5063506A-C442-4A1A-B551-C17768B0CFAE}
[2011.11.25 09:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.11.25 09:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.19 22:16:01 | 000,302,592 | ---- | M] () -- C:\Users\Admin\Desktop\c3yl4kki.exe
[2011.12.19 22:15:12 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2011.12.19 22:14:35 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe
[2011.12.19 22:07:53 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011.12.19 22:07:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.19 22:07:43 | 2131,877,887 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.19 21:59:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2011.12.19 21:58:42 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.19 21:58:42 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.19 21:57:04 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.19 21:57:04 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.19 21:57:04 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.19 21:57:04 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.19 21:57:04 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.19 21:51:02 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.19 21:51:00 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\Free File Viewer Update Checker.job
[2011.12.19 19:32:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.16 08:33:37 | 563,741,110 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.12.16 08:00:16 | 000,452,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.04 09:46:17 | 000,000,771 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
[2011.12.01 20:29:01 | 000,001,645 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 10.lnk
[2011.11.26 12:18:16 | 000,031,232 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.25 09:44:37 | 000,001,568 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.19 22:16:06 | 000,302,592 | ---- | C] () -- C:\Users\Admin\Desktop\c3yl4kki.exe
[2011.12.19 22:15:12 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2011.12.19 22:14:45 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\Defogger.exe
[2011.12.01 20:29:01 | 000,001,645 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 10.lnk
[2011.11.25 09:44:37 | 000,001,568 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.11.06 22:37:34 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.10.06 10:39:49 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2011.07.21 12:00:48 | 000,948,096 | ---- | C] () -- C:\Windows\SysWow64\M2ElevatedNetworkAdapters.dll
[2011.06.18 11:26:28 | 000,037,047 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2011.06.18 11:19:18 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.06.15 18:51:13 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb
[2011.06.02 21:05:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.05.19 20:49:36 | 000,037,095 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.05.17 22:25:48 | 000,012,997 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Kommagetrennte Werte (Windows).CAL
[2011.05.17 22:19:22 | 000,012,994 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Tabulatorgetrennte Werte (Windows).CAL
[2011.05.17 21:52:20 | 000,031,232 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.09 21:48:54 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.05.09 21:48:53 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.05.09 21:48:52 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.05.09 21:18:17 | 000,000,312 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011.04.27 13:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.04.27 13:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.04.27 13:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.04.27 13:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.04.27 13:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.04.25 09:17:07 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2011.04.24 19:19:19 | 010,977,280 | ---- | C] () -- C:\ProgramData\sandra.mda
[2011.04.24 00:09:27 | 001,532,588 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.04.05 18:25:36 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.04.05 18:25:32 | 000,026,999 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.12.15 16:59:54 | 000,692,224 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
[2010.12.15 16:59:54 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll
[2009.10.06 08:16:00 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
 
========== LOP Check ==========
 
[2011.11.04 22:41:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Abelssoft
[2011.12.13 16:46:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BOM
[2011.04.24 11:40:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited
[2011.05.23 19:56:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DocumentsToGoDesktop
[2011.04.30 06:55:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Downloaded Installations
[2011.11.02 16:08:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Dropbox
[2011.11.06 19:01:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft
[2011.06.27 22:30:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.13 15:40:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\EndNote
[2011.04.24 19:14:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FreeFileViewer
[2011.07.17 22:49:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GrabPro
[2011.10.11 21:53:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0
[2011.10.06 22:57:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Lionhead Studios
[2011.12.19 12:28:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Might & Magic Heroes VI
[2011.10.03 20:33:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Might & Magic Heroes VI - Game Official Demo
[2011.04.24 16:15:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Miranda
[2011.12.03 10:49:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nitro PDF
[2011.04.24 10:52:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org
[2011.12.19 00:52:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Orbit
[2011.11.05 01:14:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PhraseExpress
[2011.09.04 10:24:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ProgSense
[2011.05.17 21:50:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Samsung
[2011.07.03 16:06:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\The Creative Assembly
[2011.12.18 21:58:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Tropico 3
[2011.09.04 17:38:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ubisoft
[2011.09.25 23:21:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent
[2011.04.24 14:47:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer
[2011.12.19 21:51:00 | 000,000,402 | ---- | M] () -- C:\Windows\Tasks\Free File Viewer Update Checker.job
[2011.10.16 16:07:06 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.04.05 18:05:34 | 000,000,000 | ---D | M] -- C:\$Recycle.Bin
[2011.04.23 22:04:01 | 000,000,000 | ---D | M] -- C:\36855b19b092064c5b28fc79223cd3
[2011.07.17 22:49:46 | 000,000,000 | ---D | M] -- C:\downloads
[2011.04.25 08:28:43 | 000,000,000 | ---D | M] -- C:\HP Universal Print Driver
[2011.04.05 18:13:21 | 000,000,000 | ---D | M] -- C:\Intel
[2011.11.04 22:37:06 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2011.12.04 21:22:59 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.12.19 22:10:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2011.12.13 15:27:30 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011.04.05 18:05:21 | 000,000,000 | ---D | M] -- C:\Recovery
[2010.11.20 03:24:36 | 000,000,000 | -H-D | M] -- C:\SysApp
[2011.12.16 01:08:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.10.15 11:27:34 | 000,000,000 | ---D | M] -- C:\Temp
[2011.05.09 22:03:30 | 000,000,000 | ---D | M] -- C:\Users
[2011.12.19 20:45:36 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2010.11.20 00:23:36 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 03:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 04:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 04:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 04:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 04:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 04:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
--- --- ---

--- --- ---OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 19.12.2011 22:17:44 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 7,12 Gb Available Physical Memory | 89,22% Memory free
15,96 Gb Paging File | 15,21 Gb Available in Paging File | 95,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,90 Gb Total Space | 83,74 Gb Free Space | 55,86% Space Free | Partition Type: NTFS
Drive D: | 390,76 Gb Total Space | 315,34 Gb Free Space | 80,70% Space Free | Partition Type: NTFS
Drive E: | 390,76 Gb Total Space | 148,36 Gb Free Space | 37,97% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 587,92 Gb Free Space | 63,11% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "d:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "d:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"d:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = d:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"d:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = d:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"d:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = d:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"d:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = d:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02233C32-A584-4337-9FD1-864F6BC43F67}" = Nitro PDF Reader
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{A7EEF79E-06B2-4382-9D2E-39DBA0F72D50}" = Eraser 6.0.8.2273
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCCC97EE-E162-448C-8847-59718FF29B04}" = Intel(R) Network Connections 15.6.25.0
"{BE83E4A4-A678-4211-AF2B-2EC8ECC0AC73}" = HP Print View Software
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Profi Business 2011.SP1
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v4.6.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"PROSetDX" = Intel(R) Network Connections 15.6.25.0
"WinGimp-2.0_is1" = GIMP 2.6.8
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002B1E90-3241-4D45-8831-E89020F8E7E6}" = EndNote X2
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}" = McAfee Agent
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}" = LightScribe System Software
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}" = DiRT
"{594F6A23-9FF2-4D03-8761-97483E55CE79}" = NVIDIA 3D Vision Video Player
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F8AB607-DBA4-4367-BDB0-D1E827BE2D9A}" = Swisscom Quick Help
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D9198056-A296-4583-A790-C0E73694CFE8}" = D-Link DWA-131 Wireless N Nano USB Adapter
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Anonymity 4 Proxy_is1" = Anonymity 4 Proxy version 2.8
"AnyDVD" = AnyDVD
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Clickster16342" = Clickster
"DTGDesktop" = Documents To Go Desktop for iPhone
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Studio_is1" = Free Studio version 5.2.1
"Free Video to Samsung Phones Converter_is1" = Free Video to Samsung Phones Converter version 1.1.4.920
"Free YouTube Download_is1" = Free YouTube Download version 3.0.0.602
"FreeFileViewer_is1" = Free File Viewer 2011
"Google Chrome" = Google Chrome
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"HTTS 2.10" = HTTS 2.10
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"IrfanView" = IrfanView (remove only)
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"iTwin_is1" = iTwin 3.2 Final
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Miranda IM" = Miranda IM 0.9.13
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"NVIDIA 3D Vision PowerPack - Batman Arkham Asylum_is1" = NVIDIA 3D Vision PowerPack - Batman Arkham Asylum
"NVIDIA 3D Vision PowerPack - QuakeCon 2009_is1" = NVIDIA 3D Vision PowerPack - QuakeCon 2009
"NVIDIA 3D Vision PowerPack - Santa Clara Classic~59A618D7_is1" = NVIDIA 3D Vision PowerPack - Santa Clara Classic Car Show 2009
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Orbit_is1" = Orbit Downloader
"PunkBusterSvc" = PunkBuster Services
"SpeedFan" = SpeedFan (remove only)
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"StartEd Lite" = StartEd Lite
"Steam App 105400" = Fable III
"Steam App 23490" = Tropico 3 - Steam Special Edition
"Steam App 33230" = Assassin's Creed II
"Steam App 33670" = Disciples III: Renaissance
"Steam App 34030" = Napoleon: Total War
"Steam App 43110" = Metro 2033
"Steam App 47870" = Need for Speed: Hot Pursuit
"Steam App 50130" = Mafia II
"Steam App 50620" = Darksiders
"Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™
"Steam App 57600" = Tropico 3: Absolute Power
"Steam App 620" = Portal 2
"Sweet Home 3D_is1" = Sweet Home 3D version 3.2
"Swisscom Quick Help" = Swisscom Quick Help
"SystemRequirementsLab" = System Requirements Lab
"The KMPlayer" = The KMPlayer (remove only)
"UpdateYeti_is1" = UpdateYeti
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MyFreeCodec" = MyFreeCodec
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

bin sehr gespannt!
thx a lot, Rob.

cosinus 20.12.2011 21:45
Zitat:
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

qwertz999 20.12.2011 22:07
ja, hatte inzwischen nochmal laufen lassen und die drei gemeldeten infektionen (hoffentlich) beheben lassen.
here we go:

Code:
Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8405

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421

20.12.2011 21:51:52
mbam-log-2011-12-20 (21-51-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 377255
Laufzeit: 24 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{FAF5E1EA-5FA4-11E0-9955-806E6F6E6963} (Trojan.FakeFF) -> Value: {FAF5E1EA-5FA4-11E0-9955-806E6F6E6963} -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Admin\AppData\Roaming\microsoft\dllhsts.exe (Trojan.FakeFF) -> No action taken.
c:\Users\Admin\AppData\LocalLow\Sun\Java\deployment\cache\6.0\54\277103f6-23722205 (Trojan.FakeFF) -> No action taken.
und hier nochmal der von gestern:
Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8399

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421

19.12.2011 21:49:24
mbam-log-2011-12-19 (21-49-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 546805
Laufzeit: 45 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
d:\docs\PUK\misc\Progs\freeripmp3.exe (Adware.MyWaySearch) -> Quarantined and deleted successfully.
c:\Users\Admin\AppData\Local\Temp\0.4609722247639225.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

war's das wohlmöglich schon?! :confused:

bin jetzt wieder im normalen modus online - ist das bedenklich?
wie verhindere ich sowas künftig??

lg und thx!
Rob.

cosinus 20.12.2011 22:13
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


qwertz999 21.12.2011 07:31
und da noch... :pfui:
Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-20 11:23:23
# local_time=2011-12-21 12:23:23 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 5106193 76045988 0 0
# compatibility_mode=8192 67108863 100 0 3678 3678 0 0
# scanned=375300
# found=1
# cleaned=0
# scan_time=7264
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\3afd8f9c-7409c003        a variant of Java/Exploit.CVE-2011-3544.G trojan (unable to clean)        00000000000000000000000000000000        I
mit malwarebyte habe ich nur C: gescannt - macht das nix?

what next? :kloppen:
thx!

cosinus 21.12.2011 10:23
Mach ein neues OTL-Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

qwertz999 22.12.2011 00:24
gerade zurück von der betriebs-weihnachtsfeier...
here we go again:

OTL Logfile:
Code:
OTL logfile created on: 22.12.2011 00:02:29 - Run 3
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,61 Gb Available Physical Memory | 82,85% Memory free
15,96 Gb Paging File | 14,08 Gb Available in Paging File | 88,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,90 Gb Total Space | 83,18 Gb Free Space | 55,49% Space Free | Partition Type: NTFS
Drive D: | 390,76 Gb Total Space | 315,34 Gb Free Space | 80,70% Space Free | Partition Type: NTFS
Drive E: | 390,76 Gb Total Space | 148,36 Gb Free Space | 37,97% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 587,92 Gb Free Space | 63,11% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.19 21:59:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2011.12.08 02:33:34 | 000,021,392 | ---- | M] () -- D:\Program Files (x86)\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.09.01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011.08.24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- D:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.09 21:48:53 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.01.12 15:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- D:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2011.01.12 15:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- D:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2011.01.12 15:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- D:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2011.01.12 15:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- D:\Program Files (x86)\McAfee\Common Framework\McTray.exe
PRC - [2011.01.12 07:08:00 | 000,215,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2011.01.12 07:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2011.01.12 07:08:00 | 000,033,648 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010.04.27 03:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- D:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008.06.26 18:09:36 | 000,167,936 | ---- | M] () -- d:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.13 16:35:59 | 000,115,137 | ---- | M] () -- C:\Users\Admin\AppData\Local\Temp\35a21c59-6cef-4901-a8d6-b682815a126d\CliSecureRT.dll
MOD - [2011.12.08 02:33:34 | 000,021,392 | ---- | M] () -- D:\Program Files (x86)\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2007.04.18 18:30:46 | 000,471,040 | ---- | M] () -- D:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
MOD - [2007.04.18 18:30:46 | 000,393,216 | ---- | M] () -- D:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.10.22 20:00:56 | 000,156,248 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011.10.22 20:00:54 | 000,190,256 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011.02.04 12:10:20 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe -- (NitroReaderDriverReadSpool)
SRV:64bit: - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.08.12 14:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007.07.19 15:46:17 | 000,777,576 | ---- | M] (CODEMASTERS) [Auto | Stopped] -- C:\Windows\SysNative\pr2ah4nb.exe -- (pr2ah4nb)
SRV:64bit: - [2007.05.18 20:53:45 | 000,754,288 | ---- | M] (CODEMASTERS) [Auto | Stopped] -- C:\Windows\SysNative\pr2ah4nc.exe -- (pr2ah4nc)
SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.09.01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- D:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011.08.24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- D:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.09 21:48:53 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.04.23 21:28:33 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.03.01 17:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011.03.01 08:56:36 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2011.01.12 15:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- D:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2011.01.12 07:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2010.10.27 15:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010.05.14 13:02:54 | 000,246,256 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- D:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 21:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- E:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.08.10 20:04:48 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- D:\Program Files\SiSoftware Sandra Profi Business 2011.SP1\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.06.26 18:09:36 | 000,167,936 | ---- | M] () [Auto | Running] -- d:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe -- (WlanWpsSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.10.27 02:25:54 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011.10.27 02:25:54 | 000,095,928 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011.10.22 20:00:56 | 000,281,544 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011.10.22 20:00:56 | 000,097,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011.10.22 20:00:55 | 000,607,152 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011.10.22 20:00:55 | 000,217,696 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011.10.22 20:00:54 | 000,153,952 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011.08.19 16:01:33 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 02:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.27 14:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010.10.27 14:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010.10.27 14:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010.10.27 14:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010.10.27 14:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010.10.27 14:50:28 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010.10.27 14:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010.10.27 14:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.09.30 06:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.09.30 06:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.09.29 05:01:46 | 000,695,400 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010.09.22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.09.21 07:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2010.03.23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.03.19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007.07.19 15:45:45 | 000,072,296 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pe3ah4nb.sys -- (pe3ah4nb) DiRT Environment Driver (pe3ah4nb)
DRV:64bit: - [2007.07.19 15:43:49 | 000,102,000 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ps6ah4nb.sys -- (ps6ah4nb) DiRT Synchronization Driver (ps6ah4nb)
DRV:64bit: - [2007.05.18 20:53:12 | 000,072,560 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pe3ah4nc.sys -- (pe3ah4nc) DiRT Environment Driver (pe3ah4nc)
DRV:64bit: - [2007.05.18 20:52:49 | 000,077,176 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ps6ah4nc.sys -- (ps6ah4nc) DiRT Synchronization Driver (ps6ah4nc)
DRV - [2011.08.19 16:01:33 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011.04.09 09:48:08 | 000,027,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Admin\AppData\Local\Temp\GPU-Z.sys -- (GPU-Z)
DRV - [2010.12.18 12:03:58 | 000,025,280 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2009.08.07 21:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- D:\Program Files\SiSoftware Sandra Profi Business 2011.SP1\WNt500x64\sandra.sys -- (SANDRA)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = E:\temp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 3B C3 DD F3 01 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.ncbi.nlm.nih.gov/sites/entrez"
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://www.uzh.ch/id/proxy/config.pac"
FF - prefs.js..network.proxy.backup.ftp: "proxy.uzh.ch "
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.socks: "proxy.uzh.ch "
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "proxy.uzh.ch "
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "proxy.uzh.ch "
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "proxy.uzh.ch "
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.uzh.ch "
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "proxy.uzh.ch "
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 1
 
