Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: ihavenet Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.06.2013, 14:36   #1
omernur
 
ihavenet Virus - Standard

ihavenet Virus



Hallo Leute,
ich habe seit 2 Wochen Ihavenet-Virus. Obwohl mein Antivirus Programm "Avira" den Computer &Browser für sicher stellt, werde ich immer von Google auf falsche Seiten umgeleitet. Oft sind es Werbungen von Ihavenet.

Ich habe als erstes Google Chrome gelöscht und wieder heruntergeladen. Jedoch wurde ich wieder auf falschen Seiten umgeleitet.
Ich weiß es nicht, was ich machen muss. Wie muss ich vorgehen.?

Alt 09.06.2013, 14:41   #2
markusg
/// Malware-holic
 
ihavenet Virus - Standard

ihavenet Virus



Hi,

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 11.06.2013, 14:22   #3
omernur
 
ihavenet Virus - Standard

ihavenet Virus



Danke für Ihre schnelle Antwort und Hilfe

hier sind die Otl.txtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.06.2013 14:30:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\bbbb\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
765,82 Mb Total Physical Memory | 199,15 Mb Available Physical Memory | 26,00% Memory free
1,75 Gb Paging File | 0,67 Gb Available in Paging File | 38,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 68,50 Gb Free Space | 47,51% Space Free | Partition Type: NTFS
Drive D: | 4,88 Gb Total Space | 1,52 Gb Free Space | 31,15% Space Free | Partition Type: NTFS
 
Computer Name: TAHSIN-PC | User Name: bbbb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.11 14:28:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bbbb\Downloads\OTL (1).exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.30 12:03:00 | 001,648,264 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2013.04.09 22:17:16 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2013.04.04 11:22:39 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.06 16:13:38 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.06 11:13:40 | 000,182,272 | -HS- | M] () -- C:\Windows\System32\cpConMgr.exe
PRC - [2013.01.31 11:01:06 | 000,865,056 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013.01.31 11:01:05 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.10.10 22:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011.12.06 12:17:56 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Programme\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.08.08 10:25:06 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
PRC - [2007.01.05 00:13:54 | 000,240,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2008.08.02 13:56:54 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe -- (SbPF.Launcher)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2013.05.15 19:48:03 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.09 22:17:16 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.06 11:13:40 | 000,182,272 | -HS- | M] () [Auto | Running] -- C:\Windows\System32\cpConMgr.exe -- (cpConMgr)
SRV - [2012.10.10 22:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.11.16 18:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.04.28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.01.05 00:13:54 | 000,240,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013.03.06 16:13:37 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.02.27 13:22:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.02.27 13:22:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.02.19 21:32:54 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.06.21 04:54:54 | 000,269,736 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw)
DRV - [2008.06.21 04:54:54 | 000,065,576 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2006.12.06 01:39:11 | 001,963,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2006.11.02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006.11.01 22:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)
DRV - [2005.12.19 11:15:44 | 000,028,800 | ---- | M] (O2Micro ) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2005.08.05 04:51:26 | 000,034,144 | ---- | M] (O2Micro ) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2005.05.31 15:40:20 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005.05.31 09:42:28 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005.04.30 14:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005.04.30 14:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BtNetDrv.sys -- (BT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Programme\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {eecbb8d2-b448-4b01-a402-969e4d5847e5} - C:\Programme\Oryte_Games_1.17\tbOryt.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2830576
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{804E719D-FEFF-499E-9BD7-D16E56C9A0F1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=141ef504-fe6e-474e-b4db-8111ce1c3d43&apn_sauid=F5BA7F35-689C-4001-9159-6DBAA10B0ADC
IE - HKCU\..\SearchScopes\{AA6859C2-2545-4C34-A858-78A51EEF8901}: "URL" = hxxp://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=053013&q={searchTerms}&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/406"
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=169&systemid=406&sr=0&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\bbbb\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\bbbb\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.12.28 21:50:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.02 19:52:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.05 14:51:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.12.28 21:50:02 | 000,000,000 | ---D | M]
 
[2012.08.04 17:20:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bbbb\AppData\Roaming\mozilla\Extensions
[2013.06.08 15:59:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bbbb\AppData\Roaming\mozilla\Firefox\Profiles\mlleglp5.default\extensions
[2013.06.07 00:18:03 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\bbbb\AppData\Roaming\mozilla\Firefox\Profiles\mlleglp5.default\extensions\toolbar@ask.com
[2013.06.07 00:18:03 | 000,002,344 | ---- | M] () -- C:\Users\bbbb\AppData\Roaming\mozilla\firefox\profiles\mlleglp5.default\searchplugins\askcom.xml
[2013.05.30 20:21:40 | 000,002,402 | ---- | M] () -- C:\Users\bbbb\AppData\Roaming\mozilla\firefox\profiles\mlleglp5.default\searchplugins\bingp.xml
[2012.06.02 19:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.01.12 19:27:26 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 19:46:10 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\bbbb\AppData\Local\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\bbbb\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\bbbb\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\bbbb\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Avira Toolbar = C:\Users\bbbb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.26.0_0\
CHR - Extension: Google Docs = C:\Users\bbbb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\bbbb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\bbbb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\bbbb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Complitly plugin for chrome = C:\Users\bbbb\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
CHR - Extension: Google Mail = C:\Users\bbbb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\tahsin\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Ironsource LTD Helper Object) - {25927741-5E5B-4D27-8D8B-9188FE64373F} - C:\Programme\Ironsource\searchya\1.5.13.0\bh\searchya.dll (Montera Technologeis LTD)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Programme\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (Oryte Games 1.17 Toolbar) - {eecbb8d2-b448-4b01-a402-969e4d5847e5} - C:\Programme\Oryte_Games_1.17\tbOryt.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SearchYa Toolbar) - {33AA308B-B565-4376-AC66-59EE9B6AD13E} - C:\Programme\Ironsource\searchya\1.5.13.0\searchyaTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Oryte Games 1.17 Toolbar) - {eecbb8d2-b448-4b01-a402-969e4d5847e5} - C:\Programme\Oryte_Games_1.17\tbOryt.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (MessengerPlusLive Germany TB Toolbar) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - C:\Programme\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Programme\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Oryte Games 1.17 Toolbar) - {EECBB8D2-B448-4B01-A402-969E4D5847E5} - C:\Programme\Oryte_Games_1.17\tbOryt.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldde-de.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C170A98-B5F4-4133-A3E5-A552662F1CE8}: NameServer = 195.50.140.246 195.50.140.114
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) - C:\Programme\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) - C:\Programme\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^bbbb^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: LifeCam - hkey= - key= - C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
MsConfig - StartUpReg: msnmsgr - hkey= - key= -  File not found
MsConfig - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
MsConfig - StartUpReg: RTHDVCPL - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
MsConfig - StartUpReg: VX1000 - hkey= - key= - C:\Windows\vVX1000.exe (Microsoft Corporation)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe ()
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.09 14:27:38 | 000,000,000 | ---D | C] -- C:\Users\bbbb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.06.09 14:19:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2013.06.08 16:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.06.08 16:02:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.06.07 00:25:13 | 000,000,000 | ---D | C] -- C:\Users\bbbb\AppData\Roaming\Avira
[2013.06.07 00:17:34 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2013.06.07 00:17:14 | 000,000,000 | ---D | C] -- C:\Users\bbbb\AppData\Local\APN
[2013.06.07 00:16:54 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.06.07 00:16:52 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.06.07 00:16:52 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.06.07 00:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.06.07 00:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.05.30 20:19:49 | 000,000,000 | ---D | C] -- C:\Users\bbbb\AppData\Roaming\Skype
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.11 14:41:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{416B4175-45B1-40DD-AB60-EDE1FB4B46A9}.job
[2013.06.11 14:38:00 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2C7D61E4-AD92-4DCE-8FAC-97A4C9CC378C}.job
[2013.06.11 14:35:16 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-632381008-2537489595-2357336038-1018Core.job
[2013.06.11 14:35:07 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-632381008-2537489595-2357336038-1018UA.job
[2013.06.11 14:32:00 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-632381008-2537489595-2357336038-1000UA.job
[2013.06.11 14:11:24 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.11 14:11:23 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.11 14:11:20 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Hwdpgyjmsq.job
[2013.06.11 14:11:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.11 14:10:54 | 803,790,848 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.11 13:17:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.06.11 13:01:00 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-632381008-2537489595-2357336038-1017UA.job
[2013.06.11 12:47:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.10 22:32:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-632381008-2537489595-2357336038-1000Core.job
[2013.06.10 20:01:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-632381008-2537489595-2357336038-1017Core.job
[2013.06.09 14:29:00 | 000,002,034 | ---- | M] () -- C:\Users\bbbb\Desktop\Google Chrome.lnk
[2013.06.08 19:10:55 | 000,000,680 | RHS- | M] () -- C:\Users\bbbb\ntuser.pol
[2013.06.08 16:59:29 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.06.06 23:53:28 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.06.03 22:33:07 | 000,172,032 | RHS- | M] () -- C:\Windows\System32\C_202905.dll
[2013.05.28 18:15:20 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.28 18:15:20 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.28 18:15:20 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.28 18:15:20 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.27 21:54:38 | 000,246,436 | ---- | M] () -- C:\Users\bbbb\Documents\kunst1.odt
[2013.05.16 03:32:22 | 000,398,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.15 20:05:41 | 000,000,104 | ---- | M] () -- C:\Users\bbbb\Desktop\Papierkorb - Verknüpfung.lnk
[2013.05.15 20:00:02 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
 
