Trojaner-Board - How to decrypt files.txt, Alle Datein mit <Blockage> gesperrt

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - How to decrypt files.txt, Alle Datein mit <Blockage> gesperrt (https://www.trojaner-board.de/124205-how-to-decrypt-files-txt-alle-datein-blockage-gesperrt.html)

How to decrypt files.txt, Alle Datein mit <Blockage> gesperrt

Hallo, ich habe beim Scannen 3 Bedrohungen gefunden. 2x Trojan.0Access und 1 x Spyware.Zbot. Alles in Quarantäne verschoben und zbotkiller.exe ausgeführt.
Nach den Hochfahren ist mein Bildschirm schwarz. Systemwiederherstellung ist komplett leer, d.h. alle vorherigen Daten wurden gelöscht.

Das schlimmste ist aber, dass alle Datein eine neue Endung <BLOCKAGE> haben und nicht mehr zu öffnen sind. Habe dann angefangen, die Endungen wieder umzubenennen, aber trotzdem gehen die Dateien nicht mehr auf.
Weiterhin ist überall eine txt Datein angelegt mit folgendem Inhalt:

All your personal files (photo, documents, databases) have been encrypted by a very strong cipher.
You can check this by yourself - just look for files in all folders.
There is no possibility to decrypt these files without a special decrypt program.
Nobody can help you - even don't try to find another method or tell anybody.
We can help you to solve this task: send your request on this e-mail: blockage@tormail.org
Attach to message a full serial key shown below in this ('HOW TO DECRYPT FILES.TXT') file on desktop.
And remember: any harmful or bad words to our side will be a reason for ingoring your message and nothing will be done.
Only we can decrypt your files!

====================
2E6FE6E71A25F52357CD4704BDC102EE5C1A97142AED9A658412BF63646ACE0E
399A6B185426A2BE6DAF6FFD26491CAA7C5EEE1513E16DF82E1DE9AB5EF8E02E
76753A689B5335AD63AD1E516D15590F994BB0F329F08079F1BE3201BFEFBAD9
1BAF6688A4B45F8D6524C30C0A177046EE18C5150878C6F5767D45C39ED01283
19535D5E525A5056548F841CAE8F894F252683C8134CE3345A385E799F6B9AA2
============

Die Logdatein von Malewarebyte sind:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.17.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
x :: X-PC [Administrator]

17.09.2012 08:00:51
mbam-log-2012-09-17 (08-00-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 253141
Laufzeit: 13 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 2
HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-18\$dd63098972d6e711d30860774ea5273b\n.) Gut: (fastprox.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-21-1808031840-4243000465-1316133507-1000\$dd63098972d6e711d30860774ea5273b\n.) Gut: (shell32.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\x\AppData\Local\Temp\ndfan1x.exe (Spyware.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Kann mir hier jemand helfen? Ich bin aber nicht fit in Computersprache, bitte verständlich schreiben.

Danke:heulen:

Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Habe Malewarebyte als Vollständigen Suchlauf ausgeführt, ohne Ergebnis.

Code:

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.09.17.07
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

x :: X-PC [Administrator]
 

17.09.2012 16:17:03

mbam-log-2012-09-17 (16-17-03).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 562361

Laufzeit: 2 Stunde(n), 13 Minute(n), 59 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Mit Eset kam folgendes:

Code:

8C:\Users\x\AppData\Local\Temp\jar_cache5618047272336060870.tmp        Variante von Java/Exploit.CVE-2012-0507.DN Trojaner        gelöscht - in Quarantäne kopiert

C:\Users\x\AppData\Local\Temp\jar_cache5651390212515014169.tmp        Java/Exploit.CVE-2012-4681.AB Trojaner        Gesäubert durch Löschen - in Quarantäne kopiert

C:\Users\x\AppData\Local\Temp\jar_cache8723199808348889565.tmp        Variante von Java/Exploit.CVE-2012-0507.DN Trojaner        gelöscht - in Quarantäne kopiert

C:\Users\x\AppData\Local\Temp\~!#C1CA.tmp        Win32/Gpcode.NAI Trojaner        Gesäubert durch Löschen - in Quarantäne kopiert

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\2caabbb4-492b12dc        Win32/TrojanDownloader.Vespula.AY Trojaner        Gesäubert durch Löschen - in Quarantäne kopiert

C:\Windows\Installer\574d281.msi        Variante von Win32/Toolbar.Widgi Anwendung        gelöscht - in Quarantäne kopiert

C:\Users\x\AppData\Local\Temp\jar_cache5618047272336060870.tmp        Variante von Java/Exploit.CVE-2012-0507.DN Trojaner        gelöscht - in Quarantäne kopiert

C:\Users\x\AppData\Local\Temp\jar_cache5651390212515014169.tmp        Java/Exploit.CVE-2012-4681.AB Trojaner        Gesäubert durch Löschen - in Quarantäne kopiert

C:\Users\x\AppData\Local\Temp\jar_cache8723199808348889565.tmp        Variante von Java/Exploit.CVE-2012-0507.DN Trojaner        gelöscht - in Quarantäne kopiert

C:\Users\x\AppData\Local\Temp\~!#C1CA.tmp        Win32/Gpcode.NAI Trojaner        Gesäubert durch Löschen - in Quarantäne kopiert

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\2caabbb4-492b12dc        Win32/TrojanDownloader.Vespula.AY Trojaner        Gesäubert durch Löschen - in Quarantäne kopiert

C:\Windows\Installer\574d281.msi        Variante von Win32/Toolbar.Widgi Anwendung        gelöscht - in Quarantäne kopiert

Gelöscht habe ich nichts. Es geht aber auch kein Firewall und Avira lässt sich auch nicht einschalten.

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Das ist alles, was ich von Malwarebyte habe:

Code:

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.09.17.02
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

x :: X-PC [Administrator]
 

17.09.2012 08:00:51

mbam-log-2012-09-17 (08-00-51).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 253141

Laufzeit: 13 Minute(n), 42 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 2

HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-18\$dd63098972d6e711d30860774ea5273b\n.) Gut: (fastprox.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-21-1808031840-4243000465-1316133507-1000\$dd63098972d6e711d30860774ea5273b\n.) Gut: (shell32.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt.
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 1

C:\Users\x\AppData\Local\Temp\ndfan1x.exe (Spyware.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Code:

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.09.17.02
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

x :: X-PC [Administrator]
 

17.09.2012 08:26:54

mbam-log-2012-09-17 (08-26-54).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 253473

Laufzeit: 12 Minute(n), 24 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.09.17.02
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

x :: X-PC [Administrator]
 

17.09.2012 11:58:00

mbam-log-2012-09-17 (11-58-00).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 270825

Laufzeit: 27 Minute(n), 4 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.09.17.07
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

x :: X-PC [Administrator]
 

17.09.2012 16:17:03

mbam-log-2012-09-17 (16-17-03).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 562361

Laufzeit: 2 Stunde(n), 13 Minute(n), 59 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

2012/09/17 16:16:30 +0200        X-PC        x        MESSAGE        Starting database refresh

2012/09/17 16:16:58 +0200        X-PC        x        MESSAGE        Database refreshed successfully

Das ist alles was ich habe:

Code:

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.09.17.02
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

x :: X-PC [Administrator]
 

17.09.2012 08:00:51

mbam-log-2012-09-17 (08-00-51).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 253141

Laufzeit: 13 Minute(n), 42 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 2

HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-18\$dd63098972d6e711d30860774ea5273b\n.) Gut: (fastprox.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-21-1808031840-4243000465-1316133507-1000\$dd63098972d6e711d30860774ea5273b\n.) Gut: (shell32.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt.
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 1

C:\Users\x\AppData\Local\Temp\ndfan1x.exe (Spyware.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Code:

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.09.17.02
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

x :: X-PC [Administrator]
 

17.09.2012 08:26:54

mbam-log-2012-09-17 (08-26-54).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 253473

Laufzeit: 12 Minute(n), 24 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.09.17.02
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

x :: X-PC [Administrator]
 

17.09.2012 11:58:00

mbam-log-2012-09-17 (11-58-00).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 270825

Laufzeit: 27 Minute(n), 4 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.09.17.07
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

x :: X-PC [Administrator]
 

17.09.2012 16:17:03

mbam-log-2012-09-17 (16-17-03).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 562361

Laufzeit: 2 Stunde(n), 13 Minute(n), 59 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

2012/09/17 16:16:30 +0200        X-PC        x        MESSAGE        Starting database refresh

2012/09/17 16:16:58 +0200        X-PC        x        MESSAGE        Database refreshed successfully

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Hab ich gemacht.

Code:

# AdwCleaner v2.002 - Datei am 09/19/2012 um 12:38:21 erstellt

# Aktualisiert am 16/09/2012 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)

# Benutzer : x - X-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\x\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NCKRY7HT\adwcleaner.exe

# Option [Suche]
 
 

**** [Dienste] ****
 

Gefunden : Application Updater
 

***** [Dateien / Ordner] *****
 

Ordner Gefunden : C:\Program Files\Ask.com

Ordner Gefunden : C:\Program Files\Iminent

Ordner Gefunden : C:\ProgramData\Iminent

Ordner Gefunden : C:\ProgramData\Partner

Ordner Gefunden : C:\Users\x\AppData\Local\AskToolbar

Ordner Gefunden : C:\Users\x\AppData\Local\Temp\AskSearch

Ordner Gefunden : C:\Users\x\AppData\Local\Temp\Iminent

Ordner Gefunden : C:\Users\x\AppData\Local\Wajam

Ordner Gefunden : C:\Users\x\AppData\LocalLow\AskToolbar

Ordner Gefunden : C:\Users\x\AppData\LocalLow\Conduit

Ordner Gefunden : C:\Users\x\AppData\LocalLow\pdfforge

Ordner Gefunden : C:\Users\x\AppData\LocalLow\Search Settings

Ordner Gefunden : C:\Users\x\AppData\LocalLow\Toolbar4

Ordner Gefunden : C:\Users\x\AppData\Roaming\Iminent

Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gefunden : HKCU\Software\AppDataLow\AskToolbarInfo

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\pdfforge

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Search Settings

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Toolbar

Schlüssel Gefunden : HKCU\Software\Ask.com

Schlüssel Gefunden : HKCU\Software\AskToolbar

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gefunden : HKCU\Software\pdfforge

Schlüssel Gefunden : HKCU\Software\Search Settings

Schlüssel Gefunden : HKCU\Software\Softonic

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2325506

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Schlüssel Gefunden : HKLM\Software\pdfforge

Schlüssel Gefunden : HKLM\Software\Search Settings

Schlüssel Gefunden : HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]

Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]

Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Die Registrierungsdatenbank ist sauber.
 

*************************
 

AdwCleaner[R3].txt - [5519 octets] - [19/09/2012 12:38:21]
 

########## EOF - C:\AdwCleaner[R3].txt - [5579 octets] ##########

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Das ist der Text nach der Aktion löschen.

Code:

# AdwCleaner v2.002 - Datei am 09/20/2012 um 09:03:32 erstellt

# Aktualisiert am 16/09/2012 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)

# Benutzer : x - X-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\x\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00GKMCBN\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 

Gestoppt & Gelöscht : Application Updater
 

***** [Dateien / Ordner] *****
 

Ordner Gelöscht : C:\Program Files\Ask.com

Ordner Gelöscht : C:\Program Files\Iminent

Ordner Gelöscht : C:\ProgramData\Iminent

Ordner Gelöscht : C:\ProgramData\Partner

Ordner Gelöscht : C:\Users\x\AppData\Local\AskToolbar

Ordner Gelöscht : C:\Users\x\AppData\Local\Temp\AskSearch

Ordner Gelöscht : C:\Users\x\AppData\Local\Temp\Iminent

Ordner Gelöscht : C:\Users\x\AppData\Local\Wajam

Ordner Gelöscht : C:\Users\x\AppData\LocalLow\AskToolbar

Ordner Gelöscht : C:\Users\x\AppData\LocalLow\Conduit

Ordner Gelöscht : C:\Users\x\AppData\LocalLow\pdfforge

Ordner Gelöscht : C:\Users\x\AppData\LocalLow\Search Settings

Ordner Gelöscht : C:\Users\x\AppData\LocalLow\Toolbar4

Ordner Gelöscht : C:\Users\x\AppData\Roaming\Iminent

Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKCU\Software\AppDataLow\AskToolbarInfo

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Toolbar

Schlüssel Gelöscht : HKCU\Software\Ask.com

Schlüssel Gelöscht : HKCU\Software\AskToolbar

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gelöscht : HKCU\Software\pdfforge

Schlüssel Gelöscht : HKCU\Software\Search Settings

Schlüssel Gelöscht : HKCU\Software\Softonic

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2325506

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Schlüssel Gelöscht : HKLM\Software\pdfforge

Schlüssel Gelöscht : HKLM\Software\Search Settings

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
 

*************************
 

AdwCleaner[S1].txt - [5490 octets] - [20/09/2012 09:03:32]
 

########## EOF - C:\AdwCleaner[S1].txt - [5550 octets] ##########

Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Ich kann Windows ganz normal starten, aber der Bildschirm ist schwarz, das Hintergrundbild erscheint nicht, obwohl es angeklickt ist. Auf dem Bildschirm sind auch die Symbole, die vorher waren. Alle Ordner sind da und voll, zumindest, was ich gesehen habe, aber sie und die Programme lassen sich nicht starten, da der Zugriff verweigert wird.

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Der OTL Text ist:

OTL Logfile:

Code:

OTL logfile created on: 21.09.2012 08:40:45 - Run 1

OTL by OldTimer - Version 3.2.65.0     Folder = C:\Users\x\Downloads

 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,84 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 59,91% Memory free

5,68 Gb Paging File | 4,38 Gb Available in Paging File | 77,17% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 125,00 Gb Total Space | 52,17 Gb Free Space | 41,73% Space Free | Partition Type: NTFS

Drive D: | 171,08 Gb Total Space | 82,80 Gb Free Space | 48,40% Space Free | Partition Type: NTFS

 

Computer Name: X-PC | User Name: x | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.09.21 08:37:57 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\x\Downloads\OTL.exe

PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012.01.11 22:12:36 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11c_ActiveX.exe

PRC - [2011.12.31 13:04:26 | 005,598,840 | ---- | M] (SlySoft, Inc.) -- D:\AnyDVD\AnyDVDtray.exe

PRC - [2011.08.05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) -- D:\Eigene Dateien\Eigene Videos\ZuneNss.exe

PRC - [2011.08.05 12:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- D:\Eigene Dateien\Eigene Videos\ZuneLauncher.exe

PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010.08.27 09:12:40 | 003,499,728 | ---- | M] (RSA, The Security Division of EMC.) -- C:\Program Files\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe

PRC - [2009.09.11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

PRC - [2009.04.03 16:34:20 | 000,733,184 | ---- | M] (Fujitsu Technology Solutions) -- C:\Program Files\Fujitsu OSD Utility\OSDUtility.exe

PRC - [2009.02.19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) -- C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

PRC - [2008.08.07 15:54:22 | 001,777,664 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaUI.exe

PRC - [2008.06.19 11:42:12 | 000,857,544 | ---- | M] () -- C:\Program Files\T-Mobile\web'n'walk Manager\WTGU.exe

PRC - [2008.05.13 16:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.06.14 03:31:05 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012.06.14 03:30:54 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012.05.11 11:31:02 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll

MOD - [2012.05.11 11:25:20 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012.05.11 11:25:10 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll

MOD - [2008.06.19 14:15:12 | 000,741,376 | ---- | M] () -- C:\Program Files\T-Mobile\web'n'walk Manager\UpgraderGer.dll

MOD - [2008.06.19 11:42:12 | 000,857,544 | ---- | M] () -- C:\Program Files\T-Mobile\web'n'walk Manager\WTGU.exe

 

 
 ========== Services (SafeList) ==========

 

SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012.05.11 10:37:36 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.05.11 10:37:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.11.25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)

SRV - [2011.08.05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Eigene Dateien\Eigene Videos\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)

SRV - [2011.08.05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Eigene Dateien\Eigene Videos\WMZuneComm.exe -- (WMZuneComm)

SRV - [2011.08.05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Eigene Dateien\Eigene Videos\ZuneNss.exe -- (ZuneNetworkSvc)

SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)

SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)

SRV - [2010.11.20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)

SRV - [2009.09.11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)

SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.02.19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) [Auto | Running] -- C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)

SRV - [2008.05.13 16:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)

DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012.05.11 10:37:36 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2012.05.11 10:37:36 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.12.20 19:46:48 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)

DRV - [2011.12.04 23:23:51 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)

DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)

DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.12.12 11:34:16 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)

DRV - [2009.07.14 00:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)

DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2009.06.29 17:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)

DRV - [2009.06.29 17:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)

DRV - [2009.06.24 10:59:10 | 000,167,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - [2009.04.09 13:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2008.10.09 13:50:08 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)

DRV - [2008.10.09 13:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)

DRV - [2008.05.02 10:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2008.05.02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2008.05.02 10:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2008.05.02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://go.gmx.de/tab2 [binary data]

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{2E1A1411-7261-453e-BA82-49962BFBFE85}: "URL" = hxxp://go.gmx.net/suchbox/gmxsuche?su={searchTerms}

IE - HKLM\..\SearchScopes\{3426CE37-9ED7-42A1-BCBE-44941EE1DDCF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSA

IE - HKLM\..\SearchScopes\{67E06097-184C-419d-A3C5-68221AD6F675}: "URL" = hxxp://go.gmx.net/suchbox/smartshopping?searchText={searchTerms}

IE - HKLM\..\SearchScopes\{99F41591-ACC6-444c-84C6-8260E3A9DF2C}: "URL" = hxxp://go.gmx.net/suchbox/ebay?query={searchTerms}

IE - HKLM\..\SearchScopes\{A971AD5D-C547-424b-81EA-4E776CFBC1FD}: "URL" = hxxp://go.gmx.net/suchbox/amazon?keywords={searchTerms}

IE - HKLM\..\SearchScopes\{ABD852A8-D67E-48B0-9BBB-8AB1F4129692}: "URL" = hxxp://go.gmx.net/suchbox/google?q={searchTerms}

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

IE - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSA&amp;bmod=EU01

IE - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.ts.fujitsu.com/index2 [binary data]

IE - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - No CLSID value found

IE - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\..\SearchScopes,DefaultScope = {ABD852A8-D67E-48B0-9BBB-8AB1F4129692}

IE - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\..\SearchScopes\{3426CE37-9ED7-42A1-BCBE-44941EE1DDCF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSA

IE - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\..\SearchScopes\{9A25A84A-E97D-45E2-9298-7972C2C32C7D}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}

IE - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\..\SearchScopes\{A91D401C-51F5-4618-8790-AB62A22CE2D2}: "URL" = hxxp://go.gmx.net/br/ie8_search_amazon/?keywords={searchTerms}

IE - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\..\SearchScopes\{C1C54F2F-6AAF-4D85-9832-02F720596927}: "URL" = hxxp://go.gmx.net/br/ie8_search_ebay/?q={searchTerms}

IE - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\..\SearchScopes\{C2C2F31B-AE60-4842-8117-AC0706AD63D2}: "URL" = hxxp://go.gmx.net/br/ie8_search_web/?su={searchTerms}

IE - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

 

 
 ========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2012.09.17 10:08:09 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)

O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O3 - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O3 - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\..\Toolbar\WebBrowser: (no name) - {26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - No CLSID value found.

O3 - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)

O4 - HKLM..\Run: [Fujitsu OSD Utility] C:\Program Files\Fujitsu OSD Utility\OSDUtility.exe (Fujitsu Technology Solutions)

O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [RSA Card Conversion Utility] C:\Program Files\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe (RSA, The Security Division of EMC.)

O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Zune Launcher] D:\Eigene Dateien\Eigene Videos\ZuneLauncher.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000..\Run: [AnyDVD] D:\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)

O4 - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000..\Run: [NBJ] D:\Nero\Nero BackItUp\NBJ.exe (Ahead Software AG)

O4 - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000..\Run: [Updater shortcut] C:\Program Files\T-Mobile\web'n'walk Manager\WTGU.exe ()

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)

O4 - Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\..Trusted Domains: volkswohl-bund.de ([vbnet] https in Vertrauenswürdige Sites)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BB27A3F-2DB9-4ED9-8EFF-B7B7AC9A1DF0}: DhcpNameServer = 192.168.1.1 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECCBF372-F86C-4101-9F94-B5684E3D3F3B}: DhcpNameServer = 192.168.1.1 192.168.1.1

O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{1bb65f5b-0018-11df-b635-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{1bb65f5b-0018-11df-b635-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{1bb65f5f-0018-11df-b635-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{1bb65f5f-0018-11df-b635-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{2e870331-2cf2-11df-a7fc-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{2e870331-2cf2-11df-a7fc-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{2e87033e-2cf2-11df-a7fc-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{2e87033e-2cf2-11df-a7fc-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{2fa24334-ab62-11df-82d1-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{2fa24334-ab62-11df-82d1-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{55044c05-d69b-11df-b8aa-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{55044c05-d69b-11df-b8aa-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{55044c09-d69b-11df-b8aa-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{55044c09-d69b-11df-b8aa-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{588404a5-4261-11df-ae83-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{588404a5-4261-11df-ae83-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{588404a8-4261-11df-ae83-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{588404a8-4261-11df-ae83-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{588404ab-4261-11df-ae83-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{588404ab-4261-11df-ae83-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{58840500-4261-11df-ae83-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{58840500-4261-11df-ae83-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{5a811d72-e6ac-11e1-9308-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{5a811d72-e6ac-11e1-9308-00269e079aa5}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{5a811d98-e6ac-11e1-9308-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{5a811d98-e6ac-11e1-9308-00269e079aa5}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{67c45950-e067-11e1-9153-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{67c45950-e067-11e1-9153-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{6d2b7516-aa22-11e1-b51b-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{6d2b7516-aa22-11e1-b51b-00269e079aa5}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{741cd19f-d475-11df-8366-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{741cd19f-d475-11df-8366-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{741cd1a4-d475-11df-8366-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{741cd1a4-d475-11df-8366-00269e079aa5}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{767a8613-82c5-11e0-8a29-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{767a8613-82c5-11e0-8a29-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{767a8617-82c5-11e0-8a29-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{767a8617-82c5-11e0-8a29-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{9c004514-4173-11df-af9c-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{9c004514-4173-11df-af9c-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{9c004518-4173-11df-af9c-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{9c004518-4173-11df-af9c-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{9c00459e-4173-11df-af9c-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{9c00459e-4173-11df-af9c-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{b8ad00f3-e6aa-11e1-9482-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{b8ad00f3-e6aa-11e1-9482-00269e079aa5}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{c12d8255-d690-11df-b963-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{c12d8255-d690-11df-b963-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{c87852eb-d426-11e1-914b-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{c87852eb-d426-11e1-914b-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{c87852f2-d426-11e1-914b-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{c87852f2-d426-11e1-914b-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{d1d0271e-4262-11df-af0a-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{d1d0271e-4262-11df-af0a-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: Sharedaccess -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: BFE - Service

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: MPSSvc - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: SharedAccess -  File not found

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.09.21 08:34:25 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{2263C029-0D34-483F-875B-B6ACE7A9600A}

[2012.09.20 09:11:55 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{CB0580B0-A484-4614-AB22-493195C48A22}

[2012.09.19 15:14:23 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{AFF2FFE9-FB6A-44F1-B4CE-5D265BBA845E}

[2012.09.18 12:49:20 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Roaming\Digital Support

[2012.09.18 12:44:18 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Roaming\Systweak

[2012.09.18 12:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\RegClean Pro

[2012.09.18 12:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\SmartPCFixer

[2012.09.18 10:28:46 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{FD62B4CB-E658-436D-9885-5A3ED16150CD}

[2012.09.17 12:27:18 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Roaming\www.shadowexplorer.com

[2012.09.17 08:39:50 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{28CC8A44-062E-46A5-900A-D47811CF3712}

[2012.09.17 08:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.09.17 08:00:04 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.09.17 08:00:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.09.13 10:50:37 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{381D5F22-A9C5-4407-AEFF-C16C33418B8C}

[2012.09.12 21:47:52 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{4A61D208-2E5A-4295-A616-4E163DC369D6}

[2012.09.12 09:37:48 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{99165909-5EC4-4E05-9F0F-C66B7B4D6D8A}

[2012.09.10 21:39:27 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{CA299058-7193-41E3-86EA-283251E55CA3}

[2012.09.10 11:16:46 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{27B4C7D3-7BAB-4E55-AD7B-2E64A304C66F}

[2012.09.10 10:30:58 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{4DE81DB1-CB27-4F61-A0B4-3B59DD285A21}

[2012.09.07 08:39:59 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{06FD58B5-DF02-494F-9281-4D76679CBB84}

[2012.09.06 08:34:50 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{23F86FE7-B0C8-44F0-97E9-77D9ED348E5E}

[2012.09.05 08:04:57 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{62CCF31B-2501-4F4D-B982-1B4CA2E49B07}

[2012.09.04 09:54:10 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{DA38BC9F-9F3C-433A-A785-CC22F2D6B690}

[2012.09.03 08:34:10 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{FD19B6EB-0640-4A98-8908-E35C07CD102D}

[2012.09.02 09:48:50 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{B12439AB-A8E5-4A5D-9D1F-6C3C0A674464}

[2012.08.31 11:22:41 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{27E52979-8B9F-4321-951F-A6EEB12774CF}

[2012.08.30 09:52:29 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{10539BA6-82D9-4BC5-A0C2-E9C724E1F7D7}

[2012.08.29 09:20:43 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{0B575796-1B9B-4B45-8EFF-147B8FB8DEA0}

[2012.08.28 09:16:54 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{0D79F01F-2D16-4C12-B8D7-D041BEC4298C}

[2012.08.28 09:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012.08.27 13:34:01 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{04837D2A-24BC-4E1A-A879-B76060192726}

[2012.08.27 08:56:14 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{B50D4DBC-1949-4091-9E62-72153F775DF8}

[2012.08.25 14:31:49 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{22C49A0A-AA0E-4EBD-AD8A-4FF1421B8412}

[2012.08.24 10:45:45 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{50315E65-D299-4752-93DE-DAA3DADF6D77}

[2012.08.24 09:08:27 | 000,000,000 | ---D | C] -- C:\Users\x\AppData\Local\{6BAB6420-369F-4A52-B8BE-4A17101E911E}

[2010.01.12 09:38:37 | 001,167,184 | ---- | C] (Microsoft Corporation) -- C:\Users\x\wlsetup-web.exe

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.09.21 08:42:08 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.09.21 08:33:53 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.09.21 08:33:46 | 000,067,584 | --S- | M] () -- C:\Windows\BootStat.dat

[2012.09.20 14:32:05 | 000,005,984 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.09.20 14:32:05 | 000,005,984 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.09.20 14:24:30 | 2287,415,296 | -HS- | M] () -- C:\hiberfil.sys

[2012.09.20 14:05:00 | 000,753,088 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.09.20 14:05:00 | 000,698,392 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.09.20 14:05:00 | 000,166,170 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.09.20 14:05:00 | 000,135,698 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.09.19 10:08:47 | 000,001,644 | ---- | M] () -- C:\Windows\System32\ASOROSet.bin

[2012.09.17 13:57:21 | 000,000,476 | ---- | M] () -- C:\Windows\BRWMARK.INI

[2012.09.17 12:53:05 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml

[2012.09.17 12:53:05 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml

[2012.09.17 12:10:27 | 000,000,202 | ---- | M] () -- C:\Windows\NeroDigital.ini

[2012.09.17 08:22:48 | 000,101,329 | ---- | M] () -- C:\zbotkiller.zip

[2012.09.14 13:36:44 | 000,000,055 | ---- | M] () -- C:\Windows\System32\ntfs_system.bat

[2012.09.12 12:44:13 | 000,016,925 | ---- | M] () -- C:\Windows\VFRAME32.INI

[2012.09.12 12:05:28 | 000,000,490 | ---- | M] () -- C:\Windows\VFORTSCH.INI

[2012.09.12 12:05:14 | 000,000,884 | ---- | M] () -- C:\Windows\VPMS.INI

[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.09.18 12:51:46 | 000,001,644 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin

[2012.09.17 12:52:26 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml

[2012.09.17 12:52:26 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml

[2012.09.17 08:22:44 | 000,101,329 | ---- | C] () -- C:\zbotkiller.zip

[2012.09.14 13:36:44 | 000,000,055 | ---- | C] () -- C:\Windows\System32\ntfs_system.bat

[2012.06.26 20:19:49 | 000,067,584 | --S- | C] () -- C:\Windows\BootStat.dat

[2012.06.26 12:46:30 | 000,000,029 | ---- | C] () -- C:\Users\x\AppData\Roaming\mbam.context.scan

[2012.04.17 13:42:25 | 000,001,153 | ---- | C] () -- C:\Windows\CAF.INI

[2012.02.28 16:55:51 | 000,000,490 | ---- | C] () -- C:\Windows\VFORTSCH.INI

[2012.01.13 09:52:18 | 000,007,602 | ---- | C] () -- C:\Users\x\AppData\Local\Resmon.ResmonCfg

[2011.10.12 20:56:37 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat

[2011.10.12 20:52:49 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini

[2011.09.07 10:55:36 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

[2011.03.08 17:51:04 | 000,000,066 | ---- | C] () -- C:\Windows\Advent.ini

[2011.03.08 11:51:55 | 000,000,071 | ---- | C] () -- C:\Windows\iltwain.ini

[2010.10.26 15:21:39 | 000,000,089 | ---- | C] () -- C:\Windows\System32\MSBII.dll

[2010.10.26 15:16:26 | 000,032,768 | ---- | C] () -- C:\Windows\System32\WKAuxil.dll

[2010.10.26 15:16:25 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll

[2010.10.26 15:16:25 | 000,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll

[2010.10.26 15:16:19 | 003,782,416 | ---- | C] () -- C:\Windows\System32\mso97.dll

[2010.10.26 15:15:10 | 000,080,384 | ---- | C] () -- C:\Windows\System32\ccmove32.dll

[2010.10.26 15:15:10 | 000,080,384 | ---- | C] () -- C:\Windows\System32\Cc32.dll

[2010.07.30 13:21:06 | 000,005,120 | ---- | C] () -- C:\Users\x\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.03.10 13:10:01 | 000,000,088 | ---- | C] () -- C:\Users\x\axa-bt.ini

[2009.12.29 23:43:56 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib

[2009.08.05 10:40:05 | 000,000,027 | ---- | C] () -- C:\Users\x\version.ini

[2009.07.21 11:55:41 | 000,000,430 | ---- | C] () -- C:\Users\x\desktopstate

[2009.06.16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

[2009.05.01 14:42:16 | 000,001,577 | ---- | C] () -- C:\Users\x\.recently-used.xbel

 
 ========== ZeroAccess Check ==========

 

[2010.09.01 19:57:50 | 000,003,068 | ---- | M] () -- C:\Windows\Temp\._msigeplugin52\program files\Google\Google Earth\plugin\res\paddle\l.png

[2010.09.01 19:57:50 | 000,003,210 | ---- | M] () -- C:\Windows\Temp\._msigeplugin52\program files\Google\Google Earth\plugin\res\paddle\n.png

[2010.09.01 19:57:51 | 000,003,206 | ---- | M] () -- C:\Windows\Temp\._msigeplugin52\program files\Google\Google Earth\plugin\res\paddle\u.png

[2012.01.23 10:10:16 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\LocalLow\Microsoft\Silverlight\is\xr4lgypn.pwb\4hnsmec1.4gi\1\l

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 
 ========== LOP Check ==========

 

[2012.03.06 11:17:13 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Amazon

[2011.11.24 16:15:01 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\ASCON Installer

[2012.09.17 10:10:29 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Audacity

[2010.01.13 11:02:47 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Bytemobile

[2012.09.18 12:49:20 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Digital Support

[2010.10.22 14:40:17 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Downloaded Installations

[2011.10.15 20:57:00 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\DVDVideoSoft

[2012.09.17 10:10:29 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.03.13 13:26:02 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\elsterformular

[2012.09.17 10:10:29 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\GetRightToGo

[2011.07.05 14:22:08 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\HanseMerkurISAMA

[2012.09.21 08:33:47 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\HCM Updater

[2011.08.11 21:18:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\MAGIX

[2010.10.22 15:42:38 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Nitro PDF

[2012.09.17 10:10:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\PC-FAX TX

[2010.02.24 11:54:08 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\ScanSoft

[2012.09.17 10:10:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Smart PDF Converter Pro

[2012.09.17 10:10:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\SQL Anywhere 11

[2012.09.17 10:10:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Subversion

[2012.09.19 11:05:00 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Systweak

[2010.03.17 15:07:01 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\TeamViewer

[2011.09.15 08:48:10 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\VHV

[2012.08.15 09:35:56 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Vodafone

[2010.01.04 12:21:47 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Volkswohl Bund

[2011.09.14 10:38:50 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Windows Live Writer

[2012.09.17 12:27:18 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\www.shadowexplorer.com

[2012.09.17 10:10:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\XMedia Recode

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.07.06 13:28:18 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Adobe

[2012.09.17 10:10:29 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Ahead

[2012.03.06 11:17:13 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Amazon

[2011.12.20 09:56:31 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Apple Computer

[2011.11.24 16:15:01 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\ASCON Installer

[2012.09.17 10:10:29 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Audacity

[2011.10.25 10:12:01 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Avira

[2010.02.04 23:17:06 | 000,000,000 | R--D | M] -- C:\Users\x\AppData\Roaming\Brother

[2010.01.13 11:02:47 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Bytemobile

[2009.12.09 21:18:53 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\CyberLink

[2012.09.18 12:49:20 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Digital Support

[2010.10.22 14:40:17 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Downloaded Installations

[2011.10.15 20:57:00 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\DVDVideoSoft

[2012.09.17 10:10:29 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.03.13 13:26:02 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\elsterformular

[2012.08.16 10:49:43 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\FLEXnet

[2012.09.17 10:10:29 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\GetRightToGo

[2009.12.09 21:25:26 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Google

[2011.07.05 14:22:08 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\HanseMerkurISAMA

[2012.09.21 08:33:47 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\HCM Updater

[2009.12.03 15:01:05 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Identities

[2010.01.09 15:12:43 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\InstallShield

[2009.12.14 14:02:15 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Macromedia

[2011.08.11 21:18:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\MAGIX

[2011.10.12 21:35:18 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Malwarebytes

[2009.07.14 09:48:18 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Media Center Programs

[2012.05.12 14:21:41 | 000,000,000 | --SD | M] -- C:\Users\x\AppData\Roaming\Microsoft

[2009.12.30 16:22:49 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Microsoft Web Folders

[2010.04.20 13:43:02 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Mozilla

[2012.09.17 10:10:29 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Nero

[2010.10.22 15:42:38 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Nitro PDF

[2012.09.17 10:10:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\PC-FAX TX

[2010.02.24 11:54:08 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\ScanSoft

[2012.09.17 10:10:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Smart PDF Converter Pro

[2012.09.17 10:10:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\SQL Anywhere 11

[2012.09.17 10:10:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Subversion

[2012.09.19 11:05:00 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Systweak

[2010.03.17 15:07:01 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\TeamViewer

[2011.09.15 08:48:10 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\VHV

[2012.08.15 09:35:56 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Vodafone

[2010.01.04 12:21:47 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Volkswohl Bund

[2011.09.14 10:38:50 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Windows Live Writer

[2012.09.17 10:10:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\WinRAR

[2012.09.17 12:27:18 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\www.shadowexplorer.com

[2012.09.17 10:10:30 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\XMedia Recode

 
 < %APPDATA%\*.exe /s >

[2012.05.31 09:45:48 | 005,762,152 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\x\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_10_8479_8623.exe

[2012.03.27 11:33:07 | 004,180,528 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\x\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_11_8479_8531.exe

[2012.04.23 09:12:32 | 005,933,016 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\x\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_11_8531_8623.exe

[2012.05.31 09:46:00 | 004,309,624 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\x\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_10_8479_8623.exe

[2012.04.23 09:14:19 | 004,591,856 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\x\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_11_8479_8623.exe

[2012.04.23 09:18:00 | 004,506,672 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\x\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gstz_11_8479_8623.exe

[2012.05.31 09:46:12 | 004,278,384 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\x\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_10_8479_8623.exe

[2012.04.23 09:16:13 | 004,504,904 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\x\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_11_8479_8623.exe

[2012.04.23 09:19:38 | 004,282,328 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\x\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_11_8479_8623.exe

[2012.04.23 09:09:46 | 005,576,392 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\x\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_8479_8623.exe

[2012.04.23 09:22:46 | 004,272,848 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\x\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_11_8479_8623.exe

[2012.04.23 09:24:36 | 004,288,088 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\x\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_12_8479_8623.exe

[2012.04.23 09:21:15 | 004,290,016 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\x\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_11_8479_8623.exe

[2011.07.05 14:02:55 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\x\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2010.02.12 17:48:00 | 000,010,134 | R--- | M] () -- C:\Users\x\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

 
 < %SYSTEMDRIVE%\*.exe >

[2012.06.26 11:57:07 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\malwarebytes_antimalware_1.61.exe

[1 C:\*.tmp files -> C:\*.tmp -> ]

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2005.10.12 13:07:12 | 000,874,240 | R--- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\$WIN_NT$.~BT\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys

[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys

[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys

[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys

[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVATABUS.SYS  >

[2005.08.18 17:52:06 | 000,093,568 | R--- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\$WIN_NT$.~BT\nvatabus.sys

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys

[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys

[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys

[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys

[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys

[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll

[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: VIAMRAID.SYS  >

[2005.04.08 11:43:26 | 000,060,928 | R--- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\$WIN_NT$.~BT\viamraid.sys

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

 
 <           >

[2009.07.14 06:53:46 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

[2011.11.24 11:09:37 | 000,001,084 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

[2011.11.24 11:09:38 | 000,001,088 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 

< End of report >

--- --- ---

Ich wollte gerade das Textfenster schließen, da habe ich gesehen, dass es zwei Texte gibt. Ich weiss nicht ob es der selbe ist. Deshalb hier noch der andere.