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.100: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2011.10.27 21:26:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.06.02 21:00:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2011.09.04 13:42:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vuk64sm6.default\extensions
[2011.06.27 22:30:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vuk64sm6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.10.12 22:06:35 | 000,000,000 | ---D | M] (Swisscom Quick Help) -- D:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{6A6114A5-EEF5-45F4-BCD1-B00A7B33E04B}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: getPlusPlus for Adobe 162100 (Enabled) = C:\Program Files (x86)\NOS\bin\np_gp.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111022210200.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - d:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111022210200.dll (McAfee, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - d:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - d:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [McAfeeUpdaterUI] D:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [KiesHelper] D:\Program Files (x86)\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] D:\Program Files (x86)\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &Download by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Download by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: blank ([]about in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.230.1.103 194.230.1.39
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A45037E-F0E3-43B0-8CD4-367D5BEF7EBC}: DhcpNameServer = 194.230.1.103 194.230.1.39
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{013b4801-225b-11e1-bb73-14d64d08d690}\Shell - "" = AutoRun
O33 - MountPoints2\{013b4801-225b-11e1-bb73-14d64d08d690}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{6a36b305-1e50-11e1-b929-bcaec5761180}\Shell - "" = AutoRun
O33 - MountPoints2\{6a36b305-1e50-11e1-b929-bcaec5761180}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{6a36b309-1e50-11e1-b929-bcaec5761180}\Shell - "" = AutoRun
O33 - MountPoints2\{6a36b309-1e50-11e1-b929-bcaec5761180}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{85afecf5-a40d-11e0-82c6-bcaec5761180}\Shell - "" = AutoRun
O33 - MountPoints2\{85afecf5-a40d-11e0-82c6-bcaec5761180}\Shell\AutoRun\command - "" = J:\Startme.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfevtp - C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FFDS - ff_vfw.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.20 22:21:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.12.19 21:59:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2011.12.19 20:53:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.19 10:38:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FB6D394B-9FAD-4E2F-88C2-8740F538A7AE}
[2011.12.19 10:38:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C5680412-9369-47F8-9322-7492982C9332}
[2011.12.18 15:42:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E7D742AF-FAB1-4D50-9825-A3C6B4EB315B}
[2011.12.18 15:41:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1F87DA29-2486-4906-BC8B-4EE7475AEFE5}
[2011.12.18 12:08:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F73E9B8F-3222-494D-A315-D971686064FF}
[2011.12.17 15:06:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BAAB6E8C-2118-4F04-97F2-A77FBC8B6508}
[2011.12.17 15:06:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{81C6544F-06D6-4F5E-B24D-CA51B353B3B0}
[2011.12.17 15:01:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{DF62C9D6-8B70-479D-A0F5-40C1CD051F7D}
[2011.12.17 15:01:21 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{B5C3044E-C717-4DD1-9F8F-08A14F2C8DF7}
[2011.12.17 12:48:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BBA3143C-72F4-4BA5-A17F-6FA476FE9956}
[2011.12.16 23:25:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6974EDFB-EC5D-45BB-897E-5FB43E0CF286}
[2011.12.16 08:44:24 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{15E13E43-85F0-49EB-AFB3-66CFCBC12194}
[2011.12.16 08:44:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FA2EFF7B-EB95-405D-BC3B-427F8EB89CFF}
[2011.12.15 22:12:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{CCABA481-55D9-4A62-8B3D-07531ADC852A}
[2011.12.15 22:12:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{609FE1FD-0AF8-46E5-B04E-B1CE3D65D59A}
[2011.12.15 10:01:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{73298416-BD81-464E-8DF5-2433D9558C78}
[2011.12.15 10:01:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5AF2E172-F265-4D4C-9690-2651073961DB}
[2011.12.14 13:22:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{13F6C982-7463-4D34-96A1-230068DC0B62}
[2011.12.14 13:22:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{9AB84523-DEC1-409B-B26B-14F442B257E5}
[2011.12.14 11:14:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{00449953-7AAA-4F93-90BF-93CCB7672F43}
[2011.12.14 11:14:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3B310D71-7BB9-4802-BFB2-A36B6E383993}
[2011.12.13 16:42:39 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2011.12.13 16:42:39 | 000,095,928 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2011.12.13 16:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
[2011.12.13 16:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFree Codec
[2011.12.13 15:40:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\EndNote
[2011.12.13 15:28:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Risxtd
[2011.12.13 15:28:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ResearchSoft
[2011.12.13 15:28:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EndNote
[2011.12.13 15:27:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EndNote X2
[2011.12.13 15:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Thomson.ResearchSoft.Installers
[2011.12.13 11:56:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{76AB0FCA-DA96-41C3-BC1D-AA39A575FDD6}
[2011.12.13 11:56:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3F457537-FFD7-4FD8-8FAD-3ECBC3959E52}
[2011.12.09 00:22:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{534C6B28-B1DB-4ABB-9383-C87F76980DD5}
[2011.12.09 00:22:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C4F2BF72-054D-4F55-848F-A070866C29A6}
[2011.12.08 10:35:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5A45DD01-CD2C-4F86-862B-7ADA4D6A2F5E}
[2011.12.08 10:35:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{59F66153-6E08-4A59-8D48-9AC29971D0C4}
[2011.12.07 20:05:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7979C1F7-4F47-4140-83B6-3785FC25247F}
[2011.12.07 20:05:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5B69C74A-BD0A-485B-B3EC-40799A0B8BD1}
[2011.12.06 19:21:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1FAB0B94-DFAD-43DC-A257-9AE22B6AAE29}
[2011.12.06 19:21:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FE7C00A9-53E6-4D03-BE51-3D18632B124F}
[2011.12.05 12:15:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2E492456-0C85-479B-9D29-DFB0EDA605E5}
[2011.12.05 12:15:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{B801BCE5-9C17-47E0-91D3-348F70B9CBC1}
[2011.12.05 10:18:56 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.12.04 21:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2011.12.04 13:00:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{89CA8D3E-9A77-4B3F-A2A1-257785687238}
[2011.12.04 13:00:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2B6A5F9E-EF8D-4ADF-9D01-7BFF6327E5AC}
[2011.12.04 09:24:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{78CE0C36-BCC1-486B-A7F1-494D529430A4}
[2011.12.03 11:56:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A408568C-9E67-4CF7-8966-4302F85C37B3}
[2011.12.03 11:55:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{52B1D313-1D2F-49CF-B018-AF78CC05721C}
[2011.12.01 21:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011.12.01 20:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.12.01 20:34:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011.12.01 20:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2011.12.01 19:57:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{75D1E8B6-9997-4074-927C-5EC6B7DA2621}
[2011.11.30 20:25:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D027A15E-903B-4AAA-A89F-27284BA4286D}
[2011.11.30 20:25:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{DA29A98A-B26A-42B0-86E6-A4C21207C62A}
[2011.11.29 19:13:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6B5C106C-64EF-40FD-B42F-1B1FB20EBBA6}
[2011.11.29 19:12:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5B0078AF-4664-4E99-8A98-DDF13DB66072}
[2011.11.28 08:50:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{68A1D47A-BE9C-43AF-9720-9A275A5CD6A4}
[2011.11.28 08:50:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{AA9BE1E5-EC3F-4D3D-9595-281C6A257EBF}
[2011.11.26 09:03:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{DD8EAC9A-3B46-454E-B4CD-2E54FAC71D4E}
[2011.11.26 09:03:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2667AE30-3950-4C20-BE0E-D3F59793BEB2}
[2011.11.25 09:52:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{87BC6BF3-F258-4383-AA17-CEF9EAF755C4}
[2011.11.25 09:52:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5063506A-C442-4A1A-B551-C17768B0CFAE}
[2011.11.25 09:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.11.25 09:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.22 00:01:36 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.22 00:01:36 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.21 23:44:08 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\Free File Viewer Update Checker.job
[2011.12.21 23:41:03 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.21 23:40:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.21 00:32:03 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.20 22:00:22 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.20 22:00:22 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.20 22:00:22 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.20 22:00:22 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.20 22:00:22 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.20 21:53:51 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011.12.20 21:53:29 | 2131,877,887 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.19 23:36:56 | 000,030,565 | ---- | M] () -- C:\Users\Admin\Desktop\logfiles.zip
[2011.12.19 22:16:01 | 000,302,592 | ---- | M] () -- C:\Users\Admin\Desktop\c3yl4kki.exe
[2011.12.19 22:15:12 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2011.12.19 22:14:35 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe
[2011.12.19 21:59:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2011.12.16 08:33:37 | 563,741,110 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.12.16 08:00:16 | 000,452,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.04 09:46:17 | 000,000,771 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
[2011.12.01 20:29:01 | 000,001,645 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 10.lnk
[2011.11.26 12:18:16 | 000,031,232 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.25 09:44:37 | 000,001,568 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.19 23:19:19 | 000,030,565 | ---- | C] () -- C:\Users\Admin\Desktop\logfiles.zip
[2011.12.19 22:16:06 | 000,302,592 | ---- | C] () -- C:\Users\Admin\Desktop\c3yl4kki.exe
[2011.12.19 22:15:12 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2011.12.19 22:14:45 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\Defogger.exe
[2011.12.01 20:29:01 | 000,001,645 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 10.lnk
[2011.11.25 09:44:37 | 000,001,568 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.11.06 22:37:34 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.10.06 10:39:49 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2011.07.21 12:00:48 | 000,948,096 | ---- | C] () -- C:\Windows\SysWow64\M2ElevatedNetworkAdapters.dll
[2011.06.18 11:26:28 | 000,037,047 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2011.06.18 11:19:18 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.06.15 18:51:13 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb
[2011.06.02 21:05:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.05.19 20:49:36 | 000,037,095 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.05.17 22:25:48 | 000,012,997 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Kommagetrennte Werte (Windows).CAL
[2011.05.17 22:19:22 | 000,012,994 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Tabulatorgetrennte Werte (Windows).CAL
[2011.05.17 21:52:20 | 000,031,232 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.09 21:48:54 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.05.09 21:48:53 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.05.09 21:48:52 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.05.09 21:18:17 | 000,000,312 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011.04.27 13:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.04.27 13:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.04.27 13:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.04.27 13:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.04.27 13:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.04.25 09:17:07 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2011.04.24 19:19:19 | 010,977,280 | ---- | C] () -- C:\ProgramData\sandra.mda
[2011.04.24 00:09:27 | 001,532,588 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.04.05 18:25:36 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.04.05 18:25:32 | 000,026,999 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.12.15 16:59:54 | 000,692,224 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
[2010.12.15 16:59:54 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll
[2009.10.06 08:16:00 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
 
========== LOP Check ==========
 
[2011.11.04 22:41:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Abelssoft
[2011.12.13 16:46:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BOM
[2011.04.24 11:40:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited
[2011.05.23 19:56:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DocumentsToGoDesktop
[2011.04.30 06:55:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Downloaded Installations
[2011.11.02 16:08:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Dropbox
[2011.11.06 19:01:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft
[2011.06.27 22:30:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.13 15:40:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\EndNote
[2011.04.24 19:14:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FreeFileViewer
[2011.07.17 22:49:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GrabPro
[2011.10.11 21:53:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0
[2011.10.06 22:57:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Lionhead Studios
[2011.12.19 12:28:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Might & Magic Heroes VI
[2011.10.03 20:33:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Might & Magic Heroes VI - Game Official Demo
[2011.04.24 16:15:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Miranda
[2011.12.03 10:49:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nitro PDF
[2011.04.24 10:52:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org
[2011.12.19 00:52:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Orbit
[2011.11.05 01:14:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PhraseExpress
[2011.09.04 10:24:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ProgSense
[2011.05.17 21:50:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Samsung
[2011.07.03 16:06:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\The Creative Assembly
[2011.12.18 21:58:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Tropico 3
[2011.09.04 17:38:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ubisoft
[2011.09.25 23:21:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent
[2011.04.24 14:47:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer
[2011.12.21 23:44:08 | 000,000,402 | ---- | M] () -- C:\Windows\Tasks\Free File Viewer Update Checker.job
[2011.10.16 16:07:06 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.04 22:41:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Abelssoft
[2011.12.01 23:16:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Adobe
[2011.05.17 22:13:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Apple Computer
[2011.12.13 16:46:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BOM
[2011.04.24 11:40:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited
[2011.07.01 11:26:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CyberLink
[2011.05.23 19:56:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DocumentsToGoDesktop
[2011.04.30 06:55:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Downloaded Installations
[2011.11.02 16:08:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Dropbox
[2011.11.06 20:46:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\dvdcss
[2011.11.06 19:01:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft
[2011.06.27 22:30:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.13 15:40:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\EndNote
[2011.04.24 19:14:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FreeFileViewer
[2011.07.28 11:57:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Google
[2011.07.17 22:49:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GrabPro
[2011.10.11 21:53:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0
[2011.10.06 22:57:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Lionhead Studios
[2011.04.24 11:27:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Macromedia
[2011.06.06 21:58:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2011.10.22 20:02:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\McAfee
[2011.02.25 07:19:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Microsoft
[2011.12.19 12:28:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Might & Magic Heroes VI
[2011.10.03 20:33:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Might & Magic Heroes VI - Game Official Demo
[2011.04.24 16:15:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Miranda
[2011.06.02 21:00:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2011.12.03 10:49:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nitro PDF
[2011.09.04 22:12:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NVIDIA
[2011.04.24 10:52:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org
[2011.12.19 00:52:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Orbit
[2011.11.05 01:14:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PhraseExpress
[2011.09.04 10:24:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ProgSense
[2011.05.17 21:50:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Samsung
[2011.04.28 22:10:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SecuROM
[2011.10.16 20:05:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Skype
[2011.10.27 21:50:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony Corporation
[2011.07.03 16:06:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\The Creative Assembly
[2011.12.18 21:58:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Tropico 3
[2011.09.04 17:38:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ubisoft
[2011.09.25 23:21:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent
[2011.10.07 23:26:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\vlc
[2011.04.26 16:45:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Winamp
[2011.04.24 14:47:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer
 