========== Files Created - No Company Name ==========
 
[2013.06.09 14:27:38 | 000,002,034 | ---- | C] () -- C:\Users\bbbb\Desktop\Google Chrome.lnk
[2013.06.09 14:25:27 | 000,001,116 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-632381008-2537489595-2357336038-1018UA.job
[2013.06.09 14:25:23 | 000,001,064 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-632381008-2537489595-2357336038-1018Core.job
[2013.06.08 16:39:37 | 803,790,848 | -HS- | C] () -- C:\hiberfil.sys
[2013.06.07 00:18:23 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.06.03 22:33:08 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\Hwdpgyjmsq.job
[2013.06.03 22:33:07 | 000,172,032 | RHS- | C] () -- C:\Windows\System32\C_202905.dll
[2013.05.27 20:14:59 | 000,246,436 | ---- | C] () -- C:\Users\bbbb\Documents\kunst1.odt
[2013.05.24 18:07:42 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013.05.15 20:05:41 | 000,000,104 | ---- | C] () -- C:\Users\bbbb\Desktop\Papierkorb - Verknüpfung.lnk
[2013.05.15 20:00:02 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013.05.15 19:59:58 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013.03.29 22:36:01 | 000,003,967 | ---- | C] () -- C:\Users\bbbb\AppData\Local\recently-used.xbel
[2013.01.08 16:07:09 | 000,182,272 | -HS- | C] () -- C:\Windows\System32\cpConMgr.exe
[2012.11.25 16:39:01 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.08.24 18:46:36 | 000,017,920 | ---- | C] () -- C:\Users\bbbb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.04 17:18:37 | 000,000,680 | RHS- | C] () -- C:\Users\bbbb\ntuser.pol
[2012.05.28 11:08:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.05.28 11:06:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.03.08 17:50:41 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.10.09 13:12:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.10.30 13:35:24 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.10.20 15:26:09 | 000,000,000 | ---D | M] -- C:\Users\bbbb\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.10.28 15:01:01 | 000,000,000 | ---D | M] -- C:\Users\bbbb\AppData\Roaming\Leadertech
[2012.08.20 16:06:53 | 000,000,000 | ---D | M] -- C:\Users\bbbb\AppData\Roaming\OpenOffice.org
[2012.10.20 18:01:48 | 000,000,000 | ---D | M] -- C:\Users\bbbb\AppData\Roaming\Scribus
[2013.02.24 18:18:39 | 000,000,000 | ---D | M] -- C:\Users\bbbb\AppData\Roaming\TippKönigin Schule
[2012.10.05 21:01:11 | 000,000,000 | ---D | M] -- C:\Users\bbbb\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.06.08 19:02:21 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2007.01.26 16:16:33 | 000,000,000 | ---D | M] -- C:\1db13179236dcaaf362ef32ba170
[2012.11.19 19:55:19 | 000,000,000 | -HSD | M] -- C:\Boot
[2013.03.21 21:38:46 | 000,000,000 | ---D | M] -- C:\BwEx
[2012.11.20 16:53:24 | 000,000,000 | ---D | M] -- C:\c8b34a6de639c2080c
[2010.12.26 14:06:17 | 000,000,000 | ---D | M] -- C:\d65f3e2b3bb81685ce90cb7b43828c
[2011.05.06 15:59:10 | 000,000,000 | ---D | M] -- C:\dcba1d272965527f152ecff257
[2008.06.26 11:07:57 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.05.17 15:32:48 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2010.12.29 04:23:11 | 000,000,000 | -HSD | M] -- C:\found.000
[2012.04.09 16:35:47 | 000,000,000 | -HSD | M] -- C:\found.001
[2012.06.02 19:04:52 | 000,000,000 | -HSD | M] -- C:\found.002
[2013.02.10 19:55:19 | 000,000,000 | -HSD | M] -- C:\found.003
[2013.03.14 04:26:16 | 000,000,000 | -HSD | M] -- C:\found.004
[2008.08.10 22:18:43 | 000,000,000 | ---D | M] -- C:\kav
[2011.10.14 10:57:36 | 000,000,000 | -H-D | M] -- C:\moonxxxxxx.exe
[2011.10.07 21:02:01 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.06.07 00:17:34 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.06.07 00:16:45 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.06.26 11:07:58 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.06.11 14:35:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.06.08 18:58:28 | 000,000,000 | R--D | M] -- C:\Users
[2013.06.08 16:35:09 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
[2002.07.27 03:02:06 | 000,153,088 | ---- | M] () -- C:\Program Files\UNWISE.EXE
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2006.11.02 11:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 11:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 11:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 11:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.04.11 08:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2006.11.02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 15:01:49 | 000,032,606 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.08.19 18:03:26 | 000,000,424 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{416B4175-45B1-40DD-AB60-EDE1FB4B46A9}.job
[2012.06.02 19:33:10 | 000,001,096 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-632381008-2537489595-2357336038-1000Core.job
[2012.06.02 19:33:12 | 000,001,148 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-632381008-2537489595-2357336038-1000UA.job
[2012.06.02 21:01:08 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.06.13 15:50:40 | 000,001,088 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-632381008-2537489595-2357336038-1017Core.job
[2012.06.13 15:50:42 | 000,001,140 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-632381008-2537489595-2357336038-1017UA.job
[2012.08.01 13:50:14 | 000,000,432 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2C7D61E4-AD92-4DCE-8FAC-97A4C9CC378C}.job
[2013.06.03 22:33:08 | 000,000,312 | ---- | C] () -- C:\Windows\Tasks\Hwdpgyjmsq.job
[2013.06.09 14:25:23 | 000,001,064 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-632381008-2537489595-2357336038-1018Core.job
[2013.06.09 14:25:27 | 000,001,116 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-632381008-2537489595-2357336038-1018UA.job
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009.10.28 12:17:02 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009.10.28 12:17:02 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009.10.28 12:17:01 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.10.28 12:16:24 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.10.28 12:16:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.10.28 12:16:23 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.10.28 12:55:33 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2009.10.28 12:55:32 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.10.28 12:16:24 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2007.01.05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys
[2007.01.05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.10.28 11:49:51 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.10.28 11:49:52 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
[2013.06.03 22:33:07 | 000,172,032 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\system32\C_202905.dll
[2008.01.19 09:34:21 | 000,403,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 
< %USERPROFILE%\*.* >
[2013.06.11 15:13:30 | 002,097,152 | -HS- | M] () -- C:\Users\bbbb\NTUSER.DAT
[2013.06.11 15:13:29 | 000,262,144 | -H-- | M] () -- C:\Users\bbbb\ntuser.dat.LOG1
[2012.08.04 17:18:32 | 000,000,000 | -H-- | M] () -- C:\Users\bbbb\ntuser.dat.LOG2
[2013.06.11 13:16:49 | 000,065,536 | -HS- | M] () -- C:\Users\bbbb\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2013.06.11 13:16:49 | 000,524,288 | -HS- | M] () -- C:\Users\bbbb\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2012.08.04 21:15:26 | 000,524,288 | -HS- | M] () -- C:\Users\bbbb\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2012.08.04 17:18:33 | 000,000,020 | -HS- | M] () -- C:\Users\bbbb\ntuser.ini
[2013.06.08 19:10:55 | 000,000,680 | RHS- | M] () -- C:\Users\bbbb\ntuser.pol
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Files - Unicode (All) ==========
[2013.04.10 21:16:12 | 000,024,081 | ---- | M] ()(C:\Users\bbbb\Documents\bericht 5 ?.odt) -- C:\Users\bbbb\Documents\bericht 5 ♥.odt
[2013.04.05 20:32:01 | 000,024,081 | ---- | C] ()(C:\Users\bbbb\Documents\bericht 5 ?.odt) -- C:\Users\bbbb\Documents\bericht 5 ♥.odt
[2013.04.05 20:03:36 | 000,012,163 | ---- | M] ()(C:\Users\bbbb\Documents\arbeitsplatzbeschireung ?.odt) -- C:\Users\bbbb\Documents\arbeitsplatzbeschireung ♥.odt
[2013.04.05 19:53:42 | 000,012,163 | ---- | C] ()(C:\Users\bbbb\Documents\arbeitsplatzbeschireung ?.odt) -- C:\Users\bbbb\Documents\arbeitsplatzbeschireung ♥.odt
[2013.04.01 11:38:11 | 000,023,031 | ---- | M] ()(C:\Users\bbbb\Documents\zilan bericht ? 5.odt) -- C:\Users\bbbb\Documents\zilan bericht ♥ 5.odt
[2013.03.29 18:20:13 | 000,023,031 | ---- | C] ()(C:\Users\bbbb\Documents\zilan bericht ? 5.odt) -- C:\Users\bbbb\Documents\zilan bericht ♥ 5.odt
[2013.03.29 18:15:29 | 000,017,530 | ---- | M] ()(C:\Users\bbbb\Documents\praktikum erwartungen ?.odt) -- C:\Users\bbbb\Documents\praktikum erwartungen ♥.odt
[2013.03.29 16:28:38 | 000,017,530 | ---- | C] ()(C:\Users\bbbb\Documents\praktikum erwartungen ?.odt) -- C:\Users\bbbb\Documents\praktikum erwartungen ♥.odt
[2013.03.25 13:44:23 | 000,016,194 | ---- | M] ()(C:\Users\bbbb\Documents\inhaltsverzeichnis zilan ?.odt) -- C:\Users\bbbb\Documents\inhaltsverzeichnis zilan ♥.odt
[2013.03.25 12:49:45 | 000,016,194 | ---- | C] ()(C:\Users\bbbb\Documents\inhaltsverzeichnis zilan ?.odt) -- C:\Users\bbbb\Documents\inhaltsverzeichnis zilan ♥.odt
[2013.03.25 12:07:05 | 000,041,813 | ---- | M] ()(C:\Users\bbbb\Documents\zilan deckblatt.odt ??.odt) -- C:\Users\bbbb\Documents\zilan deckblatt.odt ♥♥.odt
[2013.03.25 11:35:27 | 000,041,813 | ---- | C] ()(C:\Users\bbbb\Documents\zilan deckblatt.odt ??.odt) -- C:\Users\bbbb\Documents\zilan deckblatt.odt ♥♥.odt
[2013.03.17 14:46:35 | 000,010,169 | ---- | M] ()(C:\Users\bbbb\Documents\zilan bericht ? 3.odt) -- C:\Users\bbbb\Documents\zilan bericht ♥ 3.odt
[2013.03.17 14:46:21 | 000,010,169 | ---- | C] ()(C:\Users\bbbb\Documents\zilan bericht ? 3.odt) -- C:\Users\bbbb\Documents\zilan bericht ♥ 3.odt