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 21.09.2012 08:40:45 - Run 1

OTL by OldTimer - Version 3.2.65.0     Folder = C:\Users\x\Downloads

 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,84 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 59,91% Memory free

5,68 Gb Paging File | 4,38 Gb Available in Paging File | 77,17% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 125,00 Gb Total Space | 52,17 Gb Free Space | 41,73% Space Free | Partition Type: NTFS

Drive D: | 171,08 Gb Total Space | 82,80 Gb Free Space | 48,40% Space Free | Partition Type: NTFS

 

Computer Name: X-PC | User Name: x | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [CEWE FOTOSCHAU] -- "D:\Foto\Kaufland Foto\CEWE FOTOSCHAU.exe" -d "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Kaufland Foto] -- "D:\Foto\Kaufland Foto\Kaufland Foto.exe" "%1" ()

Directory [Mein CEWE FOTOBUCH] -- "D:\Foto\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()

Directory [OnlineFotoservice] -- "D:\Foto\Amazon Foto\OnlineFotoservice\OnlineFotoservice.exe" "%1"

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 ========== Firewall Settings ==========

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU

"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11

"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0AF3640F-1224-4BCD-B891-D9CD1ACAB6A6}" = RV-SysInfo

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11

"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2436A979-497D-47C4-B448-D0625035F77E}" = Nero Video 11

"{24C4AC5A-67A4-4E1D-B30C-8C7A01712607}" = RSA SecurID Software Token

"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27

"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in

"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)

"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer

"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic

"{2E5E31A8-5469-4D96-962D-C294D2F7DA45}" = Der Broker Pool V3

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)

"{37918F52-75C8-47F8-AEFB-389B8E62B5DA}" = pdfforge Toolbar v5.9

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3FC6EA88-7A1F-4401-9B25-84F547158B8E}" = RUVIS-PC

"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-5490CN

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)

"{53CFF9B1-4ED7-4114-8ECF-ADD13BC8AC57}" = VHV RECOMAX

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)

"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic

"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)

"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)

"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)

"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser

"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync

"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)

"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite

"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security

"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)

"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007

"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback

"{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}" = Brother MFL-Pro Suite MFC-8860DN

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1

"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples

"{A48A1D1C-307A-46F9-983E-9762863D15F1}" = GMX Toolbar MSVC100 CRT x86

"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2

"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)

"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC2E0432-9092-42F8-B4C2-E95DF8ADE82C}" = VHV-Tarifprogramm

"{AC2F9FCC-170E-4B0B-84AB-7307A373570F}" = RSA Smart Card Middleware 3.5

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts

"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1

"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)

"{B8381511-3832-4449-B33A-763931D2590B}" = BB-Euro-Tarifrechner

"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)

"{BA367FE1-A386-4E71-A33A-D41DB310546E}" = NÜRNBERGER Beratungstechnologie Version 08.2009 Einzelplatz

"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite MFC-425CN

"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver

"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)

"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media

"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11

"{C20B2271-69D4-11D4-A951-08005AD260A8}" = VOLKSWOHL BUND - Angebotsprogramm Komfort

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)

"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant

"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)

"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)

"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)

"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic

"{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = Fujitsu OSD Utility

"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink RT7x Wireless LAN Card

"{EF59DB7F-7426-426E-B862-7031F83ED304}" = SystemDiagnostics

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component

"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples

"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = GMX Internet Explorer Addon

"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung

"1&1 Mail & Media GmbH Toolbar IE8" = GMX Toolbar für Internet Explorer

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9

"AnyDVD" = AnyDVD

"Audacity 1.3 Beta_is1" = Audacity 1.3.13

"Avira AntiVir Desktop" = Avira Free Antivirus

"CloneDVD2" = CloneDVD2

"DaVinci für Windows 9x / ME / NT / 2000" = DaVinci für Windows

"E38B2136962D21A7BDE5AAC98CD1C6EA6B6D0687" = Windows-Treiberpaket - Microsoft (USBCCID) SmartCardReader  (05/17/2005 5.2.3790.2444)

"ElsterFormular 11.2.0.4074" = ElsterFormular

"ElsterFormular 11.5.0.4546" = ElsterFormular

"ElsterFormular 13.1.1.8479k" = ElsterFormular

"ESET Online Scanner" = ESET Online Scanner v3

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = Fujitsu OSD Utility

"Kaufland Foto" = Kaufland Foto

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400

"Mediaport" = Mediaport

"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH

"meinHausplaner" = meinHausplaner

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack

"NeroMultiInstaller!UninstallKey" = Nero Suite

"NeroVision!UninstallKey" = NeroVision Express 2 SE

"NMPUninstallKey" = Nero Media Player

"PROHYBRIDR" = 2007 Microsoft Office system

"Redirection Port Monitor" = RedMon - Redirection Port Monitor

"sv.net" = sv.net

"Swiss Life EVA" = Swiss Life EVA

"TVWiz" = Intel(R) TV Wizard

"web'n'walk Manager" = web'n'walk Manager

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR

"Zune" = Zune

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1808031840-4243000465-1316133507-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"d7d997e86766123f" = Business plus+

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 21.09.2012 02:54:55 | Computer Name = x-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/09/21 08:54:55.767]: [00001644]: GetDeviceIpAddress:

 GetAddressByName [BRN_A7BF08] Error  

 

Error - 21.09.2012 02:55:30 | Computer Name = x-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/09/21 08:55:30.992]: [00001644]: GetDeviceIpAddress:

 GetAddressByName [BRN_A7BF08] Error  

 

Error - 21.09.2012 02:56:06 | Computer Name = x-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/09/21 08:56:06.217]: [00001644]: GetDeviceIpAddress:

 GetAddressByName [BRN_A7BF08] Error  

 

Error - 21.09.2012 02:56:41 | Computer Name = x-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/09/21 08:56:41.442]: [00001644]: GetDeviceIpAddress:

 GetAddressByName [BRN_A7BF08] Error  

 

Error - 21.09.2012 02:57:16 | Computer Name = x-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/09/21 08:57:16.666]: [00001644]: GetDeviceIpAddress:

 GetAddressByName [BRN_A7BF08] Error  

 

Error - 21.09.2012 02:57:51 | Computer Name = x-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/09/21 08:57:51.891]: [00001644]: GetDeviceIpAddress:

 GetAddressByName [BRN_A7BF08] Error  

 

Error - 21.09.2012 02:58:27 | Computer Name = x-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/09/21 08:58:27.116]: [00001644]: GetDeviceIpAddress:

 GetAddressByName [BRN_A7BF08] Error  

 

Error - 21.09.2012 02:59:02 | Computer Name = x-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/09/21 08:59:02.341]: [00001644]: GetDeviceIpAddress:

 GetAddressByName [BRN_A7BF08] Error  

 

Error - 21.09.2012 02:59:37 | Computer Name = x-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/09/21 08:59:37.566]: [00001644]: GetDeviceIpAddress:

 GetAddressByName [BRN_A7BF08] Error  

 

Error - 21.09.2012 03:00:12 | Computer Name = x-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/09/21 09:00:12.791]: [00001644]: GetDeviceIpAddress:

 GetAddressByName [BRN_A7BF08] Error  

 

[ Media Center Events ]

Error - 09.04.2010 01:43:27 | Computer Name = x-PC | Source = MCUpdate | ID = 0

Description = 07:43:27 - Fehler beim Herstellen der Internetverbindung.  07:43:27 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 09.04.2010 01:43:37 | Computer Name = x-PC | Source = MCUpdate | ID = 0

Description = 07:43:32 - Fehler beim Herstellen der Internetverbindung.  07:43:32 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 30.06.2010 02:53:34 | Computer Name = x-PC | Source = MCUpdate | ID = 0

Description = 08:53:20 - Fehler beim Herstellen der Internetverbindung.  08:53:21 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 14.10.2010 04:19:46 | Computer Name = x-PC | Source = MCUpdate | ID = 0

Description = 10:19:46 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung

 mit dem Remoteserver kann nicht hergestellt werden.)  

 

Error - 14.10.2010 04:20:02 | Computer Name = x-PC | Source = MCUpdate | ID = 0

Description = 10:19:51 - Fehler beim Herstellen der Internetverbindung.  10:19:51 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 12.11.2010 03:42:18 | Computer Name = x-PC | Source = MCUpdate | ID = 0

Description = 08:42:18 - Fehler beim Herstellen der Internetverbindung.  08:42:18 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 12.11.2010 03:42:31 | Computer Name = x-PC | Source = MCUpdate | ID = 0

Description = 08:42:23 - Fehler beim Herstellen der Internetverbindung.  08:42:23 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 10.07.2011 05:47:00 | Computer Name = x-PC | Source = MCUpdate | ID = 0

Description = 11:46:59 - Fehler beim Herstellen der Internetverbindung.  11:47:00 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 10.07.2011 05:47:09 | Computer Name = x-PC | Source = MCUpdate | ID = 0

Description = 11:47:05 - Fehler beim Herstellen der Internetverbindung.  11:47:05 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 28.01.2012 08:57:29 | Computer Name = x-PC | Source = MCUpdate | ID = 0

Description = 13:57:14 - Broadband konnte nicht abgerufen werden (Fehler: Der Remotename

 konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')  

 

[ System Events ]

Error - 20.09.2012 08:23:00 | Computer Name = x-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location

 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 20.09.2012 08:24:40 | Computer Name = x-PC | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 Avira Planer erreicht.

 

Error - 20.09.2012 08:24:40 | Computer Name = x-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%1053

 

Error - 20.09.2012 08:24:40 | Computer Name = x-PC | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 Avira Echtzeit Scanner erreicht.

 

Error - 20.09.2012 08:24:40 | Computer Name = x-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Avira Echtzeit Scanner" wurde aufgrund folgenden Fehlers

 nicht gestartet:   %%1053

 

Error - 20.09.2012 08:24:40 | Computer Name = x-PC | Source = Service Control Manager | ID = 7003

Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 

von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

 

Error - 20.09.2012 08:24:42 | Computer Name = x-PC | Source = Service Control Manager | ID = 7003

Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:

 BFE. Dieser Dienst ist eventuell nicht installiert.

 

Error - 20.09.2012 08:24:45 | Computer Name = x-PC | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060

 

Error - 20.09.2012 08:24:55 | Computer Name = x-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   tcpipBM

 

Error - 20.09.2012 08:25:41 | Computer Name = x-PC | Source = DCOM | ID = 10016

Description = 

 

 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL

FF - user.js - File not found

IE - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\..\Toolbar\WebBrowser: (no name) - {26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - No CLSID value found.

O3 - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O4 - HKLM..\Run: []  File not found

O7 - HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{1bb65f5b-0018-11df-b635-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{1bb65f5b-0018-11df-b635-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{1bb65f5f-0018-11df-b635-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{1bb65f5f-0018-11df-b635-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{2e870331-2cf2-11df-a7fc-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{2e870331-2cf2-11df-a7fc-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{2e87033e-2cf2-11df-a7fc-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{2e87033e-2cf2-11df-a7fc-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{2fa24334-ab62-11df-82d1-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{2fa24334-ab62-11df-82d1-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{55044c05-d69b-11df-b8aa-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{55044c05-d69b-11df-b8aa-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{55044c09-d69b-11df-b8aa-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{55044c09-d69b-11df-b8aa-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{588404a5-4261-11df-ae83-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{588404a5-4261-11df-ae83-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{588404a8-4261-11df-ae83-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{588404a8-4261-11df-ae83-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{588404ab-4261-11df-ae83-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{588404ab-4261-11df-ae83-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{58840500-4261-11df-ae83-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{58840500-4261-11df-ae83-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{5a811d72-e6ac-11e1-9308-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{5a811d72-e6ac-11e1-9308-00269e079aa5}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{5a811d98-e6ac-11e1-9308-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{5a811d98-e6ac-11e1-9308-00269e079aa5}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{67c45950-e067-11e1-9153-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{67c45950-e067-11e1-9153-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{6d2b7516-aa22-11e1-b51b-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{6d2b7516-aa22-11e1-b51b-00269e079aa5}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{741cd19f-d475-11df-8366-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{741cd19f-d475-11df-8366-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{741cd1a4-d475-11df-8366-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{741cd1a4-d475-11df-8366-00269e079aa5}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{767a8613-82c5-11e0-8a29-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{767a8613-82c5-11e0-8a29-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{767a8617-82c5-11e0-8a29-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{767a8617-82c5-11e0-8a29-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{9c004514-4173-11df-af9c-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{9c004514-4173-11df-af9c-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{9c004518-4173-11df-af9c-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{9c004518-4173-11df-af9c-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{9c00459e-4173-11df-af9c-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{9c00459e-4173-11df-af9c-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{b8ad00f3-e6aa-11e1-9482-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{b8ad00f3-e6aa-11e1-9482-00269e079aa5}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{c12d8255-d690-11df-b963-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{c12d8255-d690-11df-b963-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{c87852eb-d426-11e1-914b-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{c87852eb-d426-11e1-914b-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{c87852f2-d426-11e1-914b-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{c87852f2-d426-11e1-914b-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{d1d0271e-4262-11df-af0a-00269e079aa5}\Shell - "" = AutoRun

O33 - MountPoints2\{d1d0271e-4262-11df-af0a-00269e079aa5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe

:Files

C:\Users\x\AppData\Local\{*

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache

ipconfig /flushdns /c

:Commands

[purity]

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Das ist nach dem Fixen gekommen.

Code:

All processes killed

========== OTL ==========

HKU\S-1-5-21-1808031840-4243000465-1316133507-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1808031840-4243000465-1316133507-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_USERS\S-1-5-21-1808031840-4243000465-1316133507-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{26647CA4-A2A7-4EAC-8A72-761AA9141DE7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26647CA4-A2A7-4EAC-8A72-761AA9141DE7}\ not found.

Registry value HKEY_USERS\S-1-5-21-1808031840-4243000465-1316133507-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ deleted successfully.

C:\Program Files\GMX Toolbar\IE\uitb.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1808031840-4243000465-1316133507-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bb65f5b-0018-11df-b635-00269e079aa5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bb65f5b-0018-11df-b635-00269e079aa5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bb65f5b-0018-11df-b635-00269e079aa5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bb65f5b-0018-11df-b635-00269e079aa5}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bb65f5f-0018-11df-b635-00269e079aa5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bb65f5f-0018-11df-b635-00269e079aa5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bb65f5f-0018-11df-b635-00269e079aa5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bb65f5f-0018-11df-b635-00269e079aa5}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e870331-2cf2-11df-a7fc-00269e079aa5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e870331-2cf2-11df-a7fc-00269e079aa5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e870331-2cf2-11df-a7fc-00269e079aa5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e870331-2cf2-11df-a7fc-00269e079aa5}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e87033e-2cf2-11df-a7fc-00269e079aa5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e87033e-2cf2-11df-a7fc-00269e079aa5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e87033e-2cf2-11df-a7fc-00269e079aa5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e87033e-2cf2-11df-a7fc-00269e079aa5}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fa24334-ab62-11df-82d1-00269e079aa5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa24334-ab62-11df-82d1-00269e079aa5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fa24334-ab62-11df-82d1-00269e079aa5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa24334-ab62-11df-82d1-00269e079aa5}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55044c05-d69b-11df-b8aa-00269e079aa5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55044c05-d69b-11df-b8aa-00269e079aa5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55044c05-d69b-11df-b8aa-00269e079aa5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55044c05-d69b-11df-b8aa-00269e079aa5}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55044c09-d69b-11df-b8aa-00269e079aa5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55044c09-d69b-11df-b8aa-00269e079aa5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55044c09-d69b-11df-b8aa-00269e079aa5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55044c09-d69b-11df-b8aa-00269e079aa5}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{588404a5-4261-11df-ae83-00269e079aa5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{588404a5-4261-11df-ae83-00269e079aa5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{588404a5-4261-11df-ae83-00269e079aa5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{588404a5-4261-11df-ae83-00269e079aa5}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{588404a8-4261-11df-ae83-00269e079aa5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{588404a8-4261-11df-ae83-00269e079aa5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{588404a8-4261-11df-ae83-00269e079aa5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{588404a8-4261-11df-ae83-00269e079aa5}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{588404ab-4261-11df-ae83-00269e079aa5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{588404ab-4261-11df-ae83-00269e079aa5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{588404ab-4261-11df-ae83-00269e079aa5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{588404ab-4261-11df-ae83-00269e079aa5}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58840500-4261-11df-ae83-00269e079aa5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58840500-4261-11df-ae83-00269e079aa5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58840500-4261-11df-ae83-00269e079aa5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58840500-4261-11df-ae83-00269e079aa5}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a811d72-e6ac-11e1-9308-00269e079aa5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a811d72-e6ac-11e1-9308-00269e079aa5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a811d72-e6ac-11e1-9308-00269e079aa5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a811d72-e6ac-11e1-9308-00269e079aa5}\ not found.

File F:\setup_vmc_lite.exe /checkApplicationPresence not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a811d98-e6ac-11e1-9308-00269e079aa5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a811d98-e6ac-11e1-9308-00269e079aa5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a811d98-e6ac-11e1-9308-00269e079aa5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a811d98-e6ac-11e1-9308-00269e079aa5}\ not found.

File F:\setup_vmc_lite.exe /checkApplicationPresence not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67c45950-e067-11e1-9153-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67c45950-e067-11e1-9153-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67c45950-e067-11e1-9153-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67c45950-e067-11e1-9153-806e6f6e6963}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d2b7516-aa22-11e1-b51b-00269e079aa5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d2b7516-aa22-11e1-b51b-00269e079aa5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d2b7516-aa22-11e1-b51b-00269e079aa5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d2b7516-aa22-11e1-b51b-00269e079aa5}\ not found.

File G:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{741cd19f-d475-11df-8366-00269e079aa5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{741cd19f-d475-11df-8366-00269e079aa5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{741cd19f-d475-11df-8366-00269e079aa5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{741cd19f-d475-11df-8366-00269e079aa5}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{741cd1a4-d475-11df-8366-00269e079aa5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{741cd1a4-d475-11df-8366-00269e079aa5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{741cd1a4-d475-11df-8366-00269e079aa5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{741cd1a4-d475-11df-8366-00269e079aa5}\ not found.

File G:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{767a8613-82c5-11e0-8a29-00269e079aa5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{767a8613-82c5-11e0-8a29-00269e079aa5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{767a8613-82c5-11e0-8a29-00269e079aa5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{767a8613-82c5-11e0-8a29-00269e079aa5}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{767a8617-82c5-11e0-8a29-00269e079aa5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{767a8617-82c5-11e0-8a29-00269e079aa5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{767a8617-82c5-11e0-8a29-00269e079aa5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{767a8617-82c5-11e0-8a29-00269e079aa5}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c004514-4173-11df-af9c-00269e079aa5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c004514-4173-11df-af9c-00269e079aa5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c004514-4173-11df-af9c-00269e079aa5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c004514-4173-11df-af9c-00269e079aa5}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c004518-4173-11df-af9c-00269e079aa5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c004518-4173-11df-af9c-00269e079aa5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c004518-4173-11df-af9c-00269e079aa5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c004518-4173-11df-af9c-00269e079aa5}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c00459e-4173-11df-af9c-00269e079aa5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c00459e-4173-11df-af9c-00269e079aa5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c00459e-4173-11df-af9c-00269e079aa5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c00459e-4173-11df-af9c-00269e079aa5}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8ad00f3-e6aa-11e1-9482-00269e079aa5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8ad00f3-e6aa-11e1-9482-00269e079aa5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8ad00f3-e6aa-11e1-9482-00269e079aa5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8ad00f3-e6aa-11e1-9482-00269e079aa5}\ not found.

File F:\setup_vmc_lite.exe /checkApplicationPresence not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c12d8255-d690-11df-b963-00269e079aa5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c12d8255-d690-11df-b963-00269e079aa5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c12d8255-d690-11df-b963-00269e079aa5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c12d8255-d690-11df-b963-00269e079aa5}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c87852eb-d426-11e1-914b-00269e079aa5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c87852eb-d426-11e1-914b-00269e079aa5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c87852eb-d426-11e1-914b-00269e079aa5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c87852eb-d426-11e1-914b-00269e079aa5}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c87852f2-d426-11e1-914b-00269e079aa5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c87852f2-d426-11e1-914b-00269e079aa5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c87852f2-d426-11e1-914b-00269e079aa5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c87852f2-d426-11e1-914b-00269e079aa5}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1d0271e-4262-11df-af0a-00269e079aa5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1d0271e-4262-11df-af0a-00269e079aa5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1d0271e-4262-11df-af0a-00269e079aa5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1d0271e-4262-11df-af0a-00269e079aa5}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.

File F:\setup_vmc_lite.exe /checkApplicationPresence not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.

File G:\AutoRun.exe not found.

========== FILES ==========

C:\Users\x\AppData\Local\{003B3EB5-E417-450A-83AF-5D0CC13FBB0C} folder moved successfully.

C:\Users\x\AppData\Local\{00A54C16-3CCD-4C1D-A931-A7D9D1506CF0} folder moved successfully.

C:\Users\x\AppData\Local\{026AE2CA-3ED3-4B1E-A28D-9354B6FB6226} folder moved successfully.

C:\Users\x\AppData\Local\{02B083EB-FDF3-42C4-90E5-91ED17A874B2} folder moved successfully.

C:\Users\x\AppData\Local\{03A74472-8F16-4107-8F65-1878EFF119F0} folder moved successfully.

C:\Users\x\AppData\Local\{04837D2A-24BC-4E1A-A879-B76060192726} folder moved successfully.

C:\Users\x\AppData\Local\{04A3B861-CD83-4696-ADCA-667B2934CF32} folder moved successfully.

C:\Users\x\AppData\Local\{04E5AE1A-92E8-4E3E-B201-D2FE86B1212D} folder moved successfully.

C:\Users\x\AppData\Local\{0505527D-71DA-4386-85F7-2D4882725188} folder moved successfully.

C:\Users\x\AppData\Local\{054B9F2F-D605-4F1A-8644-65D9D4F1F4FD} folder moved successfully.

C:\Users\x\AppData\Local\{056AFFBA-6142-4EB8-8022-6F0D163D00E4} folder moved successfully.

C:\Users\x\AppData\Local\{056DC593-C6D4-4843-9AD2-F2A1190E0605} folder moved successfully.

C:\Users\x\AppData\Local\{0582F5F3-B5BD-4268-BE4B-467AB19552CA} folder moved successfully.

C:\Users\x\AppData\Local\{05BF6A03-50A0-4DAD-9ED4-EE9CC85BA8FB} folder moved successfully.

C:\Users\x\AppData\Local\{06FD58B5-DF02-494F-9281-4D76679CBB84} folder moved successfully.

C:\Users\x\AppData\Local\{074E3033-99E1-46D2-BDA2-B820433706B7} folder moved successfully.

C:\Users\x\AppData\Local\{079195D4-DC0C-481E-863C-2B75967BED9E} folder moved successfully.

C:\Users\x\AppData\Local\{08208231-49CF-47F9-9652-29785FF941F2} folder moved successfully.

C:\Users\x\AppData\Local\{083E5D9D-145F-4ABA-8A7D-EE6D71DDE171} folder moved successfully.

C:\Users\x\AppData\Local\{092D462F-7CA0-41A1-8CA9-56DCAA9A58FE} folder moved successfully.

C:\Users\x\AppData\Local\{095CCB09-5BF8-494F-B9E3-C0F8371E354A} folder moved successfully.

C:\Users\x\AppData\Local\{09879608-E545-4A8D-9EB0-B7775D641CDC} folder moved successfully.

C:\Users\x\AppData\Local\{099C72A8-9C8B-4406-A570-74F4E8B286A3} folder moved successfully.

C:\Users\x\AppData\Local\{09DE2A4B-1647-4D71-A674-E635E5AF0F2E} folder moved successfully.

C:\Users\x\AppData\Local\{0A5868DC-1663-4A7D-863F-7E5451AB2CF0} folder moved successfully.

C:\Users\x\AppData\Local\{0AEEF6A6-A11D-49FD-A4F1-FA5CCCA3A71B} folder moved successfully.

C:\Users\x\AppData\Local\{0B575796-1B9B-4B45-8EFF-147B8FB8DEA0} folder moved successfully.

C:\Users\x\AppData\Local\{0BF64FDC-A715-4B06-A2AE-7AC32DA1A364} folder moved successfully.

C:\Users\x\AppData\Local\{0CDE8E3D-97CF-4D2F-B4B8-20D8ACE68A11} folder moved successfully.

C:\Users\x\AppData\Local\{0D79F01F-2D16-4C12-B8D7-D041BEC4298C} folder moved successfully.

C:\Users\x\AppData\Local\{0D8696A0-A4C9-458C-8C20-D789A5246118} folder moved successfully.

C:\Users\x\AppData\Local\{0E0AE64A-1DCE-4FC8-B9D8-7F92DF25D173} folder moved successfully.

C:\Users\x\AppData\Local\{0F931925-98B6-4C04-AA23-D97B3C3EEDB7} folder moved successfully.

C:\Users\x\AppData\Local\{0FC9DD09-9F0C-44BA-ADC0-2B39DFA1ACB1} folder moved successfully.

C:\Users\x\AppData\Local\{0FE5F289-EBC9-4359-A6A4-0F1964AA5BD7} folder moved successfully.

C:\Users\x\AppData\Local\{1000ED75-8171-4BBE-B090-E39E72E89F31} folder moved successfully.

C:\Users\x\AppData\Local\{100176EF-C340-480D-898C-E430643BF952} folder moved successfully.

C:\Users\x\AppData\Local\{10539BA6-82D9-4BC5-A0C2-E9C724E1F7D7} folder moved successfully.

C:\Users\x\AppData\Local\{11E02DDC-1A72-43B2-BFE0-A2BF4DAC69DC} folder moved successfully.

C:\Users\x\AppData\Local\{127CD983-6497-4401-9D30-83AF87FA89C8} folder moved successfully.

C:\Users\x\AppData\Local\{137559D1-EBAB-436C-9022-38411FE9244F} folder moved successfully.

C:\Users\x\AppData\Local\{143909E8-E631-4FA2-917E-190694A392EF} folder moved successfully.

C:\Users\x\AppData\Local\{143911DC-6C9B-45E3-BE18-62FCFF669FD2} folder moved successfully.

C:\Users\x\AppData\Local\{1493D356-D0C2-42E6-9237-6F7EFF55C523} folder moved successfully.

C:\Users\x\AppData\Local\{14A65CAA-FDAE-4C9D-9A2F-869CB2457D5E} folder moved successfully.

C:\Users\x\AppData\Local\{153BC9EB-8C4B-4265-A6EC-8E91AF50B93B} folder moved successfully.

C:\Users\x\AppData\Local\{161192CB-8BEA-4AB9-A2F3-AFAFF456DA54} folder moved successfully.

C:\Users\x\AppData\Local\{16E607F6-A70F-44A2-9A1B-DE649A579C48} folder moved successfully.

C:\Users\x\AppData\Local\{173845B1-F840-4C15-8F90-1E33A2D7653C} folder moved successfully.

C:\Users\x\AppData\Local\{17EAB4FC-D94E-4DFC-A04A-EAB87FD32352} folder moved successfully.

C:\Users\x\AppData\Local\{17FF1717-E15D-4F70-AE7E-60271B1A22F9} folder moved successfully.

C:\Users\x\AppData\Local\{18B7151A-6B5D-4641-BB97-F2A0AEE367F5} folder moved successfully.

C:\Users\x\AppData\Local\{18D4AAAF-0DF0-4A88-A44C-F797D027A5B1} folder moved successfully.

C:\Users\x\AppData\Local\{19FFC434-9AA7-43F9-BE79-810DC3E06F9B} folder moved successfully.

C:\Users\x\AppData\Local\{1AA496F7-A111-4CA2-AB19-0287B857BAED} folder moved successfully.

C:\Users\x\AppData\Local\{1AAB4842-7B51-4408-A542-070AAD4DE3D3} folder moved successfully.

C:\Users\x\AppData\Local\{1B7A41FB-9981-41A7-A497-AB7FED30E274} folder moved successfully.

C:\Users\x\AppData\Local\{1B987CDC-D55B-4E70-9732-FBEEDC9D1120} folder moved successfully.

C:\Users\x\AppData\Local\{1C02A7FF-89E0-4E00-AA3E-C42D8337B172} folder moved successfully.

C:\Users\x\AppData\Local\{1C41B48C-1A62-4A59-8FA0-714ABEE2F157} folder moved successfully.

C:\Users\x\AppData\Local\{1C777343-589C-44E2-8574-121D37635719} folder moved successfully.

C:\Users\x\AppData\Local\{1C8CBA42-5DFE-4A8B-A1D4-A638C1BB7BB0} folder moved successfully.

C:\Users\x\AppData\Local\{1D683EEA-7B7C-4AF7-B813-3951A73383E3} folder moved successfully.

C:\Users\x\AppData\Local\{1D9594A8-043F-4BE3-BEDF-B14D8D5BCA4E} folder moved successfully.

C:\Users\x\AppData\Local\{1DCA87CE-59C6-4A10-AF1E-7A8E2E609670} folder moved successfully.

C:\Users\x\AppData\Local\{1E90E708-69F9-4B84-A51F-E528B8139E09} folder moved successfully.

C:\Users\x\AppData\Local\{1EA14C12-93EB-42B8-9236-AB8F31EA22D5} folder moved successfully.

C:\Users\x\AppData\Local\{1EA1A203-449D-4253-87AF-B213574AA007} folder moved successfully.

C:\Users\x\AppData\Local\{1EF4B5F8-CE83-4D5A-A6B4-CE69EC0D01DA} folder moved successfully.

C:\Users\x\AppData\Local\{1FDCFF17-0FC7-4EB5-B9FC-BA903AB775BB} folder moved successfully.

C:\Users\x\AppData\Local\{20077E59-EEB5-4C0A-862C-E34AC70C0934} folder moved successfully.

C:\Users\x\AppData\Local\{211E701B-1EE3-410B-B2C4-D8A71958064D} folder moved successfully.

C:\Users\x\AppData\Local\{2131F293-4A0D-4566-90FC-D5381C765418} folder moved successfully.

C:\Users\x\AppData\Local\{21433EE3-7A74-4FEE-8895-65A7555A1748} folder moved successfully.

C:\Users\x\AppData\Local\{21650E1E-45C9-46F5-B646-3C4CE4400FE6} folder moved successfully.

C:\Users\x\AppData\Local\{2229BF79-DAB7-4536-B996-F04F8F049822} folder moved successfully.

C:\Users\x\AppData\Local\{22620535-37D5-40AD-8ECF-F3F7FB504A74} folder moved successfully.

C:\Users\x\AppData\Local\{2263C029-0D34-483F-875B-B6ACE7A9600A} folder moved successfully.

C:\Users\x\AppData\Local\{22B28C19-5DF2-47FE-8BAF-CD23FF5AC186} folder moved successfully.

C:\Users\x\AppData\Local\{22C485A0-8446-4086-8A3C-4DEF4C3A2589} folder moved successfully.

C:\Users\x\AppData\Local\{22C49A0A-AA0E-4EBD-AD8A-4FF1421B8412} folder moved successfully.