< %APPDATA%\*.exe /s >
[2011.09.02 01:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.09.02 01:42:12 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\Admin\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.09.21 09:43:14 | 000,929,680 | ---- | M] (Samsung) -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe
[2011.09.21 09:43:18 | 000,278,928 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe
[2011.09.16 03:58:14 | 000,285,696 | ---- | M] (Samsung) -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe
[2011.09.21 09:43:16 | 003,508,112 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe
[2011.09.16 03:56:02 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe
[2011.09.16 03:56:02 | 000,283,648 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe
[2011.09.16 03:56:04 | 000,666,624 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe
[2011.09.21 09:43:20 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe
[2011.09.16 03:55:38 | 000,106,408 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe
[2011.09.16 03:55:38 | 000,101,288 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe
[2011.09.21 09:43:22 | 000,131,984 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2011.09.21 09:43:24 | 000,020,880 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe
[2011.09.21 09:43:26 | 004,662,392 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe
[2011.09.16 03:54:38 | 024,111,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2011.09.21 09:43:28 | 000,364,432 | ---- | M] (ml) -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2011.12.08 02:33:38 | 000,392,080 | ---- | M] (ml) -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 04:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 04:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 04:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 04:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 03:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 03:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 04:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 04:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 04:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 04:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 03:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 03:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 04:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 04:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 04:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 04:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 04:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 04:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
--- --- ---


besten dank!
Rob.

cosinus 22.12.2011 13:44
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{013b4801-225b-11e1-bb73-14d64d08d690}\Shell - "" = AutoRun
O33 - MountPoints2\{013b4801-225b-11e1-bb73-14d64d08d690}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{6a36b305-1e50-11e1-b929-bcaec5761180}\Shell - "" = AutoRun
O33 - MountPoints2\{6a36b305-1e50-11e1-b929-bcaec5761180}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{6a36b309-1e50-11e1-b929-bcaec5761180}\Shell - "" = AutoRun
O33 - MountPoints2\{6a36b309-1e50-11e1-b929-bcaec5761180}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{85afecf5-a40d-11e0-82c6-bcaec5761180}\Shell - "" = AutoRun
O33 - MountPoints2\{85afecf5-a40d-11e0-82c6-bcaec5761180}\Shell\AutoRun\command - "" = J:\Startme.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Start.exe
:Files
C:\Users\Admin\AppData\Local\{*
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

qwertz999 22.12.2011 22:14
ok, hier das ergebnis... !?

Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{013b4801-225b-11e1-bb73-14d64d08d690}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{013b4801-225b-11e1-bb73-14d64d08d690}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{013b4801-225b-11e1-bb73-14d64d08d690}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{013b4801-225b-11e1-bb73-14d64d08d690}\ not found.
File I:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a36b305-1e50-11e1-b929-bcaec5761180}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a36b305-1e50-11e1-b929-bcaec5761180}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a36b305-1e50-11e1-b929-bcaec5761180}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a36b305-1e50-11e1-b929-bcaec5761180}\ not found.
File I:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a36b309-1e50-11e1-b929-bcaec5761180}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a36b309-1e50-11e1-b929-bcaec5761180}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a36b309-1e50-11e1-b929-bcaec5761180}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a36b309-1e50-11e1-b929-bcaec5761180}\ not found.
File I:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85afecf5-a40d-11e0-82c6-bcaec5761180}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85afecf5-a40d-11e0-82c6-bcaec5761180}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85afecf5-a40d-11e0-82c6-bcaec5761180}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85afecf5-a40d-11e0-82c6-bcaec5761180}\ not found.
File J:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\Start.exe not found.
========== FILES ==========
C:\Users\Admin\AppData\Local\{00449953-7AAA-4F93-90BF-93CCB7672F43} folder moved successfully.
C:\Users\Admin\AppData\Local\{006DBCCD-0983-4AD0-B4D6-E7FAD849B28D} folder moved successfully.
C:\Users\Admin\AppData\Local\{00737A6E-36BC-4E76-8AD0-D395CB1D07F7} folder moved successfully.
C:\Users\Admin\AppData\Local\{033CDFA4-8452-4393-8C10-618D249BD0BB} folder moved successfully.
C:\Users\Admin\AppData\Local\{04120969-67AA-4DF2-AF4A-AAC21EA41034} folder moved successfully.
C:\Users\Admin\AppData\Local\{052E60D6-FAB2-4908-BFB0-A4A7DC5A0A74} folder moved successfully.
C:\Users\Admin\AppData\Local\{05B9A2AE-BF12-41C6-961D-A54C8DBD8ED5} folder moved successfully.
C:\Users\Admin\AppData\Local\{0726E27E-CDD3-4D3F-AFE9-2FE51D7483BD} folder moved successfully.
C:\Users\Admin\AppData\Local\{08E7F5E7-C8B0-4C30-94D2-682FE1E4C48F} folder moved successfully.
C:\Users\Admin\AppData\Local\{0923D0A2-A8C4-4842-929A-9DF0A0EE4725} folder moved successfully.
C:\Users\Admin\AppData\Local\{0A3DC3C1-C642-4208-8C70-07ABACBAD949} folder moved successfully.
C:\Users\Admin\AppData\Local\{0AF0AE8E-54BB-402B-8816-77D6FDDB7557} folder moved successfully.
C:\Users\Admin\AppData\Local\{0BEEBE08-AF5C-4526-A3F7-59D129FBE085} folder moved successfully.
C:\Users\Admin\AppData\Local\{0BEFD3DD-96B6-43E0-B127-1D8036E08B4E} folder moved successfully.
C:\Users\Admin\AppData\Local\{0D7DDFF4-A220-4D84-8063-67929C9E7B58} folder moved successfully.
C:\Users\Admin\AppData\Local\{0D7E4846-3D75-476B-83F8-2521CFBA21E3} folder moved successfully.
C:\Users\Admin\AppData\Local\{0E032CCB-48A9-4E7E-9734-65F198F54FD2} folder moved successfully.
C:\Users\Admin\AppData\Local\{0E2AD6FA-DD76-461F-A786-640FF0EC396A} folder moved successfully.
C:\Users\Admin\AppData\Local\{0F04AEE8-D00B-4C35-8AAF-DB929D6AD798} folder moved successfully.
C:\Users\Admin\AppData\Local\{0F2A97A0-0A37-478A-AAE9-66333EF1F212} folder moved successfully.
C:\Users\Admin\AppData\Local\{0FB44A56-B769-4977-AE41-CF554AA3C974} folder moved successfully.
C:\Users\Admin\AppData\Local\{103C77AC-31B7-47BE-B5E3-5796DB9F3221} folder moved successfully.
C:\Users\Admin\AppData\Local\{10EC14C4-B18E-40CF-BB20-D81A1C348FF6} folder moved successfully.
C:\Users\Admin\AppData\Local\{10ECA0E0-7EEA-4BC2-A4EA-63E25C260D5C} folder moved successfully.
C:\Users\Admin\AppData\Local\{110FC940-B00A-433C-83A4-24044078CC61} folder moved successfully.
C:\Users\Admin\AppData\Local\{11A638E4-E31A-42C0-AC6C-9CEDBB124710} folder moved successfully.
C:\Users\Admin\AppData\Local\{13F6C982-7463-4D34-96A1-230068DC0B62} folder moved successfully.
C:\Users\Admin\AppData\Local\{1462832A-CA01-4F15-9870-6912A73CDBAF} folder moved successfully.
C:\Users\Admin\AppData\Local\{14C02EC7-BB44-4ADC-9EA2-061F3DCB86D0} folder moved successfully.
C:\Users\Admin\AppData\Local\{15032DA0-D35F-4D4C-BF1C-425C34F574CC} folder moved successfully.
C:\Users\Admin\AppData\Local\{15E13E43-85F0-49EB-AFB3-66CFCBC12194} folder moved successfully.
C:\Users\Admin\AppData\Local\{16248560-B470-4542-ADC7-B3D86051444A} folder moved successfully.
C:\Users\Admin\AppData\Local\{167FA079-127D-46F0-AA15-49774DC3F903} folder moved successfully.
C:\Users\Admin\AppData\Local\{171B0999-D511-4DEA-8EF4-C1BC57866B6B} folder moved successfully.
C:\Users\Admin\AppData\Local\{17AD9BFE-DEF3-4670-8D6E-21CF04009FD6} folder moved successfully.
C:\Users\Admin\AppData\Local\{182F5575-7289-451B-BAD3-F55DF085193E} folder moved successfully.
C:\Users\Admin\AppData\Local\{18B42808-A7B8-4874-966C-C18F49CDB164} folder moved successfully.
C:\Users\Admin\AppData\Local\{191EC8D0-42B8-4A42-9F43-6C01E9C08C40} folder moved successfully.
C:\Users\Admin\AppData\Local\{1BD98FBB-3BDE-45D9-AEB6-CC7AE4C16B57} folder moved successfully.
C:\Users\Admin\AppData\Local\{1EED2456-F2E5-42A0-ADFA-486AF85D01A5} folder moved successfully.
C:\Users\Admin\AppData\Local\{1F1C002D-4383-4184-825E-B1E500294A5A} folder moved successfully.
C:\Users\Admin\AppData\Local\{1F2C7C36-4924-419B-8010-239C3BFA32C2} folder moved successfully.
C:\Users\Admin\AppData\Local\{1F46F5A4-3D57-4FF7-B184-5C6947AB77D3} folder moved successfully.
C:\Users\Admin\AppData\Local\{1F87DA29-2486-4906-BC8B-4EE7475AEFE5} folder moved successfully.
C:\Users\Admin\AppData\Local\{1FAB0B94-DFAD-43DC-A257-9AE22B6AAE29} folder moved successfully.
C:\Users\Admin\AppData\Local\{1FBA0EDC-7968-4088-808F-81E846CE530B} folder moved successfully.
C:\Users\Admin\AppData\Local\{1FF3330C-1789-40C9-A395-66B5D0B0DDA3} folder moved successfully.
C:\Users\Admin\AppData\Local\{2082BC1E-1528-4255-B734-87FE2C9EB21A} folder moved successfully.
C:\Users\Admin\AppData\Local\{20A7C882-66B2-4426-86FC-A82D4FF31B80} folder moved successfully.
C:\Users\Admin\AppData\Local\{21164582-F378-4FA9-83E8-D61BA4A2AE27} folder moved successfully.
C:\Users\Admin\AppData\Local\{21467250-501F-4B7A-9BBB-EE03356B1D68} folder moved successfully.
C:\Users\Admin\AppData\Local\{220E36A0-E65E-45C9-9E4B-92706D1C4904} folder moved successfully.
C:\Users\Admin\AppData\Local\{23DD85B6-29E4-42D9-AF1A-1807AD677DE6} folder moved successfully.
C:\Users\Admin\AppData\Local\{23FDCCAF-C90C-4458-AC80-B3AA9269E70E} folder moved successfully.
C:\Users\Admin\AppData\Local\{240A97B0-D5C1-479A-996D-DAFC8969A63F} folder moved successfully.
C:\Users\Admin\AppData\Local\{241C8739-C5C1-4637-86A9-69D1A83354BF} folder moved successfully.
C:\Users\Admin\AppData\Local\{244316AE-5CD0-482B-812B-59CF36BF398C} folder moved successfully.
C:\Users\Admin\AppData\Local\{2487A288-6DB7-4174-AFB0-25219322AC14} folder moved successfully.
C:\Users\Admin\AppData\Local\{25135756-13BA-43E1-923F-D6608ED627B6} folder moved successfully.
C:\Users\Admin\AppData\Local\{25164044-7A86-4145-AD0B-424CD8C91DF6} folder moved successfully.
C:\Users\Admin\AppData\Local\{2552EEF7-D83E-49BE-A2A4-90B853E59CF5} folder moved successfully.
C:\Users\Admin\AppData\Local\{2667AE30-3950-4C20-BE0E-D3F59793BEB2} folder moved successfully.
C:\Users\Admin\AppData\Local\{27AD781C-7E40-4051-BDCD-B145A2B55EE3} folder moved successfully.
C:\Users\Admin\AppData\Local\{28A40B28-7F87-4604-90FF-EC6A79A1F9FF} folder moved successfully.
C:\Users\Admin\AppData\Local\{296DB918-12B5-4490-BB82-2980F5F0A159} folder moved successfully.
C:\Users\Admin\AppData\Local\{2AC59CF3-1DB1-4617-9DF9-681655987D29} folder moved successfully.
C:\Users\Admin\AppData\Local\{2AC7BAEC-5562-45A6-AE32-8EFAA714B99B} folder moved successfully.
C:\Users\Admin\AppData\Local\{2B18C799-6228-4CF9-94E4-BEE1B9D4F6F8} folder moved successfully.
C:\Users\Admin\AppData\Local\{2B6A5F9E-EF8D-4ADF-9D01-7BFF6327E5AC} folder moved successfully.
C:\Users\Admin\AppData\Local\{2B6CF5D1-C0CF-4F7B-ABFA-43A765B65D7C} folder moved successfully.
C:\Users\Admin\AppData\Local\{2C63A471-89DF-4322-8164-159011EF62B7} folder moved successfully.
C:\Users\Admin\AppData\Local\{2E492456-0C85-479B-9D29-DFB0EDA605E5} folder moved successfully.
C:\Users\Admin\AppData\Local\{2E558F3F-73C4-4A86-94EB-EBCF5A63975B} folder moved successfully.
C:\Users\Admin\AppData\Local\{2EED9D1C-D820-49CE-91B0-C6DDC153221B} folder moved successfully.
C:\Users\Admin\AppData\Local\{32E83B6F-BE43-4CA4-AA65-F6B9AEEDD470} folder moved successfully.
C:\Users\Admin\AppData\Local\{345F9F7C-8133-45BF-A24D-3BEC746B7C96} folder moved successfully.
C:\Users\Admin\AppData\Local\{3468A910-7761-4ED3-828F-452387363AF2} folder moved successfully.
C:\Users\Admin\AppData\Local\{349F85A7-E424-476A-86DD-FABFE187D13F} folder moved successfully.
C:\Users\Admin\AppData\Local\{35B08925-7F82-4E81-BD8D-1DD2403FBA15} folder moved successfully.
C:\Users\Admin\AppData\Local\{360A4FF2-66FD-4C66-8FD9-F55C03D07E28} folder moved successfully.
C:\Users\Admin\AppData\Local\{36518612-8607-4FD2-A879-DBE203F7FE1C} folder moved successfully.
C:\Users\Admin\AppData\Local\{36B32911-88A7-40A8-B324-B25EC9A67E93} folder moved successfully.
C:\Users\Admin\AppData\Local\{371A1863-4445-495D-942A-E19FC37BD28B} folder moved successfully.
C:\Users\Admin\AppData\Local\{37370D35-0660-4CA6-8AD0-73A0F19AD7D2} folder moved successfully.
C:\Users\Admin\AppData\Local\{37686AEC-3AC9-484B-8E8C-4C5BEEA1F5A0} folder moved successfully.
C:\Users\Admin\AppData\Local\{383C13A5-0EA9-4088-B369-E5A7CCDD8BB2} folder moved successfully.
C:\Users\Admin\AppData\Local\{388DE5A6-ECE4-4EC8-894E-9C888F7F2A9D} folder moved successfully.
C:\Users\Admin\AppData\Local\{39257209-670C-42B8-8BF7-4CA44A0ACECF} folder moved successfully.
C:\Users\Admin\AppData\Local\{3A18BF47-63B4-4862-BF87-E6C3F4287DA8} folder moved successfully.
C:\Users\Admin\AppData\Local\{3A408243-1990-417E-9689-BFAD0695B697} folder moved successfully.
C:\Users\Admin\AppData\Local\{3A895010-51A0-4E28-A3B1-5D3E1B908EDB} folder moved successfully.
C:\Users\Admin\AppData\Local\{3B310D71-7BB9-4802-BFB2-A36B6E383993} folder moved successfully.
C:\Users\Admin\AppData\Local\{3BDE017A-8C81-4ECD-B62D-0762A98B127B} folder moved successfully.
C:\Users\Admin\AppData\Local\{3D290971-4158-492D-BC37-B14F9B43D7A5} folder moved successfully.
C:\Users\Admin\AppData\Local\{3DBC4621-D704-42CD-8222-5999BD194AAB} folder moved successfully.
C:\Users\Admin\AppData\Local\{3F457537-FFD7-4FD8-8FAD-3ECBC3959E52} folder moved successfully.
C:\Users\Admin\AppData\Local\{3F7B5C72-C737-4E9A-9003-A73648B477DA} folder moved successfully.
C:\Users\Admin\AppData\Local\{40232049-3BA2-4E28-901E-738A7C17CA45} folder moved successfully.
C:\Users\Admin\AppData\Local\{407455A4-BA56-439A-9633-766DD13DA970} folder moved successfully.
C:\Users\Admin\AppData\Local\{40CBCF59-9044-4924-95B0-A181B7A6D673} folder moved successfully.
C:\Users\Admin\AppData\Local\{40CF7AFA-9604-49F0-A3E6-F4A966B7D7E2} folder moved successfully.
C:\Users\Admin\AppData\Local\{40ED7413-A8B8-4011-9322-96FC81E9883C} folder moved successfully.
C:\Users\Admin\AppData\Local\{41975D64-2E8E-4B27-A6FA-8EDF9467D464} folder moved successfully.
C:\Users\Admin\AppData\Local\{41A85A44-148A-42E7-9224-0FF232116300} folder moved successfully.
C:\Users\Admin\AppData\Local\{423C3ECF-0784-43F3-A930-10D61F2777D1} folder moved successfully.
C:\Users\Admin\AppData\Local\{42C3F536-97A1-4B41-898E-B939109C3492} folder moved successfully.
C:\Users\Admin\AppData\Local\{4342F707-F022-45A3-AD6A-23B80D4D9D37} folder moved successfully.
C:\Users\Admin\AppData\Local\{435F9D3C-4935-494F-88E9-8CFA07522E20} folder moved successfully.
C:\Users\Admin\AppData\Local\{43667F97-ECB2-4A25-8881-8EDC863FDA08} folder moved successfully.
C:\Users\Admin\AppData\Local\{440B19C2-65ED-4133-8C2E-5B1D1D5D388E} folder moved successfully.
C:\Users\Admin\AppData\Local\{454E4B23-C84F-42AC-85E5-F84AE02CF7A7} folder moved successfully.
C:\Users\Admin\AppData\Local\{45769F1A-1342-48F8-960F-047915E2627B} folder moved successfully.
C:\Users\Admin\AppData\Local\{458567F2-D606-49AC-955C-CFB182A0D33D} folder moved successfully.
C:\Users\Admin\AppData\Local\{45B7D378-00CC-4873-BBBC-60617D598AAF} folder moved successfully.
C:\Users\Admin\AppData\Local\{466D6622-05D6-414B-B8DE-8959883E3CB2} folder moved successfully.
C:\Users\Admin\AppData\Local\{47007526-E539-43AE-A24F-4E425D5B2955} folder moved successfully.
C:\Users\Admin\AppData\Local\{47B60242-9188-4A8E-90FD-B080F1EB6B3E} folder moved successfully.
C:\Users\Admin\AppData\Local\{4952C85E-17B0-4EDC-BC6A-A08151DC5BCF} folder moved successfully.
C:\Users\Admin\AppData\Local\{496F127F-3A91-400B-8C24-6F3A2C234E92} folder moved successfully.
C:\Users\Admin\AppData\Local\{49AC3A8B-2466-4057-B4E8-91BFC90832AB} folder moved successfully.
C:\Users\Admin\AppData\Local\{4A24624D-FF85-40E3-9285-7C825ADCC1B0} folder moved successfully.
C:\Users\Admin\AppData\Local\{4A94F734-4711-430C-B1A5-74629E145C9C} folder moved successfully.
C:\Users\Admin\AppData\Local\{4AF46E16-2E34-4139-95FB-DCAAC679660F} folder moved successfully.
C:\Users\Admin\AppData\Local\{4B0E7995-8914-462D-98E2-4EAF2534BB19} folder moved successfully.
C:\Users\Admin\AppData\Local\{4B18A9E5-596B-44BA-9EEC-E55643704860} folder moved successfully.
C:\Users\Admin\AppData\Local\{4B2A35B7-64BE-433A-BE54-64AD9B658C55} folder moved successfully.
C:\Users\Admin\AppData\Local\{4C396E07-EABF-40B9-955B-FA416E17F5F1} folder moved successfully.
C:\Users\Admin\AppData\Local\{4DB1400B-27C5-4234-A4FD-5339FBF9192F} folder moved successfully.
C:\Users\Admin\AppData\Local\{4E412259-DEF4-40C8-AF8C-E514BECE2911} folder moved successfully.
C:\Users\Admin\AppData\Local\{4EF38820-4A6F-4668-B366-71797036BB5D} folder moved successfully.
C:\Users\Admin\AppData\Local\{500D841E-ECBF-4F68-BBB9-223451024207} folder moved successfully.
C:\Users\Admin\AppData\Local\{5063506A-C442-4A1A-B551-C17768B0CFAE} folder moved successfully.