< End of report >
         
--- --- ---



hier sind die Extras.TxtOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.06.2013 14:30:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\bbbb\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
765,82 Mb Total Physical Memory | 199,15 Mb Available Physical Memory | 26,00% Memory free
1,75 Gb Paging File | 0,67 Gb Available in Paging File | 38,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 68,50 Gb Free Space | 47,51% Space Free | Partition Type: NTFS
Drive D: | 4,88 Gb Total Space | 1,52 Gb Free Space | 31,15% Space Free | Partition Type: NTFS
 
Computer Name: TAHSIN-PC | User Name: bbbb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0212B2DC-A606-4480-ADD8-25356333C7EF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{1786CA72-022E-4904-96D1-0E1D73949490}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1E6D0F51-9FCD-4053-971F-3379CA683F28}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{4E25E75A-C21C-4EC6-B71B-EB66B95DA8C8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5146EFEE-E846-4A59-BDD8-DA28DBAAFA3A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{673DF6C6-4158-42C2-800F-89806B820A7F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{67683F34-261A-4B86-AC89-F5E0B97C040A}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{78F7DDEA-97A9-4B58-B9A9-DB005C24D323}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{7C1818A8-AB41-49DE-8A48-F5159A7D6332}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7EF235D1-C99C-4FC7-8202-C8E40F728EB9}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{95BE78ED-9CEC-49E4-B87F-C96CB994346E}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{AECE00B2-FB06-441F-97A7-778815EA0749}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B412FD8C-9E53-4A50-8DCB-BB76B08AF254}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B624C812-094E-4412-8AE7-1D4039EDDE30}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{D412E6DD-0B03-4BFD-A9A8-43DE11EB42FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{E1FBFB07-24F4-4768-8296-23AE82701A93}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{F7876E16-C7A4-4E64-84DC-D181E93713DC}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D67A30C-939A-497A-B27A-B8B06E9A6562}" = protocol=17 | dir=out | app=c:\windows\system32\cpconmgr.exe | 
"{11600317-5B91-4193-AB2C-E20C76066564}" = protocol=6 | dir=out | app=c:\windows\system32\cpconmgr.exe | 
"{1183BFD1-8047-49A8-A941-19EE5DABBF33}" = protocol=6 | dir=in | app=c:\windows\system32\cpconmgr.exe | 
"{15474FAC-866B-4FE3-98BF-5DDB414489A7}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{167FCD39-D396-43D7-B1DC-3E010E99C277}" = protocol=17 | dir=in | app=c:\users\tahsin\downloads\sweetimsetup.exe | 
"{26A16AC2-60C4-4C0F-9712-F80043ACD3FD}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{28585D3A-9CB7-4B93-8551-71871FD7D179}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"{29B5B5AB-A1FA-44B2-B977-DBB094DD23E7}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{33AA0E09-4DE4-4E96-8069-D365CCB1C4C9}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{431C598F-6C78-472C-B82D-B0DC27878634}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | 
"{478D06AB-FE17-4722-89F4-9EC70A8F7E72}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{500D8F95-C23A-45B6-8BB2-BD967367C662}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{5818C0D1-6FFF-4B02-B091-F2DD8924DDCF}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"{586CA987-AB6F-4A0B-AF92-6C3FC4487E01}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{58993D3D-905D-46BE-87AD-989229747C9F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | 
"{59385236-D654-490E-921D-3B2B892B74E4}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"{596D4283-77D4-4826-8501-5F32B8B77319}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{5C7D571D-8887-4538-A5B4-20B8CC166F7F}" = protocol=6 | dir=out | app=system | 
"{6F4D2DC3-0E39-4356-82F1-474504613952}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | 
"{73139F80-7843-420F-905B-964EF9D73C78}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{73557674-0296-44FF-A77C-3EE5CA79498F}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | 
"{792BCB12-A546-4E70-A4EF-9E795BFC277C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | 
"{7D434DD2-DCF1-45C0-A09A-29E6558A8F25}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"{7F01F283-21ED-4915-B6A6-32211E1577E4}" = protocol=6 | dir=in | app=c:\users\tahsin\downloads\sweetimsetup.exe | 
"{7FE8A192-8517-4C8C-9E7A-8557070733CC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8215F0CD-8175-4A49-8F6A-8A6D0872CBB5}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | 
"{8B58E530-861F-4601-ACB2-80BEF267223F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{993AEEE9-21B8-4CED-89A6-20C7811EC959}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | 
"{9D662010-2673-4B11-B7F2-C6D3B3F98E0F}" = protocol=17 | dir=in | app=c:\users\tahsin\appdata\local\google\chrome\application\chrome.exe | 
"{A5221679-3170-415E-B9AA-CBDD42BFD3B0}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{A6139943-A7D4-4A27-855D-C13E8E13F2D7}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{A679AD32-A59D-498A-A68C-310A2A3065EB}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | 
"{A9B84398-1BA8-4078-A320-87BBC8DE0BBA}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{AB817EC7-ACBB-41D5-A5F1-B359B1A16E6D}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{B4312409-0BC6-4C70-8CB8-E061A27D1F50}" = protocol=17 | dir=in | app=c:\windows\system32\cpconmgr.exe | 
"{B49C0B87-7CF7-4D23-95F7-F1841A5EAC3B}" = protocol=6 | dir=in | app=c:\users\tahsin\appdata\local\google\chrome\application\chrome.exe | 
"{C27B5AA8-BE02-4B5F-ABCC-A46E6F50DD3A}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C3738E3A-87C1-4743-AC60-5CA383FF5EC1}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{CB7AD80F-D404-4DFA-B95E-05749D4998BD}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | 
"{CD9E5B07-875E-46EA-962B-FD6F91017312}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{D3506074-5FD5-452A-8206-E992CDC462F7}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{E835566B-0992-48DE-98F3-A8CAB466CC19}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | 
"{EA194357-27D2-4D86-AC3D-B5490B6080B1}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{EE017839-0BF1-4973-8079-343E6146E8DA}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{F8D738C2-81A2-491E-9128-F6594C085A28}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{FF43F42C-2D5E-4A74-B7B4-CA12B0A2C758}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"TCP Query User{064E4675-A0AE-4E6A-9DE7-2E05FC0F60AE}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{1E4B5A13-6C47-4125-970B-AB02993AEB62}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{333A74AD-6E3E-459C-99EB-BA81C168B997}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{581AF1F4-AAD8-45AA-AFBA-2D981C7C0CFF}C:\program files\nero\nero8\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero8\nero home\nerohome.exe | 
"TCP Query User{90429A61-0D62-4F3C-B5DA-1CC678CB8DD8}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"TCP Query User{A687E577-0AE7-4CB2-8565-13D296794F68}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{CD41DEF3-E6A7-4AD0-9C7C-0A18CB92A187}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe | 
"UDP Query User{28A0884D-71BB-4340-8858-67B02C628E70}C:\program files\nero\nero8\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero8\nero home\nerohome.exe | 
"UDP Query User{460A9732-4211-4D05-A51B-8F42453CD5A2}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe | 
"UDP Query User{74E06D62-2AC9-4338-A8E9-4B0DC91CFB54}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"UDP Query User{8FE52389-7959-4FD9-8ADD-5E909E8E26B6}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{AEA8D10B-0DE7-4A8A-9295-A68F8CA30523}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{CD7897BD-2FA7-4C62-9108-8F7E579A4C64}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{FFCA62E0-FD9A-46BB-8751-2D7CF088C929}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{69916AD2-3710-4C86-895E-8F475290AA64}" = Ovi Desktop Sync Engine
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{78DB08B0-F440-4BA6-9372-F2C6CC9721B7}" = Microsoft LifeCam
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1031}" = Nero 8
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE39C8A5-C98D-4702-807F-265FCF9F54FD}" = TubeBox!
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"conduitEngine" = Conduit Engine
"GeoGebra" = GeoGebr
"IncrediMail_MediaBar_2 Toolbar" = IncrediMail MediaBar 2 Toolbar
"MessengerPlusLive_Germany_TB Toolbar" = MessengerPlusLive Germany TB Toolbar
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Oryte_Games_1.17 Toolbar" = Oryte Games 1.17 Toolbar
"searchya" = SearchYa Toolbar  on IE and Chrome
"TippKönigin Schule_is1" = TippKönigin Schule 5.5
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"Windows Searchqu Toolbar" = Windows iLivid Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.06.2013 10:45:55 | Computer Name = tahsin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 08.06.2013 10:45:55 | Computer Name = tahsin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 08.06.2013 10:45:55 | Computer Name = tahsin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 08.06.2013 10:45:55 | Computer Name = tahsin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 08.06.2013 10:45:56 | Computer Name = tahsin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 08.06.2013 10:45:56 | Computer Name = tahsin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 08.06.2013 10:45:56 | Computer Name = tahsin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 08.06.2013 10:45:56 | Computer Name = tahsin-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 09.06.2013 21:08:42 | Computer Name = tahsin-PC | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 27.0.1453.110 arbeitet nicht mehr mit
 Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 157c  Anfangszeit: 01ce651d6b5829c0  Zeitpunkt
 der Beendigung: 1564
 