C:\Users\x\AppData\Local\{23161584-C394-417D-A116-4116F76C2F69} folder moved successfully.

C:\Users\x\AppData\Local\{233FB40E-2E8D-4423-9C77-E2064B1EDFEE} folder moved successfully.

C:\Users\x\AppData\Local\{23AD0A41-7F14-44D4-943B-CF4401EA2D84} folder moved successfully.

C:\Users\x\AppData\Local\{23B126A3-E48F-4DD6-B3E7-FEF62D98EA6F} folder moved successfully.

C:\Users\x\AppData\Local\{23F86FE7-B0C8-44F0-97E9-77D9ED348E5E} folder moved successfully.

C:\Users\x\AppData\Local\{24235E78-2377-4EE7-A26F-2622B007D50B} folder moved successfully.

C:\Users\x\AppData\Local\{2439B05C-D0A1-4D81-825A-75B7E93634A6} folder moved successfully.

C:\Users\x\AppData\Local\{244FCBA9-3459-4598-A592-BCA00BAD83FF} folder moved successfully.

C:\Users\x\AppData\Local\{25DDC38F-5304-481B-9EA3-53604988B25D} folder moved successfully.

C:\Users\x\AppData\Local\{26033FC9-50EE-431B-B47E-FAB13AA25825} folder moved successfully.

C:\Users\x\AppData\Local\{266757AD-73E7-4BE4-92D1-33F55088E505} folder moved successfully.

C:\Users\x\AppData\Local\{26E54ADA-EF9C-47DD-8A9A-6E0DBF8D9118} folder moved successfully.

C:\Users\x\AppData\Local\{26F22705-03BA-4362-AE7E-4723A8D089C3} folder moved successfully.

C:\Users\x\AppData\Local\{2726E764-DE0F-4337-B637-160ADE582654} folder moved successfully.

C:\Users\x\AppData\Local\{277205CF-848B-4B19-A681-F1EE7230FD5E} folder moved successfully.

C:\Users\x\AppData\Local\{27B4C7D3-7BAB-4E55-AD7B-2E64A304C66F} folder moved successfully.

C:\Users\x\AppData\Local\{27C51154-6836-4BAF-BA8F-2060B3E3136B} folder moved successfully.

C:\Users\x\AppData\Local\{27E52979-8B9F-4321-951F-A6EEB12774CF} folder moved successfully.

C:\Users\x\AppData\Local\{2894760F-C81C-43B1-A84C-B114FF6E85B8} folder moved successfully.

C:\Users\x\AppData\Local\{28CC8A44-062E-46A5-900A-D47811CF3712} folder moved successfully.

C:\Users\x\AppData\Local\{29053B76-26AE-4506-8415-662BD83B5DB9} folder moved successfully.

C:\Users\x\AppData\Local\{294AAFB6-4CFA-4360-AFE1-EFAFE91373E3} folder moved successfully.

C:\Users\x\AppData\Local\{29673C4E-802C-42CF-AA1A-49BA9BF7794F} folder moved successfully.

C:\Users\x\AppData\Local\{29867760-B6FD-46B9-BD6B-37FB7AB451A8} folder moved successfully.

C:\Users\x\AppData\Local\{29C1FE42-5E7B-4949-BA12-FF52550B1BA4} folder moved successfully.

C:\Users\x\AppData\Local\{2A98F4DC-4DEE-4757-998E-0EFAEFD2DAF6} folder moved successfully.

C:\Users\x\AppData\Local\{2A9BAD1A-8F0F-447E-9A81-8CDE8ADCB66E} folder moved successfully.

C:\Users\x\AppData\Local\{2ADB7761-DFCC-416F-B276-5185BA78DB49} folder moved successfully.

C:\Users\x\AppData\Local\{2ADD216F-39E2-4574-B267-C2B8625CB2FB} folder moved successfully.

C:\Users\x\AppData\Local\{2ADD338E-713E-435B-8D7B-FD62FD39AFA2} folder moved successfully.

C:\Users\x\AppData\Local\{2AFB81DB-1B4D-4B6A-A18B-091AD5A048EA} folder moved successfully.

C:\Users\x\AppData\Local\{2B68E581-D4BE-47E0-8D53-077EF736708C} folder moved successfully.

C:\Users\x\AppData\Local\{2BA40441-F052-4DF3-B26D-A116DF59B94D} folder moved successfully.

C:\Users\x\AppData\Local\{2BD8CB42-BCA0-4E5E-B29F-34582B8C6861} folder moved successfully.

C:\Users\x\AppData\Local\{2BDEBBFD-E999-44FF-843B-FCCC28EDB7F1} folder moved successfully.

C:\Users\x\AppData\Local\{2C430CDB-7F31-4E3A-BC26-A0C422D530F9} folder moved successfully.

C:\Users\x\AppData\Local\{2C482F6C-F66E-45D9-8014-CCE8B65F6AFE} folder moved successfully.

C:\Users\x\AppData\Local\{2C63C879-12FD-4AB9-9923-14F56E64191E} folder moved successfully.

C:\Users\x\AppData\Local\{2CAD6DCE-C0A3-41D6-88D7-D2029D509EF9} folder moved successfully.

C:\Users\x\AppData\Local\{2D14CC5F-E93F-4997-B127-3A331846A3E7} folder moved successfully.

C:\Users\x\AppData\Local\{2D22C614-B3B2-43EA-829B-D8DC0C8DA273} folder moved successfully.

C:\Users\x\AppData\Local\{2D370437-DAE4-4EAD-99EA-898FD334B24E} folder moved successfully.

C:\Users\x\AppData\Local\{2DA6BDC6-B2A6-4761-8778-1A5E24349E21} folder moved successfully.

C:\Users\x\AppData\Local\{2E3B3CC3-0A04-4EC6-9C2B-632C1BD0C104} folder moved successfully.

C:\Users\x\AppData\Local\{2FCD2C37-17BB-4810-AA20-E69F2D2DD419} folder moved successfully.

C:\Users\x\AppData\Local\{2FE9B842-A626-4316-9732-87FD44CE73BD} folder moved successfully.

C:\Users\x\AppData\Local\{306F6858-805F-4DB1-A419-F4534E5642D5} folder moved successfully.

C:\Users\x\AppData\Local\{30D06823-F897-42FF-933C-325454733DE1} folder moved successfully.

C:\Users\x\AppData\Local\{312159F0-1653-494F-B93C-BCA1F2C5DB3F} folder moved successfully.

C:\Users\x\AppData\Local\{312F819C-2823-444E-95BF-F9D2F5FA9CA6} folder moved successfully.

C:\Users\x\AppData\Local\{3166754D-7387-4200-855A-DE0E7AE6A180} folder moved successfully.

C:\Users\x\AppData\Local\{319ACE2F-5850-4072-BB93-DEE30289F33D} folder moved successfully.

C:\Users\x\AppData\Local\{323129BB-5976-4670-981E-D8CD18C90B13} folder moved successfully.

C:\Users\x\AppData\Local\{328CA768-C0D5-41EE-B4EB-A0FE4DBE6B2D} folder moved successfully.

C:\Users\x\AppData\Local\{32E5295B-6D91-4333-B39D-1B8B8FED3B31} folder moved successfully.

C:\Users\x\AppData\Local\{33835821-E7A7-43C8-A852-55D59AC635FC} folder moved successfully.

C:\Users\x\AppData\Local\{34168D67-25D5-4DBD-B55F-FAE5D8AFBDF4} folder moved successfully.

C:\Users\x\AppData\Local\{346BF602-4D48-4797-BE07-9C8FEE5B9F8D} folder moved successfully.

C:\Users\x\AppData\Local\{347B847A-FA0F-4AB8-B681-E55074577892} folder moved successfully.

C:\Users\x\AppData\Local\{34930D91-B459-41D4-A596-A16E43E00A46} folder moved successfully.

C:\Users\x\AppData\Local\{353D8985-A445-42A5-B3EF-5AB2E8B1B032} folder moved successfully.

C:\Users\x\AppData\Local\{355F9EED-7EAA-4371-A849-6E7174BD6B3B} folder moved successfully.

C:\Users\x\AppData\Local\{35D6B45E-8228-41CE-89AC-E5123A7FD426} folder moved successfully.

C:\Users\x\AppData\Local\{3688C18D-1921-483C-98AF-F4ABCC5A992C} folder moved successfully.

C:\Users\x\AppData\Local\{36F7D7BB-4A45-4199-94E1-21497FCCB696} folder moved successfully.

C:\Users\x\AppData\Local\{3782600F-5BB7-420A-8E10-1C15DC63C4A5} folder moved successfully.

C:\Users\x\AppData\Local\{381D5F22-A9C5-4407-AEFF-C16C33418B8C} folder moved successfully.

C:\Users\x\AppData\Local\{385B1915-2AC6-47A0-813D-E393ABB634DA} folder moved successfully.

C:\Users\x\AppData\Local\{3874C0DA-D68E-4540-A810-104463CB2B7D} folder moved successfully.

C:\Users\x\AppData\Local\{38ADB680-865B-4626-AF08-4E6577BB6DF7} folder moved successfully.

C:\Users\x\AppData\Local\{39553E82-2421-4096-B895-363895D07B17} folder moved successfully.

C:\Users\x\AppData\Local\{39580853-1B81-44C1-AE38-0FA991C3EFD3} folder moved successfully.

C:\Users\x\AppData\Local\{39E667B4-FC5C-4B14-8C4E-9D72EDDEA931} folder moved successfully.

C:\Users\x\AppData\Local\{3A4363D4-916C-4F74-905E-6F4E6C247A1F} folder moved successfully.

C:\Users\x\AppData\Local\{3A67BB2E-7FB5-4760-B72F-71ACEFBBEB27} folder moved successfully.

C:\Users\x\AppData\Local\{3AA17265-9D06-4DB6-93DA-CC09A9DE1C83} folder moved successfully.

C:\Users\x\AppData\Local\{3AB9D1FA-F3AA-418A-83DB-95B08CA25469} folder moved successfully.

C:\Users\x\AppData\Local\{3B65F4D1-076F-4242-8B64-5D4F9B325564} folder moved successfully.

C:\Users\x\AppData\Local\{3C0CD324-3925-4A78-A248-04400DC2D344} folder moved successfully.

C:\Users\x\AppData\Local\{3C93DCF0-386F-4CBA-A3BF-20FC4E29CD80} folder moved successfully.

C:\Users\x\AppData\Local\{3CA69985-66E1-4714-B375-1ABD0BE8F190} folder moved successfully.

C:\Users\x\AppData\Local\{3CADCAB0-90F7-40D6-B5B7-EDC2E94D29B2} folder moved successfully.

C:\Users\x\AppData\Local\{3D031B5A-CD82-4CF4-BA2D-6DD93887D808} folder moved successfully.

C:\Users\x\AppData\Local\{3D2DAD0B-DF11-49E2-8005-5E087FD41E12} folder moved successfully.

C:\Users\x\AppData\Local\{3DCC1EC0-DC32-4E3A-90CC-F50B8CCA9019} folder moved successfully.

C:\Users\x\AppData\Local\{3E7C920C-6045-4987-9A27-5A7885578D55} folder moved successfully.

C:\Users\x\AppData\Local\{4079B9E9-50C3-43C3-9027-212D45077D02} folder moved successfully.

C:\Users\x\AppData\Local\{40B466F7-B82F-43D8-A50D-37AF6BFC7843} folder moved successfully.

C:\Users\x\AppData\Local\{40CC07DD-8995-43D8-8463-32BDD56BB9B0} folder moved successfully.

C:\Users\x\AppData\Local\{41189D38-58D2-4DFC-9816-9D3D45682ECA} folder moved successfully.

C:\Users\x\AppData\Local\{419825BB-AB46-40CB-AADF-0153C2967469} folder moved successfully.

C:\Users\x\AppData\Local\{41C0BFAD-B2D9-47C2-BB69-CCF4047C3D10} folder moved successfully.

C:\Users\x\AppData\Local\{424EE35E-777A-45F9-87AD-0C218537D965} folder moved successfully.

C:\Users\x\AppData\Local\{429669CD-3727-4CB4-AFB2-6F6E98B6093F} folder moved successfully.

C:\Users\x\AppData\Local\{42CF557B-BFC5-48A7-91FE-DBFDBABF5A78} folder moved successfully.

C:\Users\x\AppData\Local\{43B268A9-D0C5-4281-9014-129DF92B72C7} folder moved successfully.

C:\Users\x\AppData\Local\{43EA51B5-842A-4D37-BC13-3B348542A8B0} folder moved successfully.

C:\Users\x\AppData\Local\{4409F304-2834-42B9-B530-377102AE0998} folder moved successfully.

C:\Users\x\AppData\Local\{4498A118-73F7-4F25-8373-A09B254B15D3} folder moved successfully.

C:\Users\x\AppData\Local\{44B97F5F-AE08-48E2-9728-3F18A39519AC} folder moved successfully.

C:\Users\x\AppData\Local\{457BBDCA-7BC3-414A-87C9-638BAA94D9A7} folder moved successfully.

C:\Users\x\AppData\Local\{462A37C0-15EB-43CB-B6C7-ED9E4E235B8A} folder moved successfully.

C:\Users\x\AppData\Local\{463B7EE1-DB6D-4F55-8D37-E90F5B3B88AE} folder moved successfully.

C:\Users\x\AppData\Local\{46F880B6-0AD9-421F-AA13-65D3F057D55F} folder moved successfully.

C:\Users\x\AppData\Local\{471DBA65-8595-4117-A51B-4F9C5B4E2321} folder moved successfully.

C:\Users\x\AppData\Local\{4748FBC1-5DD4-47F0-B7D6-23BA67AF48B3} folder moved successfully.

C:\Users\x\AppData\Local\{4766B852-5129-48F2-A5F8-11361611C51B} folder moved successfully.

C:\Users\x\AppData\Local\{477EE512-B690-4F1D-AF43-9B908C91251A} folder moved successfully.

C:\Users\x\AppData\Local\{4791BB25-F26B-4DC9-AEE4-499EDF1D8183} folder moved successfully.

C:\Users\x\AppData\Local\{47DAAAF2-65DF-42B5-9647-183985B3086D} folder moved successfully.

C:\Users\x\AppData\Local\{47F8E259-699A-4C43-ADC2-411DA21C3BCF} folder moved successfully.

C:\Users\x\AppData\Local\{48364779-16EF-4B89-8F81-BC49EA90F177} folder moved successfully.

C:\Users\x\AppData\Local\{488F7321-E44E-41CB-B5E2-15C4B46E6D8D} folder moved successfully.

C:\Users\x\AppData\Local\{48C400BA-BF43-4A81-B634-BDBA93C9A730} folder moved successfully.

C:\Users\x\AppData\Local\{494D615B-3949-4C1B-BD37-769591523954} folder moved successfully.

C:\Users\x\AppData\Local\{4A41494C-1F37-4C9B-AEB9-50852D580AE3} folder moved successfully.

C:\Users\x\AppData\Local\{4A61D208-2E5A-4295-A616-4E163DC369D6} folder moved successfully.

C:\Users\x\AppData\Local\{4A6AB4CF-897C-4E98-B292-00037F79ED36} folder moved successfully.

C:\Users\x\AppData\Local\{4ACE225D-33A8-46CF-BC84-84D5792E00F9} folder moved successfully.

C:\Users\x\AppData\Local\{4B0B2D4D-8F8C-4B0B-856A-A064BE1B4423} folder moved successfully.

C:\Users\x\AppData\Local\{4BEBDBDA-AB14-4BA4-862B-71016D7A09B5} folder moved successfully.

C:\Users\x\AppData\Local\{4C0346B0-0662-44AF-AB93-831CFF0A8F38} folder moved successfully.

C:\Users\x\AppData\Local\{4C143D56-B1B5-483A-B552-C8F66D03022C} folder moved successfully.

C:\Users\x\AppData\Local\{4C1DEBF4-A47E-4A90-9CA9-A62BADB031DF} folder moved successfully.

C:\Users\x\AppData\Local\{4C5C677F-D7F1-42E8-9425-DBEE597D526A} folder moved successfully.

C:\Users\x\AppData\Local\{4CC143BD-FD6E-46A9-825E-EF857215F5B7} folder moved successfully.

C:\Users\x\AppData\Local\{4CE65B20-3812-49E3-8EAA-4A9DA93B1630} folder moved successfully.

C:\Users\x\AppData\Local\{4D6D7661-A3CF-4C03-959F-13C3B0EF834F} folder moved successfully.

C:\Users\x\AppData\Local\{4DD7C886-1364-4244-8E16-7062F3CFC27B} folder moved successfully.

C:\Users\x\AppData\Local\{4DE81DB1-CB27-4F61-A0B4-3B59DD285A21} folder moved successfully.

C:\Users\x\AppData\Local\{4E353FC4-C19D-4118-B092-2ADA1F9452B1} folder moved successfully.

C:\Users\x\AppData\Local\{4E3E26AA-6404-4652-A44F-085F80C8352D} folder moved successfully.

C:\Users\x\AppData\Local\{4E517AFF-8C93-4069-BBA8-BAC6A0B3495E} folder moved successfully.

C:\Users\x\AppData\Local\{4E9D8AA9-B341-48A2-92BA-B5123E4038AE} folder moved successfully.

C:\Users\x\AppData\Local\{4F06A5EB-741C-46C4-AAC7-02DF43B19463} folder moved successfully.

C:\Users\x\AppData\Local\{4F2B9E12-A4D3-4C16-9B1A-8717CEFC251D} folder moved successfully.

C:\Users\x\AppData\Local\{4F445388-6722-44C2-88F7-723C17334402} folder moved successfully.

C:\Users\x\AppData\Local\{4F44F0E5-22D2-4964-BC73-51C773C751CE} folder moved successfully.

C:\Users\x\AppData\Local\{4F9B05CE-A112-4461-8AEC-89E8DDD2D990} folder moved successfully.

C:\Users\x\AppData\Local\{4FC6CB2E-863E-44E5-BEDB-C4AD236611EF} folder moved successfully.

C:\Users\x\AppData\Local\{50315E65-D299-4752-93DE-DAA3DADF6D77} folder moved successfully.

C:\Users\x\AppData\Local\{51C3C55C-7A8F-48BF-ACC6-20D9BDC340D5} folder moved successfully.

C:\Users\x\AppData\Local\{51E586DE-A51B-404E-B0EB-4B6C09976162} folder moved successfully.

C:\Users\x\AppData\Local\{520DE11C-1B17-4FC9-93D3-81D88451E279} folder moved successfully.

C:\Users\x\AppData\Local\{52AC6859-1E1B-406F-B358-01874D649A07} folder moved successfully.

C:\Users\x\AppData\Local\{53DE90DF-8E68-4EB3-BEF2-ED5D48F10687} folder moved successfully.

C:\Users\x\AppData\Local\{546FEA66-9F80-4FA8-9D2C-2B37E03C650D} folder moved successfully.

C:\Users\x\AppData\Local\{55E8F2B7-74AA-454F-A7A6-E358EC388F96} folder moved successfully.

C:\Users\x\AppData\Local\{55EDBABB-41B6-46F7-A0F0-07699E797357} folder moved successfully.

C:\Users\x\AppData\Local\{560E049F-AFBD-458E-A725-4FDC370410B1} folder moved successfully.

C:\Users\x\AppData\Local\{5682575E-CAEF-4C2F-A8AB-7A3E4719C58D} folder moved successfully.

C:\Users\x\AppData\Local\{5688C472-8DCD-46B4-8E36-96AA5D5F7049} folder moved successfully.

C:\Users\x\AppData\Local\{569F6A3D-41F1-4640-A191-0336106BBEB2} folder moved successfully.

C:\Users\x\AppData\Local\{56ABEB8B-86CB-462C-869F-E999FD111C59} folder moved successfully.

C:\Users\x\AppData\Local\{5718614D-39CA-4C63-A4E3-80A3B04EDC86} folder moved successfully.

C:\Users\x\AppData\Local\{5749990E-342B-4DB9-83B4-1400B24A4F03} folder moved successfully.

C:\Users\x\AppData\Local\{574F571E-F769-46B4-B8A1-06A38608458E} folder moved successfully.

C:\Users\x\AppData\Local\{579CF3C8-16EA-4034-9ACF-26388D8A745A} folder moved successfully.

C:\Users\x\AppData\Local\{57AAD355-5299-4692-A6AB-44251CC6A817} folder moved successfully.

C:\Users\x\AppData\Local\{57CBFEB8-1105-44D7-92FE-E0BEE7D26FAE} folder moved successfully.

C:\Users\x\AppData\Local\{57D890B4-E2BA-4ECB-8E8D-58578E1FDCCF} folder moved successfully.

C:\Users\x\AppData\Local\{582F1D85-5093-4373-B655-0CCCED438326} folder moved successfully.

C:\Users\x\AppData\Local\{583CA38D-310A-45EF-B47B-149034B7F9CA} folder moved successfully.

C:\Users\x\AppData\Local\{58A1A428-E749-4B5F-8948-0E76DBEF77A0} folder moved successfully.

C:\Users\x\AppData\Local\{58B2BCDB-5C38-4F37-9A3E-BB5BBA6FB0FB} folder moved successfully.

C:\Users\x\AppData\Local\{5936FE57-EAC2-41DC-B641-17F4FA58672F} folder moved successfully.

C:\Users\x\AppData\Local\{597A7D69-3D9E-40A9-9D30-2AF665691897} folder moved successfully.

C:\Users\x\AppData\Local\{59A3C411-DDCB-47CB-B1EA-D0B752D86F66} folder moved successfully.

C:\Users\x\AppData\Local\{59AA8520-47F0-4F0F-AEB5-F562AF122B29} folder moved successfully.

C:\Users\x\AppData\Local\{59BAD2B5-1AF4-4FE7-85AE-117CEC25976B} folder moved successfully.

C:\Users\x\AppData\Local\{5A3BEBF6-9A7D-4D39-919E-216683D968E3} folder moved successfully.

C:\Users\x\AppData\Local\{5B0823F1-A696-4BC8-A25F-04976036BF2F} folder moved successfully.

C:\Users\x\AppData\Local\{5B111E49-E779-4A32-8674-ADFD7A8C4F76} folder moved successfully.

C:\Users\x\AppData\Local\{5B8AE80F-BD7E-4E2F-B014-E51D45593A1D} folder moved successfully.

C:\Users\x\AppData\Local\{5BC2F99E-4088-493D-91EE-B976CCDD0AEA} folder moved successfully.

C:\Users\x\AppData\Local\{5BF5EC55-BE4E-4F7F-B534-FBE1D52E9E8A} folder moved successfully.

C:\Users\x\AppData\Local\{5D9B37EE-6FB4-4921-BC85-2E07164EDAF1} folder moved successfully.

C:\Users\x\AppData\Local\{5E99E976-7EB6-48C7-BE6E-BA9E5F4846A3} folder moved successfully.

C:\Users\x\AppData\Local\{5EEA634B-C931-4445-9116-F1C1FCD514AE} folder moved successfully.

C:\Users\x\AppData\Local\{5EFBF81E-39AF-40F5-976C-78776BF9F450} folder moved successfully.

C:\Users\x\AppData\Local\{5F26C529-22C6-438A-BA64-7CFF2DC14CD9} folder moved successfully.

C:\Users\x\AppData\Local\{5FA5C7B9-427B-4550-A90F-0DD8AD66CE53} folder moved successfully.

C:\Users\x\AppData\Local\{5FF8C9C8-5CFC-49BA-A5EB-507FE4DD04F6} folder moved successfully.

C:\Users\x\AppData\Local\{5FFFE732-5331-4270-AC2C-92144114625B} folder moved successfully.

C:\Users\x\AppData\Local\{60CB7D78-430A-4FBC-8C68-3BF4C608213C} folder moved successfully.

C:\Users\x\AppData\Local\{60EB9876-91B1-45A3-AF4F-17BECE96774D} folder moved successfully.

C:\Users\x\AppData\Local\{6120F159-D6D7-4CD4-B721-FA49FE95C762} folder moved successfully.

C:\Users\x\AppData\Local\{61497D16-17A1-4313-A7DD-1BAF8C99DAAB} folder moved successfully.

C:\Users\x\AppData\Local\{616A6A15-B33A-48A5-9DB6-935027693534} folder moved successfully.

C:\Users\x\AppData\Local\{61C5E2D7-2D61-446F-82A3-59C0F52AFB16} folder moved successfully.

C:\Users\x\AppData\Local\{6243FB7C-E937-4A99-B78C-D813D013FB9F} folder moved successfully.

C:\Users\x\AppData\Local\{62C8C237-49D9-4942-9621-84A2835684BE} folder moved successfully.

C:\Users\x\AppData\Local\{62CCF31B-2501-4F4D-B982-1B4CA2E49B07} folder moved successfully.

C:\Users\x\AppData\Local\{630BFD74-3160-41F8-9B1A-6608A3C580D4} folder moved successfully.

C:\Users\x\AppData\Local\{631FAB48-9D20-4CDA-A803-C2889592C31E} folder moved successfully.

C:\Users\x\AppData\Local\{63301308-59A4-491E-9FAF-6C4542DFF251} folder moved successfully.

C:\Users\x\AppData\Local\{654054EC-93B4-496C-9562-853E24189EA0} folder moved successfully.

C:\Users\x\AppData\Local\{657105DA-8D65-44CE-A31D-1EF1FDAF9082} folder moved successfully.

C:\Users\x\AppData\Local\{65CEFDE6-5263-4E01-AA37-D24EF20A02A9} folder moved successfully.

C:\Users\x\AppData\Local\{65F1AFEC-CE22-4485-9B06-549CDACABC83} folder moved successfully.

C:\Users\x\AppData\Local\{6633328D-4B88-483D-8E22-256E316C88C6} folder moved successfully.

C:\Users\x\AppData\Local\{66936927-3785-45AC-90C9-ED0A4B9766A5} folder moved successfully.

C:\Users\x\AppData\Local\{66A013A8-5255-402E-8F51-1C1DE0A9F0C3} folder moved successfully.

C:\Users\x\AppData\Local\{66D2F266-60A3-48A5-84C5-7D52B529D78E} folder moved successfully.

C:\Users\x\AppData\Local\{66E93BA6-9084-4C15-A0EA-D8B9BCB11D66} folder moved successfully.

C:\Users\x\AppData\Local\{680D5EAA-E231-4839-92A5-B0E0B01AC00E} folder moved successfully.

C:\Users\x\AppData\Local\{681719E4-42FC-4C15-B156-B928253D928D} folder moved successfully.

C:\Users\x\AppData\Local\{6830537D-68DC-4247-A723-88C7DF592CDC} folder moved successfully.

C:\Users\x\AppData\Local\{684352FB-122B-4616-AAE4-DE5C84785D0C} folder moved successfully.

C:\Users\x\AppData\Local\{68F3B77C-AA69-44BD-B9E3-F1B0DBDB09A1} folder moved successfully.

C:\Users\x\AppData\Local\{6BAB6420-369F-4A52-B8BE-4A17101E911E} folder moved successfully.

C:\Users\x\AppData\Local\{6BD9FDDD-C595-4530-8818-678B2CC973B8} folder moved successfully.

C:\Users\x\AppData\Local\{6C5BFB3F-786B-447B-9D8E-D2257AC8FD3F} folder moved successfully.

C:\Users\x\AppData\Local\{6CABF843-55C8-4058-A836-2224A28D9420} folder moved successfully.

C:\Users\x\AppData\Local\{6D56B121-DC22-412A-94B0-F275A44C803A} folder moved successfully.

C:\Users\x\AppData\Local\{6D5E7B7A-2094-4D95-A0B8-2CE900A9D82F} folder moved successfully.

C:\Users\x\AppData\Local\{6D7B1060-D0E1-469C-BEF5-D92B1D668009} folder moved successfully.

C:\Users\x\AppData\Local\{6DB0EC7F-A23B-4F87-8F75-DC48DBBA0C6C} folder moved successfully.

C:\Users\x\AppData\Local\{6E5CE999-F7B9-4F7C-8869-2147329915B3} folder moved successfully.

C:\Users\x\AppData\Local\{6E5D183D-E7E8-4BBA-B67C-665C31097DAF} folder moved successfully.

C:\Users\x\AppData\Local\{6E603DB1-3CA0-4DC9-AA3D-FF6E370FA214} folder moved successfully.

C:\Users\x\AppData\Local\{6E8EB449-82B1-4349-ABF3-082A2BE424F6} folder moved successfully.

C:\Users\x\AppData\Local\{6EA90246-BDD2-468A-8196-0EA3FF207CE5} folder moved successfully.

C:\Users\x\AppData\Local\{6FEC11B1-0408-4E09-BE62-D002C33B2951} folder moved successfully.

C:\Users\x\AppData\Local\{705630FE-5394-44C6-9A46-1BF84491F9F6} folder moved successfully.

C:\Users\x\AppData\Local\{705AD350-5C91-4129-AD79-61206761C089} folder moved successfully.

C:\Users\x\AppData\Local\{71CDBD01-2D45-4B2B-BFAD-9D4B8E018197} folder moved successfully.

C:\Users\x\AppData\Local\{7282B630-2596-476B-AD1F-2B670F95435F} folder moved successfully.

C:\Users\x\AppData\Local\{72F03FDB-5545-46F1-A04B-E2F2EFD0E265} folder moved successfully.

C:\Users\x\AppData\Local\{733295A2-D686-41A7-9FF6-1170691D02A3} folder moved successfully.

C:\Users\x\AppData\Local\{73A77694-DE04-4FE0-9331-40DB631241F4} folder moved successfully.

C:\Users\x\AppData\Local\{73AE9E85-0F30-43A6-A470-4086CA1FF588} folder moved successfully.

C:\Users\x\AppData\Local\{74265BD3-7B55-43D9-8B03-159815F9520B} folder moved successfully.

C:\Users\x\AppData\Local\{74B56801-427C-4102-A183-A4217A295F5F} folder moved successfully.

C:\Users\x\AppData\Local\{74BC6E64-0BA5-40ED-A630-C91ADF035C60} folder moved successfully.

C:\Users\x\AppData\Local\{74D72511-E4A7-43B5-9C6F-750C85F45AA7} folder moved successfully.

C:\Users\x\AppData\Local\{75B3957A-32F7-4F9E-B3FB-8E15CCEC59FF} folder moved successfully.

C:\Users\x\AppData\Local\{75B98F75-7677-47BF-BCFC-9D948A66F0D1} folder moved successfully.

C:\Users\x\AppData\Local\{760543B0-C1A5-4F7D-AD94-2C5D9304D28D} folder moved successfully.

C:\Users\x\AppData\Local\{76063F42-CF35-41C6-BFBD-BB5BACB26497} folder moved successfully.

C:\Users\x\AppData\Local\{767245C8-B46C-42AB-B7B1-F3DC77AA818D} folder moved successfully.

C:\Users\x\AppData\Local\{76841031-60BE-4B1A-9697-FA17A295297D} folder moved successfully.

C:\Users\x\AppData\Local\{769F0396-36BB-4125-BFA4-EC3DB287970B} folder moved successfully.

C:\Users\x\AppData\Local\{76BCA650-3936-4B22-9EB5-311AC922AEDE} folder moved successfully.

C:\Users\x\AppData\Local\{7701FB41-1E74-458A-A544-E2EB51A4E59A} folder moved successfully.

C:\Users\x\AppData\Local\{7762AE8D-AE9C-4664-8075-CB2725E9C0BE} folder moved successfully.

C:\Users\x\AppData\Local\{77C7D5BE-FC8C-4F86-BF29-429D4036BF87} folder moved successfully.

C:\Users\x\AppData\Local\{787BDBD9-717A-4E5E-88D1-ED55FE059C46} folder moved successfully.

C:\Users\x\AppData\Local\{79114536-5079-4116-A7E6-8C2E921F709C} folder moved successfully.

C:\Users\x\AppData\Local\{79C882FA-81E6-4DCD-85B1-E20715A9F3A9} folder moved successfully.

C:\Users\x\AppData\Local\{79FD0C11-5C3D-426C-8767-46A0EC2D9A35} folder moved successfully.

C:\Users\x\AppData\Local\{7A015517-98F7-4E92-A3AB-81702132E750} folder moved successfully.

C:\Users\x\AppData\Local\{7A01B385-355F-42A4-BFB0-E30572C28C17} folder moved successfully.

C:\Users\x\AppData\Local\{7A376B9D-6D34-4322-BAE1-7E9822291343} folder moved successfully.

C:\Users\x\AppData\Local\{7A9B9D1C-52EC-4198-BB02-5B9D93615348} folder moved successfully.

C:\Users\x\AppData\Local\{7B494012-3EDA-4B6C-83E6-8442E40D3FE8} folder moved successfully.

C:\Users\x\AppData\Local\{7B5FC47A-B4E2-468F-A334-B298EDF0DBE7} folder moved successfully.

C:\Users\x\AppData\Local\{7BACD01A-7568-48EF-BD64-B7094E2505B6} folder moved successfully.

C:\Users\x\AppData\Local\{7BEC7D31-CEF4-4445-B2D5-8EDF7B26EB24} folder moved successfully.

C:\Users\x\AppData\Local\{7CB18A8E-9874-469C-9FFD-BE01C91B5021} folder moved successfully.

C:\Users\x\AppData\Local\{7D88957A-26D9-41E0-BCD9-173AE9135F00} folder moved successfully.

C:\Users\x\AppData\Local\{7E407FBF-DFB4-431F-90F3-61D9966D9C3D} folder moved successfully.

C:\Users\x\AppData\Local\{7E64C156-904C-4B63-ADBD-B498DA11D7F8} folder moved successfully.

C:\Users\x\AppData\Local\{7EA58ABF-8840-4BE5-A834-E714565113DA} folder moved successfully.

C:\Users\x\AppData\Local\{7EE1D993-82FE-41C8-A3BA-91A920E04947} folder moved successfully.

C:\Users\x\AppData\Local\{7F053720-135E-4174-9F4E-FA2D01454CEC} folder moved successfully.

C:\Users\x\AppData\Local\{7FA12C6E-6624-4F52-9D11-EABF5912B21A} folder moved successfully.

C:\Users\x\AppData\Local\{8012DE43-8E7A-4FAD-866B-DB69589F8689} folder moved successfully.

C:\Users\x\AppData\Local\{801A77C6-569B-4C8C-8A4D-271E1ECA51C5} folder moved successfully.

C:\Users\x\AppData\Local\{803FEB60-B428-4A07-9E89-F9347C06F26A} folder moved successfully.

C:\Users\x\AppData\Local\{81882599-2AF4-49A0-B337-11491A6BAA55} folder moved successfully.

C:\Users\x\AppData\Local\{81CC0319-751F-4B05-8CC5-0211F35F4431} folder moved successfully.