C:\Users\Admin\AppData\Local\{506780AA-C3EB-4268-80FE-B16CCF90130E} folder moved successfully.
C:\Users\Admin\AppData\Local\{51196E99-D82E-4412-9041-D28E7B37340A} folder moved successfully.
C:\Users\Admin\AppData\Local\{519D0A39-3864-4F48-BDF8-8443FDD1A90E} folder moved successfully.
C:\Users\Admin\AppData\Local\{52961D52-540D-4DAB-A8AC-BD20C3C5F9A2} folder moved successfully.
C:\Users\Admin\AppData\Local\{52B1D313-1D2F-49CF-B018-AF78CC05721C} folder moved successfully.
C:\Users\Admin\AppData\Local\{5347E550-1BA8-4DC3-AC28-5DC31BB02AB6} folder moved successfully.
C:\Users\Admin\AppData\Local\{534C6B28-B1DB-4ABB-9383-C87F76980DD5} folder moved successfully.
C:\Users\Admin\AppData\Local\{53F06354-5D48-455C-A5F6-29DFD74C1867} folder moved successfully.
C:\Users\Admin\AppData\Local\{54B5BDBE-54BB-4555-95C5-031B3A16445B} folder moved successfully.
C:\Users\Admin\AppData\Local\{54DAF5B0-1430-4C71-91B8-7C7F83EA24C1} folder moved successfully.
C:\Users\Admin\AppData\Local\{55D5DDAD-C975-4305-B509-A0399021E944} folder moved successfully.
C:\Users\Admin\AppData\Local\{5724F692-9B91-4A09-B296-3A4920970CC7} folder moved successfully.
C:\Users\Admin\AppData\Local\{57F5F7EB-A866-42E4-84CD-04C84C5923DE} folder moved successfully.
C:\Users\Admin\AppData\Local\{58EBF592-2CC9-4008-BADB-7305FA51CD3F} folder moved successfully.
C:\Users\Admin\AppData\Local\{58F53F9A-BC8F-4EE5-B256-F75C8EDB36C3} folder moved successfully.
C:\Users\Admin\AppData\Local\{59F66153-6E08-4A59-8D48-9AC29971D0C4} folder moved successfully.
C:\Users\Admin\AppData\Local\{5A45DD01-CD2C-4F86-862B-7ADA4D6A2F5E} folder moved successfully.
C:\Users\Admin\AppData\Local\{5A51C231-A10B-46A3-A5B5-5663AD993FFE} folder moved successfully.
C:\Users\Admin\AppData\Local\{5AF2E172-F265-4D4C-9690-2651073961DB} folder moved successfully.
C:\Users\Admin\AppData\Local\{5B0078AF-4664-4E99-8A98-DDF13DB66072} folder moved successfully.
C:\Users\Admin\AppData\Local\{5B5BA6ED-1B1D-475D-8F93-5FEC32200D3F} folder moved successfully.
C:\Users\Admin\AppData\Local\{5B69C74A-BD0A-485B-B3EC-40799A0B8BD1} folder moved successfully.
C:\Users\Admin\AppData\Local\{5C73BEA4-DE80-4C13-96BA-14A134E4AEAD} folder moved successfully.
C:\Users\Admin\AppData\Local\{5C8D4AF0-A295-467F-AE4D-85C6DA710E57} folder moved successfully.
C:\Users\Admin\AppData\Local\{5E3D8B05-FC1E-49A8-ADF2-F362934D8779} folder moved successfully.
C:\Users\Admin\AppData\Local\{5E474D5E-DCB8-4EE1-AF2B-9E2EE34AC12F} folder moved successfully.
C:\Users\Admin\AppData\Local\{5EC21889-77B3-4937-98DE-94A21201D7F9} folder moved successfully.
C:\Users\Admin\AppData\Local\{5F7D930D-CD05-460B-BE95-DE8E8096D80A} folder moved successfully.
C:\Users\Admin\AppData\Local\{5FD2F237-0590-42F4-951D-6A47C149AD70} folder moved successfully.
C:\Users\Admin\AppData\Local\{5FE45541-B68C-497A-827B-4365D5E06221} folder moved successfully.
C:\Users\Admin\AppData\Local\{60410BFF-B8EE-4B50-93A2-8E71E20AFA91} folder moved successfully.
C:\Users\Admin\AppData\Local\{60917E8C-4671-49F5-8055-348A3B1F9377} folder moved successfully.
C:\Users\Admin\AppData\Local\{609FE1FD-0AF8-46E5-B04E-B1CE3D65D59A} folder moved successfully.
C:\Users\Admin\AppData\Local\{622FE24B-7EDF-468A-81BE-3AFFDFA3CA01} folder moved successfully.
C:\Users\Admin\AppData\Local\{6284626E-F0C3-49CF-B1C4-066F32F33E0C} folder moved successfully.
C:\Users\Admin\AppData\Local\{635D8570-B5C2-4B54-A92A-72C0E9204FCE} folder moved successfully.
C:\Users\Admin\AppData\Local\{643428F0-F431-4BE1-8361-9C70AE896FA7} folder moved successfully.
C:\Users\Admin\AppData\Local\{6491452D-F90B-47F5-8137-4E3F4200B9DC} folder moved successfully.
C:\Users\Admin\AppData\Local\{64C85B06-0B5A-4993-9E7F-EAE15344B03B} folder moved successfully.
C:\Users\Admin\AppData\Local\{6536789A-0BEB-466B-92A3-D0FA0812E29C} folder moved successfully.
C:\Users\Admin\AppData\Local\{65788122-10C7-4C1E-BEE8-CDEDCA92CBF1} folder moved successfully.
C:\Users\Admin\AppData\Local\{659E4521-489E-4A96-970B-32F6FF62D447} folder moved successfully.
C:\Users\Admin\AppData\Local\{66204D98-0EBF-49BB-9147-BAC296F0DD5D} folder moved successfully.
C:\Users\Admin\AppData\Local\{66A3BB6E-E5B7-4D6A-8A95-CF1EFCE363FC} folder moved successfully.
C:\Users\Admin\AppData\Local\{688D7FB2-B557-4A75-9F54-F667C8DE979A} folder moved successfully.
C:\Users\Admin\AppData\Local\{68A1D47A-BE9C-43AF-9720-9A275A5CD6A4} folder moved successfully.
C:\Users\Admin\AppData\Local\{69307B52-1CA4-4417-B213-89EC210DCE86} folder moved successfully.
C:\Users\Admin\AppData\Local\{6974EDFB-EC5D-45BB-897E-5FB43E0CF286} folder moved successfully.
C:\Users\Admin\AppData\Local\{6A3880FD-0AE5-4E6D-A41B-DC1D6694B042} folder moved successfully.
C:\Users\Admin\AppData\Local\{6AA7BAE5-1EC0-4ECF-8DAF-DBF368DC6CE4} folder moved successfully.
C:\Users\Admin\AppData\Local\{6B08597F-18EB-4F46-9318-6B73B5E89A2D} folder moved successfully.
C:\Users\Admin\AppData\Local\{6B5C106C-64EF-40FD-B42F-1B1FB20EBBA6} folder moved successfully.
C:\Users\Admin\AppData\Local\{6BCCFB05-4CFE-46AC-AFFD-49D4914776D9} folder moved successfully.
C:\Users\Admin\AppData\Local\{6C10B381-085B-452C-B206-0CCE2BEA946F} folder moved successfully.
C:\Users\Admin\AppData\Local\{6C735283-DD60-4687-8AAD-DD4E12B227F9} folder moved successfully.
C:\Users\Admin\AppData\Local\{6DE2C222-E987-4CC8-A363-D7B7EC2DAA6C} folder moved successfully.
C:\Users\Admin\AppData\Local\{6E3776F2-9B6C-4FB1-8D38-A2DAAC1DE40D} folder moved successfully.
C:\Users\Admin\AppData\Local\{6F61FF4D-957C-4839-B2CA-C58A68684C42} folder moved successfully.
C:\Users\Admin\AppData\Local\{71166EC7-2C70-41D7-8DA2-5E12CB35B580} folder moved successfully.
C:\Users\Admin\AppData\Local\{7191DC2D-9007-49A0-B846-2F68D2CCE025} folder moved successfully.
C:\Users\Admin\AppData\Local\{72B059A9-84F0-414A-BB7F-E8D7CA032366} folder moved successfully.
C:\Users\Admin\AppData\Local\{72DD09CC-3B7C-4BDC-AF04-3EC820ED6C04} folder moved successfully.
C:\Users\Admin\AppData\Local\{73298416-BD81-464E-8DF5-2433D9558C78} folder moved successfully.
C:\Users\Admin\AppData\Local\{73B248D9-D4A1-406A-B163-6B42D719FBBB} folder moved successfully.
C:\Users\Admin\AppData\Local\{73F6C0F2-FC87-4ACF-9D9A-24349A799EA8} folder moved successfully.
C:\Users\Admin\AppData\Local\{74435246-5558-41C5-A772-0C9393CBBD4E} folder moved successfully.
C:\Users\Admin\AppData\Local\{747AC6DC-68B1-4079-9D60-7060BB08AE97} folder moved successfully.
C:\Users\Admin\AppData\Local\{74ED2C8D-5300-4B48-9B52-ECE6015133FB} folder moved successfully.
C:\Users\Admin\AppData\Local\{7504939D-6919-4E4E-A5EA-5845653C82AC} folder moved successfully.
C:\Users\Admin\AppData\Local\{75A2DCFC-933A-49B9-B1AD-5B9CFD31AD62} folder moved successfully.
C:\Users\Admin\AppData\Local\{75BB93F0-827D-4D1C-BF9F-6119DA14A063} folder moved successfully.
C:\Users\Admin\AppData\Local\{75D1E8B6-9997-4074-927C-5EC6B7DA2621} folder moved successfully.
C:\Users\Admin\AppData\Local\{76309B9F-1195-4175-B7F5-4815713F705D} folder moved successfully.
C:\Users\Admin\AppData\Local\{769BF7FF-26C1-4A18-83DC-84D8CF3F4AC2} folder moved successfully.
C:\Users\Admin\AppData\Local\{76AB0FCA-DA96-41C3-BC1D-AA39A575FDD6} folder moved successfully.
C:\Users\Admin\AppData\Local\{76E66AAB-9F62-497A-AE19-1B42E7EA8FC1} folder moved successfully.
C:\Users\Admin\AppData\Local\{77351F9D-07B5-496C-BCF3-5A58BABF8C9E} folder moved successfully.
C:\Users\Admin\AppData\Local\{77FB085D-B1B9-4479-B875-6E75F94E933D} folder moved successfully.
C:\Users\Admin\AppData\Local\{78CE0C36-BCC1-486B-A7F1-494D529430A4} folder moved successfully.
C:\Users\Admin\AppData\Local\{7979C1F7-4F47-4140-83B6-3785FC25247F} folder moved successfully.
C:\Users\Admin\AppData\Local\{7A7E73DD-734D-43CA-8805-F4F16D18CEFE} folder moved successfully.
C:\Users\Admin\AppData\Local\{7ADB837A-743A-4D76-A09F-0EEFE95F3B4A} folder moved successfully.
C:\Users\Admin\AppData\Local\{7AE97A81-D470-4409-B312-3146A4D3BAA8} folder moved successfully.
C:\Users\Admin\AppData\Local\{7B1864FA-56B4-456B-A7B7-05E33A9EFA3A} folder moved successfully.
C:\Users\Admin\AppData\Local\{7C385428-5908-4DDE-8F83-FF362D0EDCFC} folder moved successfully.
C:\Users\Admin\AppData\Local\{7CC4EF15-8797-4E1F-AE47-876891DC51AC} folder moved successfully.
C:\Users\Admin\AppData\Local\{7DE6388C-BA32-42AD-A24F-32598CA0C3D8} folder moved successfully.
C:\Users\Admin\AppData\Local\{7DF6DA5C-A478-462E-8F1C-6B51B33DECF1} folder moved successfully.
C:\Users\Admin\AppData\Local\{7E12DFE3-1EFA-4280-AF1F-421DABA9B8C6} folder moved successfully.
C:\Users\Admin\AppData\Local\{7E742FE0-986D-445F-A3D9-806581966DCF} folder moved successfully.
C:\Users\Admin\AppData\Local\{7EE9F606-75F6-43AA-909A-E44CB6695A7C} folder moved successfully.
C:\Users\Admin\AppData\Local\{7EEE02E3-5328-458C-90B0-A0FC97BB4C43} folder moved successfully.
C:\Users\Admin\AppData\Local\{80EF6A03-69A1-4E76-A307-421B73E278F0} folder moved successfully.
C:\Users\Admin\AppData\Local\{812A9044-1575-453A-A747-99BCE7D8406C} folder moved successfully.
C:\Users\Admin\AppData\Local\{81C6544F-06D6-4F5E-B24D-CA51B353B3B0} folder moved successfully.
C:\Users\Admin\AppData\Local\{82DC6DD4-A893-49B0-830E-2D7DA39A7202} folder moved successfully.
C:\Users\Admin\AppData\Local\{83345BD3-A3F0-4A91-9F15-83907DD02E47} folder moved successfully.
C:\Users\Admin\AppData\Local\{83491308-B7E7-4499-B72F-1A3DD7E21994} folder moved successfully.
C:\Users\Admin\AppData\Local\{841B4F7B-EB9F-4176-8042-0314B2F37676} folder moved successfully.
C:\Users\Admin\AppData\Local\{84615652-B8DE-4CE7-82C1-772D7F762DCF} folder moved successfully.
C:\Users\Admin\AppData\Local\{846B77EB-C3B4-4274-8D81-1255912339FB} folder moved successfully.
C:\Users\Admin\AppData\Local\{8500EC66-86BE-4857-97D3-53221698FC9A} folder moved successfully.
C:\Users\Admin\AppData\Local\{8512C35B-0A18-42DB-9052-F1A54C75E13C} folder moved successfully.
C:\Users\Admin\AppData\Local\{856A7DD8-F1FD-409C-8CB4-8E6EFCC81430} folder moved successfully.
C:\Users\Admin\AppData\Local\{85744BC4-F0C9-4E35-A856-E83CE51467C8} folder moved successfully.
C:\Users\Admin\AppData\Local\{870EF4CF-D500-457E-9804-9B8AFC874C47} folder moved successfully.
C:\Users\Admin\AppData\Local\{877604CB-2FAE-41C7-B16E-5B7E76A6CEE1} folder moved successfully.
C:\Users\Admin\AppData\Local\{87BC6BF3-F258-4383-AA17-CEF9EAF755C4} folder moved successfully.
C:\Users\Admin\AppData\Local\{87EC3C68-0DC7-4889-9BAF-5E95B0DED2DC} folder moved successfully.
C:\Users\Admin\AppData\Local\{888F8F53-E215-4636-833B-71AF3A2AF774} folder moved successfully.
C:\Users\Admin\AppData\Local\{8908AF5C-3840-4250-82F4-858D0D158E3E} folder moved successfully.
C:\Users\Admin\AppData\Local\{89A8FB2A-9EBF-42BF-9CB9-CF9256C42AB5} folder moved successfully.
C:\Users\Admin\AppData\Local\{89CA8D3E-9A77-4B3F-A2A1-257785687238} folder moved successfully.
C:\Users\Admin\AppData\Local\{8B7B54FF-6844-461E-98E0-A862978DBD0C} folder moved successfully.
C:\Users\Admin\AppData\Local\{8D6B5B0A-EA93-458A-BA6E-BCAC9E56BB53} folder moved successfully.
C:\Users\Admin\AppData\Local\{8E295A32-7808-4516-9CBA-A28B6B9662D9} folder moved successfully.
C:\Users\Admin\AppData\Local\{8EA4EEBA-E7EC-4CE0-A1AA-21A8450BA325} folder moved successfully.
C:\Users\Admin\AppData\Local\{904FA62A-CC84-472B-9C8B-DA2939382AA0} folder moved successfully.
C:\Users\Admin\AppData\Local\{913B671C-B73A-4D63-8E37-A9B97CD2EDAF} folder moved successfully.
C:\Users\Admin\AppData\Local\{9295C6A3-65D2-4328-9529-C3A555C1240E} folder moved successfully.
C:\Users\Admin\AppData\Local\{9317CBAB-C5CC-4BBA-8E2B-12ED459C2C8E} folder moved successfully.
C:\Users\Admin\AppData\Local\{932669C6-1F55-4588-9EF8-D445FE61746D} folder moved successfully.
C:\Users\Admin\AppData\Local\{9498AAB5-CA52-4B23-9EA5-AC3895D1829A} folder moved successfully.
C:\Users\Admin\AppData\Local\{94C673DF-FAE7-4BD7-B750-FB37401E4607} folder moved successfully.
C:\Users\Admin\AppData\Local\{97E43181-84FF-4C6F-AA0A-58EBCCC3CE1E} folder moved successfully.
C:\Users\Admin\AppData\Local\{98F52FCC-923A-4811-AA09-DD5D9959F205} folder moved successfully.
C:\Users\Admin\AppData\Local\{99286F94-AAED-41FE-9AEA-B99D6E74B0D0} folder moved successfully.
C:\Users\Admin\AppData\Local\{996CB169-560B-422D-AE37-E23B645323B2} folder moved successfully.
C:\Users\Admin\AppData\Local\{9A995EFE-110E-47EB-A491-36B242F44BC1} folder moved successfully.
C:\Users\Admin\AppData\Local\{9AB84523-DEC1-409B-B26B-14F442B257E5} folder moved successfully.
C:\Users\Admin\AppData\Local\{9ACDC4C1-2481-4F0C-969A-0B250DE5D334} folder moved successfully.
C:\Users\Admin\AppData\Local\{9BB7A1B4-774E-475E-A592-DCC7CAD04BAB} folder moved successfully.
C:\Users\Admin\AppData\Local\{9DBED515-CAD0-41F1-B925-8E69BEBCD0D7} folder moved successfully.
C:\Users\Admin\AppData\Local\{9E5C7B4F-5A46-458E-9BAE-0001A6640C4A} folder moved successfully.
C:\Users\Admin\AppData\Local\{9E6E0195-A1EE-4A6E-998E-60DE21094C52} folder moved successfully.
C:\Users\Admin\AppData\Local\{9E8D9612-39DC-4F3D-8DD7-949E6B5436C8} folder moved successfully.
C:\Users\Admin\AppData\Local\{9ECD7734-6F1A-45C8-B888-0A2272A8C0EC} folder moved successfully.
C:\Users\Admin\AppData\Local\{9EE93812-177F-4208-8743-440E953CD8BD} folder moved successfully.
C:\Users\Admin\AppData\Local\{9FC4300C-CD28-452B-8EA6-4ACE910F9CF6} folder moved successfully.
C:\Users\Admin\AppData\Local\{9FEF158D-A9FA-42C4-B20F-C2F93830A1B5} folder moved successfully.
C:\Users\Admin\AppData\Local\{A00E86D1-192C-4446-ABC8-594D7BA747E8} folder moved successfully.
C:\Users\Admin\AppData\Local\{A051A8E5-9437-48C6-8F1E-A3EFBD8D4AD9} folder moved successfully.
C:\Users\Admin\AppData\Local\{A052AA89-4036-4663-A556-907AE18EFBCD} folder moved successfully.
C:\Users\Admin\AppData\Local\{A198DFB3-6822-4C84-A502-35721AAD5BE1} folder moved successfully.
C:\Users\Admin\AppData\Local\{A408568C-9E67-4CF7-8966-4302F85C37B3} folder moved successfully.
C:\Users\Admin\AppData\Local\{A4583D49-B0A5-4EDB-BF3F-F4D3867C5EEF} folder moved successfully.
C:\Users\Admin\AppData\Local\{A52A845F-E90F-42ED-A5C2-F9D02BF8A5D1} folder moved successfully.
C:\Users\Admin\AppData\Local\{A53BEEFC-7796-4EE9-9089-A06BC7E65741} folder moved successfully.
C:\Users\Admin\AppData\Local\{A54A6210-F201-49BF-8860-E893A3955059} folder moved successfully.
C:\Users\Admin\AppData\Local\{A5BA3D0D-3BF6-4ADC-A22C-7A833B7CAEC4} folder moved successfully.