Error - 09.06.2013 21:15:10 | Computer Name = tahsin-PC | Source = Application Hang | ID = 1002
Description = Programm soffice.bin, Version 3.2.9498.500 arbeitet nicht mehr mit
 Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 834  Anfangszeit: 01ce656d67fa9880  Zeitpunkt
 der Beendigung: 2366
 
[ System Events ]
Error - 16.12.2011 08:15:28 | Computer Name = tahsin-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.12.2011 12:57:55 | Computer Name = tahsin-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 17.12.2011 03:44:28 | Computer Name = tahsin-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 17.12.2011 15:42:18 | Computer Name = tahsin-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 17.12.2011 15:43:19 | Computer Name = tahsin-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.12.2011 15:43:19 | Computer Name = tahsin-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.12.2011 15:43:19 | Computer Name = tahsin-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.12.2011 17:12:32 | Computer Name = tahsin-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 18.12.2011 07:00:57 | Computer Name = tahsin-PC | Source = RasMan | ID = 20062
Description = Interner Fehler: Das Trennen an PPPoE2-0 endete zwar vollständig, 
aber mit einem Fehler. PPPoE2-0
 
Error - 18.12.2011 07:38:57 | Computer Name = tahsin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 18.12.2011 um 12:05:51 unerwartet heruntergefahren.
 
 
< End of report >
         
--- --- ---
__________________

Alt 11.06.2013, 18:07   #4
markusg
/// Malware-holic
 
ihavenet Virus - Standard

ihavenet Virus



Hi,
"du" ist ok


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
[2013.06.03 22:33:07 | 000,172,032 | RHS- | M] () -- C:\Windows\System32\C_202905.dll
[2013.06.11 14:11:20 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Hwdpgyjmsq.job
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

danach:
downloade get info:
http://markusg.trojaner-board.de/GetInfo.exe
doppelklicke die .exe
im selben ordner wird nun eine .txt erstellt:
summary-info.txt
diese doppelklicken und deren inhalt posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.06.2013, 20:38   #5
omernur
 
ihavenet Virus - Standard

ihavenet Virus



Hi
ich habe in otl den o.g. text eingefügt und dann auf den Fixbutton geklickt. Dann stand nur [emptytemp] in dem Textbox. Nach paar Minuten, gab es eine Meldung, dass es ein Fehler gibt. Dann musste ich das Programm schließen.
Woran kann es liegen?
PS: Ich habe keine Sternchen gesehen, indem ich meinen Benutzername zufügen muss.


Alt 12.06.2013, 14:39   #6
markusg
/// Malware-holic
 
ihavenet Virus - Standard

ihavenet Virus



hi speichere dir den fix mal irgendwo auf dem pc
starte mal neu, drücke f8 wähle abgesicherter modus, wähle dein Konto und füge das otl script da noch mal ein.
wenn neustart wieder in den normalen modus und log posten und weiter mit dem Rest
__________________
--> ihavenet Virus

Alt 16.06.2013, 12:44   #7
omernur
 
ihavenet Virus - Standard

ihavenet Virus



Sorry, dass ich so spät poste Ich habe alle deine Anweisungen geflogt und es gab keine Probleme

Hier ist die OTl Fix-Datei

All processes killed
========== OTL ==========
File C:\Windows\System32\C_202905.dll not found.
File C:\Windows\tasks\Hwdpgyjmsq.job not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: bbbb
->Temp folder emptied: 37066 bytes
->Temporary Internet Files folder emptied: 131797 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 10496927 bytes
->Flash cache emptied: 0 bytes

User: bbbbbbbbbb
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 7824 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33842 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 43909 bytes

User: Gast.tahsin-PC
->Temp folder emptied: 868765 bytes
->Temporary Internet Files folder emptied: 670941 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 856903 bytes
->Google Chrome cache emptied: 856432 bytes

User: melike
->Temp folder emptied: 192965 bytes
->Temporary Internet Files folder emptied: 48033 bytes
->FireFox cache emptied: 112668493 bytes
->Flash cache emptied: 14351 bytes

User: melike.tahsin-PC
->Temp folder emptied: 2246454 bytes
->Temporary Internet Files folder emptied: 48033 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 105009302 bytes
->Flash cache emptied: 18065 bytes

User: mong
->Temp folder emptied: 6749193 bytes
->Temporary Internet Files folder emptied: 710268 bytes
->FireFox cache emptied: 96773647 bytes
->Flash cache emptied: 10447 bytes

User: Public

User: rukan
->Temp folder emptied: 35221 bytes
->Temporary Internet Files folder emptied: 122561 bytes
->Google Chrome cache emptied: 7095058 bytes

User: tahsin
->Temp folder emptied: 4649064127 bytes
->Temporary Internet Files folder emptied: 377237513 bytes
->Java cache emptied: 58940 bytes
->FireFox cache emptied: 49598915 bytes
->Google Chrome cache emptied: 16109535 bytes
->Flash cache emptied: 2853717 bytes

User: tahsin özkul
->Temp folder emptied: 348785 bytes
->Temporary Internet Files folder emptied: 79166 bytes
->FireFox cache emptied: 115440270 bytes
->Flash cache emptied: 37051 bytes

User: TEMP

User: TEMP.tahsin-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.tahsin-PC.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: TEMP.tahsin-PC.001

User: TEMP.tahsin-PC.002

User: TEMP.tahsin-PC.003
->FireFox cache emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 11141 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14475518 bytes
RecycleBin emptied: 1331 bytes

Total Files Cleaned = 5.313,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06162013_131314

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



Zip-datei; es gab viele Order, die leer waren außer eine; ich weiß nicht welche du von denen benötigst

ordner Task


N30èI*ûÛy8vuF <
þÿÿÿ €!Ý

¼ ! C : \ W i n d o w s \ s y s t e m 3 2 \ r u n d l l 3 2 . e x e / " C : \ W i n d o w s \ s y s t e m 3 2 \ C _ 2 0 2 9 0 5 . d l l " , n v u a e j f v u e b b b b 0 Ú


Dort war auch die Otl-Fixdatei:

All processes killed
========== OTL ==========
File C:\Windows\System32\C_202905.dll not found.
File C:\Windows\tasks\Hwdpgyjmsq.job not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: bbbb
->Temp folder emptied: 37066 bytes
->Temporary Internet Files folder emptied: 131797 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 10496927 bytes
->Flash cache emptied: 0 bytes

User: bbbbbbbbbb
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 7824 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33842 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 43909 bytes

User: Gast.tahsin-PC
->Temp folder emptied: 868765 bytes
->Temporary Internet Files folder emptied: 670941 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 856903 bytes
->Google Chrome cache emptied: 856432 bytes

User: melike
->Temp folder emptied: 192965 bytes
->Temporary Internet Files folder emptied: 48033 bytes
->FireFox cache emptied: 112668493 bytes
->Flash cache emptied: 14351 bytes

User: melike.tahsin-PC
->Temp folder emptied: 2246454 bytes
->Temporary Internet Files folder emptied: 48033 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 105009302 bytes
->Flash cache emptied: 18065 bytes

User: mong
->Temp folder emptied: 6749193 bytes
->Temporary Internet Files folder emptied: 710268 bytes
->FireFox cache emptied: 96773647 bytes
->Flash cache emptied: 10447 bytes

User: Public

User: rukan
->Temp folder emptied: 35221 bytes
->Temporary Internet Files folder emptied: 122561 bytes
->Google Chrome cache emptied: 7095058 bytes

User: tahsin
->Temp folder emptied: 4649064127 bytes
->Temporary Internet Files folder emptied: 377237513 bytes
->Java cache emptied: 58940 bytes
->FireFox cache emptied: 49598915 bytes
->Google Chrome cache emptied: 16109535 bytes
->Flash cache emptied: 2853717 bytes

User: tahsin özkul
->Temp folder emptied: 348785 bytes
->Temporary Internet Files folder emptied: 79166 bytes
->FireFox cache emptied: 115440270 bytes
->Flash cache emptied: 37051 bytes

User: TEMP

User: TEMP.tahsin-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.tahsin-PC.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: TEMP.tahsin-PC.001

User: TEMP.tahsin-PC.002

User: TEMP.tahsin-PC.003
->FireFox cache emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 11141 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14475518 bytes
RecycleBin emptied: 1331 bytes

Total Files Cleaned = 5.313,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06162013_131314

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Zuletzt;
Summary-info.exe


System volume information: dwHighDateTime = 0x1c8d5cc,dwLowDateTime = 0x7f004ff0
System32: dwHighDateTime = 0x1c6fe70,dwLowDateTime = 0xa3cd0a16
dwSerialNumber = 0xd656b9bc

Geändert von omernur (16.06.2013 um 12:49 Uhr)

Alt 16.06.2013, 18:16   #8
markusg
/// Malware-holic
 
ihavenet Virus - Standard

ihavenet Virus



der UPload fehlt noch
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.06.2013, 15:03   #9
omernur
 
ihavenet Virus - Standard

ihavenet Virus



ok, ich habe sie hochgeladen.