C:\Users\x\AppData\Local\{8211CF86-9032-4100-B1BC-A09F7327DEF0} folder moved successfully.

C:\Users\x\AppData\Local\{822BEFCD-2111-4B63-AF23-41B7C13090DE} folder moved successfully.

C:\Users\x\AppData\Local\{823C5E61-FA8F-41E8-BC0B-56600D76056D} folder moved successfully.

C:\Users\x\AppData\Local\{82BCCB0A-F644-43D4-94C6-E6F54CCF8CB2} folder moved successfully.

C:\Users\x\AppData\Local\{82E2DE97-D4DC-47BD-BD6C-33582BEA44CF} folder moved successfully.

C:\Users\x\AppData\Local\{82FE08B1-FDF8-4D73-83D1-0836867759A4} folder moved successfully.

C:\Users\x\AppData\Local\{832C3A37-41F9-453D-8EA7-1C3F49C5D1CA} folder moved successfully.

C:\Users\x\AppData\Local\{833CF7B4-2DB5-4C33-852F-0071FD510766} folder moved successfully.

C:\Users\x\AppData\Local\{8366A7F6-B490-4222-B148-27CFADC8B2BF} folder moved successfully.

C:\Users\x\AppData\Local\{836D46EF-3B3E-4B2D-97EC-030262F1E10E} folder moved successfully.

C:\Users\x\AppData\Local\{84101D41-1D79-4C98-972C-A676926588F1} folder moved successfully.

C:\Users\x\AppData\Local\{84126F11-8F4A-4C15-B555-F8E8687680EE} folder moved successfully.

C:\Users\x\AppData\Local\{8467E5DE-7914-47DC-8B31-B06EBA61691A} folder moved successfully.

C:\Users\x\AppData\Local\{8469B0B7-8898-43BA-AE11-D8D7BFE78C6B} folder moved successfully.

C:\Users\x\AppData\Local\{84953A0A-6BD9-4C36-B2A3-4244F9AA1221} folder moved successfully.

C:\Users\x\AppData\Local\{84B49356-4BDB-4793-BD7E-06A9E9623A70} folder moved successfully.

C:\Users\x\AppData\Local\{84C35C69-29B1-4A92-85E0-9C54E825A313} folder moved successfully.

C:\Users\x\AppData\Local\{855031D6-6044-409E-B7BF-56BF6E690760} folder moved successfully.

C:\Users\x\AppData\Local\{8572D0F4-9263-427E-B3E6-65CDE18D476A} folder moved successfully.

C:\Users\x\AppData\Local\{85E42248-6F29-46A9-BF29-8D9A738F076C} folder moved successfully.

C:\Users\x\AppData\Local\{85E896ED-2C9C-4CFD-9F8D-DE201F60AF06} folder moved successfully.

C:\Users\x\AppData\Local\{863B7C10-F1CC-4620-8382-4C6313717651} folder moved successfully.

C:\Users\x\AppData\Local\{86593B10-049D-4327-8861-5E290F6E900E} folder moved successfully.

C:\Users\x\AppData\Local\{86DD38A2-C8BD-404A-A1BD-907F6B69C913} folder moved successfully.

C:\Users\x\AppData\Local\{87254416-3E59-4EEE-94EE-699EF73E9675} folder moved successfully.

C:\Users\x\AppData\Local\{872744E4-0EE5-44C1-A3FB-348B9562DBC0} folder moved successfully.

C:\Users\x\AppData\Local\{8777FE07-76F2-4E65-8202-C64EF2AB5FDF} folder moved successfully.

C:\Users\x\AppData\Local\{87C0702A-3DEF-4B1A-8452-0066B4A8E96B} folder moved successfully.

C:\Users\x\AppData\Local\{881BFE47-4026-4FFB-B27B-133F1BED3B38} folder moved successfully.

C:\Users\x\AppData\Local\{894DE08E-F8C9-44D1-BB52-3E7320259A6A} folder moved successfully.

C:\Users\x\AppData\Local\{89C0F69F-D38A-482F-88B1-F3E53E89FB09} folder moved successfully.

C:\Users\x\AppData\Local\{89FA2687-6EA0-434A-BE9A-A8DB59D13C3D} folder moved successfully.

C:\Users\x\AppData\Local\{8AF6F568-C779-46DF-A938-6B35BFCDEEF4} folder moved successfully.

C:\Users\x\AppData\Local\{8B0E3382-EB7E-45C8-9960-3F9BC24DDC62} folder moved successfully.

C:\Users\x\AppData\Local\{8B1B9CAB-5882-4ABA-9AF4-7BF681969948} folder moved successfully.

C:\Users\x\AppData\Local\{8B4E6AE5-C8C5-4685-9649-2FB4B1DABFB3} folder moved successfully.

C:\Users\x\AppData\Local\{8B9B3671-F2D5-49B6-9E01-0EBBBDD74378} folder moved successfully.

C:\Users\x\AppData\Local\{8BA3C020-6DB7-4DC1-871C-5CC42B211E67} folder moved successfully.

C:\Users\x\AppData\Local\{8BD170D7-33B9-4E46-8604-47F29016B32C} folder moved successfully.

C:\Users\x\AppData\Local\{8C6CBB14-ADFC-4805-BF89-D04A6AA8BCE5} folder moved successfully.

C:\Users\x\AppData\Local\{8CBEA970-2EF0-4449-9F2C-399EFA17B8C4} folder moved successfully.

C:\Users\x\AppData\Local\{8CD35DA1-9A1A-4236-9980-7875476EA78A} folder moved successfully.

C:\Users\x\AppData\Local\{8CE43712-259C-41D0-B11B-B7C904DDEC03} folder moved successfully.

C:\Users\x\AppData\Local\{8CEAE566-C28D-4B5B-9BC3-29F53DA0EC62} folder moved successfully.

C:\Users\x\AppData\Local\{8CEE325A-7444-4C59-83B1-FD3C9A69209D} folder moved successfully.

C:\Users\x\AppData\Local\{8D0815DE-CFFC-4C2C-ABF8-030366098BDA} folder moved successfully.

C:\Users\x\AppData\Local\{8D13A91A-A318-47F8-94A1-A63EAE95D4A6} folder moved successfully.

C:\Users\x\AppData\Local\{8D53966E-6477-40D3-B3B3-9E6126128A55} folder moved successfully.

C:\Users\x\AppData\Local\{8D6CC8F1-814D-4319-9101-B05E637E34A0} folder moved successfully.

C:\Users\x\AppData\Local\{8DAE3F34-0ECB-4653-85BF-A593902A1409} folder moved successfully.

C:\Users\x\AppData\Local\{8E0C8429-3526-4C7F-A9BF-3FB890991567} folder moved successfully.

C:\Users\x\AppData\Local\{8EF2689A-5473-4C0A-9E29-13293663D480} folder moved successfully.

C:\Users\x\AppData\Local\{8EF293EA-F6AC-47C5-9B65-C34F4F18182C} folder moved successfully.

C:\Users\x\AppData\Local\{8FB47444-EFAA-415B-A0F1-FAE61BB4563F} folder moved successfully.

C:\Users\x\AppData\Local\{8FB9A986-5759-4D86-9B08-32D7631B36C1} folder moved successfully.

C:\Users\x\AppData\Local\{8FE3EEE9-FD96-4095-92FF-452DD74EE2A8} folder moved successfully.

C:\Users\x\AppData\Local\{8FFC1DE1-F671-401E-A741-F76488C4965E} folder moved successfully.

C:\Users\x\AppData\Local\{90B5CB3C-41C1-4A88-AB42-277F6C5552F3} folder moved successfully.

C:\Users\x\AppData\Local\{90EA52A5-10EE-4FF9-9422-8CF2F4DDFB72} folder moved successfully.

C:\Users\x\AppData\Local\{9151A052-97DF-4B3F-BE7C-574EBED4D8B2} folder moved successfully.

C:\Users\x\AppData\Local\{91BAEDC9-7A5B-4755-B41E-CD627B7DB8CE} folder moved successfully.

C:\Users\x\AppData\Local\{91C64130-DE53-457B-8FF3-12EA12DF215C} folder moved successfully.

C:\Users\x\AppData\Local\{926982C7-AF17-4B7A-B20D-B949C1E60D23} folder moved successfully.

C:\Users\x\AppData\Local\{927EECA5-6C5D-4599-A598-3BB93006A7E9} folder moved successfully.

C:\Users\x\AppData\Local\{929BBED3-E5E2-4CAF-A7BA-727BCA819BCB} folder moved successfully.

C:\Users\x\AppData\Local\{92FCD243-3780-4916-BA15-E3BED3F3EBB9} folder moved successfully.

C:\Users\x\AppData\Local\{932DFA85-4776-4743-B971-4DDCE8D682A0} folder moved successfully.

C:\Users\x\AppData\Local\{933D8F6F-3F8C-4CDE-ABA4-FE3EE4CB1E1D} folder moved successfully.

C:\Users\x\AppData\Local\{93F46492-1124-4655-9F4E-04243B725ACE} folder moved successfully.

C:\Users\x\AppData\Local\{9436C1DA-C750-4518-B346-DD02336711AD} folder moved successfully.

C:\Users\x\AppData\Local\{94FDEECC-7C98-45F5-94EA-9746BF1D6C34} folder moved successfully.

C:\Users\x\AppData\Local\{95020D49-E4A4-4DF9-AA2C-26E276B3EC18} folder moved successfully.

C:\Users\x\AppData\Local\{9525B06F-A219-4274-841B-0178D678FD7D} folder moved successfully.

C:\Users\x\AppData\Local\{95349D1F-5EC1-4E47-896B-A6C4454848C7} folder moved successfully.

C:\Users\x\AppData\Local\{953F16E9-D2AF-48AA-8968-8A54E430158F} folder moved successfully.

C:\Users\x\AppData\Local\{95EF85AC-E629-4440-B47F-7266E3DE49A2} folder moved successfully.

C:\Users\x\AppData\Local\{9711F017-A01E-4C9E-B9D5-68CA46C74006} folder moved successfully.

C:\Users\x\AppData\Local\{97942059-7305-4849-B4B2-69229ABE0D80} folder moved successfully.

C:\Users\x\AppData\Local\{983CD558-D8E3-4ECD-926A-5F05A1407A5F} folder moved successfully.

C:\Users\x\AppData\Local\{98605BA2-BDAD-4065-A8B8-A4F9A311D428} folder moved successfully.

C:\Users\x\AppData\Local\{99165909-5EC4-4E05-9F0F-C66B7B4D6D8A} folder moved successfully.

C:\Users\x\AppData\Local\{99367DE5-B229-459C-AEA8-A809E6065A40} folder moved successfully.

C:\Users\x\AppData\Local\{993F6701-F383-4058-A59A-A226AFE92DBA} folder moved successfully.

C:\Users\x\AppData\Local\{998EFC18-3037-4563-9811-24319430D234} folder moved successfully.

C:\Users\x\AppData\Local\{9A27C0A5-87C9-4AC7-A608-2A9A6C221E7A} folder moved successfully.

C:\Users\x\AppData\Local\{9A96860D-5199-4190-8EC8-B3E7CD5745DF} folder moved successfully.

C:\Users\x\AppData\Local\{9B3EF17A-E8CB-4034-954B-E2665D87CCA1} folder moved successfully.

C:\Users\x\AppData\Local\{9B9993EE-E991-4F71-919E-DA9E1B3459A5} folder moved successfully.

C:\Users\x\AppData\Local\{9C8828B0-DA0A-4B24-AFA1-06969446E6B2} folder moved successfully.

C:\Users\x\AppData\Local\{9C92339A-4ED1-40A7-A31D-1EFAB17E3015} folder moved successfully.

C:\Users\x\AppData\Local\{9CB8F335-CF34-4C47-9675-2D2712CBEACA} folder moved successfully.

C:\Users\x\AppData\Local\{9D14B0B8-FAB5-4EF2-9F5E-9FFC61740F51} folder moved successfully.

C:\Users\x\AppData\Local\{9D5AD100-ADFC-445B-8739-174359FA86C1} folder moved successfully.

C:\Users\x\AppData\Local\{9DFBA674-B499-4479-9C91-3F2662A5FEFB} folder moved successfully.

C:\Users\x\AppData\Local\{9E0C9201-553C-4C91-9827-5604429D38BD} folder moved successfully.

C:\Users\x\AppData\Local\{9E53D486-989D-4C03-AABF-5FFACBFC5126} folder moved successfully.

C:\Users\x\AppData\Local\{9EC0D26E-4F6E-4D83-BEA0-D1354A4C7C2F} folder moved successfully.

C:\Users\x\AppData\Local\{9ECFA07C-2E9B-4501-9C62-61B5C3888997} folder moved successfully.

C:\Users\x\AppData\Local\{9ED56A4E-8973-4EF3-86FF-BD605E467A94} folder moved successfully.

C:\Users\x\AppData\Local\{9EED0E77-990C-47A6-8254-A22ED25940AC} folder moved successfully.

C:\Users\x\AppData\Local\{9F508775-565C-4F08-81FB-F3A4387C82E5} folder moved successfully.

C:\Users\x\AppData\Local\{A06D5663-F635-4414-8F97-1CC1A8B37013} folder moved successfully.

C:\Users\x\AppData\Local\{A0EEDB88-8526-4023-B3ED-0328C8AB7FC7} folder moved successfully.

C:\Users\x\AppData\Local\{A1720818-BE10-4F9D-89E0-F0CFFD46914C} folder moved successfully.

C:\Users\x\AppData\Local\{A1D3918A-0343-4DDD-ABD1-25B0626A0A5E} folder moved successfully.

C:\Users\x\AppData\Local\{A3191B02-B7B3-400B-A2EA-52C08F9A7A21} folder moved successfully.

C:\Users\x\AppData\Local\{A49C9C49-08F2-40FD-8F70-5982E8E494D7} folder moved successfully.

C:\Users\x\AppData\Local\{A4BCAE1C-CB05-4763-AD7B-8BF1220E1E7F} folder moved successfully.

C:\Users\x\AppData\Local\{A50D928A-EECD-45A4-96FC-02056B06FEF9} folder moved successfully.

C:\Users\x\AppData\Local\{A5C3DF84-EE2F-4215-940E-FDD325710F7F} folder moved successfully.

C:\Users\x\AppData\Local\{A5F54195-A73F-42CE-82AF-22E9A8220283} folder moved successfully.

C:\Users\x\AppData\Local\{A5FD9AA2-3645-44F2-8162-3BEEC739FE75} folder moved successfully.

C:\Users\x\AppData\Local\{A60DFBDC-4305-49B9-A50A-53239D3E9213} folder moved successfully.

C:\Users\x\AppData\Local\{A69229A8-D1BC-406F-891B-63A45E61B39C} folder moved successfully.

C:\Users\x\AppData\Local\{A70416B7-9307-4BA8-B9E0-9013F003A67F} folder moved successfully.

C:\Users\x\AppData\Local\{A70AF660-D09B-4503-9542-7563C4F3863A} folder moved successfully.

C:\Users\x\AppData\Local\{A81AA7D4-76E2-4DFF-950A-0AD3EEB20108} folder moved successfully.

C:\Users\x\AppData\Local\{A81E2CA3-895E-46C0-8C6C-ABB14E804DAF} folder moved successfully.

C:\Users\x\AppData\Local\{A826B565-6DC7-4174-A3E4-97F357B31FE1} folder moved successfully.

C:\Users\x\AppData\Local\{A85CC457-9F8C-4660-BFA3-D1E10A470CDC} folder moved successfully.

C:\Users\x\AppData\Local\{A8B6DB9C-6062-4839-8025-09D9CBFB6DCD} folder moved successfully.

C:\Users\x\AppData\Local\{A8D9C37B-5BE9-46B0-910F-E77C9D129F32} folder moved successfully.

C:\Users\x\AppData\Local\{A97A0B2B-FE16-4FCB-BB50-3CD7EC7F78B6} folder moved successfully.

C:\Users\x\AppData\Local\{A9CF7D10-6F1A-4507-9095-815240DB7BFE} folder moved successfully.

C:\Users\x\AppData\Local\{A9EE1BBE-21BB-48D3-B19A-3C0C1D9CD767} folder moved successfully.

C:\Users\x\AppData\Local\{AA44A821-BBAB-4460-9D59-131C6F737F14} folder moved successfully.

C:\Users\x\AppData\Local\{AAC181B0-D618-4A44-9DFB-1FCBC5DA7385} folder moved successfully.

C:\Users\x\AppData\Local\{AB9CDFED-872E-4836-A58F-5A59CE75957A} folder moved successfully.

C:\Users\x\AppData\Local\{ABCF5D1A-77D3-4509-B1B2-8DCF51078ABE} folder moved successfully.

C:\Users\x\AppData\Local\{ABE30D97-6039-4885-A76D-C25476320F0B} folder moved successfully.

C:\Users\x\AppData\Local\{AC7A769B-9855-49E9-A974-B57902E77DF1} folder moved successfully.

C:\Users\x\AppData\Local\{ACCFE4C6-B249-4860-AC1E-AEAF180EC055} folder moved successfully.

C:\Users\x\AppData\Local\{AD99A81E-A934-4C5A-A8CE-E213639D3AAB} folder moved successfully.

C:\Users\x\AppData\Local\{ADFC06AD-F9E3-48B6-8B18-9D097170D396} folder moved successfully.

C:\Users\x\AppData\Local\{AE34CDE5-FB39-49F5-B189-4ACA64DA4335} folder moved successfully.

C:\Users\x\AppData\Local\{AE434982-C33C-45A1-840D-3CB237623C9C} folder moved successfully.

C:\Users\x\AppData\Local\{AE4936C8-444A-4DDC-A4C8-28661FDDEE68} folder moved successfully.

C:\Users\x\AppData\Local\{AE7A8818-4DA1-4C67-A3B7-6E1A06F85ED5} folder moved successfully.

C:\Users\x\AppData\Local\{AE94613A-D0BD-44A7-B474-D78BC6EDA802} folder moved successfully.

C:\Users\x\AppData\Local\{AF800772-F33E-40E3-A553-4BB30145C166} folder moved successfully.

C:\Users\x\AppData\Local\{AFC61D2B-C390-4809-9864-79B9C396C500} folder moved successfully.

C:\Users\x\AppData\Local\{AFDB819B-89CF-4FA9-B262-28F36B66CA4E} folder moved successfully.

C:\Users\x\AppData\Local\{AFF2FFE9-FB6A-44F1-B4CE-5D265BBA845E} folder moved successfully.

C:\Users\x\AppData\Local\{AFF40A58-E6F7-4EFF-9F06-AE3AE82C4CE6} folder moved successfully.

C:\Users\x\AppData\Local\{B05D6B39-BF65-4996-8C5B-C07D02025C4B} folder moved successfully.

C:\Users\x\AppData\Local\{B08B2BC6-B0F9-42BA-A0F8-83C40EF4749D} folder moved successfully.

C:\Users\x\AppData\Local\{B08D99F4-1630-4088-888B-615F917BE003} folder moved successfully.

C:\Users\x\AppData\Local\{B115E1B7-94A6-4A58-968D-84A428740A26} folder moved successfully.

C:\Users\x\AppData\Local\{B12439AB-A8E5-4A5D-9D1F-6C3C0A674464} folder moved successfully.

C:\Users\x\AppData\Local\{B160DB12-AD8A-4DC7-963A-8A6EED1EE117} folder moved successfully.

C:\Users\x\AppData\Local\{B1B11406-9557-45BF-B425-BCA175D20644} folder moved successfully.

C:\Users\x\AppData\Local\{B2046C93-881D-410D-96EB-2BA618637479} folder moved successfully.

C:\Users\x\AppData\Local\{B28DB2A6-F37B-400A-9D65-6B4EF81C8375} folder moved successfully.

C:\Users\x\AppData\Local\{B2961619-FE7C-43BB-BF82-A935E599EB21} folder moved successfully.

C:\Users\x\AppData\Local\{B2D807FD-068B-4976-89F2-66E9386943EF} folder moved successfully.

C:\Users\x\AppData\Local\{B37A0567-F10F-44F6-B690-628A9B9646C3} folder moved successfully.

C:\Users\x\AppData\Local\{B3C7BF65-43CA-49F7-8564-8F0C5C143B12} folder moved successfully.

C:\Users\x\AppData\Local\{B3E7A552-EFAE-4C04-B02E-CCC40FC20688} folder moved successfully.

C:\Users\x\AppData\Local\{B41D23EE-C75F-4A34-B0FB-B3185A6800BA} folder moved successfully.

C:\Users\x\AppData\Local\{B49D598B-B64E-4A5B-87FE-35D95622997D} folder moved successfully.

C:\Users\x\AppData\Local\{B50CE956-C130-4820-8B7E-21CB30EBA6E5} folder moved successfully.

C:\Users\x\AppData\Local\{B50D4DBC-1949-4091-9E62-72153F775DF8} folder moved successfully.

C:\Users\x\AppData\Local\{B5622646-A699-486E-B1A6-8F74823165BB} folder moved successfully.

C:\Users\x\AppData\Local\{B5AD8975-6B3C-47D0-9FB3-428ADB9AEA72} folder moved successfully.

C:\Users\x\AppData\Local\{B662FEEB-FF1B-46CA-8BD3-F72004B54C3D} folder moved successfully.

C:\Users\x\AppData\Local\{B66943DA-0386-453F-AA81-3F41973F034E} folder moved successfully.

C:\Users\x\AppData\Local\{B67B2FC8-96A3-4073-A491-C9AC5E8FBBE0} folder moved successfully.

C:\Users\x\AppData\Local\{B6C4D0EE-4964-471D-A3A5-B1CCE7823770} folder moved successfully.

C:\Users\x\AppData\Local\{B6DF5320-5049-48F0-8216-67B7AFF2ADCF} folder moved successfully.

C:\Users\x\AppData\Local\{B7CB5ABC-10AB-445D-AC3A-818CA25A8E3B} folder moved successfully.

C:\Users\x\AppData\Local\{B7D3E7D3-27DC-4BF0-BD76-B2A82BB09DD4} folder moved successfully.

C:\Users\x\AppData\Local\{B7E183E6-EA31-456B-9BB3-012FBE66CD46} folder moved successfully.

C:\Users\x\AppData\Local\{B8046690-1F96-4026-AE6B-FAB64FF0A4FF} folder moved successfully.

C:\Users\x\AppData\Local\{B85DC18E-5B1A-4313-AF4C-6AC561979384} folder moved successfully.

C:\Users\x\AppData\Local\{B90C502F-E27F-40B4-B618-50B8CB74D7E3} folder moved successfully.

C:\Users\x\AppData\Local\{B92602F2-115D-42CB-B2A0-A321A1866203} folder moved successfully.

C:\Users\x\AppData\Local\{B96A0C7D-169B-4927-9CB9-8B0EA871F061} folder moved successfully.

C:\Users\x\AppData\Local\{BA2A3B3D-0716-4900-AD29-3BE9BD2B9E3A} folder moved successfully.

C:\Users\x\AppData\Local\{BA8F0494-17B8-4B29-A642-B51E08F60274} folder moved successfully.

C:\Users\x\AppData\Local\{BA97370A-132B-4568-8AF0-6908F8191B14} folder moved successfully.

C:\Users\x\AppData\Local\{BAB0C260-82A0-49E7-AE18-CF69B1912A16} folder moved successfully.

C:\Users\x\AppData\Local\{BB7C3E20-D197-4C65-8B8D-F712C0F25363} folder moved successfully.

C:\Users\x\AppData\Local\{BB8DA222-518A-4EC8-9845-7EBA44F6D265} folder moved successfully.

C:\Users\x\AppData\Local\{BC188F5B-B2B6-4C24-9C87-7DF299E732BE} folder moved successfully.

C:\Users\x\AppData\Local\{BC2E0276-B9E4-4ACB-B7D8-4311EFD3197F} folder moved successfully.

C:\Users\x\AppData\Local\{BC9B0E2C-455A-4356-B244-4999C727FA0B} folder moved successfully.

C:\Users\x\AppData\Local\{BCB50D10-664C-4DEC-AAAA-B9A36600EA44} folder moved successfully.

C:\Users\x\AppData\Local\{BCB70CC6-FA2A-44C8-8D71-ECC9190DCFDB} folder moved successfully.

C:\Users\x\AppData\Local\{BD30DEA1-77FF-4882-B8D9-5FD0C62B6513} folder moved successfully.

C:\Users\x\AppData\Local\{BDB24CED-FEF9-4FC2-AE21-E8684DFCCFEB} folder moved successfully.

C:\Users\x\AppData\Local\{BDC6682F-E594-425A-B8B7-10944C2DD55F} folder moved successfully.

C:\Users\x\AppData\Local\{BE970990-AED3-410C-A8B8-6C864CEDD683} folder moved successfully.

C:\Users\x\AppData\Local\{BED9B0B0-D1F4-4EFA-8971-D71B0CEA26B5} folder moved successfully.

C:\Users\x\AppData\Local\{BF06A171-FDFA-428F-BDF8-179F11B8CAD7} folder moved successfully.

C:\Users\x\AppData\Local\{BF404603-3EE4-429D-9110-D3960F1CCE26} folder moved successfully.

C:\Users\x\AppData\Local\{BF5A0E74-EC0B-46CF-B181-A16639300B86} folder moved successfully.

C:\Users\x\AppData\Local\{BF896B2F-9573-4A63-AAA7-3BC86482A79B} folder moved successfully.

C:\Users\x\AppData\Local\{C01C6790-E6C0-4D19-A416-3D2B2A03FC3E} folder moved successfully.

C:\Users\x\AppData\Local\{C07E4E39-2114-42DA-9870-DF1B2F655956} folder moved successfully.

C:\Users\x\AppData\Local\{C0C59278-7290-45FC-9823-353E27EC1862} folder moved successfully.

C:\Users\x\AppData\Local\{C18AE491-5691-4132-92EA-E4AA1AE1DFD9} folder moved successfully.

C:\Users\x\AppData\Local\{C1D0F98C-34CE-4CFC-8549-62D4565B0D0D} folder moved successfully.

C:\Users\x\AppData\Local\{C1E16B97-B40B-4A4C-8977-437309E55DDF} folder moved successfully.

C:\Users\x\AppData\Local\{C1F85650-42B7-49D3-BF96-1548D11209AD} folder moved successfully.

C:\Users\x\AppData\Local\{C2AB4853-2B35-4C8E-9877-0B8F5DE43D61} folder moved successfully.

C:\Users\x\AppData\Local\{C2B61665-C44B-4044-9870-EECC331AADA2} folder moved successfully.

C:\Users\x\AppData\Local\{C2EA89A3-0A53-4D13-8FA2-EE8C9BC8709D} folder moved successfully.

C:\Users\x\AppData\Local\{C36A5866-8D1B-4A73-B54C-3A6C79477C0D} folder moved successfully.

C:\Users\x\AppData\Local\{C4A3ACF3-AFD0-4FD1-9BBB-BAC884C61DB8} folder moved successfully.

C:\Users\x\AppData\Local\{C50A1583-5ABD-49BE-93E6-087902F36854} folder moved successfully.

C:\Users\x\AppData\Local\{C54281E5-C671-403C-AC7B-98D9978053DF} folder moved successfully.

C:\Users\x\AppData\Local\{C5837AE9-D9BC-46DD-82D4-C545C6A0C16E} folder moved successfully.

C:\Users\x\AppData\Local\{C59DE42F-22EB-4157-88E7-AA86B787BA60} folder moved successfully.

C:\Users\x\AppData\Local\{C68836C1-1D6A-47DF-9598-300D8E287948} folder moved successfully.

C:\Users\x\AppData\Local\{C7890144-9D00-485D-9CA9-046AD5B6A570} folder moved successfully.

C:\Users\x\AppData\Local\{C78A5122-7AEA-438E-96A6-C3B52242E4D9} folder moved successfully.

C:\Users\x\AppData\Local\{C7CBF136-1C7C-4C5F-A7CC-8E7A01A0C437} folder moved successfully.

C:\Users\x\AppData\Local\{C8F18105-FCE2-4905-941E-618D3A65FB4F} folder moved successfully.

C:\Users\x\AppData\Local\{C9902477-383D-4C42-B11B-292A0B3AF93E} folder moved successfully.

C:\Users\x\AppData\Local\{C9B32F62-67D0-44BC-9631-4C04EF459D17} folder moved successfully.

C:\Users\x\AppData\Local\{CA299058-7193-41E3-86EA-283251E55CA3} folder moved successfully.

C:\Users\x\AppData\Local\{CAD17B4C-3964-4BAA-AADA-D97379609BD7} folder moved successfully.

C:\Users\x\AppData\Local\{CB0580B0-A484-4614-AB22-493195C48A22} folder moved successfully.

C:\Users\x\AppData\Local\{CB2063B4-D573-4E35-AEC9-86A5B3F7880C} folder moved successfully.

C:\Users\x\AppData\Local\{CB29E6E1-EB8D-4543-89FD-DDD838DD2B6D} folder moved successfully.

C:\Users\x\AppData\Local\{CB67D0AA-69C8-49AD-ACC0-8BBDD1DA3232} folder moved successfully.

C:\Users\x\AppData\Local\{CB917C75-9EEB-4234-BDFE-8AE88A391D8F} folder moved successfully.

C:\Users\x\AppData\Local\{CCD062FD-0A0D-416A-8B67-314616BF43A8} folder moved successfully.

C:\Users\x\AppData\Local\{CD650F10-6DF0-476D-842F-40FE854F4BAF} folder moved successfully.

C:\Users\x\AppData\Local\{CD88049C-F8A0-4CF9-A348-17B132CBACC9} folder moved successfully.

C:\Users\x\AppData\Local\{CD88AA14-94FB-4E44-96E1-F146AAA32853} folder moved successfully.

C:\Users\x\AppData\Local\{CE12B516-6C68-4CFB-A9F4-C484C708203F} folder moved successfully.

C:\Users\x\AppData\Local\{CE2047A8-A901-4D06-AD36-AB34A8311DF2} folder moved successfully.

C:\Users\x\AppData\Local\{CE36F1C5-D044-489A-981C-6E5D103C045C} folder moved successfully.

C:\Users\x\AppData\Local\{CEE29923-94AA-4AF6-A113-ADAE897B756F} folder moved successfully.

C:\Users\x\AppData\Local\{CEE45F23-5205-4A77-81E6-4FD80121B6A3} folder moved successfully.

C:\Users\x\AppData\Local\{CF22D33C-ECF5-42B2-8149-99CCB6AE412F} folder moved successfully.

C:\Users\x\AppData\Local\{CF63010D-FF70-4D5F-825E-DB1539A771DE} folder moved successfully.

C:\Users\x\AppData\Local\{CF74973A-42EC-4661-9353-75FBCBA0692A} folder moved successfully.

C:\Users\x\AppData\Local\{CFB9018D-B7CE-4EFB-91BA-AF3059218F89} folder moved successfully.

C:\Users\x\AppData\Local\{D00E73F1-E483-4F1A-BA72-6BC923D53900} folder moved successfully.

C:\Users\x\AppData\Local\{D05390B8-85EF-477D-A974-E8A3E975AF83} folder moved successfully.

C:\Users\x\AppData\Local\{D0776BCE-A1EA-49C1-AB44-632AF4254C82} folder moved successfully.

C:\Users\x\AppData\Local\{D0D51422-65A9-49FF-8434-89EE8F07B43C} folder moved successfully.

C:\Users\x\AppData\Local\{D137F774-58ED-4D6D-A9B8-ED45D1282F5E} folder moved successfully.

C:\Users\x\AppData\Local\{D1380833-650A-4ED9-9055-34F08A4E6D3C} folder moved successfully.

C:\Users\x\AppData\Local\{D1910907-3A2B-4CF3-B4C2-C13E5A6B7BA4} folder moved successfully.

C:\Users\x\AppData\Local\{D2278983-9764-4D62-BA1A-D61E36D64B13} folder moved successfully.

C:\Users\x\AppData\Local\{D2ECB4A8-55D6-4CEF-B954-10A8D7C19F70} folder moved successfully.

C:\Users\x\AppData\Local\{D32FED14-AC2F-4855-9264-7A1C82330E1B} folder moved successfully.

C:\Users\x\AppData\Local\{D3B85737-6A51-44F5-A31C-5B102328A291} folder moved successfully.

C:\Users\x\AppData\Local\{D4441CA2-2843-4213-8E1A-C26AC37810C9} folder moved successfully.

C:\Users\x\AppData\Local\{D4D1419A-365F-43F0-BEA2-4730FA7BB9B0} folder moved successfully.

C:\Users\x\AppData\Local\{D4F6525A-B7FF-485D-8F75-154CCC48338C} folder moved successfully.

C:\Users\x\AppData\Local\{D5E1863B-12BF-4CBC-BE06-1494509E30D1} folder moved successfully.

C:\Users\x\AppData\Local\{D62EB9C3-E2FD-47B4-AB1A-B2A0A0EB8FFB} folder moved successfully.

C:\Users\x\AppData\Local\{D71E2156-9BA0-48CB-A6AE-51AB42833AF5} folder moved successfully.

C:\Users\x\AppData\Local\{D7408319-C8E8-47EB-B5EE-7EFE505C70F9} folder moved successfully.

C:\Users\x\AppData\Local\{D75B62CD-FFDD-4DDF-B5E2-A1D55ED36F58} folder moved successfully.

C:\Users\x\AppData\Local\{D7CFB43F-5A2E-48FE-98B8-7CB92A28463A} folder moved successfully.

C:\Users\x\AppData\Local\{D8720F94-343E-4237-8EB2-169E471D6964} folder moved successfully.

C:\Users\x\AppData\Local\{D95EA145-EA61-4019-BFA3-CBA166343287} folder moved successfully.

C:\Users\x\AppData\Local\{D9FB7F11-E61A-466D-B54B-79ED256E7B98} folder moved successfully.

C:\Users\x\AppData\Local\{DA38BC9F-9F3C-433A-A785-CC22F2D6B690} folder moved successfully.

C:\Users\x\AppData\Local\{DA4A187E-F07C-4C26-8A46-D25EC36C547F} folder moved successfully.

C:\Users\x\AppData\Local\{DBBBA07B-843F-4B34-907C-2B6095856ED4} folder moved successfully.

C:\Users\x\AppData\Local\{DC3CF5EF-7AF6-4622-B806-4C885ADCC8AA} folder moved successfully.

C:\Users\x\AppData\Local\{DCB08A9B-FDE4-4704-9177-51779D9558F6} folder moved successfully.

C:\Users\x\AppData\Local\{DCB12339-A8E9-4FE1-84E1-BA2297F73950} folder moved successfully.

C:\Users\x\AppData\Local\{DD395251-2232-4B49-9391-51FD351DE086} folder moved successfully.