C:\Users\Admin\AppData\Local\{A5F55B5D-86FA-4A30-BF89-FEC3661C3E99} folder moved successfully.
C:\Users\Admin\AppData\Local\{A935BC1C-85AD-46E6-9E1D-2A40D54076D5} folder moved successfully.
C:\Users\Admin\AppData\Local\{A9667B21-D834-4D5E-B165-B98CC4A967CB} folder moved successfully.
C:\Users\Admin\AppData\Local\{A9E32716-D70E-4FD5-B027-5E65763242DA} folder moved successfully.
C:\Users\Admin\AppData\Local\{AA9BE1E5-EC3F-4D3D-9595-281C6A257EBF} folder moved successfully.
C:\Users\Admin\AppData\Local\{AB9ACBF9-7885-4D9F-A709-23547B6B1FBD} folder moved successfully.
C:\Users\Admin\AppData\Local\{AC21C114-4C76-4BCF-A87F-3C443807BD61} folder moved successfully.
C:\Users\Admin\AppData\Local\{AE8B9E44-7559-4253-A28A-63DEC8F1A4B5} folder moved successfully.
C:\Users\Admin\AppData\Local\{AF253593-B74B-4410-AA68-3DF66D1C554B} folder moved successfully.
C:\Users\Admin\AppData\Local\{AF4ED743-D747-4D89-836E-1941B6E45DF3} folder moved successfully.
C:\Users\Admin\AppData\Local\{AF9C2B69-FF7A-4EFD-A7F8-6D9219254F4E} folder moved successfully.
C:\Users\Admin\AppData\Local\{B02C9B16-98A2-4373-A8F2-FE10F6BEC95F} folder moved successfully.
C:\Users\Admin\AppData\Local\{B06D61BF-1948-49C6-9861-A15347A49770} folder moved successfully.
C:\Users\Admin\AppData\Local\{B08CE8B2-3897-429B-BB95-B55D6917790B} folder moved successfully.
C:\Users\Admin\AppData\Local\{B1936B4A-AC72-4D9E-BFCA-11BF783CDC85} folder moved successfully.
C:\Users\Admin\AppData\Local\{B219EBE4-4D8B-4442-B576-2C752BE25BC5} folder moved successfully.
C:\Users\Admin\AppData\Local\{B24F1250-B4E4-4BB0-8934-815E67E6BB90} folder moved successfully.
C:\Users\Admin\AppData\Local\{B3C11412-FDE0-4494-BFD7-1388D5BE00CE} folder moved successfully.
C:\Users\Admin\AppData\Local\{B4AEA2A0-63F1-426F-8BCA-6C925AD823CB} folder moved successfully.
C:\Users\Admin\AppData\Local\{B50364D4-E944-49D5-AF79-E5975DCDD245} folder moved successfully.
C:\Users\Admin\AppData\Local\{B5245818-1B2A-4B49-86C2-1A3EDD896225} folder moved successfully.
C:\Users\Admin\AppData\Local\{B5ABD890-66F8-4325-A5C4-4B3198C7A705} folder moved successfully.
C:\Users\Admin\AppData\Local\{B5C1942E-8F65-43AF-97AD-DCF1240797AE} folder moved successfully.
C:\Users\Admin\AppData\Local\{B5C3044E-C717-4DD1-9F8F-08A14F2C8DF7} folder moved successfully.
C:\Users\Admin\AppData\Local\{B60DFC6D-5951-4FFF-9E17-8C33E053E7A0} folder moved successfully.
C:\Users\Admin\AppData\Local\{B63AB85C-1F4D-4BB5-BA22-9791DDD727F4} folder moved successfully.
C:\Users\Admin\AppData\Local\{B6DCFE41-20A0-4496-A42B-6C88432B9146} folder moved successfully.
C:\Users\Admin\AppData\Local\{B7EA74DD-0EDC-4267-8E5F-E3CC727A56D1} folder moved successfully.
C:\Users\Admin\AppData\Local\{B801BCE5-9C17-47E0-91D3-348F70B9CBC1} folder moved successfully.
C:\Users\Admin\AppData\Local\{B815ED10-4C94-4EB6-991C-60F08592B1DF} folder moved successfully.
C:\Users\Admin\AppData\Local\{B830D009-F431-4F7E-A9FF-1B4E67391116} folder moved successfully.
C:\Users\Admin\AppData\Local\{B86A2BE0-B577-470E-B043-5C0DF323237E} folder moved successfully.
C:\Users\Admin\AppData\Local\{B9196145-52DF-4B9D-AB3E-AB97A0ADC57E} folder moved successfully.
C:\Users\Admin\AppData\Local\{B93F5A4F-9557-4676-B016-846D89F65C85} folder moved successfully.
C:\Users\Admin\AppData\Local\{BAAB6E8C-2118-4F04-97F2-A77FBC8B6508} folder moved successfully.
C:\Users\Admin\AppData\Local\{BB4B9C24-C360-4C05-8E33-C382CF206566} folder moved successfully.
C:\Users\Admin\AppData\Local\{BB85160F-E8AB-4FD2-9FCC-96AB798EBFD2} folder moved successfully.
C:\Users\Admin\AppData\Local\{BBA3143C-72F4-4BA5-A17F-6FA476FE9956} folder moved successfully.
C:\Users\Admin\AppData\Local\{BD1C463D-BD77-4117-85AD-40D477889DCC} folder moved successfully.
C:\Users\Admin\AppData\Local\{BD610DD2-D7B3-472C-8E9A-28DB1048ECA4} folder moved successfully.
C:\Users\Admin\AppData\Local\{BD68E90B-7866-41F3-910D-7BD4576022B6} folder moved successfully.
C:\Users\Admin\AppData\Local\{BD87BE83-3954-492F-A35C-D32E01184981} folder moved successfully.
C:\Users\Admin\AppData\Local\{BE76D23E-E414-410D-9DF4-9BE96859B145} folder moved successfully.
C:\Users\Admin\AppData\Local\{BEA77777-D93C-4EC3-B4F1-63F96D7A79B5} folder moved successfully.
C:\Users\Admin\AppData\Local\{BF3C2E74-7E0C-4673-9209-8FAC546B2017} folder moved successfully.
C:\Users\Admin\AppData\Local\{BF3EF24C-2DC8-46E8-8D58-07D4918272EE} folder moved successfully.
C:\Users\Admin\AppData\Local\{BF5904E2-70AD-40B0-9DBC-FCDEB90F45FD} folder moved successfully.
C:\Users\Admin\AppData\Local\{C0FE7E19-1C40-43EA-87D6-D64959AED31E} folder moved successfully.
C:\Users\Admin\AppData\Local\{C18B5654-E7AF-4417-807F-77A40FBFBBBD} folder moved successfully.
C:\Users\Admin\AppData\Local\{C1F57301-6EFB-4C9A-88C3-ACC26380C19D} folder moved successfully.
C:\Users\Admin\AppData\Local\{C223F870-6A79-4BCD-A7ED-0CBBBA87E1D6} folder moved successfully.
C:\Users\Admin\AppData\Local\{C2845A8A-8876-4FBB-88A0-9C51B26390BD} folder moved successfully.
C:\Users\Admin\AppData\Local\{C2EDBE81-CC38-4495-B020-3BBB53654B54} folder moved successfully.
C:\Users\Admin\AppData\Local\{C3208DFB-9CE5-464F-939F-C00BA6A50D8C} folder moved successfully.
C:\Users\Admin\AppData\Local\{C4162759-DAA9-46DE-A038-4DA853173C5B} folder moved successfully.
C:\Users\Admin\AppData\Local\{C4296B36-36CF-4915-8DD5-C56E3E45BB1C} folder moved successfully.
C:\Users\Admin\AppData\Local\{C4F2BF72-054D-4F55-848F-A070866C29A6} folder moved successfully.
C:\Users\Admin\AppData\Local\{C5400866-BF67-40F7-9F66-ABB343E39D1B} folder moved successfully.
C:\Users\Admin\AppData\Local\{C5680412-9369-47F8-9322-7492982C9332} folder moved successfully.
C:\Users\Admin\AppData\Local\{C64E648C-838A-4C61-82A5-B61E7D16E7E9} folder moved successfully.
C:\Users\Admin\AppData\Local\{C810CDC7-F8E9-48F0-98E5-892555895259} folder moved successfully.
C:\Users\Admin\AppData\Local\{C83C037E-AD6F-4B17-B508-E7787DAB2B56} folder moved successfully.
C:\Users\Admin\AppData\Local\{CB0B7848-DB40-434E-83FA-BE45BFDDAC71} folder moved successfully.
C:\Users\Admin\AppData\Local\{CB234404-7E1E-4BBB-ADEF-DD92F31D89B2} folder moved successfully.
C:\Users\Admin\AppData\Local\{CB2D0615-7095-4AE1-B1E3-D585B383D386} folder moved successfully.
C:\Users\Admin\AppData\Local\{CCABA481-55D9-4A62-8B3D-07531ADC852A} folder moved successfully.
C:\Users\Admin\AppData\Local\{CCE7C76E-A897-4685-A151-B57BC2010B8F} folder moved successfully.
C:\Users\Admin\AppData\Local\{CD59E1FE-F93A-4DD7-AD3D-F1B8DC05B5E4} folder moved successfully.
C:\Users\Admin\AppData\Local\{CD698BF9-C496-43A8-BE6D-A7A6FC46F0F3} folder moved successfully.
C:\Users\Admin\AppData\Local\{CEA10E36-9271-4556-9367-133BE898A12F} folder moved successfully.
C:\Users\Admin\AppData\Local\{D027A15E-903B-4AAA-A89F-27284BA4286D} folder moved successfully.
C:\Users\Admin\AppData\Local\{D0AECFE1-738B-45B3-B7CB-B888CE6C47CD} folder moved successfully.
C:\Users\Admin\AppData\Local\{D0BE226E-8765-410F-ABC2-2CB5654D6B77} folder moved successfully.
C:\Users\Admin\AppData\Local\{D0E1C5AE-7DE1-4EBD-8324-BBD987227F7E} folder moved successfully.
C:\Users\Admin\AppData\Local\{D10A57D5-EC9A-4084-9565-962928919A53} folder moved successfully.
C:\Users\Admin\AppData\Local\{D120FC4F-51E5-403D-A671-F3CEB78413D3} folder moved successfully.
C:\Users\Admin\AppData\Local\{D23DACE7-0D3F-433A-97A7-A44FA65FA750} folder moved successfully.
C:\Users\Admin\AppData\Local\{D45282A9-0B64-4C61-9A3D-91B8F9A7185A} folder moved successfully.
C:\Users\Admin\AppData\Local\{D5E686C3-89C0-4EE9-A2FA-12A01B155AE7} folder moved successfully.
C:\Users\Admin\AppData\Local\{D6515423-608D-4415-AED4-9030DD10E857} folder moved successfully.
C:\Users\Admin\AppData\Local\{D6856003-8951-4CA2-B060-E8DEC4914715} folder moved successfully.
C:\Users\Admin\AppData\Local\{D6897422-259A-4E65-A38D-69F758ED4160} folder moved successfully.
C:\Users\Admin\AppData\Local\{D689F2C7-86C3-4029-A1E6-778C6A9ECC3C} folder moved successfully.
C:\Users\Admin\AppData\Local\{D765F5D7-7F4A-468C-9546-286AEDAD974C} folder moved successfully.
C:\Users\Admin\AppData\Local\{D7E69B67-297E-44A9-A826-E985DFEE8F5F} folder moved successfully.
C:\Users\Admin\AppData\Local\{D826EFEE-30BC-49E6-9C4C-FAAB85266BA3} folder moved successfully.
C:\Users\Admin\AppData\Local\{D8537C8D-256E-48C7-A9A8-C46EA1E49FCE} folder moved successfully.
C:\Users\Admin\AppData\Local\{D8719D94-1618-487E-838B-39D9384FEC0F} folder moved successfully.
C:\Users\Admin\AppData\Local\{D911BB82-C65F-4FBC-B237-F76A11C7E5F3} folder moved successfully.
C:\Users\Admin\AppData\Local\{D923B036-A8EB-4195-B2C0-F5DAF1C7A580} folder moved successfully.
C:\Users\Admin\AppData\Local\{DA29A98A-B26A-42B0-86E6-A4C21207C62A} folder moved successfully.
C:\Users\Admin\AppData\Local\{DABDD214-58CF-48D7-8AC4-8238DB5BFD1A} folder moved successfully.
C:\Users\Admin\AppData\Local\{DB34D0CC-E907-40F5-8D99-24B1CD5483DA} folder moved successfully.
C:\Users\Admin\AppData\Local\{DB8D4861-6B7B-43B5-9B89-AF9946BAFEE0} folder moved successfully.
C:\Users\Admin\AppData\Local\{DC8F82D9-8FA1-43E4-8E00-E98145D94920} folder moved successfully.
C:\Users\Admin\AppData\Local\{DD8EAC9A-3B46-454E-B4CD-2E54FAC71D4E} folder moved successfully.
C:\Users\Admin\AppData\Local\{DF0A46AD-3E0A-403B-9F97-1BDE8B6F43ED} folder moved successfully.
C:\Users\Admin\AppData\Local\{DF335167-D955-49C8-8195-39DCDD305F65} folder moved successfully.
C:\Users\Admin\AppData\Local\{DF62C9D6-8B70-479D-A0F5-40C1CD051F7D} folder moved successfully.
C:\Users\Admin\AppData\Local\{E04E67BC-54BB-418F-9D4F-2671FF23C799} folder moved successfully.
C:\Users\Admin\AppData\Local\{E07061D7-E84F-4697-8421-5CEC02462459} folder moved successfully.
C:\Users\Admin\AppData\Local\{E24E813D-252C-4DCB-8578-885F1D5DCD4C} folder moved successfully.
C:\Users\Admin\AppData\Local\{E2DBF1BC-1C9A-415D-AFC0-6E6B7340C951} folder moved successfully.
C:\Users\Admin\AppData\Local\{E3085C85-C7A6-481F-AF5C-38B33BF0BE46} folder moved successfully.
C:\Users\Admin\AppData\Local\{E3433796-D44D-4225-814F-B76724C305EB} folder moved successfully.
C:\Users\Admin\AppData\Local\{E3C9783D-CEFA-4E1F-97D4-4B251B6557F3} folder moved successfully.
C:\Users\Admin\AppData\Local\{E4E0FCEF-BC6B-4EFD-B623-8DF3E44F01F6} folder moved successfully.
C:\Users\Admin\AppData\Local\{E55957D0-FDFC-4FE8-AC9A-71FB1D1B32B3} folder moved successfully.
C:\Users\Admin\AppData\Local\{E61694A1-92F7-40C9-AF93-9B3AA8ED73E5} folder moved successfully.
C:\Users\Admin\AppData\Local\{E6A36DEF-BA14-46B0-9917-B32A3AE6A9CA} folder moved successfully.
C:\Users\Admin\AppData\Local\{E6F014DC-046C-46F7-BE93-1AD051DAFB0B} folder moved successfully.
C:\Users\Admin\AppData\Local\{E7119FEF-B2AE-49A5-8A1A-DD8B2016B09A} folder moved successfully.
C:\Users\Admin\AppData\Local\{E72D5087-DA3F-423B-94B3-12DCF2441637} folder moved successfully.
C:\Users\Admin\AppData\Local\{E7D742AF-FAB1-4D50-9825-A3C6B4EB315B} folder moved successfully.
C:\Users\Admin\AppData\Local\{E96780E5-BDE8-4091-B7A8-B41F666C5927} folder moved successfully.
C:\Users\Admin\AppData\Local\{E9F7E157-B864-4414-9F53-F2DBBD271F8A} folder moved successfully.
C:\Users\Admin\AppData\Local\{EB13064B-4D32-4877-89CE-0665D1096941} folder moved successfully.
C:\Users\Admin\AppData\Local\{ECA60E6E-C336-4D0E-AEF2-68EF4CBDCA5F} folder moved successfully.
C:\Users\Admin\AppData\Local\{ECBF4C9E-C860-47EF-8195-7981362E9A04} folder moved successfully.
C:\Users\Admin\AppData\Local\{EF7E52B2-6EA9-48AD-BF0B-20492DEF7CA5} folder moved successfully.
C:\Users\Admin\AppData\Local\{F1522562-C505-420E-AD51-70FBD57102B1} folder moved successfully.
C:\Users\Admin\AppData\Local\{F2B3AD64-D206-4748-96B4-18456D462C10} folder moved successfully.
C:\Users\Admin\AppData\Local\{F400885D-93E9-491E-9340-E74A77C83306} folder moved successfully.
C:\Users\Admin\AppData\Local\{F514A68B-5F5D-4668-AE5A-EEB2D7B46C37} folder moved successfully.
C:\Users\Admin\AppData\Local\{F606C923-D50A-47E8-913F-C452BF376131} folder moved successfully.
C:\Users\Admin\AppData\Local\{F608FDB7-B0A2-44B4-AB72-D140463A2544} folder moved successfully.
C:\Users\Admin\AppData\Local\{F66F8659-9B5F-4A05-9CF8-99A50BF6B916} folder moved successfully.
C:\Users\Admin\AppData\Local\{F73E9B8F-3222-494D-A315-D971686064FF} folder moved successfully.
C:\Users\Admin\AppData\Local\{F7BA2EA1-7768-464E-8000-66BB52219B0F} folder moved successfully.
C:\Users\Admin\AppData\Local\{F8326B39-A9B6-4BF5-A74E-FA3DB14F24A8} folder moved successfully.
C:\Users\Admin\AppData\Local\{F85BB833-4993-4E72-9E2B-D54662CBF2C5} folder moved successfully.
C:\Users\Admin\AppData\Local\{F884DE21-6618-46FC-A172-0840BD08800A} folder moved successfully.
C:\Users\Admin\AppData\Local\{F97E145D-1798-4B06-AFD6-9D5D23981FE4} folder moved successfully.
C:\Users\Admin\AppData\Local\{FA1D88AB-EEDC-47BC-B30D-7B363EEAAC09} folder moved successfully.
C:\Users\Admin\AppData\Local\{FA2EFF7B-EB95-405D-BC3B-427F8EB89CFF} folder moved successfully.
C:\Users\Admin\AppData\Local\{FA5E4F6B-2CB5-4C13-B692-38B813F5A89D} folder moved successfully.
C:\Users\Admin\AppData\Local\{FAEC9E45-0FD0-42ED-BB60-E12A86032029} folder moved successfully.
C:\Users\Admin\AppData\Local\{FB6D394B-9FAD-4E2F-88C2-8740F538A7AE} folder moved successfully.
C:\Users\Admin\AppData\Local\{FC968916-7763-4905-9676-7FE2799A0144} folder moved successfully.
C:\Users\Admin\AppData\Local\{FE0A7E62-1C4C-437A-A6A2-0053A85A113F} folder moved successfully.
C:\Users\Admin\AppData\Local\{FE509DDE-5A77-4734-9235-40720463891D} folder moved successfully.
C:\Users\Admin\AppData\Local\{FE6504FB-27F2-45ED-90BB-2C8AA167A511} folder moved successfully.
C:\Users\Admin\AppData\Local\{FE7C00A9-53E6-4D03-BE51-3D18632B124F} folder moved successfully.
C:\Users\Admin\AppData\Local\{FE943F8A-8968-44D9-9F2F-966063917C2A} folder moved successfully.
C:\Users\Admin\AppData\Local\{FFE11F33-B207-448B-A71E-107B097AF88E} folder moved successfully.
C:\Users\Admin\AppData\Local\{FFEEB751-EA1F-4DE7-B5CF-9AC0D2EA3D4D} folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 3600655307 bytes
->Temporary Internet Files folder emptied: 489338633 bytes
->Java cache emptied: 1590544 bytes
->FireFox cache emptied: 80686943 bytes
->Google Chrome cache emptied: 21029976 bytes
->Flash cache emptied: 5676 bytes
 