Alt 17.06.2013, 15:17   #10
markusg
/// Malware-holic
 
ihavenet Virus - Standard

ihavenet Virus



Hi, danke
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.06.2013, 20:17   #11
omernur
 
ihavenet Virus - Standard

ihavenet Virus



Ich möchte mich nochmal bei dir bedanken Ich bewundere es, wieviel Zeit du dir für deinen Blog nimmst
TDSSkiller-Inhalt:

20:54:56.0605 2952 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:54:58.0612 2952 ============================================================
20:54:58.0612 2952 Current date / time: 2013/06/17 20:54:58.0612
20:54:58.0612 2952 SystemInfo:
20:54:58.0612 2952
20:54:58.0612 2952 OS Version: 6.0.6002 ServicePack: 2.0
20:54:58.0612 2952 Product type: Workstation
20:54:58.0612 2952 ComputerName: TAHSIN-PC
20:54:58.0613 2952 UserName: bbbb
20:54:58.0613 2952 Windows directory: C:\Windows
20:54:58.0613 2952 System windows directory: C:\Windows
20:54:58.0613 2952 Processor architecture: Intel x86
20:54:58.0613 2952 Number of processors: 2
20:54:58.0613 2952 Page size: 0x1000
20:54:58.0613 2952 Boot type: Normal boot
20:54:58.0613 2952 ============================================================
20:55:05.0460 2952 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:55:05.0622 2952 ============================================================
20:55:05.0622 2952 \Device\Harddisk0\DR0:
20:55:05.0627 2952 MBR partitions:
20:55:05.0627 2952 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12054800
20:55:05.0627 2952 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12055000, BlocksNum 0x9C4000
20:55:05.0627 2952 ============================================================
20:55:06.0010 2952 C: <-> \Device\Harddisk0\DR0\Partition1
20:55:06.0054 2952 D: <-> \Device\Harddisk0\DR0\Partition2
20:55:06.0724 2952 ============================================================
20:55:06.0725 2952 Initialize success
20:55:06.0725 2952 ============================================================
20:56:36.0233 5156 ============================================================
20:56:36.0233 5156 Scan started
20:56:36.0233 5156 Mode: Manual; SigCheck; TDLFS;
20:56:36.0233 5156 ============================================================
20:56:37.0849 5156 ================ Scan system memory ========================
20:56:37.0849 5156 System memory - ok
20:56:37.0850 5156 ================ Scan services =============================
20:56:41.0178 5156 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
20:56:41.0568 5156 ACPI - ok
20:56:41.0787 5156 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:56:41.0849 5156 AdobeARMservice - ok
20:56:41.0990 5156 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:56:42.0021 5156 AdobeFlashPlayerUpdateSvc - ok
20:56:42.0099 5156 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:56:42.0255 5156 adp94xx - ok
20:56:42.0520 5156 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:56:42.0645 5156 adpahci - ok
20:56:42.0754 5156 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
20:56:42.0894 5156 adpu160m - ok
20:56:42.0926 5156 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:56:43.0019 5156 adpu320 - ok
20:56:43.0097 5156 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:56:43.0550 5156 AeLookupSvc - ok
20:56:43.0612 5156 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
20:56:43.0737 5156 AFD - ok
20:56:43.0784 5156 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:56:43.0830 5156 agp440 - ok
20:56:43.0908 5156 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:56:44.0064 5156 aic78xx - ok
20:56:44.0174 5156 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
20:56:44.0626 5156 ALG - ok
20:56:44.0657 5156 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
20:56:44.0720 5156 aliide - ok
20:56:44.0751 5156 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:56:44.0798 5156 amdagp - ok
20:56:44.0829 5156 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
20:56:44.0907 5156 amdide - ok
20:56:44.0938 5156 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
20:56:45.0219 5156 AmdK7 - ok
20:56:45.0266 5156 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:56:45.0390 5156 AmdK8 - ok
20:56:45.0546 5156 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:56:45.0624 5156 AntiVirSchedulerService - ok
20:56:45.0702 5156 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:56:45.0796 5156 AntiVirService - ok
20:56:45.0858 5156 [ 9EDAE2D1CA368E8D01BEE8BFBC9488E4 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
20:56:45.0921 5156 AntiVirWebService - ok
20:56:45.0983 5156 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
20:56:46.0264 5156 Appinfo - ok
20:56:46.0326 5156 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
20:56:46.0373 5156 arc - ok
20:56:46.0467 5156 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:56:46.0576 5156 arcsas - ok
20:56:46.0623 5156 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:56:46.0748 5156 AsyncMac - ok
20:56:46.0794 5156 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
20:56:46.0826 5156 atapi - ok
20:56:46.0982 5156 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:56:47.0091 5156 AudioEndpointBuilder - ok
20:56:47.0138 5156 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:56:47.0184 5156 Audiosrv - ok
20:56:47.0200 5156 Automatisches LiveUpdate - Scheduler - ok
20:56:47.0294 5156 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:56:47.0418 5156 avgntflt - ok
20:56:47.0481 5156 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:56:47.0574 5156 avipbb - ok
20:56:47.0637 5156 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:56:47.0699 5156 avkmgr - ok
20:56:47.0933 5156 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
20:56:47.0964 5156 BBSvc - ok
20:56:48.0042 5156 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
20:56:48.0074 5156 BBUpdate - ok
20:56:48.0136 5156 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
20:56:48.0214 5156 Beep - ok
20:56:48.0432 5156 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
20:56:48.0526 5156 BFE - ok
20:56:48.0963 5156 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
20:56:49.0150 5156 BITS - ok
20:56:49.0166 5156 blbdrive - ok
20:56:49.0212 5156 [ 04E84C8049EE93614A2FF6D676D1E247 ] BlueletAudio C:\Windows\system32\DRIVERS\blueletaudio.sys
20:56:49.0290 5156 BlueletAudio ( UnsignedFile.Multi.Generic ) - warning
20:56:49.0290 5156 BlueletAudio - detected UnsignedFile.Multi.Generic (1)
20:56:49.0337 5156 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:56:49.0400 5156 bowser - ok
20:56:49.0431 5156 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
20:56:49.0571 5156 BrFiltLo - ok
20:56:49.0602 5156 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
20:56:49.0665 5156 BrFiltUp - ok
20:56:49.0712 5156 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
20:56:49.0790 5156 Browser - ok
20:56:49.0868 5156 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
20:56:50.0055 5156 Brserid - ok
20:56:50.0102 5156 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
20:56:50.0258 5156 BrSerWdm - ok
20:56:50.0336 5156 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
20:56:50.0445 5156 BrUsbMdm - ok
20:56:50.0476 5156 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
20:56:50.0648 5156 BrUsbSer - ok
20:56:50.0694 5156 [ D1813668A0117AE05BC0B81C874F91D4 ] BT C:\Windows\system32\DRIVERS\btnetdrv.sys
20:56:50.0772 5156 BT ( UnsignedFile.Multi.Generic ) - warning
20:56:50.0772 5156 BT - detected UnsignedFile.Multi.Generic (1)
20:56:50.0804 5156 [ 7304ACC25455746912DE37D7DED387ED ] Btcsrusb C:\Windows\system32\Drivers\btcusb.sys
20:56:50.0835 5156 Btcsrusb ( UnsignedFile.Multi.Generic ) - warning
20:56:50.0835 5156 Btcsrusb - detected UnsignedFile.Multi.Generic (1)
20:56:50.0975 5156 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
20:56:51.0100 5156 BthEnum - ok
20:56:51.0162 5156 [ A9164C2A39BD917B9F42AE087560AC3D ] BTHidMgr C:\Windows\system32\Drivers\BTHidMgr.sys
20:56:51.0194 5156 BTHidMgr ( UnsignedFile.Multi.Generic ) - warning
20:56:51.0194 5156 BTHidMgr - detected UnsignedFile.Multi.Generic (1)
20:56:51.0240 5156 [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:56:51.0334 5156 BTHMODEM - ok
20:56:51.0443 5156 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:56:51.0599 5156 BthPan - ok
20:56:51.0755 5156 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
20:56:51.0974 5156 BTHPORT - ok
20:56:52.0020 5156 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
20:56:52.0130 5156 BthServ - ok
20:56:52.0176 5156 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
20:56:52.0239 5156 BTHUSB - ok
20:56:52.0364 5156 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:56:52.0535 5156 cdfs - ok
20:56:52.0598 5156 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:56:52.0676 5156 cdrom - ok
20:56:52.0722 5156 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
20:56:52.0816 5156 CertPropSvc - ok
20:56:52.0863 5156 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
20:56:53.0019 5156 circlass - ok
20:56:53.0081 5156 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
20:56:53.0128 5156 CLFS - ok
20:56:53.0331 5156 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:56:53.0440 5156 clr_optimization_v2.0.50727_32 - ok
20:56:53.0549 5156 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:56:53.0612 5156 clr_optimization_v4.0.30319_32 - ok
20:56:53.0658 5156 CLTNetCnService - ok
20:56:53.0690 5156 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:56:53.0736 5156 cmdide - ok
20:56:53.0799 5156 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
20:56:53.0877 5156 Compbatt - ok
20:56:53.0908 5156 COMSysApp - ok
20:56:53.0970 5156 [ 4DC9F8A131A9D4DA4516A38E6D0A9754 ] cpConMgr C:\Windows\system32\cpConMgr.exe
20:56:54.0002 5156 cpConMgr ( UnsignedFile.Multi.Generic ) - warning
20:56:54.0002 5156 cpConMgr - detected UnsignedFile.Multi.Generic (1)
20:56:54.0048 5156 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:56:54.0095 5156 crcdisk - ok
20:56:54.0126 5156 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
20:56:54.0267 5156 Crusoe - ok
20:56:54.0376 5156 [ 3EDE4C1F9672C972479201544969ADCB ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:56:54.0485 5156 CryptSvc - ok
20:56:54.0641 5156 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:56:54.0828 5156 DcomLaunch - ok
20:56:54.0906 5156 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:56:54.0984 5156 DfsC - ok
20:56:55.0359 5156 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
20:56:55.0608 5156 DFSR - ok
20:56:55.0827 5156 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
20:56:55.0905 5156 Dhcp - ok