C:\Users\x\AppData\Local\{DFCDCF95-1609-4645-BF4D-93CE2DE4A6F7} folder moved successfully.

C:\Users\x\AppData\Local\{E015B8EC-2B7D-413B-9874-82403CA48CCB} folder moved successfully.

C:\Users\x\AppData\Local\{E1179670-2809-4D67-BBA4-D9FE45DDE1CC} folder moved successfully.

C:\Users\x\AppData\Local\{E1290ADF-1FD4-48B3-AE16-54DB8EBA4519} folder moved successfully.

C:\Users\x\AppData\Local\{E138DDAD-8D93-493A-B70D-3AD38926F2FE} folder moved successfully.

C:\Users\x\AppData\Local\{E1891DFA-CE2B-4D81-A0AE-2C4A9CA1A885} folder moved successfully.

C:\Users\x\AppData\Local\{E1A2BC99-2672-47C9-A0A0-9A3B994F1458} folder moved successfully.

C:\Users\x\AppData\Local\{E1A4B791-D047-4B7F-B20C-BDB8847BBC0C} folder moved successfully.

C:\Users\x\AppData\Local\{E1F3A565-1739-4B21-9D47-C5E50A35B0CC} folder moved successfully.

C:\Users\x\AppData\Local\{E21FC4AB-2940-4094-BC67-65C923FE5A2D} folder moved successfully.

C:\Users\x\AppData\Local\{E23E78BF-5CF8-4629-9478-F3422E433382} folder moved successfully.

C:\Users\x\AppData\Local\{E2A9E47C-AFF8-4D86-BEC9-E5397DB95CAC} folder moved successfully.

C:\Users\x\AppData\Local\{E2C66E3D-5B61-4DA5-8110-6DD7A8277AA0} folder moved successfully.

C:\Users\x\AppData\Local\{E2D5C619-BA53-4693-91DF-4CD79DC7B197} folder moved successfully.

C:\Users\x\AppData\Local\{E3143C86-97C8-4A62-BF74-676F8BCC968E} folder moved successfully.

C:\Users\x\AppData\Local\{E32FE116-9ABE-47B0-8106-DA98B1855A5F} folder moved successfully.

C:\Users\x\AppData\Local\{E355E592-12D7-4009-8D84-E103AF860287} folder moved successfully.

C:\Users\x\AppData\Local\{E3C31701-E2F5-4E95-8220-34F8570B6D90} folder moved successfully.

C:\Users\x\AppData\Local\{E3F62C99-F376-47B3-875D-B2C8D7AC5D66} folder moved successfully.

C:\Users\x\AppData\Local\{E4BD250F-8559-44FC-8202-CC5B8411C1DD} folder moved successfully.

C:\Users\x\AppData\Local\{E4F7847C-88A8-4E9B-AD8C-D9BDD49304E5} folder moved successfully.

C:\Users\x\AppData\Local\{E5BE6820-C9EE-48DD-9266-06FC74A2B568} folder moved successfully.

C:\Users\x\AppData\Local\{E5E1E483-AF45-48D9-99C4-9B7ABE0613E3} folder moved successfully.

C:\Users\x\AppData\Local\{E615B978-4B2F-47AC-B30A-B36B5FF4F915} folder moved successfully.

C:\Users\x\AppData\Local\{E63DA7C3-12D8-42E9-8C12-C90D8E2EB7B1} folder moved successfully.

C:\Users\x\AppData\Local\{E65CF13E-9118-4E95-A767-157F1FA10FBB} folder moved successfully.

C:\Users\x\AppData\Local\{E816E7F4-A454-4B0F-B90B-31105E5FA6B0} folder moved successfully.

C:\Users\x\AppData\Local\{E8F4CBB1-5C0B-4608-84C6-0DD45A1D2C64} folder moved successfully.

C:\Users\x\AppData\Local\{E8FE082F-3ADF-4A36-9647-520E48A46234} folder moved successfully.

C:\Users\x\AppData\Local\{E9E14D41-DDE6-4D8D-B33C-69C3C9FA2F2F} folder moved successfully.

C:\Users\x\AppData\Local\{EB27B414-B431-497B-980F-73D53E69B682} folder moved successfully.

C:\Users\x\AppData\Local\{EBA10C53-59C8-4C6D-BA65-6A8C1FF908C2} folder moved successfully.

C:\Users\x\AppData\Local\{EBCB961F-75C8-474F-8C67-C2121AA6FEBA} folder moved successfully.

C:\Users\x\AppData\Local\{ECE47EA4-86E8-412B-8A96-16D5FDF2AB8E} folder moved successfully.

C:\Users\x\AppData\Local\{ED10B040-6FA8-40D5-8866-4816FDB83106} folder moved successfully.

C:\Users\x\AppData\Local\{ED446284-95A9-498E-9241-9EAF22B25901} folder moved successfully.

C:\Users\x\AppData\Local\{ED6311B9-D182-4AEB-AF01-97483ADB71CD} folder moved successfully.

C:\Users\x\AppData\Local\{EEF44DFC-698F-410E-822B-C567FBBC037F} folder moved successfully.

C:\Users\x\AppData\Local\{EF0B7F74-02D6-492F-8BF9-DADC53ABA8A5} folder moved successfully.

C:\Users\x\AppData\Local\{F0E9F994-FCD7-430A-8572-4164CD9D6748} folder moved successfully.

C:\Users\x\AppData\Local\{F1C07408-4E57-4901-A69E-C4517600730B} folder moved successfully.

C:\Users\x\AppData\Local\{F238F679-E2BD-44D1-8634-B4B14903A1B0} folder moved successfully.

C:\Users\x\AppData\Local\{F24CB6BF-5D7E-46ED-87B6-D02E75023A1D} folder moved successfully.

C:\Users\x\AppData\Local\{F27A36C0-B21B-45A1-8F62-7FB1DFA909DF} folder moved successfully.

C:\Users\x\AppData\Local\{F2A96BEC-BC59-424C-BA96-CC666B2C058C} folder moved successfully.

C:\Users\x\AppData\Local\{F30410EE-D348-4BC4-BCDA-D048669936E9} folder moved successfully.

C:\Users\x\AppData\Local\{F305F366-DFB3-421A-BB1C-F426CE3F76D9} folder moved successfully.

C:\Users\x\AppData\Local\{F3088AF0-379E-4FB0-9961-3A6EF7D00898} folder moved successfully.

C:\Users\x\AppData\Local\{F330DC68-1537-4052-A6FB-BEE07A55293B} folder moved successfully.

C:\Users\x\AppData\Local\{F36D90FF-6CAA-43F8-84F2-577D4D95C7A5} folder moved successfully.

C:\Users\x\AppData\Local\{F386A3EB-E607-4D8B-AE8A-55AF02E08889} folder moved successfully.

C:\Users\x\AppData\Local\{F3DE8207-099D-4BD5-844F-B479F8780B60} folder moved successfully.

C:\Users\x\AppData\Local\{F5288CC4-CBEA-405B-BB66-8937D6AA418B} folder moved successfully.

C:\Users\x\AppData\Local\{F5AFE4F3-A553-414A-8824-4FC3D74DCCE0} folder moved successfully.

C:\Users\x\AppData\Local\{F62EBA34-CC8C-4801-A54A-CC280421C614} folder moved successfully.

C:\Users\x\AppData\Local\{F666C361-4B38-451D-AAC5-29B2E9C88E70} folder moved successfully.

C:\Users\x\AppData\Local\{F6DACC7E-DFFC-4775-AB83-2F03903ECFC6} folder moved successfully.

C:\Users\x\AppData\Local\{F7485764-58AA-478C-A688-E6B6AC7951A6} folder moved successfully.

C:\Users\x\AppData\Local\{F8290AF1-D48B-48E2-A02A-E8E2D4985090} folder moved successfully.

C:\Users\x\AppData\Local\{F868EE2E-F139-4F4C-8BC1-F69EF19BD80D} folder moved successfully.

C:\Users\x\AppData\Local\{FA093647-8E76-42E9-80F7-61FA4621794C} folder moved successfully.

C:\Users\x\AppData\Local\{FA602C8B-951D-439B-8879-0AB2537ABCCF} folder moved successfully.

C:\Users\x\AppData\Local\{FA7DCEFB-B540-4228-B0CE-796C671706E5} folder moved successfully.

C:\Users\x\AppData\Local\{FAB25EA1-409D-4A82-9F90-50E10454B44F} folder moved successfully.

C:\Users\x\AppData\Local\{FB00BC74-FEA7-4F60-B721-9A3E8DA8553E} folder moved successfully.

C:\Users\x\AppData\Local\{FB2D9E7F-7CB1-4284-AB2C-C0FC6E08C366} folder moved successfully.

C:\Users\x\AppData\Local\{FB2E17E1-A3A3-4B1D-B16C-CBDF12C989D8} folder moved successfully.

C:\Users\x\AppData\Local\{FB2E8757-E949-40F0-A110-7637EBD7AD0A} folder moved successfully.

C:\Users\x\AppData\Local\{FB45A579-AE62-4A92-A37A-BABFD42456B4} folder moved successfully.

C:\Users\x\AppData\Local\{FB7096D3-BD57-4588-A3A0-F371BA6A5036} folder moved successfully.

C:\Users\x\AppData\Local\{FD094E5D-2646-41B5-AE8C-030FCBA0AE34} folder moved successfully.

C:\Users\x\AppData\Local\{FD19B6EB-0640-4A98-8908-E35C07CD102D} folder moved successfully.

C:\Users\x\AppData\Local\{FD62B4CB-E658-436D-9885-5A3ED16150CD} folder moved successfully.

C:\Users\x\AppData\Local\{FDAE23EA-7994-4682-8F2A-F15F4C86039D} folder moved successfully.

C:\Users\x\AppData\Local\{FE2A90A9-1C06-4DB4-86CA-E43E247B2B8D} folder moved successfully.

C:\Users\x\AppData\Local\{FE4EE1BC-979A-4946-A6C7-3C882D39DB16} folder moved successfully.

C:\Users\x\AppData\Local\{FF473CD2-1766-482C-AC67-7E2062724D94} folder moved successfully.

C:\Users\x\AppData\Local\{FF8CAC17-2AEC-4576-89A6-EF1D454673DE} folder moved successfully.

C:\Users\x\AppData\Local\{FFACB47C-0188-4116-AF11-B87D36DD8E7C} folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.

C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

C:\Users\x\Downloads\cmd.bat deleted successfully.

C:\Users\x\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56466 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: DefaultAppPool

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56466 bytes

 

User: Journal

 

User: Public

 

User: RegBack

 

User: systemprofile

 

User: TxR

 

User: x

->Temp folder emptied: 19505394835 bytes

->Temporary Internet Files folder emptied: 274873812 bytes

->Flash cache emptied: 57995 bytes

 

%systemdrive% .tmp files removed: 63298472 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 2580 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 585116816 bytes

RecycleBin emptied: 15161932 bytes

 

Total Files Cleaned = 19.497,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.65.0 log created on 09222012_162405
 

Files\Folders moved on Reboot...

C:\Users\x\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EL5BFWUK\124205-how-to-decrypt-files-txt-alle-datein-blockage-gesperrt-2[1].htm moved successfully.

C:\Users\x\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EL5BFWUK\home[1].htm moved successfully.

C:\Users\x\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

C:\Users\x\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

C:\Users\x\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

Ich hoffe, das ist das Richtige. Das von TDSS hat sich nicht kopieren lassen.

Code:

15:05:21.0761 3500  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

15:05:22.0073 3500  ============================================================

15:05:22.0073 3500  Current date / time: 2012/09/23 15:05:22.0073

15:05:22.0073 3500  SystemInfo:

15:05:22.0073 3500  

15:05:22.0073 3500  OS Version: 6.1.7601 ServicePack: 1.0

15:05:22.0073 3500  Product type: Workstation

15:05:22.0073 3500  ComputerName: X-PC

15:05:22.0073 3500  UserName: x

15:05:22.0073 3500  Windows directory: C:\Windows

15:05:22.0073 3500  System windows directory: C:\Windows

15:05:22.0073 3500  Processor architecture: Intel x86

15:05:22.0073 3500  Number of processors: 2

15:05:22.0073 3500  Page size: 0x1000

15:05:22.0073 3500  Boot type: Normal boot

15:05:22.0073 3500  ============================================================

15:05:23.0352 3500  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

15:05:23.0352 3500  ============================================================

15:05:23.0352 3500  \Device\Harddisk0\DR0:

15:05:23.0352 3500  MBR partitions:

15:05:23.0352 3500  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x40466C, BlocksNum 0xFA00800

15:05:23.0352 3500  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFE05000, BlocksNum 0x15629000

15:05:23.0352 3500  ============================================================

15:05:23.0383 3500  C: <-> \Device\Harddisk0\DR0\Partition1

15:05:23.0445 3500  D: <-> \Device\Harddisk0\DR0\Partition2

15:05:23.0445 3500  ============================================================

15:05:23.0445 3500  Initialize success

15:05:23.0445 3500  ============================================================

15:06:31.0181 3328  ============================================================

15:06:31.0181 3328  Scan started

15:06:31.0181 3328  Mode: Manual; SigCheck; TDLFS; 

15:06:31.0181 3328  ============================================================

15:06:33.0989 3328  ================ Scan system memory ========================

15:06:33.0989 3328  System memory - ok

15:06:33.0989 3328  ================ Scan services =============================

15:06:34.0238 3328  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys

15:06:34.0379 3328  1394ohci - ok

15:06:34.0441 3328  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys

15:06:34.0457 3328  ACPI - ok

15:06:34.0503 3328  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys

15:06:34.0597 3328  AcpiPmi - ok

15:06:34.0753 3328  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

15:06:34.0784 3328  AdobeARMservice - ok

15:06:34.0847 3328  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys

15:06:34.0893 3328  adp94xx - ok

15:06:34.0925 3328  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys

15:06:34.0956 3328  adpahci - ok

15:06:34.0987 3328  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys

15:06:35.0003 3328  adpu320 - ok

15:06:35.0049 3328  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll

15:06:35.0096 3328  AeLookupSvc - ok

15:06:35.0159 3328  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys

15:06:35.0221 3328  AFD - ok

15:06:35.0252 3328  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys

15:06:35.0268 3328  agp440 - ok

15:06:35.0315 3328  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys

15:06:35.0330 3328  aic78xx - ok

15:06:35.0377 3328  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe

15:06:35.0424 3328  ALG - ok

15:06:35.0455 3328  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys

15:06:35.0471 3328  aliide - ok

15:06:35.0502 3328  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys

15:06:35.0517 3328  amdagp - ok

15:06:35.0533 3328  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys

15:06:35.0549 3328  amdide - ok

15:06:35.0595 3328  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys

15:06:35.0627 3328  AmdK8 - ok

15:06:35.0642 3328  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys

15:06:35.0673 3328  AmdPPM - ok

15:06:35.0720 3328  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys

15:06:35.0736 3328  amdsata - ok

15:06:35.0767 3328  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys

15:06:35.0798 3328  amdsbs - ok

15:06:35.0814 3328  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys

15:06:35.0829 3328  amdxata - ok

15:06:35.0923 3328  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe

15:06:35.0954 3328  AntiVirSchedulerService - ok

15:06:36.0063 3328  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe

15:06:36.0079 3328  AntiVirService - ok

15:06:36.0141 3328  [ 486CF73F183E7ADC5575FCD47F9FB1AF ] AnyDVD          C:\Windows\system32\Drivers\AnyDVD.sys

15:06:36.0157 3328  AnyDVD - ok

15:06:36.0266 3328  [ D1AF38FBAC0DC7E6D796B0ED01707EE0 ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll

15:06:36.0297 3328  AppHostSvc - ok

15:06:36.0375 3328  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys

15:06:36.0516 3328  AppID - ok

15:06:36.0609 3328  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll

15:06:36.0656 3328  AppIDSvc - ok

15:06:36.0703 3328  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll

15:06:36.0750 3328  Appinfo - ok

15:06:36.0797 3328  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys

15:06:36.0828 3328  arc - ok

15:06:36.0843 3328  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys

15:06:36.0859 3328  arcsas - ok

15:06:36.0984 3328  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

15:06:37.0031 3328  aspnet_state - ok

15:06:37.0093 3328  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys

15:06:37.0218 3328  AsyncMac - ok

15:06:37.0265 3328  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys

15:06:37.0280 3328  atapi - ok

15:06:37.0358 3328  [ 76BAB0C824E2D05B940C4DD40A9B08BF ] athr            C:\Windows\system32\DRIVERS\athr.sys

15:06:37.0483 3328  athr - ok

15:06:37.0561 3328  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

15:06:37.0608 3328  AudioEndpointBuilder - ok

15:06:37.0639 3328  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll

15:06:37.0670 3328  Audiosrv - ok

15:06:37.0748 3328  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys

15:06:37.0779 3328  avgntflt - ok

15:06:37.0873 3328  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys

15:06:37.0889 3328  avipbb - ok

15:06:37.0951 3328  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys

15:06:37.0967 3328  avkmgr - ok

15:06:38.0029 3328  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll

15:06:38.0091 3328  AxInstSV - ok

15:06:38.0154 3328  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys

15:06:38.0201 3328  b06bdrv - ok

15:06:38.0263 3328  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys

15:06:38.0294 3328  b57nd60x - ok

15:06:38.0372 3328  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll

15:06:38.0419 3328  BDESVC - ok

15:06:38.0466 3328  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys

15:06:38.0497 3328  Beep - ok

15:06:38.0559 3328  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll

15:06:38.0637 3328  BITS - ok

15:06:38.0669 3328  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys

15:06:38.0700 3328  blbdrive - ok

15:06:38.0793 3328  [ D002033C1A37F6AF51B5F0BA6D0211BC ] BMLoad          C:\Windows\system32\drivers\BMLoad.sys

15:06:38.0809 3328  BMLoad ( UnsignedFile.Multi.Generic ) - warning

15:06:38.0809 3328  BMLoad - detected UnsignedFile.Multi.Generic (1)

15:06:38.0871 3328  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys

15:06:38.0934 3328  bowser - ok

15:06:38.0981 3328  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys

15:06:39.0012 3328  BrFiltLo - ok

15:06:39.0043 3328  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys

15:06:39.0090 3328  BrFiltUp - ok

15:06:39.0152 3328  [ C711ED965009BDCFF9AA62CEB6FF1AAD ] Brother XP spl Service C:\Windows\system32\brsvc01a.exe

15:06:39.0183 3328  Brother XP spl Service ( UnsignedFile.Multi.Generic ) - warning

15:06:39.0183 3328  Brother XP spl Service - detected UnsignedFile.Multi.Generic (1)

15:06:39.0246 3328  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll

15:06:39.0277 3328  Browser - ok

15:06:39.0308 3328  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys

15:06:39.0339 3328  Brserid - ok

15:06:39.0355 3328  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys

15:06:39.0386 3328  BrSerWdm - ok

15:06:39.0417 3328  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys

15:06:39.0433 3328  BrUsbMdm - ok

15:06:39.0433 3328  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys

15:06:39.0464 3328  BrUsbSer - ok

15:06:39.0542 3328  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys

15:06:39.0558 3328  BthEnum - ok

15:06:39.0573 3328  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys

15:06:39.0620 3328  BTHMODEM - ok

15:06:39.0636 3328  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys

15:06:39.0667 3328  BthPan - ok

15:06:39.0729 3328  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys

15:06:39.0776 3328  BTHPORT - ok

15:06:39.0839 3328  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll

15:06:39.0885 3328  bthserv - ok

15:06:39.0917 3328  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys

15:06:39.0948 3328  BTHUSB - ok

15:06:39.0995 3328  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys

15:06:40.0041 3328  cdfs - ok

15:06:40.0104 3328  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys

15:06:40.0135 3328  cdrom - ok

15:06:40.0213 3328  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll

15:06:40.0244 3328  CertPropSvc - ok

15:06:40.0275 3328  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys

15:06:40.0338 3328  circlass - ok

15:06:40.0369 3328  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys

15:06:40.0400 3328  CLFS - ok

15:06:40.0494 3328  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:06:40.0509 3328  clr_optimization_v2.0.50727_32 - ok

15:06:40.0619 3328  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:06:40.0681 3328  clr_optimization_v4.0.30319_32 - ok

15:06:40.0728 3328  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys

15:06:40.0759 3328  CmBatt - ok

15:06:40.0806 3328  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys

15:06:40.0821 3328  cmdide - ok

15:06:40.0868 3328  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys

15:06:40.0915 3328  CNG - ok

15:06:40.0931 3328  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys

15:06:40.0946 3328  Compbatt - ok

15:06:40.0993 3328  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys

15:06:41.0009 3328  CompositeBus - ok

15:06:41.0055 3328  COMSysApp - ok

15:06:41.0087 3328  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys

15:06:41.0102 3328  crcdisk - ok

15:06:41.0165 3328  [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc        C:\Windows\system32\cryptsvc.dll

15:06:41.0211 3328  CryptSvc - ok

15:06:41.0274 3328  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll

15:06:41.0321 3328  DcomLaunch - ok

15:06:41.0367 3328  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll

15:06:41.0399 3328  defragsvc - ok

15:06:41.0445 3328  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys

15:06:41.0492 3328  DfsC - ok

15:06:41.0570 3328  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll

15:06:41.0617 3328  Dhcp - ok

15:06:41.0648 3328  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys

15:06:41.0711 3328  discache - ok

15:06:41.0757 3328  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys

15:06:41.0773 3328  Disk - ok

15:06:41.0820 3328  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll

15:06:41.0851 3328  Dnscache - ok

15:06:41.0882 3328  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll

15:06:41.0929 3328  dot3svc - ok

15:06:41.0976 3328  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll

15:06:42.0038 3328  DPS - ok

15:06:42.0085 3328  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys

15:06:42.0132 3328  drmkaud - ok

15:06:42.0194 3328  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys

15:06:42.0241 3328  DXGKrnl - ok

15:06:42.0272 3328  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll

15:06:42.0335 3328  EapHost - ok

15:06:42.0491 3328  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys

15:06:42.0600 3328  ebdrv - ok

15:06:42.0631 3328  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe

15:06:42.0678 3328  EFS - ok

15:06:42.0756 3328  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe

15:06:42.0818 3328  ehRecvr - ok

15:06:42.0865 3328  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe

15:06:42.0896 3328  ehSched - ok

15:06:42.0990 3328  [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys

15:06:43.0005 3328  ElbyCDIO - ok

15:06:43.0068 3328  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys

15:06:43.0083 3328  elxstor - ok

15:06:43.0130 3328  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys

15:06:43.0161 3328  ErrDev - ok

15:06:43.0271 3328  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll

15:06:43.0333 3328  EventSystem - ok

15:06:43.0395 3328  [ 0F40E249E4DD0CE47C7CA19C5C8FB48A ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys

15:06:43.0427 3328  ewusbnet - ok

15:06:43.0458 3328  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys

15:06:43.0520 3328  exfat - ok

15:06:43.0551 3328  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys

15:06:43.0598 3328  fastfat - ok

15:06:43.0676 3328  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe

15:06:43.0739 3328  Fax - ok

15:06:43.0770 3328  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys

15:06:43.0817 3328  fdc - ok

15:06:43.0863 3328  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll

15:06:43.0895 3328  fdPHost - ok

15:06:43.0926 3328  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll

15:06:43.0957 3328  FDResPub - ok

15:06:44.0004 3328  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys

15:06:44.0004 3328  FileInfo - ok

15:06:44.0035 3328  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys

15:06:44.0082 3328  Filetrace - ok

15:06:44.0097 3328  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys

15:06:44.0129 3328  flpydisk - ok

15:06:44.0175 3328  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys

15:06:44.0191 3328  FltMgr - ok

15:06:44.0253 3328  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll

15:06:44.0285 3328  FontCache - ok

15:06:44.0331 3328  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

15:06:44.0363 3328  FontCache3.0.0.0 - ok

15:06:44.0394 3328  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys

15:06:44.0409 3328  FsDepends - ok

15:06:44.0425 3328  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys

15:06:44.0425 3328  Fs_Rec - ok

15:06:44.0503 3328  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys

15:06:44.0534 3328  fvevol - ok

15:06:44.0581 3328  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys

15:06:44.0597 3328  gagp30kx - ok

15:06:44.0659 3328  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll

15:06:44.0737 3328  gpsvc - ok

15:06:44.0862 3328  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe

15:06:44.0877 3328  gupdate - ok

15:06:44.0955 3328  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe

15:06:44.0971 3328  gupdatem - ok

15:06:45.0018 3328  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys

15:06:45.0049 3328  hcw85cir - ok

15:06:45.0127 3328  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

15:06:45.0189 3328  HdAudAddService - ok

15:06:45.0252 3328  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys

15:06:45.0299 3328  HDAudBus - ok

15:06:45.0314 3328  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys

15:06:45.0345 3328  HidBatt - ok

15:06:45.0361 3328  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys

15:06:45.0408 3328  HidBth - ok

15:06:45.0423 3328  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys

15:06:45.0470 3328  HidIr - ok

15:06:45.0533 3328  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll

15:06:45.0579 3328  hidserv - ok

15:06:45.0626 3328  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\drivers\hidusb.sys

15:06:45.0657 3328  HidUsb - ok

15:06:45.0720 3328  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll

15:06:45.0751 3328  hkmsvc - ok

15:06:45.0798 3328  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

15:06:45.0845 3328  HomeGroupListener - ok

15:06:45.0907 3328  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

15:06:45.0938 3328  HomeGroupProvider - ok

15:06:45.0969 3328  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys

15:06:45.0985 3328  HpSAMD - ok

15:06:46.0063 3328  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys

15:06:46.0110 3328  HTTP - ok

15:06:46.0188 3328  [ 92CA47DA32009CCC00A5ADED04ABBD78 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys

15:06:46.0203 3328  hwdatacard - ok

15:06:46.0250 3328  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys

15:06:46.0266 3328  hwpolicy - ok

15:06:46.0359 3328  [ 089085538885367E281686762A973EB5 ] hwusbfake       C:\Windows\system32\DRIVERS\ewusbfake.sys

15:06:46.0406 3328  hwusbfake - ok

15:06:46.0484 3328  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys

15:06:46.0531 3328  i8042prt - ok

15:06:46.0609 3328  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys

15:06:46.0640 3328  iaStorV - ok

15:06:46.0718 3328  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

15:06:46.0781 3328  idsvc - ok

15:06:47.0030 3328  [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys

15:06:47.0358 3328  igfx - ok

15:06:47.0389 3328  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys

15:06:47.0405 3328  iirsp - ok

15:06:47.0467 3328  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll

15:06:47.0561 3328  IKEEXT - ok

15:06:47.0701 3328  [ 8B27C21412AE4404EB0ACFE1D98579EC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

15:06:47.0826 3328  IntcAzAudAddService - ok

15:06:47.0841 3328  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys

15:06:47.0857 3328  intelide - ok

15:06:47.0904 3328  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys

15:06:47.0951 3328  intelppm - ok

15:06:48.0013 3328  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll

15:06:48.0075 3328  IPBusEnum - ok

15:06:48.0107 3328  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:06:48.0169 3328  IpFilterDriver - ok

15:06:48.0216 3328  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys

15:06:48.0263 3328  IPMIDRV - ok

15:06:48.0294 3328  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys

15:06:48.0325 3328  IPNAT - ok

15:06:48.0372 3328  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys

15:06:48.0419 3328  IRENUM - ok

15:06:48.0465 3328  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys

15:06:48.0497 3328  isapnp - ok

15:06:48.0543 3328  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys

15:06:48.0559 3328  iScsiPrt - ok

15:06:48.0606 3328  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys

15:06:48.0606 3328  kbdclass - ok

15:06:48.0668 3328  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys

15:06:48.0699 3328  kbdhid - ok

15:06:48.0731 3328  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe

15:06:48.0746 3328  KeyIso - ok

15:06:48.0777 3328  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys

15:06:48.0809 3328  KSecDD - ok

15:06:48.0840 3328  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys

15:06:48.0855 3328  KSecPkg - ok

15:06:48.0902 3328  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll

15:06:48.0933 3328  KtmRm - ok

15:06:48.0996 3328  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll

15:06:49.0058 3328  LanmanServer - ok

15:06:49.0105 3328  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

15:06:49.0167 3328  LanmanWorkstation - ok

15:06:49.0245 3328  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys

15:06:49.0308 3328  lltdio - ok

15:06:49.0355 3328  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll

15:06:49.0401 3328  lltdsvc - ok

15:06:49.0433 3328  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll

15:06:49.0464 3328  lmhosts - ok

15:06:49.0511 3328  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys

15:06:49.0526 3328  LSI_FC - ok

15:06:49.0557 3328  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys

15:06:49.0573 3328  LSI_SAS - ok

15:06:49.0604 3328  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys

15:06:49.0620 3328  LSI_SAS2 - ok

15:06:49.0635 3328  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys

15:06:49.0667 3328  LSI_SCSI - ok

15:06:49.0729 3328  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys

15:06:49.0776 3328  luafv - ok

15:06:49.0838 3328  [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys

15:06:49.0854 3328  MBAMProtector - ok

15:06:49.0932 3328  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

15:06:49.0963 3328  MBAMScheduler - ok

15:06:49.0994 3328  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

15:06:50.0025 3328  MBAMService - ok

15:06:50.0072 3328  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll

15:06:50.0088 3328  Mcx2Svc - ok

15:06:50.0103 3328  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys

15:06:50.0119 3328  megasas - ok

15:06:50.0166 3328  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys

15:06:50.0181 3328  MegaSR - ok

15:06:50.0213 3328  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll

15:06:50.0259 3328  MMCSS - ok

15:06:50.0291 3328  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys

15:06:50.0353 3328  Modem - ok

15:06:50.0400 3328  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys

15:06:50.0415 3328  monitor - ok

15:06:50.0447 3328  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\drivers\mouclass.sys

15:06:50.0462 3328  mouclass - ok

15:06:50.0493 3328  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys

15:06:50.0540 3328  mouhid - ok

15:06:50.0603 3328  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys

15:06:50.0603 3328  mountmgr - ok

15:06:50.0649 3328  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys

15:06:50.0665 3328  mpio - ok

15:06:50.0696 3328  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys

15:06:50.0712 3328  mpsdrv - ok

15:06:50.0759 3328  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys

15:06:50.0805 3328  MRxDAV - ok

15:06:50.0868 3328  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys

15:06:50.0915 3328  mrxsmb - ok

15:06:50.0977 3328  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:06:51.0008 3328  mrxsmb10 - ok

15:06:51.0055 3328  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:06:51.0086 3328  mrxsmb20 - ok

15:06:51.0149 3328  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys

15:06:51.0164 3328  msahci - ok

15:06:51.0211 3328  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys

15:06:51.0227 3328  msdsm - ok

15:06:51.0273 3328  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe

15:06:51.0289 3328  MSDTC - ok

15:06:51.0351 3328  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys

15:06:51.0398 3328  Msfs - ok

15:06:51.0429 3328  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys

15:06:51.0461 3328  mshidkmdf - ok

15:06:51.0507 3328  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys

15:06:51.0523 3328  msisadrv - ok

15:06:51.0585 3328  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll

15:06:51.0632 3328  MSiSCSI - ok

15:06:51.0648 3328  msiserver - ok

15:06:51.0679 3328  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys

15:06:51.0726 3328  MSKSSRV - ok

15:06:51.0773 3328  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys

15:06:51.0804 3328  MSPCLOCK - ok

15:06:51.0835 3328  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys

15:06:51.0882 3328  MSPQM - ok

15:06:51.0897 3328  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys

15:06:51.0913 3328  MsRPC - ok

15:06:51.0944 3328  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys

15:06:51.0960 3328  mssmbios - ok

15:06:51.0975 3328  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys

15:06:52.0007 3328  MSTEE - ok

15:06:52.0038 3328  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys

15:06:52.0069 3328  MTConfig - ok

15:06:52.0100 3328  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys

15:06:52.0116 3328  Mup - ok

15:06:52.0163 3328  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll

15:06:52.0241 3328  napagent - ok

15:06:52.0287 3328  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys

15:06:52.0303 3328  NativeWifiP - ok

15:06:52.0443 3328  [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate        C:\Program Files\Nero\Update\NASvc.exe

15:06:52.0490 3328  NAUpdate - ok

15:06:52.0553 3328  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys

15:06:52.0584 3328  NDIS - ok

15:06:52.0646 3328  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys

15:06:52.0677 3328  NdisCap - ok

15:06:52.0709 3328  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys

15:06:52.0755 3328  NdisTapi - ok

15:06:52.0802 3328  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys

15:06:52.0833 3328  Ndisuio - ok

15:06:52.0865 3328  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys

15:06:52.0943 3328  NdisWan - ok

15:06:52.0974 3328  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys

15:06:53.0005 3328  NDProxy - ok

15:06:53.0036 3328  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys

15:06:53.0067 3328  NetBIOS - ok

15:06:53.0130 3328  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys

15:06:53.0192 3328  NetBT - ok

15:06:53.0208 3328  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe

15:06:53.0223 3328  Netlogon - ok

15:06:53.0301 3328  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll

15:06:53.0379 3328  Netman - ok

15:06:53.0442 3328  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

15:06:53.0473 3328  NetMsmqActivator - ok

15:06:53.0520 3328  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

15:06:53.0535 3328  NetPipeActivator - ok

15:06:53.0567 3328  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll

15:06:53.0613 3328  netprofm - ok

15:06:53.0691 3328  [ 76B1157EF850830C5ECE61D3E591CA8B ] netr73          C:\Windows\system32\DRIVERS\netr73.sys

15:06:53.0707 3328  netr73 - ok

15:06:53.0723 3328  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

15:06:53.0738 3328  NetTcpActivator - ok

15:06:53.0754 3328  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

15:06:53.0769 3328  NetTcpPortSharing - ok

15:06:53.0801 3328  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys

15:06:53.0816 3328  nfrd960 - ok

15:06:53.0863 3328  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll

15:06:53.0910 3328  NlaSvc - ok

15:06:53.0957 3328  [ C82F4CC10AD315B6D6BCB14D0A7CAD66 ] nmwcd           C:\Windows\system32\drivers\ccdcmb.sys