User: Default
->Flash cache emptied: 56466 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2336215 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 614820188 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 6452038815 bytes
 
Total Files Cleaned = 10.741,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12222011_220451

Files\Folders moved on Reboot...
C:\Users\Admin\AppData\Local\Temp\McAfeeLogs\UpdaterUI_ADMIN-PC.log moved successfully.
C:\Users\Admin\AppData\Local\Temp\McAfeeLogs\UpdaterUI_ADMIN-PC_error.log moved successfully.
C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
:dankeschoen:
Rob.

cosinus 22.12.2011 22:47
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

qwertz999 22.12.2011 23:28
und hier:
Code:
23:26:48.0396 2140        TDSS rootkit removing tool 2.6.24.0 Dec 22 2011 18:21:27
23:26:48.0474 2140        ============================================================
23:26:48.0474 2140        Current date / time: 2011/12/22 23:26:48.0474
23:26:48.0474 2140        SystemInfo:
23:26:48.0474 2140       
23:26:48.0474 2140        OS Version: 6.1.7601 ServicePack: 1.0
23:26:48.0474 2140        Product type: Workstation
23:26:48.0474 2140        ComputerName: ADMIN-PC
23:26:48.0474 2140        UserName: Admin
23:26:48.0474 2140        Windows directory: C:\Windows
23:26:48.0474 2140        System windows directory: C:\Windows
23:26:48.0474 2140        Running under WOW64
23:26:48.0474 2140        Processor architecture: Intel x64
23:26:48.0474 2140        Number of processors: 4
23:26:48.0474 2140        Page size: 0x1000
23:26:48.0474 2140        Boot type: Normal boot
23:26:48.0474 2140        ============================================================
23:26:49.0238 2140        Initialize success
23:26:55.0400 4160        ============================================================
23:26:55.0400 4160        Scan started
23:26:55.0400 4160        Mode: Manual; SigCheck; TDLFS;
23:26:55.0400 4160        ============================================================
23:26:55.0806 4160        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:26:55.0868 4160        1394ohci - ok
23:26:55.0884 4160        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:26:55.0899 4160        ACPI - ok
23:26:55.0915 4160        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:26:55.0915 4160        AcpiPmi - ok
23:26:55.0977 4160        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:26:56.0008 4160        adp94xx - ok
23:26:56.0024 4160        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:26:56.0024 4160        adpahci - ok
23:26:56.0040 4160        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:26:56.0040 4160        adpu320 - ok
23:26:56.0102 4160        AFD            (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
23:26:56.0118 4160        AFD - ok
23:26:56.0133 4160        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:26:56.0149 4160        agp440 - ok
23:26:56.0164 4160        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:26:56.0164 4160        aliide - ok
23:26:56.0180 4160        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:26:56.0180 4160        amdide - ok
23:26:56.0196 4160        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:26:56.0211 4160        AmdK8 - ok
23:26:56.0227 4160        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:26:56.0227 4160        AmdPPM - ok
23:26:56.0258 4160        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:26:56.0258 4160        amdsata - ok
23:26:56.0274 4160        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:26:56.0289 4160        amdsbs - ok
23:26:56.0305 4160        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:26:56.0305 4160        amdxata - ok
23:26:56.0336 4160        AnyDVD          (2c4a05fcef72ef614dcd11d0872498c9) C:\Windows\system32\Drivers\AnyDVD.sys
23:26:56.0367 4160        AnyDVD - ok
23:26:56.0398 4160        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:26:56.0414 4160        AppID - ok
23:26:56.0430 4160        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:26:56.0445 4160        arc - ok
23:26:56.0445 4160        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:26:56.0461 4160        arcsas - ok
23:26:56.0476 4160        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:26:56.0492 4160        AsyncMac - ok
23:26:56.0523 4160        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:26:56.0523 4160        atapi - ok
23:26:56.0539 4160        AthBTPort      (aaae03f8eda817ec28c5445193ea8bf3) C:\Windows\system32\DRIVERS\btath_flt.sys
23:26:56.0554 4160        AthBTPort - ok
23:26:56.0570 4160        ATHDFU          (4ecc791539f23982411864037d1ac8fc) C:\Windows\system32\Drivers\AthDfu.sys
23:26:56.0586 4160        ATHDFU - ok
23:26:56.0617 4160        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:26:56.0632 4160        b06bdrv - ok
23:26:56.0648 4160        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:26:56.0664 4160        b57nd60a - ok
23:26:56.0679 4160        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:26:56.0710 4160        Beep - ok
23:26:56.0726 4160        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:26:56.0742 4160        blbdrive - ok
23:26:56.0773 4160        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:26:56.0788 4160        bowser - ok
23:26:56.0804 4160        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:26:56.0820 4160        BrFiltLo - ok
23:26:56.0835 4160        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:26:56.0835 4160        BrFiltUp - ok
23:26:56.0866 4160        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:26:56.0866 4160        Brserid - ok
23:26:56.0882 4160        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:26:56.0898 4160        BrSerWdm - ok
23:26:56.0913 4160        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:26:56.0929 4160        BrUsbMdm - ok
23:26:56.0929 4160        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:26:56.0944 4160        BrUsbSer - ok
23:26:56.0960 4160        BTATH_A2DP      (3b1b573371b206d1d5f25e0ef5fcd6d6) C:\Windows\system32\drivers\btath_a2dp.sys
23:26:56.0976 4160        BTATH_A2DP - ok
23:26:56.0991 4160        BTATH_BUS      (2d0446336d9db55a742b999ec16adf15) C:\Windows\system32\DRIVERS\btath_bus.sys
23:26:56.0991 4160        BTATH_BUS - ok
23:26:57.0007 4160        BTATH_HCRP      (9a9694bbeb2849eaf95dffcae5df02ad) C:\Windows\system32\DRIVERS\btath_hcrp.sys
23:26:57.0022 4160        BTATH_HCRP - ok
23:26:57.0022 4160        BTATH_LWFLT    (fc0a8075ddf2e9c66267aec91e0676f9) C:\Windows\system32\DRIVERS\btath_lwflt.sys
23:26:57.0038 4160        BTATH_LWFLT - ok
23:26:57.0054 4160        BTATH_RCP      (5eb4815cbddba4541f2380dae6e269ab) C:\Windows\system32\DRIVERS\btath_rcp.sys
23:26:57.0054 4160        BTATH_RCP - ok
23:26:57.0085 4160        BtFilter        (0ecede7b33cfd9a52a61220abbd09a50) C:\Windows\system32\DRIVERS\btfilter.sys
23:26:57.0085 4160        BtFilter - ok
23:26:57.0132 4160        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
23:26:57.0132 4160        BthEnum - ok
23:26:57.0147 4160        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:26:57.0163 4160        BTHMODEM - ok
23:26:57.0163 4160        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
23:26:57.0178 4160        BthPan - ok
23:26:57.0225 4160        BTHPORT        (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
23:26:57.0225 4160        BTHPORT - ok
23:26:57.0256 4160        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
23:26:57.0272 4160        BTHUSB - ok
23:26:57.0303 4160        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:26:57.0334 4160        cdfs - ok
23:26:57.0366 4160        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:26:57.0381 4160        cdrom - ok
23:26:57.0397 4160        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:26:57.0412 4160        circlass - ok
23:26:57.0459 4160        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:26:57.0475 4160        CLFS - ok
23:26:57.0522 4160        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:26:57.0522 4160        CmBatt - ok
23:26:57.0553 4160        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:26:57.0568 4160        cmdide - ok
23:26:57.0600 4160        CNG            (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
23:26:57.0631 4160        CNG - ok
23:26:57.0646 4160        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:26:57.0646 4160        Compbatt - ok
23:26:57.0662 4160        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:26:57.0678 4160        CompositeBus - ok
23:26:57.0693 4160        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:26:57.0693 4160        crcdisk - ok
23:26:57.0724 4160        CVirtA          (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
23:26:57.0740 4160        CVirtA - ok
23:26:57.0756 4160        CVPNDRVA        (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
23:26:57.0771 4160        CVPNDRVA - ok
23:26:57.0802 4160        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:26:57.0818 4160        DfsC - ok
23:26:57.0818 4160        dgderdrv - ok
23:26:57.0849 4160        dg_ssudbus      (bf4e72d6fa78fedc4b8577116eface7e) C:\Windows\system32\DRIVERS\ssudbus.sys
23:26:57.0849 4160        dg_ssudbus - ok
23:26:57.0880 4160        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:26:57.0896 4160        discache - ok
23:26:57.0927 4160        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:26:57.0927 4160        Disk - ok
23:26:57.0943 4160        DNE            (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
23:26:57.0958 4160        DNE - ok
23:26:57.0990 4160        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:26:58.0005 4160        drmkaud - ok
23:26:58.0052 4160        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:26:58.0083 4160        DXGKrnl - ok
23:26:58.0130 4160        e1cexpress      (6bafd9819d9fec2edbaebc8493c711a4) C:\Windows\system32\DRIVERS\e1c62x64.sys
23:26:58.0146 4160        e1cexpress - ok
23:26:58.0208 4160        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:26:58.0239 4160        ebdrv - ok
23:26:58.0286 4160        ElbyCDIO        (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
23:26:58.0302 4160        ElbyCDIO - ok
23:26:58.0333 4160        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:26:58.0348 4160        elxstor - ok
23:26:58.0380 4160        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:26:58.0395 4160        ErrDev - ok
23:26:58.0411 4160        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:26:58.0426 4160        exfat - ok
23:26:58.0442 4160        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:26:58.0473 4160        fastfat - ok
23:26:58.0489 4160        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:26:58.0504 4160        fdc - ok
23:26:58.0520 4160        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:26:58.0520 4160        FileInfo - ok
23:26:58.0520 4160        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:26:58.0551 4160        Filetrace - ok
23:26:58.0567 4160        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:26:58.0567 4160        flpydisk - ok
23:26:58.0598 4160        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:26:58.0614 4160        FltMgr - ok
23:26:58.0629 4160        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:26:58.0629 4160        FsDepends - ok
23:26:58.0660 4160        fssfltr        (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
23:26:58.0676 4160        fssfltr - ok
23:26:58.0692 4160        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:26:58.0707 4160        Fs_Rec - ok
23:26:58.0738 4160        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:26:58.0754 4160        fvevol - ok
23:26:58.0770 4160        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:26:58.0770 4160        gagp30kx - ok
23:26:58.0832 4160        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:26:58.0848 4160        GEARAspiWDM - ok
23:26:58.0910 4160        GPU-Z - ok
23:26:58.0941 4160        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:26:58.0972 4160        hcw85cir - ok
23:26:59.0019 4160        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:26:59.0035 4160        HdAudAddService - ok
23:26:59.0066 4160        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:26:59.0082 4160        HDAudBus - ok
23:26:59.0097 4160        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:26:59.0113 4160        HidBatt - ok
23:26:59.0113 4160        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:26:59.0128 4160        HidBth - ok
23:26:59.0144 4160        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:26:59.0160 4160        HidIr - ok
23:26:59.0191 4160        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:26:59.0206 4160        HidUsb - ok
23:26:59.0222 4160        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:26:59.0238 4160        HpSAMD - ok
23:26:59.0269 4160        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:26:59.0316 4160        HTTP - ok
23:26:59.0347 4160        hwdatacard - ok
23:26:59.0362 4160        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:26:59.0378 4160        hwpolicy - ok
23:26:59.0409 4160        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:26:59.0425 4160        i8042prt - ok
23:26:59.0456 4160        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:26:59.0472 4160        iaStorV - ok
23:26:59.0503 4160        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:26:59.0503 4160        iirsp - ok
23:26:59.0581 4160        IntcAzAudAddService (88798b4381fd58fae2da07880c177c5c) C:\Windows\system32\drivers\RTKVHD64.sys
23:26:59.0628 4160        IntcAzAudAddService - ok
23:26:59.0643 4160        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:26:59.0643 4160        intelide - ok
23:26:59.0659 4160        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:26:59.0674 4160        intelppm - ok
23:26:59.0706 4160        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:26:59.0737 4160        IpFilterDriver - ok
23:26:59.0768 4160        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:26:59.0768 4160        IPMIDRV - ok
23:26:59.0784 4160        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:26:59.0815 4160        IPNAT - ok
23:26:59.0846 4160        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:26:59.0877 4160        IRENUM - ok
23:26:59.0877 4160        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:26:59.0893 4160        isapnp - ok
23:26:59.0908 4160        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:26:59.0924 4160        iScsiPrt - ok
23:26:59.0940 4160        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:26:59.0940 4160        kbdclass - ok
23:26:59.0955 4160        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
23:26:59.0971 4160        kbdhid - ok
23:26:59.0986 4160        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
23:26:59.0986 4160        KSecDD - ok
23:27:00.0049 4160        KSecPkg        (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
23:27:00.0064 4160        KSecPkg - ok
23:27:00.0127 4160        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:27:00.0174 4160        ksthunk - ok
23:27:00.0220 4160        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:27:00.0236 4160        lltdio - ok
23:27:00.0252 4160        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:27:00.0252 4160        LSI_FC - ok
23:27:00.0267 4160        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:27:00.0283 4160        LSI_SAS - ok
23:27:00.0283 4160        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:27:00.0298 4160        LSI_SAS2 - ok
23:27:00.0298 4160        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:27:00.0314 4160        LSI_SCSI - ok
23:27:00.0314 4160        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:27:00.0345 4160        luafv - ok
23:27:00.0376 4160        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:27:00.0376 4160        megasas - ok
23:27:00.0408 4160        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:27:00.0408 4160        MegaSR - ok
23:27:00.0439 4160        mfeapfk        (0d121a46e0148a3bc941fa3bb0269329) C:\Windows\system32\drivers\mfeapfk.sys
23:27:00.0454 4160        mfeapfk - ok
23:27:00.0470 4160        mfeavfk        (93f251905c028809ffb49f95a63fcbc9) C:\Windows\system32\drivers\mfeavfk.sys
23:27:00.0501 4160        mfeavfk - ok
23:27:00.0517 4160        mfeavfk01 - ok
23:27:00.0564 4160        mfehidk        (a282a937127ea7b15eb85559e59ae576) C:\Windows\system32\drivers\mfehidk.sys
23:27:00.0579 4160        mfehidk - ok
23:27:00.0595 4160        mferkdet        (04d7e0e2a48730a1c535837f105e6352) C:\Windows\system32\drivers\mferkdet.sys
23:27:00.0610 4160        mferkdet - ok
23:27:00.0626 4160        mfewfpk        (325dd1031cfd71bd4d8afdb1faaf3bea) C:\Windows\system32\drivers\mfewfpk.sys
23:27:00.0642 4160        mfewfpk - ok
23:27:00.0673 4160        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:27:00.0688 4160        Modem - ok
23:27:00.0704 4160        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:27:00.0704 4160        monitor - ok
23:27:00.0735 4160        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:27:00.0735 4160        mouclass - ok
23:27:00.0751 4160        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:27:00.0751 4160        mouhid - ok
23:27:00.0782 4160        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:27:00.0798 4160        mountmgr - ok
23:27:00.0813 4160        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:27:00.0813 4160        mpio - ok
23:27:00.0829 4160        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:27:00.0844 4160        mpsdrv - ok
23:27:00.0876 4160        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:27:00.0876 4160        MRxDAV - ok
23:27:00.0907 4160        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:27:00.0922 4160        mrxsmb - ok