20:56:55.0983 5156 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
20:56:56.0045 5156 disk - ok
20:56:56.0108 5156 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:56:56.0186 5156 Dnscache - ok
20:56:56.0248 5156 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:56:56.0326 5156 dot3svc - ok
20:56:56.0373 5156 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
20:56:56.0435 5156 DPS - ok
20:56:56.0466 5156 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:56:56.0529 5156 drmkaud - ok
20:56:56.0903 5156 [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:56:56.0966 5156 DXGKrnl - ok
20:56:57.0075 5156 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
20:56:57.0231 5156 E1G60 - ok
20:56:57.0309 5156 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
20:56:57.0356 5156 EapHost - ok
20:56:57.0496 5156 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
20:56:57.0527 5156 Ecache - ok
20:56:57.0699 5156 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:56:57.0808 5156 ehRecvr - ok
20:56:57.0870 5156 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
20:56:57.0948 5156 ehSched - ok
20:56:57.0980 5156 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
20:56:58.0058 5156 ehstart - ok
20:56:58.0448 5156 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:56:58.0541 5156 elxstor - ok
20:56:58.0791 5156 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
20:56:58.0994 5156 EMDMgmt - ok
20:56:59.0072 5156 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
20:56:59.0165 5156 EventSystem - ok
20:56:59.0368 5156 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
20:56:59.0540 5156 exfat - ok
20:56:59.0586 5156 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:56:59.0649 5156 fastfat - ok
20:56:59.0758 5156 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:56:59.0930 5156 fdc - ok
20:56:59.0976 5156 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
20:57:00.0070 5156 fdPHost - ok
20:57:00.0101 5156 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
20:57:00.0179 5156 FDResPub - ok
20:57:00.0257 5156 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:57:00.0288 5156 FileInfo - ok
20:57:00.0335 5156 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:57:00.0413 5156 Filetrace - ok
20:57:00.0429 5156 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:57:00.0538 5156 flpydisk - ok
20:57:00.0585 5156 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:57:00.0616 5156 FltMgr - ok
20:57:00.0694 5156 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
20:57:00.0803 5156 FontCache - ok
20:57:00.0944 5156 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:57:01.0022 5156 FontCache3.0.0.0 - ok
20:57:01.0115 5156 [ 491E9D9A26A745F6AE7D570849F4BD87 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
20:57:01.0287 5156 fssfltr - ok
20:57:01.0739 5156 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
20:57:01.0895 5156 fsssvc - ok
20:57:02.0004 5156 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:57:02.0145 5156 Fs_Rec - ok
20:57:02.0207 5156 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:57:02.0285 5156 gagp30kx - ok
20:57:02.0488 5156 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
20:57:02.0597 5156 gpsvc - ok
20:57:02.0769 5156 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:57:03.0018 5156 HdAudAddService - ok
20:57:03.0299 5156 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:57:03.0424 5156 HDAudBus - ok
20:57:03.0486 5156 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:57:03.0596 5156 HidBth - ok
20:57:03.0674 5156 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
20:57:03.0752 5156 HidIr - ok
20:57:03.0814 5156 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
20:57:03.0845 5156 hidserv - ok
20:57:03.0908 5156 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:57:03.0986 5156 HidUsb - ok
20:57:04.0017 5156 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:57:04.0048 5156 hkmsvc - ok
20:57:04.0095 5156 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
20:57:04.0204 5156 HpCISSs - ok
20:57:04.0422 5156 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:57:04.0563 5156 HTTP - ok
20:57:04.0656 5156 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
20:57:04.0734 5156 i2omp - ok
20:57:04.0812 5156 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:57:04.0984 5156 i8042prt - ok
20:57:05.0062 5156 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
20:57:05.0249 5156 iaStorV - ok
20:57:05.0639 5156 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:57:05.0748 5156 idsvc - ok
20:57:05.0795 5156 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:57:05.0889 5156 iirsp - ok
20:57:05.0951 5156 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
20:57:06.0014 5156 IKEEXT - ok
20:57:06.0466 5156 [ F2C17D2C3D70C389193D9954E375E5E3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:57:06.0840 5156 IntcAzAudAddService - ok
20:57:06.0872 5156 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
20:57:06.0950 5156 intelide - ok
20:57:06.0996 5156 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:57:07.0106 5156 intelppm - ok
20:57:07.0137 5156 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:57:07.0230 5156 IPBusEnum - ok
20:57:07.0402 5156 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:57:07.0464 5156 IpFilterDriver - ok
20:57:07.0527 5156 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:57:07.0636 5156 iphlpsvc - ok
20:57:07.0652 5156 IpInIp - ok
20:57:07.0698 5156 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
20:57:07.0870 5156 IPMIDRV - ok
20:57:08.0042 5156 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
20:57:08.0120 5156 IPNAT - ok
20:57:08.0198 5156 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:57:08.0276 5156 IRENUM - ok
20:57:08.0400 5156 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:57:08.0494 5156 isapnp - ok
20:57:08.0572 5156 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:57:08.0666 5156 iScsiPrt - ok
20:57:08.0712 5156 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
20:57:08.0759 5156 iteatapi - ok
20:57:08.0806 5156 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
20:57:08.0884 5156 iteraid - ok
20:57:08.0931 5156 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:57:08.0978 5156 kbdclass - ok
20:57:09.0009 5156 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:57:09.0102 5156 kbdhid - ok
20:57:09.0290 5156 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
20:57:09.0383 5156 KeyIso - ok
20:57:09.0664 5156 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:57:09.0711 5156 KSecDD - ok
20:57:09.0976 5156 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
20:57:10.0116 5156 KtmRm - ok
20:57:10.0194 5156 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
20:57:10.0272 5156 LanmanServer - ok
20:57:10.0319 5156 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:57:10.0428 5156 LanmanWorkstation - ok
20:57:10.0491 5156 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:57:10.0616 5156 lltdio - ok
20:57:10.0662 5156 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:57:10.0756 5156 lltdsvc - ok
20:57:10.0787 5156 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:57:10.0881 5156 lmhosts - ok
20:57:10.0959 5156 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:57:11.0037 5156 LSI_FC - ok
20:57:11.0068 5156 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:57:11.0130 5156 LSI_SAS - ok
20:57:11.0177 5156 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:57:11.0240 5156 LSI_SCSI - ok
20:57:11.0333 5156 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
20:57:11.0380 5156 luafv - ok
20:57:11.0505 5156 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:57:11.0645 5156 Mcx2Svc - ok
20:57:11.0692 5156 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
20:57:11.0754 5156 megasas - ok
20:57:11.0848 5156 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
20:57:11.0910 5156 MMCSS - ok
20:57:12.0004 5156 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
20:57:12.0129 5156 Modem - ok
20:57:12.0207 5156 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:57:12.0300 5156 monitor - ok
20:57:12.0347 5156 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:57:12.0378 5156 mouclass - ok
20:57:12.0410 5156 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:57:12.0519 5156 mouhid - ok
20:57:12.0566 5156 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
20:57:12.0581 5156 MountMgr - ok
20:57:12.0612 5156 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:57:12.0659 5156 MozillaMaintenance - ok
20:57:12.0706 5156 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
20:57:12.0768 5156 mpio - ok
20:57:12.0815 5156 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:57:12.0862 5156 mpsdrv - ok
20:57:13.0002 5156 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
20:57:13.0096 5156 MpsSvc - ok
20:57:13.0127 5156 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
20:57:13.0205 5156 Mraid35x - ok
20:57:13.0361 5156 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:57:13.0408 5156 MRxDAV - ok
20:57:13.0502 5156 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:57:13.0564 5156 mrxsmb - ok
20:57:13.0642 5156 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:57:13.0704 5156 mrxsmb10 - ok
20:57:13.0751 5156 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:57:13.0845 5156 mrxsmb20 - ok
20:57:13.0938 5156 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
20:57:14.0126 5156 msahci - ok
20:57:14.0188 5156 [ B29EF836368AE9873A6F8F8E021CD148 ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
20:57:14.0219 5156 MSCamSvc - ok
20:57:14.0250 5156 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:57:14.0328 5156 msdsm - ok
20:57:14.0453 5156 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
20:57:14.0640 5156 MSDTC - ok
20:57:14.0718 5156 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:57:14.0796 5156 Msfs - ok
20:57:14.0843 5156 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:57:14.0874 5156 msisadrv - ok
20:57:14.0921 5156 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:57:15.0015 5156 MSiSCSI - ok
20:57:15.0015 5156 msiserver - ok
20:57:15.0140 5156 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:57:15.0202 5156 MSKSSRV - ok
20:57:15.0358 5156 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:57:15.0452 5156 MSPCLOCK - ok
20:57:15.0561 5156 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:57:15.0717 5156 MSPQM - ok
20:57:15.0764 5156 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:57:15.0795 5156 MsRPC - ok
20:57:15.0842 5156 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:57:15.0857 5156 mssmbios - ok