15:06:53.0988 3328  nmwcd - ok

15:06:54.0019 3328  [ 60EF5F5621D7832F00A3F190A0C905E2 ] nmwcdc          C:\Windows\system32\drivers\ccdcmbo.sys

15:06:54.0050 3328  nmwcdc - ok

15:06:54.0081 3328  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys

15:06:54.0128 3328  Npfs - ok

15:06:54.0159 3328  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll

15:06:54.0206 3328  nsi - ok

15:06:54.0237 3328  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys

15:06:54.0269 3328  nsiproxy - ok

15:06:54.0347 3328  [ 81189C3D7763838E55C397759D49007A ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys

15:06:54.0425 3328  Ntfs - ok

15:06:54.0425 3328  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys

15:06:54.0471 3328  Null - ok

15:06:54.0518 3328  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys

15:06:54.0534 3328  nvraid - ok

15:06:54.0565 3328  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys

15:06:54.0581 3328  nvstor - ok

15:06:54.0596 3328  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys

15:06:54.0612 3328  nv_agp - ok

15:06:54.0705 3328  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

15:06:54.0737 3328  odserv - ok

15:06:54.0783 3328  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys

15:06:54.0799 3328  ohci1394 - ok

15:06:54.0861 3328  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:06:54.0877 3328  ose - ok

15:06:54.0955 3328  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll

15:06:54.0986 3328  p2pimsvc - ok

15:06:55.0033 3328  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll

15:06:55.0064 3328  p2psvc - ok

15:06:55.0127 3328  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys

15:06:55.0158 3328  Parport - ok

15:06:55.0205 3328  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys

15:06:55.0220 3328  partmgr - ok

15:06:55.0236 3328  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys

15:06:55.0267 3328  Parvdm - ok

15:06:55.0298 3328  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll

15:06:55.0329 3328  PcaSvc - ok

15:06:55.0361 3328  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys

15:06:55.0376 3328  pci - ok

15:06:55.0407 3328  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys

15:06:55.0423 3328  pciide - ok

15:06:55.0454 3328  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys

15:06:55.0470 3328  pcmcia - ok

15:06:55.0517 3328  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys

15:06:55.0517 3328  pcw - ok

15:06:55.0579 3328  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys

15:06:55.0673 3328  PEAUTH - ok

15:06:55.0766 3328  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll

15:06:55.0875 3328  pla - ok

15:06:55.0922 3328  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll

15:06:55.0953 3328  PlugPlay - ok

15:06:55.0985 3328  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll

15:06:56.0000 3328  PNRPAutoReg - ok

15:06:56.0031 3328  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll

15:06:56.0063 3328  PNRPsvc - ok

15:06:56.0094 3328  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll

15:06:56.0141 3328  PolicyAgent - ok

15:06:56.0187 3328  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll

15:06:56.0250 3328  Power - ok

15:06:56.0297 3328  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys

15:06:56.0343 3328  PptpMiniport - ok

15:06:56.0375 3328  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys

15:06:56.0406 3328  Processor - ok

15:06:56.0468 3328  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll

15:06:56.0484 3328  ProfSvc - ok

15:06:56.0515 3328  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe

15:06:56.0531 3328  ProtectedStorage - ok

15:06:56.0577 3328  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys

15:06:56.0624 3328  Psched - ok

15:06:56.0687 3328  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys

15:06:56.0765 3328  ql2300 - ok

15:06:56.0811 3328  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys

15:06:56.0827 3328  ql40xx - ok

15:06:56.0874 3328  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll

15:06:56.0905 3328  QWAVE - ok

15:06:56.0936 3328  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys

15:06:56.0967 3328  QWAVEdrv - ok

15:06:57.0045 3328  [ 432F5B15E21A54B48072593F03570326 ] RalinkRegistryWriter C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe

15:06:57.0061 3328  RalinkRegistryWriter ( UnsignedFile.Multi.Generic ) - warning

15:06:57.0061 3328  RalinkRegistryWriter - detected UnsignedFile.Multi.Generic (1)

15:06:57.0092 3328  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys

15:06:57.0155 3328  RasAcd - ok

15:06:57.0217 3328  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys

15:06:57.0279 3328  RasAgileVpn - ok

15:06:57.0311 3328  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll

15:06:57.0357 3328  RasAuto - ok

15:06:57.0389 3328  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys

15:06:57.0435 3328  Rasl2tp - ok

15:06:57.0498 3328  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll

15:06:57.0545 3328  RasMan - ok

15:06:57.0576 3328  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys

15:06:57.0607 3328  RasPppoe - ok

15:06:57.0654 3328  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys

15:06:57.0701 3328  RasSstp - ok

15:06:57.0732 3328  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys

15:06:57.0763 3328  rdbss - ok

15:06:57.0794 3328  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys

15:06:57.0810 3328  rdpbus - ok

15:06:57.0857 3328  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys

15:06:57.0903 3328  RDPCDD - ok

15:06:57.0966 3328  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys

15:06:58.0013 3328  RDPENCDD - ok

15:06:58.0044 3328  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys

15:06:58.0075 3328  RDPREFMP - ok

15:06:58.0122 3328  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys

15:06:58.0137 3328  RDPWD - ok

15:06:58.0200 3328  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys

15:06:58.0215 3328  rdyboost - ok

15:06:58.0247 3328  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll

15:06:58.0293 3328  RemoteAccess - ok

15:06:58.0325 3328  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll

15:06:58.0371 3328  RemoteRegistry - ok

15:06:58.0434 3328  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys

15:06:58.0449 3328  RFCOMM - ok

15:06:58.0496 3328  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll

15:06:58.0543 3328  RpcEptMapper - ok

15:06:58.0574 3328  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe

15:06:58.0590 3328  RpcLocator - ok

15:06:58.0621 3328  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll

15:06:58.0652 3328  RpcSs - ok

15:06:58.0730 3328  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys

15:06:58.0777 3328  rspndr - ok

15:06:58.0824 3328  [ 96F8DD546677AA5102150ACC140377B3 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys

15:06:58.0871 3328  RSUSBSTOR - ok

15:06:58.0949 3328  [ 26A9D6227D12B9D9DA5A81BB9B55D810 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys

15:06:58.0995 3328  RTL8167 - ok

15:06:59.0027 3328  RtsUIR - ok

15:06:59.0058 3328  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe

15:06:59.0073 3328  SamSs - ok

15:06:59.0136 3328  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys

15:06:59.0151 3328  sbp2port - ok

15:06:59.0183 3328  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll

15:06:59.0229 3328  SCardSvr - ok

15:06:59.0261 3328  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys

15:06:59.0292 3328  scfilter - ok

15:06:59.0370 3328  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll

15:06:59.0463 3328  Schedule - ok

15:06:59.0495 3328  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll

15:06:59.0510 3328  SCPolicySvc - ok

15:06:59.0573 3328  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll

15:06:59.0588 3328  SDRSVC - ok

15:06:59.0651 3328  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys

15:06:59.0697 3328  secdrv - ok

15:06:59.0744 3328  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll

15:06:59.0791 3328  seclogon - ok

15:06:59.0838 3328  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll

15:06:59.0885 3328  SENS - ok

15:06:59.0916 3328  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll

15:06:59.0947 3328  SensrSvc - ok

15:06:59.0994 3328  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys

15:07:00.0009 3328  Serenum - ok

15:07:00.0056 3328  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys

15:07:00.0087 3328  Serial - ok

15:07:00.0134 3328  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys

15:07:00.0165 3328  sermouse - ok

15:07:00.0228 3328  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll

15:07:00.0275 3328  SessionEnv - ok

15:07:00.0321 3328  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys

15:07:00.0353 3328  sffdisk - ok

15:07:00.0384 3328  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys

15:07:00.0399 3328  sffp_mmc - ok

15:07:00.0431 3328  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys

15:07:00.0446 3328  sffp_sd - ok

15:07:00.0477 3328  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys

15:07:00.0493 3328  sfloppy - ok

15:07:00.0540 3328  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

15:07:00.0602 3328  ShellHWDetection - ok

15:07:00.0618 3328  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys

15:07:00.0633 3328  sisagp - ok

15:07:00.0680 3328  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys

15:07:00.0696 3328  SiSRaid2 - ok

15:07:00.0711 3328  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys

15:07:00.0727 3328  SiSRaid4 - ok

15:07:00.0774 3328  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys

15:07:00.0821 3328  Smb - ok

15:07:00.0914 3328  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe

15:07:00.0945 3328  SNMPTRAP - ok

15:07:00.0977 3328  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys

15:07:00.0992 3328  spldr - ok

15:07:01.0070 3328  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe

15:07:01.0101 3328  Spooler - ok

15:07:01.0211 3328  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe

15:07:01.0351 3328  sppsvc - ok

15:07:01.0398 3328  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll

15:07:01.0445 3328  sppuinotify - ok

15:07:01.0491 3328  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys

15:07:01.0523 3328  srv - ok

15:07:01.0585 3328  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys

15:07:01.0616 3328  srv2 - ok

15:07:01.0663 3328  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys

15:07:01.0679 3328  srvnet - ok

15:07:01.0710 3328  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll

15:07:01.0757 3328  SSDPSRV - ok

15:07:01.0835 3328  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys

15:07:01.0850 3328  ssmdrv - ok

15:07:01.0881 3328  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll

15:07:01.0913 3328  SstpSvc - ok

15:07:01.0959 3328  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys

15:07:01.0975 3328  stexstor - ok

15:07:02.0022 3328  [ EDB05BD63148796F23EA78506404A538 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys

15:07:02.0037 3328  StillCam - ok

15:07:02.0084 3328  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll

15:07:02.0115 3328  StiSvc - ok

15:07:02.0131 3328  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys

15:07:02.0147 3328  swenum - ok

15:07:02.0178 3328  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll

15:07:02.0209 3328  swprv - ok

15:07:02.0271 3328  [ A54FF04BD6E75DC4D8CB6F3E352635E0 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS

15:07:02.0303 3328  SymEvent - ok

15:07:02.0365 3328  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll

15:07:02.0459 3328  SysMain - ok

15:07:02.0505 3328  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll

15:07:02.0537 3328  TabletInputService - ok

15:07:02.0599 3328  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll

15:07:02.0646 3328  TapiSrv - ok

15:07:02.0693 3328  [ D7F411C5AF992BB44E86083A6AA7B045 ] tbhsd           C:\Windows\system32\drivers\tbhsd.sys

15:07:02.0708 3328  tbhsd - ok

15:07:02.0771 3328  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll

15:07:02.0817 3328  TBS - ok

15:07:02.0911 3328  [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip           C:\Windows\system32\drivers\tcpip.sys

15:07:02.0989 3328  Tcpip - ok

15:07:03.0051 3328  [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys

15:07:03.0083 3328  TCPIP6 - ok

15:07:03.0192 3328  [ DCFEB82CA988598CEB8F83148616038E ] tcpipBM         C:\Windows\system32\drivers\tcpipBM.sys

15:07:03.0223 3328  tcpipBM ( UnsignedFile.Multi.Generic ) - warning

15:07:03.0223 3328  tcpipBM - detected UnsignedFile.Multi.Generic (1)

15:07:03.0270 3328  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys

15:07:03.0301 3328  tcpipreg - ok

15:07:03.0379 3328  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys

15:07:03.0395 3328  TDPIPE - ok

15:07:03.0426 3328  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys

15:07:03.0441 3328  TDTCP - ok

15:07:03.0488 3328  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys

15:07:03.0551 3328  tdx - ok

15:07:03.0597 3328  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys

15:07:03.0613 3328  TermDD - ok

15:07:03.0660 3328  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll

15:07:03.0707 3328  TermService - ok

15:07:03.0831 3328  [ 76468DF7A7A92413A57C998DE5C39290 ] TestHandler     C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

15:07:03.0863 3328  TestHandler - ok

15:07:03.0894 3328  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll

15:07:03.0941 3328  Themes - ok

15:07:03.0956 3328  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll

15:07:03.0987 3328  THREADORDER - ok

15:07:04.0050 3328  [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM             C:\Windows\system32\drivers\tpm.sys

15:07:04.0065 3328  TPM - ok

15:07:04.0128 3328  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll

15:07:04.0175 3328  TrkWks - ok

15:07:04.0237 3328  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

15:07:04.0299 3328  TrustedInstaller - ok

15:07:04.0362 3328  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys

15:07:04.0377 3328  tssecsrv - ok

15:07:04.0455 3328  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys

15:07:04.0487 3328  TsUsbFlt - ok

15:07:04.0549 3328  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys

15:07:04.0596 3328  tunnel - ok

15:07:04.0611 3328  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys

15:07:04.0627 3328  uagp35 - ok

15:07:04.0658 3328  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys

15:07:04.0705 3328  udfs - ok

15:07:04.0752 3328  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe

15:07:04.0767 3328  UI0Detect - ok

15:07:04.0814 3328  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys

15:07:04.0830 3328  uliagpkx - ok

15:07:04.0908 3328  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys

15:07:04.0955 3328  umbus - ok

15:07:04.0986 3328  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys

15:07:05.0017 3328  UmPass - ok

15:07:05.0048 3328  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll

15:07:05.0095 3328  upnphost - ok

15:07:05.0173 3328  [ BB16932A4189E82D6C455042C11849B6 ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerflt.sys

15:07:05.0204 3328  upperdev - ok

15:07:05.0235 3328  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys

15:07:05.0267 3328  usbccgp - ok

15:07:05.0298 3328  USBCCID - ok

15:07:05.0329 3328  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys

15:07:05.0360 3328  usbcir - ok

15:07:05.0391 3328  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys

15:07:05.0423 3328  usbehci - ok

15:07:05.0469 3328  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys

15:07:05.0501 3328  usbhub - ok

15:07:05.0516 3328  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys

15:07:05.0547 3328  usbohci - ok

15:07:05.0594 3328  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys

15:07:05.0641 3328  usbprint - ok

15:07:05.0688 3328  [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser          C:\Windows\system32\drivers\usbser.sys

15:07:05.0719 3328  usbser - ok

15:07:05.0750 3328  [ E748D50B3B2EC7F40A2BA67FB094CF01 ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys

15:07:05.0766 3328  UsbserFilt - ok

15:07:05.0797 3328  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:07:05.0828 3328  USBSTOR - ok

15:07:05.0875 3328  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys

15:07:05.0922 3328  usbuhci - ok

15:07:06.0000 3328  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys

15:07:06.0031 3328  usbvideo - ok

15:07:06.0062 3328  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll

15:07:06.0109 3328  UxSms - ok

15:07:06.0125 3328  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe

15:07:06.0140 3328  VaultSvc - ok

15:07:06.0187 3328  [ FCE98C43B5C5DB8E0DA8EA0E2B45E044 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys

15:07:06.0203 3328  VClone - ok

15:07:06.0249 3328  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys

15:07:06.0249 3328  vdrvroot - ok

15:07:06.0296 3328  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe

15:07:06.0359 3328  vds - ok

15:07:06.0405 3328  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys

15:07:06.0437 3328  vga - ok

15:07:06.0483 3328  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys

15:07:06.0515 3328  VgaSave - ok

15:07:06.0561 3328  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys

15:07:06.0593 3328  vhdmp - ok

15:07:06.0624 3328  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys

15:07:06.0639 3328  viaagp - ok

15:07:06.0655 3328  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys

15:07:06.0686 3328  ViaC7 - ok

15:07:06.0717 3328  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys

15:07:06.0733 3328  viaide - ok

15:07:06.0842 3328  [ 1B0D441D8AB264D39C2B09130CC28045 ] VMCService      C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

15:07:06.0858 3328  VMCService ( UnsignedFile.Multi.Generic ) - warning

15:07:06.0858 3328  VMCService - detected UnsignedFile.Multi.Generic (1)

15:07:06.0905 3328  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys

15:07:06.0936 3328  volmgr - ok

15:07:06.0983 3328  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys

15:07:07.0014 3328  volmgrx - ok

15:07:07.0061 3328  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys

15:07:07.0092 3328  volsnap - ok

15:07:07.0139 3328  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys

15:07:07.0170 3328  vsmraid - ok

15:07:07.0248 3328  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe

15:07:07.0341 3328  VSS - ok

15:07:07.0373 3328  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys

15:07:07.0388 3328  vwifibus - ok

15:07:07.0435 3328  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys

15:07:07.0466 3328  vwififlt - ok

15:07:07.0513 3328  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys

15:07:07.0544 3328  vwifimp - ok

15:07:07.0591 3328  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll

15:07:07.0669 3328  W32Time - ok

15:07:07.0794 3328  [ 57C8C20BFA5BEF6BD851EBAC67A8CED0 ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll

15:07:07.0841 3328  W3SVC - ok

15:07:07.0872 3328  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys

15:07:07.0903 3328  WacomPen - ok

15:07:07.0965 3328  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys

15:07:08.0028 3328  WANARP - ok

15:07:08.0043 3328  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys

15:07:08.0075 3328  Wanarpv6 - ok

15:07:08.0137 3328  [ 57C8C20BFA5BEF6BD851EBAC67A8CED0 ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll

15:07:08.0168 3328  WAS - ok

15:07:08.0231 3328  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe

15:07:08.0309 3328  wbengine - ok

15:07:08.0356 3328  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll

15:07:08.0371 3328  WbioSrvc - ok

15:07:08.0418 3328  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll

15:07:08.0480 3328  wcncsvc - ok

15:07:08.0512 3328  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

15:07:08.0543 3328  WcsPlugInService - ok

15:07:08.0558 3328  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys

15:07:08.0574 3328  Wd - ok

15:07:08.0621 3328  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys

15:07:08.0636 3328  Wdf01000 - ok

15:07:08.0668 3328  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll

15:07:08.0699 3328  WdiServiceHost - ok

15:07:08.0714 3328  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll

15:07:08.0730 3328  WdiSystemHost - ok

15:07:08.0792 3328  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll

15:07:08.0824 3328  WebClient - ok

15:07:08.0855 3328  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll

15:07:08.0902 3328  Wecsvc - ok

15:07:08.0933 3328  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll

15:07:08.0980 3328  wercplsupport - ok

15:07:09.0026 3328  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll

15:07:09.0058 3328  WerSvc - ok

15:07:09.0104 3328  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys

15:07:09.0136 3328  WfpLwf - ok

15:07:09.0167 3328  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys

15:07:09.0182 3328  WIMMount - ok

15:07:09.0214 3328  WinHttpAutoProxySvc - ok

15:07:09.0307 3328  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll

15:07:09.0370 3328  Winmgmt - ok

15:07:09.0448 3328  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll

15:07:09.0541 3328  WinRM - ok

15:07:09.0619 3328  [ A67E5F9A400F3BD1BE3D80613B45F708 ] winusb          C:\Windows\system32\DRIVERS\WinUSB.sys

15:07:09.0666 3328  winusb - ok

15:07:09.0713 3328  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll

15:07:09.0744 3328  Wlansvc - ok

15:07:09.0869 3328  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

15:07:09.0947 3328  wlidsvc - ok

15:07:10.0009 3328  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys

15:07:10.0056 3328  WmiAcpi - ok

15:07:10.0118 3328  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe

15:07:10.0150 3328  wmiApSrv - ok

15:07:10.0243 3328  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe

15:07:10.0306 3328  WMPNetworkSvc - ok

15:07:10.0399 3328  [ 017695393AFFFED8DE58ABD1B085BE6D ] WMZuneComm      D:\Eigene Dateien\Eigene Videos\WMZuneComm.exe

15:07:10.0430 3328  WMZuneComm - ok

15:07:10.0493 3328  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll

15:07:10.0524 3328  WPCSvc - ok

15:07:10.0571 3328  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll

15:07:10.0586 3328  WPDBusEnum - ok

15:07:10.0633 3328  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys

15:07:10.0696 3328  ws2ifsl - ok

15:07:10.0758 3328  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys

15:07:10.0789 3328  WSDPrintDevice - ok

15:07:10.0805 3328  WSearch - ok

15:07:10.0898 3328  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll

15:07:10.0976 3328  wuauserv - ok

15:07:11.0023 3328  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys

15:07:11.0070 3328  WudfPf - ok

15:07:11.0117 3328  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys

15:07:11.0148 3328  WUDFRd - ok

15:07:11.0210 3328  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll

15:07:11.0242 3328  wudfsvc - ok

15:07:11.0304 3328  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll

15:07:11.0335 3328  WwanSvc - ok

15:07:11.0585 3328  [ 1076DF9ADE4E13EA3BF39D2165AEB903 ] ZuneNetworkSvc  D:\Eigene Dateien\Eigene Videos\ZuneNss.exe

15:07:11.0694 3328  ZuneNetworkSvc - ok

15:07:11.0788 3328  [ DE1CDB333A402B279F04D627122FA08E ] ZuneWlanCfgSvc  D:\Eigene Dateien\Eigene Videos\ZuneWlanCfgSvc.exe

15:07:11.0834 3328  ZuneWlanCfgSvc - ok

15:07:11.0928 3328  ================ Scan global ===============================

15:07:11.0975 3328  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll

15:07:12.0022 3328  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll

15:07:12.0037 3328  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll

15:07:12.0100 3328  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll

15:07:12.0131 3328  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe

15:07:12.0131 3328  [Global] - ok

15:07:12.0131 3328  ================ Scan MBR ==================================

15:07:12.0162 3328  [ E87257436C9F60F2EAA5AB75319467F5 ] \Device\Harddisk0\DR0

15:07:12.0162 3328  Suspicious mbr (Forged): \Device\Harddisk0\DR0

15:07:12.0224 3328  \Device\Harddisk0\DR0 ( Rootkit.Boot.Xpaj.a ) - infected

15:07:12.0224 3328  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Xpaj.a (0)

15:07:12.0302 3328  ================ Scan VBR ==================================

15:07:12.0334 3328  [ 418105D1E12AEAA75A594148227E2505 ] \Device\Harddisk0\DR0\Partition1

15:07:12.0334 3328  \Device\Harddisk0\DR0\Partition1 - ok

15:07:12.0365 3328  [ A62631A967EC5D73FB6D3E27DBBD46E0 ] \Device\Harddisk0\DR0\Partition2

15:07:12.0365 3328  \Device\Harddisk0\DR0\Partition2 - ok

15:07:12.0365 3328  ============================================================

15:07:12.0365 3328  Scan finished

15:07:12.0365 3328  ============================================================

15:07:12.0380 2144  Detected object count: 6

15:07:12.0380 2144  Actual detected object count: 6

15:07:48.0650 2144  BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user

15:07:48.0650 2144  BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:07:48.0650 2144  Brother XP spl Service ( UnsignedFile.Multi.Generic ) - skipped by user

15:07:48.0650 2144  Brother XP spl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:07:48.0650 2144  RalinkRegistryWriter ( UnsignedFile.Multi.Generic ) - skipped by user

15:07:48.0650 2144  RalinkRegistryWriter ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:07:48.0666 2144  tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user

15:07:48.0666 2144  tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:07:48.0666 2144  VMCService ( UnsignedFile.Multi.Generic ) - skipped by user

15:07:48.0666 2144  VMCService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:07:48.0666 2144  \Device\Harddisk0\DR0 ( Rootkit.Boot.Xpaj.a ) - skipped by user

15:07:48.0666 2144  \Device\Harddisk0\DR0 ( Rootkit.Boot.Xpaj.a ) - User select action: Skip

Code:

\Device\Harddisk0\DR0 ( Rootkit.Boot.Xpaj.a ) - skipped by user

Diesen Eintrag bitte mit dem TDSS-Killer fixen. Aber bitte nur diesen Eintrag!
Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.

Ich hoffe, ich hab das mit dem fixen richtig gemacht.

Code:

08:47:26.0943 3004  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

08:47:27.0302 3004  ============================================================

08:47:27.0302 3004  Current date / time: 2012/09/24 08:47:27.0302

08:47:27.0302 3004  SystemInfo:

08:47:27.0302 3004  

08:47:27.0302 3004  OS Version: 6.1.7601 ServicePack: 1.0

08:47:27.0302 3004  Product type: Workstation

08:47:27.0302 3004  ComputerName: X-PC

08:47:27.0302 3004  UserName: x

08:47:27.0302 3004  Windows directory: C:\Windows

08:47:27.0302 3004  System windows directory: C:\Windows

08:47:27.0302 3004  Processor architecture: Intel x86

08:47:27.0302 3004  Number of processors: 2

08:47:27.0302 3004  Page size: 0x1000

08:47:27.0302 3004  Boot type: Normal boot

08:47:27.0302 3004  ============================================================

08:47:29.0065 3004  BG loaded

08:47:30.0032 3004  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

08:47:30.0032 3004  ============================================================

08:47:30.0032 3004  \Device\Harddisk0\DR0:

08:47:30.0032 3004  MBR partitions:

08:47:30.0032 3004  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x40466C, BlocksNum 0xFA00800

08:47:30.0032 3004  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFE05000, BlocksNum 0x15629000

08:47:30.0032 3004  ============================================================

08:47:30.0094 3004  C: <-> \Device\Harddisk0\DR0\Partition1

08:47:30.0204 3004  D: <-> \Device\Harddisk0\DR0\Partition2

08:47:30.0204 3004  ============================================================

08:47:30.0204 3004  Initialize success

08:47:30.0204 3004  ============================================================

08:47:45.0341 2336  ============================================================

08:47:45.0341 2336  Scan started

08:47:45.0341 2336  Mode: Manual; SigCheck; TDLFS; 

08:47:45.0341 2336  ============================================================

08:47:53.0094 2336  ================ Scan system memory ========================

08:47:53.0094 2336  System memory - ok

08:47:53.0094 2336  ================ Scan services =============================

08:47:53.0422 2336  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys

08:48:22.0836 2336  1394ohci - ok

08:48:22.0945 2336  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys

08:48:22.0992 2336  ACPI - ok

08:48:23.0070 2336  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys

08:48:23.0242 2336  AcpiPmi - ok

08:48:23.0538 2336  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

08:48:23.0585 2336  AdobeARMservice - ok

08:48:23.0756 2336  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys

08:48:23.0866 2336  adp94xx - ok

08:48:23.0912 2336  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys

08:48:23.0944 2336  adpahci - ok

08:48:24.0068 2336  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys

08:48:24.0100 2336  adpu320 - ok

08:48:24.0178 2336  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll

08:48:24.0334 2336  AeLookupSvc - ok

08:48:24.0443 2336  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys

08:48:24.0646 2336  AFD - ok

08:48:24.0692 2336  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys

08:48:24.0724 2336  agp440 - ok

08:48:24.0895 2336  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys

08:48:24.0926 2336  aic78xx - ok

08:48:25.0036 2336  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe

08:48:25.0145 2336  ALG - ok

08:48:25.0223 2336  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys

08:48:25.0254 2336  aliide - ok

08:48:25.0316 2336  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys

08:48:25.0363 2336  amdagp - ok

08:48:25.0394 2336  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys

08:48:25.0410 2336  amdide - ok

08:48:25.0472 2336  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys

08:48:25.0582 2336  AmdK8 - ok

08:48:25.0644 2336  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys

08:48:25.0722 2336  AmdPPM - ok

08:48:25.0784 2336  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys

08:48:25.0816 2336  amdsata - ok

08:48:26.0003 2336  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys

08:48:26.0034 2336  amdsbs - ok

08:48:26.0065 2336  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys

08:48:26.0112 2336  amdxata - ok

08:48:26.0362 2336  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe

08:48:26.0393 2336  AntiVirSchedulerService - ok

08:48:26.0518 2336  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe

08:48:26.0564 2336  AntiVirService - ok

08:48:26.0689 2336  [ 486CF73F183E7ADC5575FCD47F9FB1AF ] AnyDVD          C:\Windows\system32\Drivers\AnyDVD.sys

08:48:26.0767 2336  AnyDVD - ok

08:48:26.0923 2336  [ D1AF38FBAC0DC7E6D796B0ED01707EE0 ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll

08:48:27.0048 2336  AppHostSvc - ok

08:48:27.0095 2336  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys

08:48:27.0360 2336  AppID - ok

08:48:27.0516 2336  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll

08:48:27.0625 2336  AppIDSvc - ok

08:48:27.0719 2336  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll

08:48:27.0812 2336  Appinfo - ok

08:48:27.0937 2336  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys

08:48:28.0000 2336  arc - ok

08:48:28.0031 2336  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys

08:48:28.0093 2336  arcsas - ok

08:48:28.0343 2336  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

08:48:28.0670 2336  aspnet_state - ok

08:48:28.0811 2336  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys

08:48:29.0107 2336  AsyncMac - ok

08:48:29.0185 2336  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys

08:48:29.0201 2336  atapi - ok

08:48:29.0279 2336  [ 76BAB0C824E2D05B940C4DD40A9B08BF ] athr            C:\Windows\system32\DRIVERS\athr.sys

08:48:29.0450 2336  athr - ok

08:48:29.0513 2336  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

08:48:29.0591 2336  AudioEndpointBuilder - ok

08:48:29.0606 2336  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll

08:48:29.0716 2336  Audiosrv - ok

08:48:29.0794 2336  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys

08:48:29.0903 2336  avgntflt - ok

08:48:29.0981 2336  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys

08:48:30.0012 2336  avipbb - ok

08:48:30.0308 2336  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys

08:48:30.0324 2336  avkmgr - ok

08:48:30.0542 2336  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll

08:48:30.0917 2336  AxInstSV - ok

08:48:31.0244 2336  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys

08:48:31.0447 2336  b06bdrv - ok

08:48:31.0510 2336  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys

08:48:31.0572 2336  b57nd60x - ok

08:48:31.0744 2336  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll

08:48:31.0900 2336  BDESVC - ok

08:48:32.0040 2336  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys

08:48:32.0118 2336  Beep - ok

08:48:32.0165 2336  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll

08:48:32.0274 2336  BITS - ok

08:48:32.0290 2336  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys

08:48:32.0321 2336  blbdrive - ok

08:48:32.0461 2336  [ D002033C1A37F6AF51B5F0BA6D0211BC ] BMLoad          C:\Windows\system32\drivers\BMLoad.sys

08:48:32.0508 2336  BMLoad ( UnsignedFile.Multi.Generic ) - warning

08:48:32.0508 2336  BMLoad - detected UnsignedFile.Multi.Generic (1)

08:48:32.0539 2336  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys

08:48:32.0742 2336  bowser - ok

08:48:32.0820 2336  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys

08:48:32.0867 2336  BrFiltLo - ok

08:48:33.0288 2336  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys

08:48:33.0538 2336  BrFiltUp - ok

08:48:33.0600 2336  [ C711ED965009BDCFF9AA62CEB6FF1AAD ] Brother XP spl Service C:\Windows\system32\brsvc01a.exe

08:48:33.0725 2336  Brother XP spl Service ( UnsignedFile.Multi.Generic ) - warning

08:48:33.0725 2336  Brother XP spl Service - detected UnsignedFile.Multi.Generic (1)

08:48:33.0787 2336  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll

08:48:33.0834 2336  Browser - ok

08:48:33.0896 2336  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys

08:48:33.0943 2336  Brserid - ok

08:48:33.0959 2336  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys

08:48:34.0006 2336  BrSerWdm - ok

08:48:34.0037 2336  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys

08:48:34.0068 2336  BrUsbMdm - ok

08:48:34.0084 2336  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys

08:48:34.0115 2336  BrUsbSer - ok

08:48:34.0177 2336  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys

08:48:34.0240 2336  BthEnum - ok

08:48:34.0255 2336  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys

08:48:34.0286 2336  BTHMODEM - ok

08:48:34.0302 2336  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys

08:48:34.0349 2336  BthPan - ok

08:48:34.0396 2336  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys

08:48:34.0505 2336  BTHPORT - ok

08:48:34.0567 2336  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll

08:48:34.0645 2336  bthserv - ok

08:48:34.0676 2336  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys

08:48:34.0739 2336  BTHUSB - ok

08:48:34.0786 2336  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys

08:48:34.0864 2336  cdfs - ok

08:48:34.0926 2336  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys

08:48:34.0988 2336  cdrom - ok

08:48:35.0051 2336  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll

08:48:35.0113 2336  CertPropSvc - ok

08:48:35.0144 2336  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys

08:48:35.0222 2336  circlass - ok

08:48:35.0285 2336  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys

08:48:35.0316 2336  CLFS - ok

08:48:35.0378 2336  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

08:48:35.0410 2336  clr_optimization_v2.0.50727_32 - ok

08:48:35.0519 2336  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

08:48:35.0722 2336  clr_optimization_v4.0.30319_32 - ok

08:48:35.0768 2336  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys

08:48:35.0831 2336  CmBatt - ok

08:48:35.0862 2336  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys

08:48:35.0893 2336  cmdide - ok

08:48:35.0924 2336  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys

08:48:35.0971 2336  CNG - ok

08:48:35.0987 2336  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys

08:48:36.0002 2336  Compbatt - ok

08:48:36.0065 2336  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys

08:48:36.0096 2336  CompositeBus - ok

08:48:36.0127 2336  COMSysApp - ok

08:48:36.0158 2336  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys

08:48:36.0174 2336  crcdisk - ok

08:48:36.0221 2336  [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc        C:\Windows\system32\cryptsvc.dll

08:48:36.0299 2336  CryptSvc - ok

08:48:36.0346 2336  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll

08:48:36.0424 2336  DcomLaunch - ok

08:48:36.0455 2336  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll

08:48:36.0502 2336  defragsvc - ok

08:48:36.0564 2336  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys

08:48:36.0642 2336  DfsC - ok

08:48:36.0704 2336  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll

08:48:36.0798 2336  Dhcp - ok

08:48:36.0845 2336  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys

08:48:36.0892 2336  discache - ok

08:48:36.0938 2336  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys

08:48:36.0954 2336  Disk - ok

08:48:36.0985 2336  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll

08:48:37.0063 2336  Dnscache - ok

08:48:37.0126 2336  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll

08:48:37.0188 2336  dot3svc - ok

08:48:37.0235 2336  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll

08:48:37.0297 2336  DPS - ok

08:48:37.0344 2336  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys

08:48:37.0391 2336  drmkaud - ok

08:48:37.0438 2336  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys

08:48:37.0484 2336  DXGKrnl - ok

08:48:37.0531 2336  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll

08:48:37.0609 2336  EapHost - ok

08:48:37.0734 2336  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys

08:48:37.0937 2336  ebdrv - ok

08:48:38.0015 2336  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe

08:48:38.0140 2336  EFS - ok

08:48:38.0280 2336  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe

08:48:38.0342 2336  ehRecvr - ok

08:48:38.0389 2336  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe

08:48:38.0452 2336  ehSched - ok

08:48:38.0530 2336  [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys

08:48:38.0545 2336  ElbyCDIO - ok

08:48:38.0592 2336  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys

08:48:38.0670 2336  elxstor - ok

08:48:38.0701 2336  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys

08:48:38.0748 2336  ErrDev - ok

08:48:38.0826 2336  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll

08:48:38.0888 2336  EventSystem - ok

08:48:38.0951 2336  [ 0F40E249E4DD0CE47C7CA19C5C8FB48A ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys

08:48:39.0029 2336  ewusbnet - ok

08:48:39.0060 2336  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys

08:48:39.0107 2336  exfat - ok

08:48:39.0138 2336  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys

08:48:39.0185 2336  fastfat - ok

08:48:39.0247 2336  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe

08:48:39.0294 2336  Fax - ok

08:48:39.0341 2336  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys

08:48:39.0388 2336  fdc - ok

08:48:39.0434 2336  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll

08:48:39.0497 2336  fdPHost - ok

08:48:39.0512 2336  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll

08:48:39.0590 2336  FDResPub - ok

08:48:39.0606 2336  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys

08:48:39.0637 2336  FileInfo - ok

08:48:39.0668 2336  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys

08:48:39.0731 2336  Filetrace - ok

08:48:39.0762 2336  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys

08:48:39.0793 2336  flpydisk - ok

08:48:39.0824 2336  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys

08:48:39.0856 2336  FltMgr - ok

08:48:39.0918 2336  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll

08:48:39.0996 2336  FontCache - ok

08:48:40.0058 2336  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

08:48:40.0074 2336  FontCache3.0.0.0 - ok

08:48:40.0090 2336  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys

08:48:40.0121 2336  FsDepends - ok

08:48:40.0136 2336  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys

08:48:40.0214 2336  Fs_Rec - ok

08:48:40.0261 2336  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys

08:48:40.0292 2336  fvevol - ok

08:48:40.0324 2336  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys

08:48:40.0355 2336  gagp30kx - ok

08:48:40.0402 2336  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll

08:48:40.0464 2336  gpsvc - ok

08:48:40.0589 2336  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe

08:48:40.0620 2336  gupdate - ok

08:48:40.0729 2336  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe

08:48:40.0745 2336  gupdatem - ok

08:48:40.0776 2336  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys

08:48:40.0823 2336  hcw85cir - ok

08:48:40.0885 2336  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

08:48:40.0963 2336  HdAudAddService - ok

08:48:41.0010 2336  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys

08:48:41.0057 2336  HDAudBus - ok

08:48:41.0072 2336  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys

08:48:41.0104 2336  HidBatt - ok

08:48:41.0135 2336  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys

08:48:41.0182 2336  HidBth - ok

08:48:41.0260 2336  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys

08:48:41.0556 2336  HidIr - ok

08:48:41.0712 2336  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll

08:48:41.0915 2336  hidserv - ok

08:48:42.0383 2336  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\drivers\hidusb.sys

08:48:42.0414 2336  HidUsb - ok

08:48:42.0461 2336  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll

08:48:42.0523 2336  hkmsvc - ok

08:48:42.0570 2336  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

08:48:42.0695 2336  HomeGroupListener - ok

08:48:42.0757 2336  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

08:48:42.0788 2336  HomeGroupProvider - ok

08:48:42.0820 2336  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys

08:48:42.0851 2336  HpSAMD - ok

08:48:42.0929 2336  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys

08:48:42.0976 2336  HTTP - ok

08:48:43.0038 2336  [ 92CA47DA32009CCC00A5ADED04ABBD78 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys

08:48:43.0194 2336  hwdatacard - ok

08:48:43.0241 2336  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys

08:48:43.0256 2336  hwpolicy - ok

08:48:43.0506 2336  [ 089085538885367E281686762A973EB5 ] hwusbfake       C:\Windows\system32\DRIVERS\ewusbfake.sys

08:48:43.0568 2336  hwusbfake - ok

08:48:43.0709 2336  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys

08:48:43.0771 2336  i8042prt - ok

08:48:43.0865 2336  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys

08:48:43.0896 2336  iaStorV - ok

08:48:43.0974 2336  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

08:48:44.0036 2336  idsvc - ok

08:48:44.0286 2336  [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys

08:48:44.0489 2336  igfx - ok

08:48:44.0551 2336  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys

08:48:44.0582 2336  iirsp - ok

08:48:44.0692 2336  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll

08:48:44.0785 2336  IKEEXT - ok

08:48:44.0894 2336  [ 8B27C21412AE4404EB0ACFE1D98579EC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

08:48:44.0972 2336  IntcAzAudAddService - ok

08:48:45.0004 2336  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys

08:48:45.0035 2336  intelide - ok

08:48:45.0097 2336  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys

08:48:45.0128 2336  intelppm - ok

08:48:45.0175 2336  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll

08:48:45.0253 2336  IPBusEnum - ok

08:48:45.0269 2336  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys

08:48:45.0316 2336  IpFilterDriver - ok

08:48:45.0362 2336  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys

08:48:45.0394 2336  IPMIDRV - ok

08:48:45.0409 2336  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys

08:48:45.0472 2336  IPNAT - ok

08:48:45.0487 2336  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys

08:48:45.0550 2336  IRENUM - ok

08:48:45.0581 2336  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys

08:48:45.0612 2336  isapnp - ok

08:48:45.0643 2336  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys

08:48:45.0721 2336  iScsiPrt - ok

08:48:45.0752 2336  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys

08:48:45.0784 2336  kbdclass - ok

08:48:45.0830 2336  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys

08:48:45.0877 2336  kbdhid - ok

08:48:45.0893 2336  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe

08:48:45.0908 2336  KeyIso - ok

08:48:45.0940 2336  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys

08:48:45.0955 2336  KSecDD - ok

08:48:45.0986 2336  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys

08:48:46.0002 2336  KSecPkg - ok

08:48:46.0033 2336  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll

08:48:46.0111 2336  KtmRm - ok

08:48:46.0189 2336  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll

08:48:46.0283 2336  LanmanServer - ok

08:48:46.0330 2336  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

08:48:46.0423 2336  LanmanWorkstation - ok

08:48:46.0470 2336  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys

08:48:46.0517 2336  lltdio - ok

08:48:46.0564 2336  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll

08:48:46.0610 2336  lltdsvc - ok

08:48:46.0626 2336  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll

08:48:46.0657 2336  lmhosts - ok

08:48:46.0688 2336  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys

08:48:46.0704 2336  LSI_FC - ok

08:48:46.0751 2336  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys

08:48:46.0766 2336  LSI_SAS - ok

08:48:46.0782 2336  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys

08:48:46.0798 2336  LSI_SAS2 - ok

08:48:46.0829 2336  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys

08:48:46.0844 2336  LSI_SCSI - ok

08:48:46.0876 2336  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys

08:48:46.0922 2336  luafv - ok

08:48:46.0985 2336  [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys

08:48:47.0016 2336  MBAMProtector - ok

08:48:47.0063 2336  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

08:48:47.0110 2336  MBAMScheduler - ok

08:48:47.0141 2336  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

08:48:47.0172 2336  MBAMService - ok

08:48:47.0250 2336  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll

08:48:47.0312 2336  Mcx2Svc - ok

08:48:47.0468 2336  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys

08:48:47.0500 2336  megasas - ok

08:48:47.0546 2336  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys

08:48:47.0593 2336  MegaSR - ok

08:48:47.0671 2336  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll

08:48:47.0734 2336  MMCSS - ok

08:48:47.0780 2336  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys

08:48:47.0843 2336  Modem - ok

08:48:47.0890 2336  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys

08:48:47.0905 2336  monitor - ok

08:48:47.0983 2336  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\drivers\mouclass.sys

08:48:47.0999 2336  mouclass - ok

08:48:48.0046 2336  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys

08:48:48.0077 2336  mouhid - ok

08:48:48.0139 2336  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys

08:48:48.0170 2336  mountmgr - ok

08:48:48.0217 2336  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys

08:48:48.0264 2336  mpio - ok

08:48:48.0295 2336  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys

08:48:48.0326 2336  mpsdrv - ok

08:48:48.0373 2336  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys

08:48:48.0420 2336  MRxDAV - ok

08:48:48.0467 2336  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys

08:48:48.0529 2336  mrxsmb - ok

08:48:48.0576 2336  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys

08:48:48.0623 2336  mrxsmb10 - ok

08:48:48.0685 2336  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys

08:48:48.0748 2336  mrxsmb20 - ok

08:48:48.0794 2336  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys

08:48:48.0826 2336  msahci - ok

08:48:48.0872 2336  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys

08:48:48.0904 2336  msdsm - ok

08:48:48.0919 2336  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe

08:48:48.0950 2336  MSDTC - ok

08:48:48.0982 2336  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys

08:48:49.0060 2336  Msfs - ok

08:48:49.0106 2336  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys

08:48:49.0153 2336  mshidkmdf - ok

08:48:49.0184 2336  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys

08:48:49.0200 2336  msisadrv - ok

08:48:49.0278 2336  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll

08:48:49.0340 2336  MSiSCSI - ok

08:48:49.0340 2336  msiserver - ok

08:48:49.0387 2336  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys

08:48:49.0418 2336  MSKSSRV - ok

08:48:49.0450 2336  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys

08:48:49.0496 2336  MSPCLOCK - ok

08:48:49.0512 2336  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys

08:48:49.0574 2336  MSPQM - ok

08:48:49.0606 2336  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys

08:48:49.0621 2336  MsRPC - ok

08:48:49.0637 2336  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys

08:48:49.0652 2336  mssmbios - ok

08:48:49.0684 2336  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys

08:48:49.0730 2336  MSTEE - ok

08:48:49.0762 2336  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys

08:48:49.0808 2336  MTConfig - ok

08:48:49.0824 2336  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys

08:48:49.0840 2336  Mup - ok

08:48:49.0871 2336  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll

08:48:49.0964 2336  napagent - ok

08:48:50.0027 2336  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys

08:48:50.0074 2336  NativeWifiP - ok

08:48:50.0214 2336  [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate        C:\Program Files\Nero\Update\NASvc.exe

08:48:50.0261 2336  NAUpdate - ok

08:48:50.0323 2336  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys

08:48:50.0354 2336  NDIS - ok

08:48:50.0401 2336  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys

08:48:50.0448 2336  NdisCap - ok

08:48:50.0479 2336  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys

08:48:50.0557 2336  NdisTapi - ok

08:48:50.0604 2336  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys

08:48:50.0651 2336  Ndisuio - ok

08:48:50.0682 2336  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys

08:48:50.0776 2336  NdisWan - ok

08:48:50.0791 2336  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys

08:48:50.0822 2336  NDProxy - ok

08:48:50.0869 2336  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys

08:48:50.0916 2336  NetBIOS - ok

08:48:50.0963 2336  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys

08:48:51.0041 2336  NetBT - ok

08:48:51.0056 2336  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe

08:48:51.0072 2336  Netlogon - ok

08:48:51.0119 2336  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll

08:48:51.0181 2336  Netman - ok

08:48:51.0259 2336  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

08:48:51.0337 2336  NetMsmqActivator - ok

08:48:51.0384 2336  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

08:48:51.0400 2336  NetPipeActivator - ok

08:48:51.0431 2336  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll

08:48:51.0478 2336  netprofm - ok

08:48:51.0540 2336  [ 76B1157EF850830C5ECE61D3E591CA8B ] netr73          C:\Windows\system32\DRIVERS\netr73.sys

08:48:51.0602 2336  netr73 - ok

08:48:51.0602 2336  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

08:48:51.0618 2336  NetTcpActivator - ok

08:48:51.0618 2336  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

08:48:51.0634 2336  NetTcpPortSharing - ok

08:48:51.0680 2336  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys

08:48:51.0712 2336  nfrd960 - ok

08:48:51.0758 2336  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll

08:48:51.0852 2336  NlaSvc - ok

08:48:51.0899 2336  [ C82F4CC10AD315B6D6BCB14D0A7CAD66 ] nmwcd           C:\Windows\system32\drivers\ccdcmb.sys

08:48:51.0961 2336  nmwcd - ok

08:48:51.0992 2336  [ 60EF5F5621D7832F00A3F190A0C905E2 ] nmwcdc          C:\Windows\system32\drivers\ccdcmbo.sys

08:48:52.0024 2336  nmwcdc - ok

08:48:52.0039 2336  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys

08:48:52.0102 2336  Npfs - ok

08:48:52.0148 2336  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll

08:48:52.0211 2336  nsi - ok

08:48:52.0226 2336  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys

08:48:52.0273 2336  nsiproxy - ok

08:48:52.0320 2336  [ 81189C3D7763838E55C397759D49007A ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys

08:48:52.0429 2336  Ntfs - ok

08:48:52.0445 2336  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys

08:48:52.0492 2336  Null - ok

08:48:52.0554 2336  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys

08:48:52.0585 2336  nvraid - ok

08:48:52.0616 2336  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys

08:48:52.0648 2336  nvstor - ok

08:48:52.0679 2336  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys

08:48:52.0726 2336  nv_agp - ok

08:48:52.0804 2336  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

08:48:52.0866 2336  odserv - ok

08:48:52.0897 2336  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys

08:48:52.0960 2336  ohci1394 - ok

08:48:53.0006 2336  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

08:48:53.0038 2336  ose - ok

08:48:53.0100 2336  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll

08:48:53.0147 2336  p2pimsvc - ok

08:48:53.0209 2336  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll

08:48:53.0272 2336  p2psvc - ok

08:48:53.0318 2336  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys

08:48:53.0365 2336  Parport - ok

08:48:53.0396 2336  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys

08:48:53.0412 2336  partmgr - ok

08:48:53.0443 2336  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys

08:48:53.0490 2336  Parvdm - ok

08:48:53.0506 2336  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll

08:48:53.0537 2336  PcaSvc - ok

08:48:53.0568 2336  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys

08:48:53.0599 2336  pci - ok

08:48:53.0630 2336  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys

08:48:53.0662 2336  pciide - ok

08:48:53.0693 2336  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys

08:48:53.0724 2336  pcmcia - ok

08:48:53.0755 2336  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys

08:48:53.0786 2336  pcw - ok

08:48:53.0818 2336  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys

08:48:53.0896 2336  PEAUTH - ok

08:48:53.0974 2336  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll

08:48:54.0083 2336  pla - ok

08:48:54.0130 2336  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll

08:48:54.0192 2336  PlugPlay - ok

08:48:54.0208 2336  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll

08:48:54.0223 2336  PNRPAutoReg - ok

08:48:54.0239 2336  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll

08:48:54.0254 2336  PNRPsvc - ok

08:48:54.0286 2336  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll

08:48:54.0379 2336  PolicyAgent - ok

08:48:54.0410 2336  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll

08:48:54.0488 2336  Power - ok

08:48:54.0535 2336  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys

08:48:54.0598 2336  PptpMiniport - ok

08:48:54.0644 2336  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys

08:48:54.0691 2336  Processor - ok

08:48:54.0738 2336  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll

08:48:54.0800 2336  ProfSvc - ok

08:48:54.0816 2336  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe

08:48:54.0832 2336  ProtectedStorage - ok

08:48:54.0894 2336  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys

08:48:54.0941 2336  Psched - ok

08:48:55.0019 2336  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys

08:48:55.0112 2336  ql2300 - ok

08:48:55.0159 2336  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys

08:48:55.0190 2336  ql40xx - ok

08:48:55.0237 2336  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll

08:48:55.0284 2336  QWAVE - ok

08:48:55.0315 2336  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys

08:48:55.0378 2336  QWAVEdrv - ok

08:48:55.0456 2336  [ 432F5B15E21A54B48072593F03570326 ] RalinkRegistryWriter C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe

08:48:55.0471 2336  RalinkRegistryWriter ( UnsignedFile.Multi.Generic ) - warning

08:48:55.0471 2336  RalinkRegistryWriter - detected UnsignedFile.Multi.Generic (1)

08:48:55.0487 2336  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys

08:48:55.0534 2336  RasAcd - ok

08:48:55.0580 2336  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys

08:48:55.0658 2336  RasAgileVpn - ok

08:48:55.0690 2336  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll

08:48:55.0768 2336  RasAuto - ok

08:48:55.0799 2336  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys

08:48:55.0846 2336  Rasl2tp - ok

08:48:55.0892 2336  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll

08:48:55.0939 2336  RasMan - ok

08:48:55.0955 2336  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys

08:48:56.0002 2336  RasPppoe - ok

08:48:56.0033 2336  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys

08:48:56.0080 2336  RasSstp - ok

08:48:56.0142 2336  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys

08:48:56.0204 2336  rdbss - ok

08:48:56.0251 2336  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys

08:48:56.0282 2336  rdpbus - ok

08:48:56.0329 2336  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys

08:48:56.0392 2336  RDPCDD - ok

08:48:56.0438 2336  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys

08:48:56.0501 2336  RDPENCDD - ok

08:48:56.0516 2336  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys

08:48:56.0548 2336  RDPREFMP - ok

08:48:56.0579 2336  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys

08:48:56.0641 2336  RDPWD - ok

08:48:56.0704 2336  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys

08:48:56.0735 2336  rdyboost - ok

08:48:56.0766 2336  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll

08:48:56.0813 2336  RemoteAccess - ok

08:48:56.0844 2336  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll

08:48:56.0891 2336  RemoteRegistry - ok

08:48:56.0938 2336  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys

08:48:56.0969 2336  RFCOMM - ok

08:48:57.0000 2336  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll

08:48:57.0047 2336  RpcEptMapper - ok

08:48:57.0062 2336  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe

08:48:57.0109 2336  RpcLocator - ok

08:48:57.0125 2336  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll

08:48:57.0172 2336  RpcSs - ok

08:48:57.0234 2336  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys

08:48:57.0312 2336  rspndr - ok

08:48:57.0343 2336  [ 96F8DD546677AA5102150ACC140377B3 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys

08:48:57.0390 2336  RSUSBSTOR - ok

08:48:57.0437 2336  [ 26A9D6227D12B9D9DA5A81BB9B55D810 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys

08:48:57.0484 2336  RTL8167 - ok

08:48:57.0499 2336  RtsUIR - ok

08:48:57.0530 2336  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe

08:48:57.0546 2336  SamSs - ok

08:48:57.0608 2336  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys

08:48:57.0640 2336  sbp2port - ok

08:48:57.0686 2336  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll

08:48:57.0733 2336  SCardSvr - ok

08:48:57.0749 2336  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys

08:48:57.0780 2336  scfilter - ok

08:48:57.0842 2336  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll

08:48:57.0936 2336  Schedule - ok

08:48:57.0967 2336  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll

08:48:57.0983 2336  SCPolicySvc - ok

08:48:58.0030 2336  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll

08:48:58.0108 2336  SDRSVC - ok

08:48:58.0154 2336  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys

08:48:58.0217 2336  secdrv - ok

08:48:58.0248 2336  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll

08:48:58.0295 2336  seclogon - ok

08:48:58.0310 2336  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll

08:48:58.0342 2336  SENS - ok

08:48:58.0373 2336  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll

08:48:58.0435 2336  SensrSvc - ok

08:48:58.0466 2336  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys

08:48:58.0498 2336  Serenum - ok

08:48:58.0544 2336  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys

08:48:58.0591 2336  Serial - ok

08:48:58.0638 2336  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys

08:48:58.0669 2336  sermouse - ok

08:48:58.0716 2336  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll

08:48:58.0763 2336  SessionEnv - ok

08:48:58.0810 2336  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys

08:48:58.0872 2336  sffdisk - ok

08:48:58.0888 2336  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys

08:48:58.0903 2336  sffp_mmc - ok

08:48:58.0919 2336  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys

08:48:58.0934 2336  sffp_sd - ok

08:48:58.0966 2336  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys

08:48:58.0997 2336  sfloppy - ok

08:48:59.0028 2336  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

08:48:59.0090 2336  ShellHWDetection - ok

08:48:59.0137 2336  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys

08:48:59.0153 2336  sisagp - ok

08:48:59.0215 2336  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys

08:48:59.0231 2336  SiSRaid2 - ok

08:48:59.0262 2336  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys

08:48:59.0293 2336  SiSRaid4 - ok

08:48:59.0356 2336  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys

08:48:59.0434 2336  Smb - ok

08:48:59.0496 2336  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe

08:48:59.0527 2336  SNMPTRAP - ok

08:48:59.0543 2336  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys

08:48:59.0574 2336  spldr - ok

08:48:59.0621 2336  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe

08:48:59.0683 2336  Spooler - ok

08:48:59.0808 2336  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe

08:48:59.0933 2336  sppsvc - ok

08:48:59.0964 2336  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll

08:49:00.0026 2336  sppuinotify - ok

08:49:00.0089 2336  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys

08:49:00.0167 2336  srv - ok

08:49:00.0214 2336  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys

08:49:00.0260 2336  srv2 - ok

08:49:00.0307 2336  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys

08:49:00.0338 2336  srvnet - ok

08:49:00.0370 2336  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll

08:49:00.0494 2336  SSDPSRV - ok

08:49:00.0557 2336  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys

08:49:00.0572 2336  ssmdrv - ok

08:49:00.0604 2336  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll

08:49:00.0635 2336  SstpSvc - ok

08:49:00.0682 2336  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys

08:49:00.0713 2336  stexstor - ok

08:49:00.0744 2336  [ EDB05BD63148796F23EA78506404A538 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys

08:49:00.0760 2336  StillCam - ok

08:49:00.0791 2336  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll

08:49:00.0853 2336  StiSvc - ok

08:49:00.0884 2336  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys

08:49:00.0900 2336  swenum - ok

08:49:00.0947 2336  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll

08:49:01.0009 2336  swprv - ok

08:49:01.0103 2336  [ A54FF04BD6E75DC4D8CB6F3E352635E0 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS

08:49:01.0212 2336  SymEvent - ok

08:49:01.0259 2336  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll

08:49:01.0337 2336  SysMain - ok

08:49:01.0368 2336  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll

08:49:01.0415 2336  TabletInputService - ok

08:49:01.0446 2336  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll

08:49:01.0540 2336  TapiSrv - ok

08:49:01.0586 2336  [ D7F411C5AF992BB44E86083A6AA7B045 ] tbhsd           C:\Windows\system32\drivers\tbhsd.sys

08:49:01.0602 2336  tbhsd - ok

08:49:01.0649 2336  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll

08:49:01.0742 2336  TBS - ok

08:49:01.0820 2336  [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip           C:\Windows\system32\drivers\tcpip.sys

08:49:01.0945 2336  Tcpip - ok

08:49:01.0992 2336  [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys

08:49:02.0054 2336  TCPIP6 - ok

08:49:02.0132 2336  [ DCFEB82CA988598CEB8F83148616038E ] tcpipBM         C:\Windows\system32\drivers\tcpipBM.sys

08:49:02.0164 2336  tcpipBM ( UnsignedFile.Multi.Generic ) - warning

08:49:02.0164 2336  tcpipBM - detected UnsignedFile.Multi.Generic (1)

08:49:02.0210 2336  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys

08:49:02.0242 2336  tcpipreg - ok

08:49:02.0320 2336  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys

08:49:02.0366 2336  TDPIPE - ok

08:49:02.0398 2336  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys

08:49:02.0413 2336  TDTCP - ok

08:49:02.0444 2336  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys

08:49:02.0507 2336  tdx - ok

08:49:02.0569 2336  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys

08:49:02.0600 2336  TermDD - ok

08:49:02.0632 2336  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll

08:49:02.0678 2336  TermService - ok

08:49:02.0819 2336  [ 76468DF7A7A92413A57C998DE5C39290 ] TestHandler     C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

08:49:02.0866 2336  TestHandler - ok

08:49:02.0897 2336  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll

08:49:02.0944 2336  Themes - ok

08:49:02.0959 2336  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll

08:49:02.0990 2336  THREADORDER - ok

08:49:03.0037 2336  [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM             C:\Windows\system32\drivers\tpm.sys

08:49:03.0053 2336  TPM - ok

08:49:03.0068 2336  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll

08:49:03.0115 2336  TrkWks - ok

08:49:03.0162 2336  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

08:49:03.0240 2336  TrustedInstaller - ok

08:49:03.0334 2336  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys

08:49:03.0380 2336  tssecsrv - ok

08:49:03.0443 2336  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys

08:49:03.0505 2336  TsUsbFlt - ok

08:49:03.0552 2336  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys

08:49:03.0599 2336  tunnel - ok

08:49:03.0614 2336  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys

08:49:03.0646 2336  uagp35 - ok

08:49:03.0661 2336  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys

08:49:03.0724 2336  udfs - ok

08:49:03.0770 2336  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe

08:49:03.0786 2336  UI0Detect - ok

08:49:03.0833 2336  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys

08:49:03.0864 2336  uliagpkx - ok

08:49:03.0926 2336  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys

08:49:03.0973 2336  umbus - ok

08:49:04.0004 2336  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys

08:49:04.0036 2336  UmPass - ok

08:49:04.0051 2336  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll

08:49:04.0114 2336  upnphost - ok

08:49:04.0145 2336  [ BB16932A4189E82D6C455042C11849B6 ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerflt.sys

08:49:04.0192 2336  upperdev - ok

08:49:04.0254 2336  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys

08:49:04.0332 2336  usbccgp - ok

08:49:04.0348 2336  USBCCID - ok

08:49:04.0379 2336  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys

08:49:04.0441 2336  usbcir - ok

08:49:04.0488 2336  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys

08:49:04.0519 2336  usbehci - ok

08:49:04.0566 2336  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys

08:49:04.0613 2336  usbhub - ok

08:49:04.0628 2336  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys

08:49:04.0691 2336  usbohci - ok

08:49:04.0738 2336  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys

08:49:04.0769 2336  usbprint - ok

08:49:04.0816 2336  [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser          C:\Windows\system32\drivers\usbser.sys

08:49:04.0862 2336  usbser - ok

08:49:04.0894 2336  [ E748D50B3B2EC7F40A2BA67FB094CF01 ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys

08:49:04.0909 2336  UsbserFilt - ok

08:49:04.0925 2336  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS

08:49:04.0987 2336  USBSTOR - ok

08:49:05.0003 2336  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys

08:49:05.0034 2336  usbuhci - ok

08:49:05.0112 2336  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys

08:49:05.0159 2336  usbvideo - ok

08:49:05.0190 2336  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll

08:49:05.0284 2336  UxSms - ok

08:49:05.0330 2336  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe

08:49:05.0346 2336  VaultSvc - ok

08:49:05.0408 2336  [ FCE98C43B5C5DB8E0DA8EA0E2B45E044 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys

08:49:05.0440 2336  VClone - ok

08:49:05.0486 2336  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys

08:49:05.0518 2336  vdrvroot - ok

08:49:05.0549 2336  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe

08:49:05.0611 2336  vds - ok

08:49:05.0642 2336  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys

08:49:05.0705 2336  vga - ok

08:49:05.0736 2336  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys

08:49:05.0783 2336  VgaSave - ok

08:49:05.0830 2336  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys

08:49:05.0861 2336  vhdmp - ok

08:49:05.0892 2336  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys

08:49:05.0908 2336  viaagp - ok

08:49:05.0954 2336  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys

08:49:05.0986 2336  ViaC7 - ok

08:49:06.0001 2336  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys

08:49:06.0032 2336  viaide - ok

08:49:06.0188 2336  [ 1B0D441D8AB264D39C2B09130CC28045 ] VMCService      C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

08:49:06.0235 2336  VMCService ( UnsignedFile.Multi.Generic ) - warning

08:49:06.0235 2336  VMCService - detected UnsignedFile.Multi.Generic (1)

08:49:06.0266 2336  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys

08:49:06.0298 2336  volmgr - ok

08:49:06.0344 2336  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys

08:49:06.0360 2336  volmgrx - ok

08:49:06.0407 2336  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys

08:49:06.0469 2336  volsnap - ok

08:49:06.0516 2336  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys

08:49:06.0547 2336  vsmraid - ok

08:49:06.0625 2336  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe

08:49:06.0703 2336  VSS - ok

08:49:06.0734 2336  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys

08:49:06.0750 2336  vwifibus - ok

08:49:06.0781 2336  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys

08:49:06.0844 2336  vwififlt - ok

08:49:06.0875 2336  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys

08:49:06.0906 2336  vwifimp - ok

08:49:06.0937 2336  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll

08:49:07.0015 2336  W32Time - ok

08:49:07.0124 2336  [ 57C8C20BFA5BEF6BD851EBAC67A8CED0 ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll

08:49:07.0171 2336  W3SVC - ok

08:49:07.0202 2336  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys

08:49:07.0234 2336  WacomPen - ok

08:49:07.0280 2336  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys

08:49:07.0374 2336  WANARP - ok

08:49:07.0374 2336  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys

08:49:07.0405 2336  Wanarpv6 - ok

08:49:07.0483 2336  [ 57C8C20BFA5BEF6BD851EBAC67A8CED0 ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll

08:49:07.0514 2336  WAS - ok

08:49:07.0608 2336  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe

08:49:07.0686 2336  wbengine - ok

08:49:07.0717 2336  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll

08:49:07.0733 2336  WbioSrvc - ok

08:49:07.0780 2336  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll

08:49:07.0858 2336  wcncsvc - ok

08:49:07.0873 2336  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

08:49:07.0936 2336  WcsPlugInService - ok

08:49:07.0951 2336  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys

08:49:07.0967 2336  Wd - ok

08:49:07.0998 2336  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys

08:49:08.0076 2336  Wdf01000 - ok

08:49:08.0107 2336  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll

08:49:08.0201 2336  WdiServiceHost - ok

08:49:08.0201 2336  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll

08:49:08.0216 2336  WdiSystemHost - ok

08:49:08.0294 2336  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll

08:49:08.0357 2336  WebClient - ok

08:49:08.0388 2336  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll

08:49:08.0466 2336  Wecsvc - ok

08:49:08.0528 2336  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll

08:49:08.0591 2336  wercplsupport - ok

08:49:08.0653 2336  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll

08:49:08.0700 2336  WerSvc - ok

08:49:08.0747 2336  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys

08:49:08.0809 2336  WfpLwf - ok

08:49:08.0825 2336  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys

08:49:08.0856 2336  WIMMount - ok

08:49:08.0872 2336  WinHttpAutoProxySvc - ok

08:49:08.0934 2336  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll

08:49:09.0028 2336  Winmgmt - ok

08:49:09.0121 2336  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll

08:49:09.0184 2336  WinRM - ok

08:49:09.0293 2336  [ A67E5F9A400F3BD1BE3D80613B45F708 ] winusb          C:\Windows\system32\DRIVERS\WinUSB.sys

08:49:09.0371 2336  winusb - ok

08:49:09.0418 2336  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll

08:49:09.0449 2336  Wlansvc - ok

08:49:09.0558 2336  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

08:49:09.0605 2336  wlidsvc - ok

08:49:09.0667 2336  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys

08:49:09.0714 2336  WmiAcpi - ok

08:49:09.0761 2336  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe

08:49:09.0808 2336  wmiApSrv - ok

08:49:09.0948 2336  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe

08:49:10.0042 2336  WMPNetworkSvc - ok

08:49:10.0120 2336  [ 017695393AFFFED8DE58ABD1B085BE6D ] WMZuneComm      D:\Eigene Dateien\Eigene Videos\WMZuneComm.exe

08:49:10.0229 2336  WMZuneComm - ok

08:49:10.0276 2336  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll

08:49:10.0354 2336  WPCSvc - ok

08:49:10.0385 2336  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll

08:49:10.0432 2336  WPDBusEnum - ok

08:49:10.0463 2336  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys

08:49:10.0494 2336  ws2ifsl - ok

08:49:10.0556 2336  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys

08:49:10.0588 2336  WSDPrintDevice - ok

08:49:10.0603 2336  WSearch - ok

08:49:10.0728 2336  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll

08:49:10.0806 2336  wuauserv - ok

08:49:10.0837 2336  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys

08:49:10.0900 2336  WudfPf - ok

08:49:10.0946 2336  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys

08:49:11.0024 2336  WUDFRd - ok

08:49:11.0071 2336  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll

08:49:11.0118 2336  wudfsvc - ok

08:49:11.0134 2336  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll

08:49:11.0196 2336  WwanSvc - ok

08:49:11.0461 2336  [ 1076DF9ADE4E13EA3BF39D2165AEB903 ] ZuneNetworkSvc  D:\Eigene Dateien\Eigene Videos\ZuneNss.exe

08:49:11.0804 2336  ZuneNetworkSvc - ok

08:49:11.0960 2336  [ DE1CDB333A402B279F04D627122FA08E ] ZuneWlanCfgSvc  D:\Eigene Dateien\Eigene Videos\ZuneWlanCfgSvc.exe

08:49:12.0038 2336  ZuneWlanCfgSvc - ok

08:49:12.0179 2336  ================ Scan global ===============================

08:49:12.0210 2336  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll

08:49:12.0288 2336  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll

08:49:12.0335 2336  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll

08:49:12.0366 2336  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll

08:49:12.0382 2336  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe

08:49:12.0444 2336  [Global] - ok

08:49:12.0444 2336  ================ Scan MBR ==================================

08:49:12.0475 2336  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

08:49:13.0474 2336  \Device\Harddisk0\DR0 - ok

08:49:13.0474 2336  ================ Scan VBR ==================================

08:49:13.0505 2336  [ 418105D1E12AEAA75A594148227E2505 ] \Device\Harddisk0\DR0\Partition1

08:49:13.0505 2336  \Device\Harddisk0\DR0\Partition1 - ok

08:49:13.0567 2336  [ A62631A967EC5D73FB6D3E27DBBD46E0 ] \Device\Harddisk0\DR0\Partition2

08:49:13.0567 2336  \Device\Harddisk0\DR0\Partition2 - ok

08:49:13.0567 2336  ============================================================

08:49:13.0567 2336  Scan finished

08:49:13.0567 2336  ============================================================

08:49:13.0583 2544  Detected object count: 5

08:49:13.0583 2544  Actual detected object count: 5

08:49:32.0428 2544  BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user

08:49:32.0428 2544  BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip 

08:49:32.0428 2544  Brother XP spl Service ( UnsignedFile.Multi.Generic ) - skipped by user

08:49:32.0428 2544  Brother XP spl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

08:49:32.0428 2544  RalinkRegistryWriter ( UnsignedFile.Multi.Generic ) - skipped by user

08:49:32.0428 2544  RalinkRegistryWriter ( UnsignedFile.Multi.Generic ) - User select action: Skip 

08:49:32.0428 2544  tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user

08:49:32.0428 2544  tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip 

08:49:32.0443 2544  VMCService ( UnsignedFile.Multi.Generic ) - skipped by user

08:49:32.0443 2544  VMCService ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Combofix ging ohne Fehlermeldung durch.