23:27:00.0954 4160        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:27:00.0954 4160        mrxsmb10 - ok
23:27:00.0985 4160        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:27:01.0000 4160        mrxsmb20 - ok
23:27:01.0032 4160        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:27:01.0032 4160        msahci - ok
23:27:01.0047 4160        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:27:01.0063 4160        msdsm - ok
23:27:01.0078 4160        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:27:01.0110 4160        Msfs - ok
23:27:01.0125 4160        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:27:01.0141 4160        mshidkmdf - ok
23:27:01.0156 4160        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:27:01.0156 4160        msisadrv - ok
23:27:01.0188 4160        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:27:01.0203 4160        MSKSSRV - ok
23:27:01.0219 4160        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:27:01.0250 4160        MSPCLOCK - ok
23:27:01.0250 4160        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:27:01.0281 4160        MSPQM - ok
23:27:01.0312 4160        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:27:01.0328 4160        MsRPC - ok
23:27:01.0359 4160        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:27:01.0359 4160        mssmbios - ok
23:27:01.0375 4160        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:27:01.0390 4160        MSTEE - ok
23:27:01.0406 4160        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:27:01.0422 4160        MTConfig - ok
23:27:01.0437 4160        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:27:01.0453 4160        Mup - ok
23:27:01.0484 4160        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:27:01.0500 4160        NativeWifiP - ok
23:27:01.0546 4160        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:27:01.0562 4160        NDIS - ok
23:27:01.0593 4160        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:27:01.0609 4160        NdisCap - ok
23:27:01.0640 4160        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:27:01.0656 4160        NdisTapi - ok
23:27:01.0687 4160        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:27:01.0702 4160        Ndisuio - ok
23:27:01.0718 4160        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:27:01.0734 4160        NdisWan - ok
23:27:01.0780 4160        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:27:01.0796 4160        NDProxy - ok
23:27:01.0796 4160        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:27:01.0827 4160        NetBIOS - ok
23:27:01.0843 4160        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:27:01.0858 4160        NetBT - ok
23:27:01.0890 4160        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:27:01.0905 4160        nfrd960 - ok
23:27:01.0968 4160        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:27:01.0983 4160        Npfs - ok
23:27:01.0983 4160        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:27:02.0014 4160        nsiproxy - ok
23:27:02.0061 4160        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:27:02.0077 4160        Ntfs - ok
23:27:02.0092 4160        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:27:02.0108 4160        Null - ok
23:27:02.0124 4160        nusb3hub        (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\DRIVERS\nusb3hub.sys
23:27:02.0139 4160        nusb3hub - ok
23:27:02.0155 4160        nusb3xhc        (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\DRIVERS\nusb3xhc.sys
23:27:02.0155 4160        nusb3xhc - ok
23:27:02.0186 4160        NVHDA          (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
23:27:02.0202 4160        NVHDA - ok
23:27:02.0389 4160        nvlddmkm        (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:27:02.0498 4160        nvlddmkm - ok
23:27:02.0529 4160        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:27:02.0545 4160        nvraid - ok
23:27:02.0560 4160        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:27:02.0576 4160        nvstor - ok
23:27:02.0623 4160        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:27:02.0638 4160        nv_agp - ok
23:27:02.0670 4160        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:27:02.0685 4160        ohci1394 - ok
23:27:02.0732 4160        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:27:02.0748 4160        Parport - ok
23:27:02.0779 4160        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
23:27:02.0779 4160        partmgr - ok
23:27:02.0794 4160        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:27:02.0810 4160        pci - ok
23:27:02.0826 4160        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:27:02.0826 4160        pciide - ok
23:27:02.0841 4160        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:27:02.0857 4160        pcmcia - ok
23:27:02.0872 4160        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:27:02.0888 4160        pcw - ok
23:27:02.0904 4160        pe3ah4nb        (971c08914ed3a6b1c4612042c0f93680) C:\Windows\system32\drivers\pe3ah4nb.sys
23:27:02.0919 4160        pe3ah4nb - ok
23:27:02.0935 4160        pe3ah4nc        (958754a37c85e18eb53fa2139787113c) C:\Windows\system32\drivers\pe3ah4nc.sys
23:27:02.0950 4160        pe3ah4nc - ok
23:27:02.0966 4160        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:27:02.0997 4160        PEAUTH - ok
23:27:03.0075 4160        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:27:03.0122 4160        PptpMiniport - ok
23:27:03.0153 4160        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:27:03.0184 4160        Processor - ok
23:27:03.0200 4160        ps6ah4nb        (844f3618684228adef124705944b479b) C:\Windows\system32\drivers\ps6ah4nb.sys
23:27:03.0216 4160        ps6ah4nb - ok
23:27:03.0247 4160        ps6ah4nc        (0e998144e0c05affbb6cc66b5999958c) C:\Windows\system32\drivers\ps6ah4nc.sys
23:27:03.0262 4160        ps6ah4nc - ok
23:27:03.0278 4160        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:27:03.0309 4160        Psched - ok
23:27:03.0340 4160        PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
23:27:03.0340 4160        PxHlpa64 - ok
23:27:03.0372 4160        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:27:03.0387 4160        ql2300 - ok
23:27:03.0403 4160        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:27:03.0418 4160        ql40xx - ok
23:27:03.0418 4160        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:27:03.0434 4160        QWAVEdrv - ok
23:27:03.0450 4160        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:27:03.0465 4160        RasAcd - ok
23:27:03.0496 4160        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:27:03.0512 4160        RasAgileVpn - ok
23:27:03.0543 4160        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:27:03.0574 4160        Rasl2tp - ok
23:27:03.0574 4160        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:27:03.0606 4160        RasPppoe - ok
23:27:03.0606 4160        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:27:03.0621 4160        RasSstp - ok
23:27:03.0652 4160        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:27:03.0684 4160        rdbss - ok
23:27:03.0699 4160        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:27:03.0715 4160        rdpbus - ok
23:27:03.0715 4160        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:27:03.0746 4160        RDPCDD - ok
23:27:03.0762 4160        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:27:03.0777 4160        RDPENCDD - ok
23:27:03.0793 4160        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:27:03.0808 4160        RDPREFMP - ok
23:27:03.0840 4160        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
23:27:03.0855 4160        RDPWD - ok
23:27:03.0886 4160        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:27:03.0902 4160        rdyboost - ok
23:27:03.0918 4160        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
23:27:03.0933 4160        RFCOMM - ok
23:27:03.0949 4160        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:27:03.0964 4160        rspndr - ok
23:27:04.0011 4160        RTL8192su      (a332db1dac07e95667a57aaeec236c37) C:\Windows\system32\DRIVERS\RTL8192su.sys
23:27:04.0027 4160        RTL8192su - ok
23:27:04.0105 4160        SANDRA          (5efbbfcc6adac121c8e2fe76641ed329) D:\Program Files\SiSoftware Sandra Profi Business 2011.SP1\WNt500x64\Sandra.sys
23:27:04.0120 4160        SANDRA - ok
23:27:04.0167 4160        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:27:04.0183 4160        sbp2port - ok
23:27:04.0198 4160        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:27:04.0230 4160        scfilter - ok
23:27:04.0245 4160        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:27:04.0261 4160        secdrv - ok
23:27:04.0276 4160        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:27:04.0292 4160        Serenum - ok
23:27:04.0323 4160        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:27:04.0354 4160        Serial - ok
23:27:04.0370 4160        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:27:04.0401 4160        sermouse - ok
23:27:04.0417 4160        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:27:04.0417 4160        sffdisk - ok
23:27:04.0432 4160        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:27:04.0448 4160        sffp_mmc - ok
23:27:04.0464 4160        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:27:04.0464 4160        sffp_sd - ok
23:27:04.0479 4160        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:27:04.0495 4160        sfloppy - ok
23:27:04.0510 4160        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:27:04.0510 4160        SiSRaid2 - ok
23:27:04.0510 4160        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:27:04.0526 4160        SiSRaid4 - ok
23:27:04.0542 4160        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:27:04.0588 4160        Smb - ok
23:27:04.0620 4160        speedfan - ok
23:27:04.0651 4160        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:27:04.0666 4160        spldr - ok
23:27:04.0698 4160        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:27:04.0729 4160        srv - ok
23:27:04.0760 4160        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:27:04.0760 4160        srv2 - ok
23:27:04.0791 4160        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:27:04.0791 4160        srvnet - ok
23:27:04.0838 4160        ssudmdm        (daa02a6e84a4f99b5b9cd3ef8d59d652) C:\Windows\system32\DRIVERS\ssudmdm.sys
23:27:04.0854 4160        ssudmdm - ok
23:27:04.0900 4160        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:27:04.0916 4160        stexstor - ok
23:27:04.0932 4160        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:27:04.0947 4160        swenum - ok
23:27:05.0010 4160        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
23:27:05.0041 4160        Tcpip - ok
23:27:05.0072 4160        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
23:27:05.0088 4160        TCPIP6 - ok
23:27:05.0134 4160        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:27:05.0166 4160        tcpipreg - ok
23:27:05.0275 4160        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:27:05.0306 4160        TDPIPE - ok
23:27:05.0322 4160        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:27:05.0337 4160        TDTCP - ok
23:27:05.0384 4160        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:27:05.0400 4160        tdx - ok
23:27:05.0415 4160        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:27:05.0431 4160        TermDD - ok
23:27:05.0462 4160        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:27:05.0478 4160        tssecsrv - ok
23:27:05.0509 4160        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:27:05.0509 4160        TsUsbFlt - ok
23:27:05.0540 4160        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:27:05.0556 4160        tunnel - ok
23:27:05.0571 4160        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:27:05.0587 4160        uagp35 - ok
23:27:05.0602 4160        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:27:05.0634 4160        udfs - ok
23:27:05.0665 4160        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:27:05.0665 4160        uliagpkx - ok
23:27:05.0696 4160        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:27:05.0712 4160        umbus - ok
23:27:05.0727 4160        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:27:05.0727 4160        UmPass - ok
23:27:05.0758 4160        USBAAPL64      (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
23:27:05.0758 4160        USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
23:27:05.0758 4160        USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
23:27:05.0790 4160        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:27:05.0805 4160        usbccgp - ok
23:27:05.0836 4160        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:27:05.0836 4160        usbcir - ok
23:27:05.0852 4160        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
23:27:05.0868 4160        usbehci - ok
23:27:05.0883 4160        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:27:05.0899 4160        usbhub - ok
23:27:05.0914 4160        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:27:05.0914 4160        usbohci - ok
23:27:05.0930 4160        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:27:05.0946 4160        usbprint - ok
23:27:05.0961 4160        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:27:05.0977 4160        USBSTOR - ok
23:27:05.0992 4160        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:27:05.0992 4160        usbuhci - ok
23:27:06.0024 4160        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:27:06.0039 4160        vdrvroot - ok
23:27:06.0055 4160        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:27:06.0070 4160        vga - ok
23:27:06.0070 4160        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:27:06.0102 4160        VgaSave - ok
23:27:06.0117 4160        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:27:06.0117 4160        vhdmp - ok
23:27:06.0133 4160        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:27:06.0148 4160        viaide - ok
23:27:06.0164 4160        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:27:06.0164 4160        volmgr - ok
23:27:06.0195 4160        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:27:06.0195 4160        volmgrx - ok
23:27:06.0226 4160        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:27:06.0226 4160        volsnap - ok
23:27:06.0258 4160        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:27:06.0273 4160        vsmraid - ok
23:27:06.0273 4160        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:27:06.0289 4160        vwifibus - ok
23:27:06.0320 4160        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:27:06.0336 4160        vwififlt - ok
23:27:06.0351 4160        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:27:06.0367 4160        WacomPen - ok
23:27:06.0398 4160        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:27:06.0445 4160        WANARP - ok
23:27:06.0445 4160        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:27:06.0460 4160        Wanarpv6 - ok
23:27:06.0492 4160        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:27:06.0492 4160        Wd - ok
23:27:06.0523 4160        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:27:06.0538 4160        Wdf01000 - ok
23:27:06.0554 4160        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:27:06.0585 4160        WfpLwf - ok
23:27:06.0601 4160        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:27:06.0616 4160        WIMMount - ok
23:27:06.0648 4160        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:27:06.0663 4160        WinUsb - ok
23:27:06.0710 4160        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:27:06.0726 4160        WmiAcpi - ok
23:27:06.0757 4160        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:27:06.0772 4160        ws2ifsl - ok
23:27:06.0804 4160        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:27:06.0835 4160        WudfPf - ok
23:27:06.0850 4160        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:27:06.0882 4160        WUDFRd - ok
23:27:06.0882 4160        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:27:06.0913 4160        \Device\Harddisk0\DR0 - ok
23:27:06.0913 4160        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
23:27:06.0975 4160        \Device\Harddisk1\DR1 - ok
23:27:06.0975 4160        Boot (0x1200)  (02a042694e3d9bf254e84bf4932fe101) \Device\Harddisk0\DR0\Partition0
23:27:06.0975 4160        \Device\Harddisk0\DR0\Partition0 - ok
23:27:06.0975 4160        Boot (0x1200)  (f7f83b282c652e92cb9551f8b6c39b00) \Device\Harddisk1\DR1\Partition0
23:27:06.0975 4160        \Device\Harddisk1\DR1\Partition0 - ok
23:27:07.0006 4160        Boot (0x1200)  (1bee1348a0081d2f0456fa1a6f6cce5d) \Device\Harddisk1\DR1\Partition1
23:27:07.0006 4160        \Device\Harddisk1\DR1\Partition1 - ok
23:27:07.0022 4160        Boot (0x1200)  (f7aa58dd3e0f86763bc49c7286ccd7e7) \Device\Harddisk1\DR1\Partition2
23:27:07.0022 4160        \Device\Harddisk1\DR1\Partition2 - ok
23:27:07.0038 4160        Boot (0x1200)  (7356f01256021c88d6292493142525f9) \Device\Harddisk1\DR1\Partition3
23:27:07.0038 4160        \Device\Harddisk1\DR1\Partition3 - ok
23:27:07.0038 4160        ============================================================
23:27:07.0038 4160        Scan finished
23:27:07.0038 4160        ============================================================
23:27:07.0053 4780        Detected object count: 1
23:27:07.0053 4780        Actual detected object count: 1
23:27:09.0487 4780        USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
23:27:09.0487 4780        USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
:abklatsch:

cosinus 23.12.2011 16:46
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:40 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131