20:57:15.0888 5156 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:57:15.0935 5156 MSTEE - ok
20:57:15.0966 5156 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
20:57:15.0998 5156 Mup - ok
20:57:16.0044 5156 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
20:57:16.0169 5156 napagent - ok
20:57:16.0341 5156 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:57:16.0434 5156 NativeWifiP - ok
20:57:16.0544 5156 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:57:16.0653 5156 NDIS - ok
20:57:16.0746 5156 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:57:16.0840 5156 NdisTapi - ok
20:57:16.0871 5156 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:57:17.0058 5156 Ndisuio - ok
20:57:17.0183 5156 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:57:17.0292 5156 NdisWan - ok
20:57:17.0370 5156 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:57:17.0511 5156 NDProxy - ok
20:57:18.0213 5156 [ A0101E836D2A39682E134C47B1565256 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
20:57:18.0338 5156 Nero BackItUp Scheduler 3 - ok
20:57:18.0431 5156 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:57:18.0540 5156 NetBIOS - ok
20:57:18.0603 5156 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
20:57:18.0728 5156 netbt - ok
20:57:18.0790 5156 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
20:57:18.0821 5156 Netlogon - ok
20:57:18.0993 5156 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
20:57:19.0086 5156 Netman - ok
20:57:19.0305 5156 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
20:57:19.0398 5156 netprofm - ok
20:57:19.0570 5156 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:57:19.0648 5156 NetTcpPortSharing - ok
20:57:19.0757 5156 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:57:19.0835 5156 nfrd960 - ok
20:57:19.0913 5156 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:57:19.0991 5156 NlaSvc - ok
20:57:20.0256 5156 [ 6EF0506CE1F553E9BD085645933C8686 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
20:57:20.0350 5156 NMIndexingService - ok
20:57:20.0412 5156 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:57:20.0490 5156 Npfs - ok
20:57:20.0537 5156 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
20:57:20.0600 5156 nsi - ok
20:57:20.0662 5156 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:57:20.0724 5156 nsiproxy - ok
20:57:21.0068 5156 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:57:21.0224 5156 Ntfs - ok
20:57:21.0333 5156 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
20:57:21.0458 5156 ntrigdigi - ok
20:57:21.0520 5156 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
20:57:21.0598 5156 Null - ok
20:57:21.0738 5156 [ 1657F3FBD9061526C14FF37E79306F98 ] NVENETFD C:\Windows\system32\DRIVERS\nvm60x32.sys
20:57:21.0941 5156 NVENETFD - ok
20:57:23.0361 5156 [ 9A77B1C13BCCEDDF78DFD7AFC25B4F5E ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:57:24.0094 5156 nvlddmkm - ok
20:57:24.0281 5156 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:57:24.0312 5156 nvraid - ok
20:57:24.0359 5156 [ 4A5FCAB82D9BF6AF8A023A66802FE9E9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:57:24.0422 5156 nvstor - ok
20:57:24.0484 5156 [ 31B8835B003CAA6D31BEAD83DDBF98E5 ] nvsvc C:\Windows\system32\nvvsvc.exe
20:57:24.0593 5156 nvsvc - ok
20:57:24.0968 5156 [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:57:25.0124 5156 nvUpdatusService - ok
20:57:25.0311 5156 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:57:25.0404 5156 nv_agp - ok
20:57:25.0420 5156 NwlnkFlt - ok
20:57:25.0436 5156 NwlnkFwd - ok
20:57:25.0467 5156 [ 978DB00DEBE81643F204CBC50707F30D ] O2MDRDR C:\Windows\system32\drivers\o2media.sys
20:57:25.0576 5156 O2MDRDR - ok
20:57:25.0623 5156 [ 694B4555CEC16397AA8731CE87FC1E11 ] O2SDRDR C:\Windows\system32\drivers\o2sd.sys
20:57:25.0701 5156 O2SDRDR - ok
20:57:25.0763 5156 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:57:25.0872 5156 ohci1394 - ok
20:57:25.0919 5156 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
20:57:26.0060 5156 p2pimsvc - ok
20:57:26.0091 5156 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
20:57:26.0138 5156 p2psvc - ok
20:57:26.0184 5156 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
20:57:26.0325 5156 Parport - ok
20:57:26.0372 5156 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:57:26.0434 5156 partmgr - ok
20:57:26.0512 5156 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
20:57:26.0621 5156 Parvdm - ok
20:57:26.0684 5156 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
20:57:26.0808 5156 PcaSvc - ok
20:57:26.0902 5156 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
20:57:26.0949 5156 pci - ok
20:57:26.0996 5156 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
20:57:27.0058 5156 pciide - ok
20:57:27.0105 5156 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:57:27.0198 5156 pcmcia - ok
20:57:27.0261 5156 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:57:27.0401 5156 PEAUTH - ok
20:57:27.0510 5156 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
20:57:27.0666 5156 pla - ok
20:57:27.0838 5156 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:57:27.0978 5156 PlugPlay - ok
20:57:28.0072 5156 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
20:57:28.0134 5156 PNRPAutoReg - ok
20:57:28.0197 5156 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
20:57:28.0275 5156 PNRPsvc - ok
20:57:28.0400 5156 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:57:28.0540 5156 PolicyAgent - ok
20:57:28.0587 5156 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:57:28.0665 5156 PptpMiniport - ok
20:57:28.0712 5156 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
20:57:28.0790 5156 Processor - ok
20:57:28.0836 5156 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
20:57:28.0883 5156 ProfSvc - ok
20:57:28.0899 5156 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
20:57:28.0930 5156 ProtectedStorage - ok
20:57:29.0024 5156 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
20:57:29.0117 5156 PSched - ok
20:57:29.0180 5156 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:57:29.0289 5156 ql2300 - ok
20:57:29.0320 5156 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:57:29.0382 5156 ql40xx - ok
20:57:29.0523 5156 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
20:57:29.0601 5156 QWAVE - ok
20:57:29.0679 5156 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:57:29.0788 5156 QWAVEdrv - ok
20:57:29.0819 5156 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:57:29.0897 5156 RasAcd - ok
20:57:29.0991 5156 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
20:57:30.0116 5156 RasAuto - ok
20:57:30.0194 5156 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:57:30.0303 5156 Rasl2tp - ok
20:57:30.0350 5156 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
20:57:30.0412 5156 RasMan - ok
20:57:30.0428 5156 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:57:30.0506 5156 RasPppoe - ok
20:57:30.0537 5156 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:57:30.0599 5156 RasSstp - ok
20:57:30.0615 5156 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:57:30.0662 5156 rdbss - ok
20:57:30.0693 5156 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:57:30.0755 5156 RDPCDD - ok
20:57:30.0974 5156 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
20:57:31.0114 5156 rdpdr - ok
20:57:31.0176 5156 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:57:31.0254 5156 RDPENCDD - ok
20:57:31.0364 5156 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:57:31.0488 5156 RDPWD - ok
20:57:31.0520 5156 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:57:31.0566 5156 RemoteAccess - ok
20:57:31.0598 5156 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:57:31.0644 5156 RemoteRegistry - ok
20:57:31.0707 5156 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:57:31.0754 5156 RFCOMM - ok
20:57:31.0847 5156 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
20:57:31.0863 5156 RpcLocator - ok
20:57:32.0175 5156 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
20:57:32.0237 5156 RpcSs - ok
20:57:32.0300 5156 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
20:57:32.0331 5156 SamSs - ok
20:57:32.0424 5156 [ 8FD0B55C7C800754FD83C6C270830071 ] SbFw C:\Windows\system32\drivers\SbFw.sys
20:57:32.0487 5156 SbFw - ok
20:57:32.0596 5156 [ F01B8409A11C319E3C5B9DD418676D2C ] SBFWIMCL C:\Windows\system32\DRIVERS\sbfwim.sys
20:57:32.0643 5156 SBFWIMCL - ok
20:57:32.0783 5156 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:57:32.0846 5156 sbp2port - ok
20:57:32.0892 5156 SbPF.Launcher - ok
20:57:32.0924 5156 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:57:32.0970 5156 SCardSvr - ok
20:57:33.0267 5156 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
20:57:33.0376 5156 Schedule - ok
20:57:33.0454 5156 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:57:33.0501 5156 SCPolicySvc - ok
20:57:33.0657 5156 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:57:33.0782 5156 SDRSVC - ok
20:57:33.0828 5156 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:57:33.0969 5156 secdrv - ok
20:57:34.0078 5156 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
20:57:34.0156 5156 seclogon - ok
20:57:34.0203 5156 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
20:57:34.0250 5156 SENS - ok
20:57:34.0312 5156 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
20:57:34.0452 5156 Serenum - ok
20:57:34.0562 5156 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
20:57:34.0655 5156 Serial - ok
20:57:34.0718 5156 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:57:34.0796 5156 sermouse - ok
20:57:35.0061 5156 [ 7D3903AF48E6C1DC2704EAFCB608D031 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
20:57:35.0170 5156 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
20:57:35.0170 5156 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
20:57:35.0248 5156 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
20:57:35.0295 5156 SessionEnv - ok
20:57:35.0342 5156 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:57:35.0420 5156 sffdisk - ok
20:57:35.0451 5156 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:57:35.0544 5156 sffp_mmc - ok
20:57:35.0560 5156 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:57:35.0669 5156 sffp_sd - ok
20:57:35.0685 5156 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:57:35.0794 5156 sfloppy - ok
20:57:35.0872 5156 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:57:35.0919 5156 SharedAccess - ok
20:57:35.0966 5156 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:57:36.0028 5156 ShellHWDetection - ok