[code]
Combofix Logfile:

Code:

ComboFix 12-09-24.02 - x 24.09.2012  19:38:22.1.2 - x86

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.2909.1842 [GMT 2:00]

ausgeführt von:: c:\users\x\Desktop\ComboFix.exe

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\x\AppData\Roaming\Microsoft\Windows\Recent\HOW TO DECRYPT FILES.txt

c:\windows\IsUn0407.exe

c:\windows\regsvr32.exe

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\spool\prtprocs\w32x86\ppbiPr.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-08-24 bis 2012-09-24  ))))))))))))))))))))))))))))))

.

.

2012-09-24 17:47 . 2012-09-24 17:50        --------        d-----w-        c:\users\x\AppData\Local\temp

2012-09-24 07:11 . 2012-09-24 07:10        821736        ----a-w-        c:\windows\system32\npDeployJava1.dll

2012-09-24 07:11 . 2012-09-24 07:10        93672        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll

2012-09-24 06:45 . 2012-09-24 06:45        --------        d-----w-        C:\TDSSKiller_Quarantine

2012-09-22 14:24 . 2012-09-22 14:24        --------        d-----w-        C:\_OTL

2012-09-21 09:34 . 2012-09-21 09:34        --------        d-----w-        c:\program files\MSECache

2012-09-21 09:10 . 2012-09-21 09:10        --------        d-----w-        c:\users\x\AppData\Roaming\LockHunter

2012-09-21 09:06 . 2012-09-21 09:13        --------        d-----w-        c:\program files\LockHunter

2012-09-18 10:51 . 2012-09-19 08:08        1644        ----a-w-        c:\windows\system32\ASOROSet.bin

2012-09-18 10:49 . 2012-09-18 10:49        --------        d-----w-        c:\users\x\AppData\Roaming\Digital Support

2012-09-18 10:44 . 2012-09-19 09:05        --------        d-----w-        c:\users\x\AppData\Roaming\Systweak

2012-09-18 10:44 . 2012-09-19 08:17        --------        d-----w-        c:\program files\RegClean Pro

2012-09-18 10:16 . 2012-09-19 08:17        --------        d-----w-        c:\program files\SmartPCFixer

2012-09-17 10:27 . 2012-09-17 10:27        --------        d-----w-        c:\users\x\AppData\Roaming\www.shadowexplorer.com

2012-09-17 06:00 . 2012-09-07 15:04        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-09-17 06:00 . 2012-09-17 06:00        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-09-14 11:36 . 2012-09-14 11:36        55        ----a-w-        c:\windows\system32\ntfs_system.bat

2012-09-14 07:18 . 2012-08-23 07:15        7022536        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1B3C3C2-44A7-4832-8336-17F26FBB8824}\mpengine.dll

2012-09-12 07:51 . 2012-08-22 17:16        712048        ----a-w-        c:\windows\system32\drivers\ndis.sys

2012-09-12 07:51 . 2012-07-04 19:45        33280        ----a-w-        c:\windows\system32\drivers\RNDISMP.sys

2012-09-12 07:51 . 2012-08-22 17:16        1292144        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2012-09-12 07:51 . 2012-08-22 17:16        240496        ----a-w-        c:\windows\system32\drivers\netio.sys

2012-09-12 07:51 . 2012-08-22 17:16        187760        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS

2012-09-12 07:51 . 2012-08-02 16:57        490496        ----a-w-        c:\windows\system32\d3d10level9.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-24 07:10 . 2011-10-14 16:36        746984        ----a-w-        c:\windows\system32\deployJava1.dll

2012-09-17 06:22 . 2012-09-17 06:22        101329        ----a-w-        C:\zbotkiller.zip

2012-07-18 17:47 . 2012-08-16 07:00        2345984        ----a-w-        c:\windows\system32\win32k.sys

2012-07-06 19:23 . 2012-08-15 07:35        393728        ----a-w-        c:\windows\system32\drivers\bthport.sys

2012-07-04 21:14 . 2012-08-16 07:00        102912        ----a-w-        c:\windows\system32\browser.dll

2012-07-04 21:14 . 2012-08-16 07:00        41984        ----a-w-        c:\windows\system32\browcli.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17166733-40EA-4432-A85C-AE672FF0E236}]

2011-04-19 12:25        163936        ----a-w-        c:\programdata\1und1InternetExplorerAddon\BHOXML.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NBJ"="d:\nero\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]

"AnyDVD"="d:\anydvd\AnyDVDtray.exe" [2011-12-31 5598840]

"Updater shortcut"="c:\program files\T-Mobile\web'n'walk Manager\WTGU.exe" [2008-06-19 857544]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-22 7514656]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"YouCam Mirror Tray icon"="c:\program files\CyberLink\YouCam\YouCamTray.exe" [2009-07-08 162912]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 172032]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"RSA Card Conversion Utility"="c:\program files\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe" [2010-08-27 3499728]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]

"Zune Launcher"="d:\eigene dateien\Eigene Videos\ZuneLauncher.exe" [2011-08-05 159456]

"DataCardMonitor"="c:\program files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe" [2012-08-07 319488]

"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-11 2403840]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2010-1-9 1777664]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

LaunchCenter.lnk - c:\program files\Fujitsu\LaunchCenter\LaunchCenter.exe [2009-9-22 2351104]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

3;2 NAUpdate;Nero Update [2011-11-25 687400]

R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [x]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]

R3 netr73;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr73.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;d:\eigene dateien\Eigene Videos\WMZuneComm.exe [x]

R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*Deregistered* - BMLoad

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

iissvcs        REG_MULTI_SZ           w3svc was

apphost        REG_MULTI_SZ           apphostsvc

.

Inhalt des "geplante Tasks" Ordners

.

2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-24 09:09]

.

2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-24 09:09]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

uInternet Settings,ProxyOverride = *.local;<local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

LSP: bmnet.dll

Trusted Zone: volkswohl-bund.de\vbnet

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - 

DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

URLSearchHooks-{26647ca4-a2a7-4eac-8a72-761aa9141de7} - (no file)

BHO-{BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - c:\program files\GMX Toolbar\IE\uitb.dll

Toolbar-{C424171E-592A-415a-9EB1-DFD6D95D3530} - (no file)

SafeBoot-78808047.sys

AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\programdata\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe

AddRemove- 2000 - c:\windows\IsUn0407.exe

AddRemove-ElsterFormular 11.2.0.4074 - d:\programme\uninstall.exe

AddRemove-ElsterFormular 11.5.0.4546 - d:\programme\uninstall.exe

AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{C424171E-592A-415A-9EB1-DFD6D95D3530}"=hex:51,66,7a,6c,4c,1d,38,12,70,14,37,

   c0,18,17,34,04,e1,a7,9c,96,dc,03,71,24

"{B922D405-6D13-4A2B-AE89-08A030DA4402}"=hex:51,66,7a,6c,4c,1d,38,12,6b,d7,31,

   bd,21,23,45,0f,d1,9f,4b,e0,35,84,00,16

"{17166733-40EA-4432-A85C-AE672FF0E236}"=hex:51,66,7a,6c,4c,1d,38,12,5d,64,05,

   13,d8,0e,5c,01,d7,4a,ed,27,2a,ae,a6,22

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{BF42D4A8-016E-4FCD-B1EB-837659FD77C6}"=hex:51,66,7a,6c,4c,1d,38,12,c6,d7,51,

   bb,5c,4f,a3,0a,ce,fd,c0,36,5c,a3,33,d2

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:85,2c,f3,99,17,89,cc,01

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'lsass.exe'(532)

c:\windows\system32\bmnet.dll

.

- - - - - - - > 'Explorer.exe'(2856)

d:\anydvd\ADvdDiscHlp1.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\brsvc01a.exe

c:\windows\system32\taskhost.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\windows\system32\brss01a.exe

c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files\Ralink\Common\RalinkRegistryWriter.exe

c:\program files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\conhost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\system32\conhost.exe

c:\program files\Fujitsu OSD Utility\OSDUtility.exe

c:\program files\Brother\ControlCenter3\brccMCtl.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

c:\program files\Nero\Update\NASvc.exe

c:\windows\system32\sppsvc.exe

c:\windows\system32\msiexec.exe

d:\eigene dateien\Eigene Videos\ZuneNss.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-09-24  19:55:26 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-09-24 17:55

.

Vor Suchlauf: 26 Verzeichnis(se), 72.469.147.648 Bytes frei

Nach Suchlauf: 31 Verzeichnis(se), 72.248.311.808 Bytes frei

.

- - End Of File - - 63D9D512DDE1D45B75DE89069FF94A43

--- --- ---

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Das ist der Text von GMER.

[code]
GMER Logfile:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-09-25 12:56:39

Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11

Running: g2wm2hl2.exe; Driver: C:\Users\x\AppData\Local\Temp\pgddipog.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            9045313E                                                                                                                 ZwCreateSection

SSDT            90453148                                                                                                                 ZwRequestWaitReplyPort

SSDT            90453143                                                                                                                 ZwSetContextThread

SSDT            9045314D                                                                                                                 ZwSetSecurityObject

SSDT            90453152                                                                                                                 ZwSystemDebugControl

SSDT            904530DF                                                                                                                 ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                 830833C9 1 Byte  [06]

.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                   830BCD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                      830C3EAC 4 Bytes  [3E, 31, 45, 90] {XOR DS:[EBP-0x70], EAX}

.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                      830C4208 4 Bytes  [48, 31, 45, 90] {DEC EAX; XOR [EBP-0x70], EAX}

.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                      830C424C 4 Bytes  [43, 31, 45, 90] {INC EBX; XOR [EBP-0x70], EAX}

.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                                      830C42C8 4 Bytes  [4D, 31, 45, 90] {DEC EBP; XOR [EBP-0x70], EAX}

.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                                      830C431C 4 Bytes  [52, 31, 45, 90] {PUSH EDX; XOR [EBP-0x70], EAX}

.text           ...                                                                                                                      

.text           peauth.sys                                                                                                               AE410C9D 28 Bytes  [04, 05, BC, 71, E9, C7, 2B, ...]

.text           peauth.sys                                                                                                               AE410CC1 28 Bytes  [04, 05, BC, 71, E9, C7, 2B, ...]
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT             D:\Eigene Dateien\Eigene Videos\ZuneLauncher.exe[3128] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [75DEFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             D:\Eigene Dateien\Eigene Videos\ZuneLauncher.exe[3128] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [75DEFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             D:\Eigene Dateien\Eigene Videos\ZuneLauncher.exe[3128] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [75DEFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             D:\Eigene Dateien\Eigene Videos\ZuneLauncher.exe[3128] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [75DEFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                   [75DEFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                     [75DEFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                      [75DEFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                    [75DEFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Windows\system32\msiexec.exe[5372] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                    [75DEFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
 

---- Devices - GMER 1.0.15 ----
 

Device          \Driver\ACPI_HAL \Device\00000050                                                                                        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
 

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a9402953a                                              

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a9402953a (not active ControlSet)                          

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress                                                      

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress@                                                     C:\Windows\Installer\2e9f2.ipi
 

---- EOF - GMER 1.0.15 ----

--- --- ---

Das Log von OSAM

Code:

OSAM Logfile:
 

        Code:


        
Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 13:10:58 on 25.09.2012
 

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit

Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\Windows\System32\Drivers\AnyDVD.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys

"Bytemobile Boot Time Load Driver" (BMLoad) - "Bytemobile, Inc." - C:\Windows\System32\drivers\BMLoad.sys

"Bytemobile Kernel Network Provider" (tcpipBM) - "Bytemobile, Inc." - C:\Windows\system32\drivers\tcpipBM.sys

"catchme" (catchme) - ? - C:\Users\x\AppData\Local\Temp\catchme.sys  (File not found)

"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys

"pgddipog" (pgddipog) - ? - C:\Users\x\AppData\Local\Temp\pgddipog.sys  (Hidden registry entry, rootkit activity | File not found)

"Realtek IR Driver" (RtsUIR) - ? - C:\Windows\System32\DRIVERS\Rts516xIR.sys  (File not found)

"Realtek Smartcard Reader Driver" (USBCCID) - ? - C:\Windows\System32\DRIVERS\RtsUCcid.sys  (File not found)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

"SymEvent" (SymEvent) - "Symantec Corporation" - C:\Windows\system32\Drivers\SYMEVENT.SYS
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

{8FAF0273-9CA8-4efc-9536-1E35E254D5CD} "GMX NewTab Protocol" - ? - C:\Program Files\GMX Toolbar\IE\uitb.dll  (File not found)

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)

{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{888078C6-70B2-4F88-8EE7-1F50DDEA6120} "CeWe Color AG & Co. OHG Control" - "CeWe Color AG & Co. OHG" - C:\WINDOWS\Downloaded Program Files\ImageUploader6.ocx / https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash11c.ocx / https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{17166733-40EA-4432-A85C-AE672FF0E236} "GMX Konfiguration" - "1&1 Mail & Media GmbH" - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[LSA Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----

"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office\OSA9.EXE  (Shortcut exists | File exists)

"Ralink Wireless Utility.lnk" - "Ralink Technology, Corp." - C:\Program Files\Ralink\Common\RaUI.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"AnyDVD" - "SlySoft, Inc." - D:\AnyDVD\AnyDVDtray.exe

"NBJ" - "Ahead Software AG" - "D:\Nero\Nero BackItUp\NBJ.exe"

"Updater shortcut" - ? - C:\Program Files\T-Mobile\web'n'walk Manager\WTGU.exe

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"BrMfcWnd" - "Brother Industries, Ltd." - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

"ControlCenter3" - "Brother Industries, Ltd." - C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

"DataCardMonitor" - "Huawei Technologies Co., Ltd." - C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe

"Fujitsu OSD Utility" - "Fujitsu Technology Solutions" - C:\PROGRA~1\FUJITS~1\OSDUTI~1.EXE

"IndexSearch" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"

"MobileConnect" - "Vodafone" - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent

"NeroFilterCheck" - "Ahead Software Gmbh" - C:\Windows\system32\NeroCheck.exe

"PaperPort PTD" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"

"PPort11reminder" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

"RSA Card Conversion Utility" - "RSA, The Security Division of EMC." - C:\Program Files\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe -background

"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"

"YouCam Mirror Tray icon" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s

"Zune Launcher" - "Microsoft Corporation" - "D:\Eigene Dateien\Eigene Videos\ZuneLauncher.exe"
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@C:\Program Files\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Program Files\Nero\Update\NASvc.exe

"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197" (NetPipeActivator) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199" (NetTcpActivator) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8201" (NetTcpPortSharing) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"BrSplService" (Brother XP spl Service) - "brother Industries Ltd" - C:\Windows\system32\brsvc01a.exe

"Fujitsu Diagnostic Testhandler" (TestHandler) - "Fujitsu Technology Solutions" - C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Ralink Registry Writer" (RalinkRegistryWriter) - "Ralink Technology, Corp." - C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe

"Vodafone Mobile Connect Service" (VMCService) - "Vodafone" - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

"Zune Network Sharing Service" (ZuneNetworkSvc) - "Microsoft Corporation" - D:\Eigene Dateien\Eigene Videos\ZuneNss.exe

"Zune Windows Mobile Connectivity Service" (WMZuneComm) - "Microsoft Corporation" - D:\Eigene Dateien\Eigene Videos\WMZuneComm.exe

"Zune Wireless Configuration Service" (ZuneWlanCfgSvc) - "Microsoft Corporation" - D:\Eigene Dateien\Eigene Videos\ZuneWlanCfgSvc.exe
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----

"BMI over [MSAFD-Tcpip [RAW/IP]]" - "Bytemobile, Inc." - C:\Windows\system32\bmnet.dll

"BMI over [MSAFD-Tcpip [TCP/IP]]" - "Bytemobile, Inc." - C:\Windows\system32\bmnet.dll

"BMI over [MSAFD-Tcpip [UDP/IP]]" - "Bytemobile, Inc." - C:\Windows\system32\bmnet.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

 
--- --- ---
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

So, der Rest hat lange gedauert.

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-09-25 13:13:49

-----------------------------

13:13:49.808    OS Version: Windows 6.1.7601 Service Pack 1

13:13:49.808    Number of processors: 2 586 0x170A

13:13:49.808    ComputerName: X-PC  UserName: x

13:13:50.622    Initialize success

13:15:44.325    AVAST engine defs: 12092500

13:20:58.168    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

13:20:58.178    Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 11

13:20:58.768    Disk 0 MBR read successfully

13:20:58.768    Disk 0 MBR scan

13:20:58.778    Disk 0 Windows 7 default MBR code

13:20:58.928    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS         2049 MB offset 12678

13:20:59.118    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       128001 MB offset 4212332

13:20:59.248    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       175186 MB offset 266358784

13:20:59.738    Disk 0 scanning sectors +625139712

13:21:00.378    Disk 0 scanning C:\Windows\system32\drivers

13:23:30.801    Service scanning

13:23:54.571    Modules scanning

13:26:06.625    Disk 0 trace - called modules:

13:26:06.725    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys 

13:26:06.735    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866a33e8]

13:26:06.745    3 CLASSPNP.SYS[8b3af59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x861ee908]

13:26:07.435    AVAST engine scan C:\Windows

13:27:21.052    AVAST engine scan C:\Windows\system32

14:28:41.139    AVAST engine scan C:\Windows\system32\drivers

14:35:38.057    AVAST engine scan C:\Users\x

15:34:13.674    Disk 0 MBR has been saved successfully to "C:\Users\x\Downloads\MBR.dat"

15:34:14.484    The log file has been saved successfully to "C:\Users\x\Downloads\aswMBR.txt"
 
 

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-09-25 13:13:49

-----------------------------

13:13:49.808    OS Version: Windows 6.1.7601 Service Pack 1

13:13:49.808    Number of processors: 2 586 0x170A

13:13:49.808    ComputerName: X-PC  UserName: x

13:13:50.622    Initialize success

13:15:44.325    AVAST engine defs: 12092500

13:20:58.168    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

13:20:58.178    Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 11

13:20:58.768    Disk 0 MBR read successfully

13:20:58.768    Disk 0 MBR scan

13:20:58.778    Disk 0 Windows 7 default MBR code

13:20:58.928    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS         2049 MB offset 12678

13:20:59.118    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       128001 MB offset 4212332

13:20:59.248    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       175186 MB offset 266358784

13:20:59.738    Disk 0 scanning sectors +625139712

13:21:00.378    Disk 0 scanning C:\Windows\system32\drivers

13:23:30.801    Service scanning

13:23:54.571    Modules scanning

13:26:06.625    Disk 0 trace - called modules:

13:26:06.725    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys 

13:26:06.735    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866a33e8]

13:26:06.745    3 CLASSPNP.SYS[8b3af59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x861ee908]

13:26:07.435    AVAST engine scan C:\Windows

13:27:21.052    AVAST engine scan C:\Windows\system32

14:28:41.139    AVAST engine scan C:\Windows\system32\drivers

14:35:38.057    AVAST engine scan C:\Users\x

15:34:13.674    Disk 0 MBR has been saved successfully to "C:\Users\x\Downloads\MBR.dat"

15:34:14.484    The log file has been saved successfully to "C:\Users\x\Downloads\aswMBR.txt"

15:34:33.293    Disk 0 MBR has been saved successfully to "C:\Users\x\Downloads\MBR.dat"

15:34:33.303    The log file has been saved successfully to "C:\Users\x\Downloads\aswMBR.txt"

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Hier die beiden logs.

Code:

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.09.25.10
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

x :: X-PC [Administrator]
 

25.09.2012 19:48:27

mbam-log-2012-09-25 (19-48-27).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 602694

Laufzeit: 1 Stunde(n), 39 Minute(n), 56 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 09/26/2012 at 11:15 AM
 

Application Version : 5.5.1022
 

Core Rules Database Version : 9292

Trace Rules Database Version: 7104
 

Scan type       : Complete Scan

Total Scan Time : 02:49:25
 

Operating System Information

Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Administrator
 

Memory items scanned      : 804

Memory threats detected   : 0

Registry items scanned    : 37494

Registry threats detected : 0

File items scanned        : 339259

File threats detected     : 122
 

Adware.Tracking Cookie

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\EW2VIF5C.txt [ /revsci.net ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\H1I6A7YQ.txt [ /mediaplex.com ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\R6POOCOQ.txt [ /apmebf.com ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\E0DSLRSU.txt [ /adbrite.com ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\KCY4LB7V.txt [ /webmasterplan.com ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\H91QHFQ0.txt [ /adx.chip.de ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Z806J6OW.txt [ /ad3.adfarm1.adition.com ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\OZ304E0N.txt [ /ru4.com ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\DPESYIIF.txt [ /gmeurope.112.2o7.net ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\JBE5HCFU.txt [ /serialnumber.in ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\2QWKJ35Z.txt [ /imrworldwide.com ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\H0WZ2BYR.txt [ /questionmarket.com ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\0XTW817G.txt [ /zanox.com ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\M75I05OW.txt [ /ads.creative-serving.com ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\4LOTWGE1.txt [ /invitemedia.com ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\LNT1R7CJ.txt [ /adx2.chip.de ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\FVORZNFN.txt [ /zanox-affiliate.de ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\1COTF8Q0.txt [ /ad.yieldmanager.com ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\72KPWZ9O.txt [ /serving-sys.com ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\CFPETBF3.txt [ /atdmt.com ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Q2LG8HE1.txt [ /adinterax.com ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\0J23F0WI.txt [ /kontera.com ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\U6H5QXA4.txt [ /www.googleadservices.com ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Y6SMYML1.txt [ /doubleclick.net ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\IDS2LVZU.txt [ /ad.360yield.com ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\91R1R1H3.txt [ /unitymedia.de ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\O43J91AV.txt [ /ad2.adfarm1.adition.com ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\I7NS9NI7.txt [ /collective-media.net ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\6FFIG9XN.txt [ /ad1.adfarm1.adition.com ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\MCVTI5V8.txt [ /tracker.vinsight.de ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\TK23XL24.txt [ /tracking.mlsat02.de ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\0ZW2CT0M.txt [ /tribalfusion.com ]

        C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\OS7Z37KH.txt [ /adfarm1.adition.com ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\H1L2472U.txt [ Cookie:x@clkads.com/adServe ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\AUUUQ55C.txt [ Cookie:x@clkads.com/adServe/banners ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\GQ7LPFVN.txt [ Cookie:x@mediaplex.com/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\X0BBLNUH.txt [ Cookie:x@statse.webtrendslive.com/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\STW4N5JQ.txt [ Cookie:x@ww251.smartadserver.com/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\OOH5G8S1.txt [ Cookie:x@apmebf.com/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\A6L2KDLQ.txt [ Cookie:x@adbrite.com/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\B4E2J38J.txt [ Cookie:x@c.atdmt.com/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\T86DJM2U.txt [ Cookie:x@webmasterplan.com/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\XLF1EOGP.txt [ Cookie:x@serialnumber.in/serial/registry-mechanic-600780license-namelicense-code/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\LR6103G2.txt [ Cookie:x@adx.chip.de/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\75JV6VJJ.txt [ Cookie:x@ad3.adfarm1.adition.com/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\H143BT1H.txt [ Cookie:x@ru4.com/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\3MHILYC6.txt [ Cookie:x@serialnumber.in/search/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\O3MXWODK.txt [ Cookie:x@www.googleadservices.com/pagead/conversion/960449084/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\URCF2KZL.txt [ Cookie:x@adform.net/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\1UBPYP22.txt [ Cookie:x@serialnumber.in/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\UXDMZQM7.txt [ Cookie:x@ad4.adfarm1.adition.com/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\5MW2F7HH.txt [ Cookie:x@xiti.com/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\7CLV3N10.txt [ Cookie:x@tracking.quisma.com/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\326W9CQC.txt [ Cookie:x@yieldmanager.net/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\3TRNF9P2.txt [ Cookie:x@zanox.com/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y3RDK1DZ.txt [ Cookie:x@www.pilzfinder.de/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\U0XZ4SVI.txt [ Cookie:x@lfstmedia.com/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\8CGAZS64.txt [ Cookie:x@invitemedia.com/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\UPHUZD8J.txt [ Cookie:x@exoclick.com/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\99QWI6BC.txt [ Cookie:x@adx2.chip.de/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\UWWBVYKL.txt [ Cookie:x@www.etracker.de/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\CIZRW96J.txt [ Cookie:x@zanox-affiliate.de/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\3TW3IT37.txt [ Cookie:x@casalemedia.com/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\WCERXQ13.txt [ Cookie:x@ad.yieldmanager.com/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\VEYVKSJ0.txt [ Cookie:x@track.adform.net/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\2IUF94BP.txt [ Cookie:x@atdmt.com/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\OEC1S0GN.txt [ Cookie:x@c1.atdmt.com/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\G5N7TIS4.txt [ Cookie:x@kontera.com/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\DCFV5M5B.txt [ Cookie:x@stats.paypal.com/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\14PK0XZX.txt [ Cookie:x@tradedoubler.com/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\5CDQRGTN.txt [ Cookie:x@statcounter.com/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\WCF102WJ.txt [ Cookie:x@doubleclick.net/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\TJAQICJ4.txt [ Cookie:x@toplist.cz/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\FGJTY0UW.txt [ Cookie:x@clickbank.net/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\8IGSRNSR.txt [ Cookie:x@adtech.de/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\H53RHG6F.txt [ Cookie:x@ad2.adfarm1.adition.com/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\WPKOQWSG.txt [ Cookie:x@unitymedia.de/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\6ERTPE3I.txt [ Cookie:x@adxpose.com/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\ELVRT7TA.txt [ Cookie:x@microsoftwindows.112.2o7.net/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\UJMOHE08.txt [ Cookie:x@fastclick.net/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\SXAWWXFQ.txt [ Cookie:x@de.sitestat.com/idgcom-de/computerwoche/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\JTOMR02M.txt [ Cookie:x@tracker.vinsight.de/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\2UNCAG23.txt [ Cookie:x@smartadserver.com/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\G1IP1K2J.txt [ Cookie:x@paypal.112.2o7.net/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\IV1032ZS.txt [ Cookie:x@ad.adnet.de/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\59VF6JZ7.txt [ Cookie:x@www.googleadservices.com/pagead/conversion/1012284249/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z1B3I0V4.txt [ Cookie:x@tribalfusion.com/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\KS6CCJC7.txt [ Cookie:x@adfarm1.adition.com/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\475ZAVZ7.txt [ Cookie:x@adviva.net/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\0Y8H0FOA.txt [ Cookie:x@auslieferung.commindo-media-ressourcen.de/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\IQDFWBQ8.txt [ Cookie:x@specificclick.net/ ]

        C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\1DT4LLHK.txt [ Cookie:x@kaspersky.122.2o7.net/ ]

        C:\USERS\X\Cookies\H1I6A7YQ.txt [ Cookie:x@mediaplex.com/ ]

        C:\USERS\X\Cookies\R6POOCOQ.txt [ Cookie:x@apmebf.com/ ]

        C:\USERS\X\Cookies\E0DSLRSU.txt [ Cookie:x@adbrite.com/ ]

        C:\USERS\X\Cookies\KCY4LB7V.txt [ Cookie:x@webmasterplan.com/ ]

        C:\USERS\X\Cookies\H91QHFQ0.txt [ Cookie:x@adx.chip.de/ ]

        C:\USERS\X\Cookies\Z806J6OW.txt [ Cookie:x@ad3.adfarm1.adition.com/ ]

        C:\USERS\X\Cookies\OZ304E0N.txt [ Cookie:x@ru4.com/ ]

        C:\USERS\X\Cookies\H1L2472U.txt [ Cookie:x@clkads.com/adServe ]

        C:\USERS\X\Cookies\DPESYIIF.txt [ Cookie:x@gmeurope.112.2o7.net/ ]

        C:\USERS\X\Cookies\JBE5HCFU.txt [ Cookie:x@serialnumber.in/ ]

        C:\USERS\X\Cookies\0XTW817G.txt [ Cookie:x@zanox.com/ ]

        C:\USERS\X\Cookies\4LOTWGE1.txt [ Cookie:x@invitemedia.com/ ]

        C:\USERS\X\Cookies\LNT1R7CJ.txt [ Cookie:x@adx2.chip.de/ ]

        C:\USERS\X\Cookies\FVORZNFN.txt [ Cookie:x@zanox-affiliate.de/ ]

        C:\USERS\X\Cookies\1COTF8Q0.txt [ Cookie:x@ad.yieldmanager.com/ ]

        C:\USERS\X\Cookies\CFPETBF3.txt [ Cookie:x@atdmt.com/ ]

        C:\USERS\X\Cookies\Q2LG8HE1.txt [ Cookie:x@adinterax.com/ ]

        C:\USERS\X\Cookies\0J23F0WI.txt [ Cookie:x@kontera.com/ ]

        C:\USERS\X\Cookies\U6H5QXA4.txt [ Cookie:x@www.googleadservices.com/pagead/conversion/1040859109/ ]

        C:\USERS\X\Cookies\Y6SMYML1.txt [ Cookie:x@doubleclick.net/ ]

        C:\USERS\X\Cookies\AUUUQ55C.txt [ Cookie:x@clkads.com/adServe/banners ]

        C:\USERS\X\Cookies\91R1R1H3.txt [ Cookie:x@unitymedia.de/ ]

        C:\USERS\X\Cookies\O43J91AV.txt [ Cookie:x@ad2.adfarm1.adition.com/ ]

        C:\USERS\X\Cookies\MCVTI5V8.txt [ Cookie:x@tracker.vinsight.de/ ]

        C:\USERS\X\Cookies\0ZW2CT0M.txt [ Cookie:x@tribalfusion.com/ ]

        C:\USERS\X\Cookies\OS7Z37KH.txt [ Cookie:x@adfarm1.adition.com/ ]
 

Trojan.Agent/Gen-Kazy[Ico]

        C:\PROGRAM FILES\GS\UNINSTGS.EXE
 

Trojan.Agent/Gen-Cryptor[Virut]

        C:\PROGRAM FILES\VOLKSWOHL BUND\ANGEBOTSPROGRAMM KOMFORT\PROGRAMM\JNIUTILS.DLL
 

Trojan.Agent/Gen-Krpytik

        C:\VHV\VHV TARIFPROGRAMM\VPL_APPS\DLL.32\SBIKSE32.DLL
 

Trojan.Agent/Gen-FakeAlert

        C:\VHV\VHV TARIFPROGRAMM\VPL_APPS\TOOLBAR.EXE

Code:

Trojan.Agent/Gen-Kazy[Ico]

        C:\PROGRAM FILES\GS\UNINSTGS.EXE
 

Trojan.Agent/Gen-Cryptor[Virut]

        C:\PROGRAM FILES\VOLKSWOHL BUND\ANGEBOTSPROGRAMM KOMFORT\PROGRAMM\JNIUTILS.DLL
 

Trojan.Agent/Gen-Krpytik

        C:\VHV\VHV TARIFPROGRAMM\VPL_APPS\DLL.32\SBIKSE32.DLL
 

Trojan.Agent/Gen-FakeAlert

        C:\VHV\VHV TARIFPROGRAMM\VPL_APPS\TOOLBAR.EXE

Sinddir diese Dateien ein Begriff?

Die erste nicht, aber VHV und Volkswohl Bund sind Programme mit denen ich arbeite. Diese, wie auch andere installierte Programme, lassen sich ja nicht mehr öffnen. Ob der Dateiname so vorher schon war, weiss ich allerdings nicht. Meine anderen Dateien, wie Bilder, Videos, PDF´s, Texte usw. sind auch alle noch verschlüsselt.

Das erste ist wahrscheinlich Ghostscript, das ist ok
Die anderen werden wohl auch ok sein, ist schon ok denn es ist fast normal dass sasw Fehlalarme meldet

Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Hallo, erstmal danke für deine Hilfe. Der Rechner läuft soweit, einige Programme konnte ich auch wieder aktivieren. Aber leider nicht alle und vorallem meine gesamten Dokumente sind immer noch gesperrt und bei bestimmten Programmen sind die Dateien gesperrt, um es zu starten. Die gesperrten Dateien sehen immer bleich aus. Hier ein Beispiel:

Code:

Opcos.XML.BLOCKAGE
 

oder
 

2011.jpg.BLOCKAGE
 

oder
 

Muster.doc.BLOCKAGE

Kannst du mir da noch weiter helfen?

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => http://www.adobe.com/software/flash/about/
Downloadlinks => http://www.adobe.com/products/flashp...ribution3.html

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Zitat:

Aber leider nicht alle und vorallem meine gesamten Dokumente sind immer noch gesperrt und bei bestimmten Programmen sind die Dateien gesperrt, um es zu starten. Die gesperrten Dateien sehen immer bleich aus. Hier ein Beispiel:

Wozu haben wir die Hinweise oben? Da steht doch oben alles! :pfeiff:

Eine Entschlüsselung ist unwahrscheinlich bis unmöglich!

Zitat:

3. Bei Dateien wie locked-<DATEINAME>.<ENDUNG>.wxyz entschlüsseln:Übersicht der 8 Entschlüsselungs-Tools
ansonsten Daten retten / Daten wiederherstellen: Daten retten nach Verschlüsselungstrojaner

Wenn das keine einfache Verschlüsselung mit "locked-" im Dateinamen ist, sollte man sich um Datenrettung und nicht um Entschlüsselung kümmern!
Wenn Vista oder Win7 im Einsatz sind, den ShadowExplorer testen! Aber keine unnötige Zeit mit Entschlüsselungsversuchen verschwenden

Und in Zukunft willst du sicher mal an ein besseres Backupkonzept denken. Hier ein Denkanstoß => http://www.trojaner-board.de/115678-...r-backups.html