20:57:36.0059 5156 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:57:36.0122 5156 sisagp - ok
20:57:36.0168 5156 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
20:57:36.0231 5156 SiSRaid2 - ok
20:57:36.0262 5156 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:57:36.0309 5156 SiSRaid4 - ok
20:57:36.0543 5156 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
20:57:36.0824 5156 slsvc - ok
20:57:36.0902 5156 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
20:57:36.0933 5156 SLUINotify - ok
20:57:37.0058 5156 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:57:37.0214 5156 Smb - ok
20:57:37.0307 5156 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:57:37.0323 5156 SNMPTRAP - ok
20:57:37.0370 5156 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
20:57:37.0385 5156 spldr - ok
20:57:37.0416 5156 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
20:57:37.0479 5156 Spooler - ok
20:57:37.0588 5156 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:57:37.0666 5156 srv - ok
20:57:37.0775 5156 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:57:37.0838 5156 srv2 - ok
20:57:37.0869 5156 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:57:37.0900 5156 srvnet - ok
20:57:37.0978 5156 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:57:38.0040 5156 SSDPSRV - ok
20:57:38.0118 5156 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
20:57:38.0228 5156 ssmdrv - ok
20:57:38.0274 5156 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:57:38.0306 5156 SstpSvc - ok
20:57:38.0384 5156 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
20:57:38.0477 5156 StillCam - ok
20:57:38.0602 5156 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
20:57:38.0696 5156 stisvc - ok
20:57:38.0758 5156 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:57:38.0836 5156 swenum - ok
20:57:39.0008 5156 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
20:57:39.0070 5156 swprv - ok
20:57:39.0117 5156 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
20:57:39.0164 5156 Symc8xx - ok
20:57:39.0195 5156 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
20:57:39.0257 5156 Sym_hi - ok
20:57:39.0288 5156 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
20:57:39.0335 5156 Sym_u3 - ok
20:57:39.0538 5156 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
20:57:39.0756 5156 SysMain - ok
20:57:39.0803 5156 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:57:39.0912 5156 TabletInputService - ok
20:57:40.0131 5156 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:57:40.0256 5156 TapiSrv - ok
20:57:40.0318 5156 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
20:57:40.0427 5156 TBS - ok
20:57:40.0848 5156 [ 078218D74C4EFC2CE7E4C6DF22A94F2F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:57:41.0004 5156 Tcpip - ok
20:57:41.0410 5156 [ 078218D74C4EFC2CE7E4C6DF22A94F2F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
20:57:41.0550 5156 Tcpip6 - ok
20:57:41.0613 5156 [ 4C11A1820DDC37FA653913AD680ACCAE ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:57:41.0706 5156 tcpipreg - ok
20:57:41.0784 5156 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:57:41.0878 5156 TDPIPE - ok
20:57:41.0987 5156 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:57:42.0096 5156 TDTCP - ok
20:57:42.0159 5156 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:57:42.0221 5156 tdx - ok
20:57:42.0252 5156 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:57:42.0299 5156 TermDD - ok
20:57:42.0502 5156 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
20:57:42.0674 5156 TermService - ok
20:57:42.0908 5156 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
20:57:42.0970 5156 Themes - ok
20:57:43.0017 5156 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
20:57:43.0079 5156 THREADORDER - ok
20:57:43.0188 5156 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
20:57:43.0266 5156 TrkWks - ok
20:57:43.0329 5156 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:57:43.0407 5156 TrustedInstaller - ok
20:57:43.0485 5156 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:57:43.0594 5156 tssecsrv - ok
20:57:43.0703 5156 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
20:57:43.0797 5156 tunmp - ok
20:57:43.0906 5156 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:57:44.0000 5156 tunnel - ok
20:57:44.0062 5156 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:57:44.0156 5156 uagp35 - ok
20:57:44.0343 5156 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:57:44.0421 5156 udfs - ok
20:57:44.0514 5156 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:57:44.0592 5156 UI0Detect - ok
20:57:44.0624 5156 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:57:44.0686 5156 uliagpkx - ok
20:57:44.0733 5156 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
20:57:44.0780 5156 uliahci - ok
20:57:44.0826 5156 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
20:57:44.0873 5156 UlSata - ok
20:57:44.0904 5156 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
20:57:44.0982 5156 ulsata2 - ok
20:57:45.0014 5156 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:57:45.0060 5156 umbus - ok
20:57:45.0170 5156 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
20:57:45.0294 5156 upnphost - ok
20:57:45.0372 5156 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:57:45.0497 5156 usbaudio - ok
20:57:45.0544 5156 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:57:45.0638 5156 usbccgp - ok
20:57:45.0684 5156 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:57:45.0825 5156 usbcir - ok
20:57:45.0934 5156 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:57:45.0996 5156 usbehci - ok
20:57:46.0106 5156 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:57:46.0230 5156 usbhub - ok
20:57:46.0262 5156 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:57:46.0308 5156 usbohci - ok
20:57:46.0355 5156 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:57:46.0418 5156 usbprint - ok
20:57:46.0480 5156 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:57:46.0589 5156 usbscan - ok
20:57:46.0667 5156 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:57:46.0792 5156 USBSTOR - ok
20:57:46.0854 5156 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:57:47.0010 5156 usbuhci - ok
20:57:47.0104 5156 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
20:57:47.0182 5156 UxSms - ok
20:57:47.0322 5156 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
20:57:47.0416 5156 vds - ok
20:57:47.0510 5156 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:57:47.0666 5156 vga - ok
20:57:47.0759 5156 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
20:57:47.0837 5156 VgaSave - ok
20:57:47.0868 5156 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:57:47.0931 5156 viaagp - ok
20:57:47.0962 5156 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
20:57:48.0056 5156 ViaC7 - ok
20:57:48.0087 5156 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
20:57:48.0118 5156 viaide - ok
20:57:48.0165 5156 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:57:48.0227 5156 volmgr - ok
20:57:48.0321 5156 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:57:48.0368 5156 volmgrx - ok
20:57:48.0570 5156 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:57:48.0680 5156 volsnap - ok
20:57:48.0742 5156 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:57:48.0820 5156 vsmraid - ok
20:57:48.0960 5156 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
20:57:49.0163 5156 VSS - ok
20:57:49.0538 5156 [ 579043E803FA388F6B3EB2C275CEA542 ] VX1000 C:\Windows\system32\DRIVERS\VX1000.sys
20:57:49.0772 5156 VX1000 - ok
20:57:49.0818 5156 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
20:57:49.0865 5156 W32Time - ok
20:57:49.0912 5156 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:57:50.0052 5156 WacomPen - ok
20:57:50.0146 5156 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
20:57:50.0224 5156 Wanarp - ok
20:57:50.0240 5156 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:57:50.0302 5156 Wanarpv6 - ok
20:57:50.0442 5156 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\Windows\system32\DRIVERS\wanatw4.sys
20:57:50.0505 5156 wanatw - ok
20:57:50.0801 5156 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:57:50.0848 5156 wcncsvc - ok
20:57:50.0926 5156 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:57:50.0988 5156 WcsPlugInService - ok
20:57:51.0129 5156 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
20:57:51.0176 5156 Wd - ok
20:57:51.0316 5156 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:57:51.0394 5156 Wdf01000 - ok
20:57:51.0550 5156 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:57:51.0597 5156 WdiServiceHost - ok
20:57:51.0690 5156 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:57:51.0722 5156 WdiSystemHost - ok
20:57:51.0846 5156 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
20:57:51.0909 5156 WebClient - ok
20:57:51.0956 5156 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:57:52.0018 5156 Wecsvc - ok
20:57:52.0049 5156 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:57:52.0112 5156 wercplsupport - ok
20:57:52.0158 5156 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
20:57:52.0221 5156 WerSvc - ok
20:57:52.0377 5156 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:57:52.0424 5156 WinDefend - ok
20:57:52.0439 5156 WinHttpAutoProxySvc - ok
20:57:52.0626 5156 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:57:52.0736 5156 Winmgmt - ok
20:57:52.0829 5156 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
20:57:53.0001 5156 WinRM - ok
20:57:53.0453 5156 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:57:53.0578 5156 Wlansvc - ok
20:57:53.0656 5156 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:57:53.0859 5156 WmiAcpi - ok
20:57:54.0140 5156 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:57:54.0186 5156 wmiApSrv - ok
20:57:54.0717 5156 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:57:54.0920 5156 WMPNetworkSvc - ok
20:57:55.0091 5156 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:57:55.0310 5156 WPCSvc - ok
20:57:55.0388 5156 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:57:55.0450 5156 WPDBusEnum - ok
20:57:55.0512 5156 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
20:57:55.0637 5156 WpdUsb - ok
20:57:55.0934 5156 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:57:56.0043 5156 WPFFontCache_v0400 - ok
20:57:56.0136 5156 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:57:56.0214 5156 ws2ifsl - ok
20:57:56.0261 5156 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
20:57:56.0308 5156 wscsvc - ok
20:57:56.0308 5156 WSearch - ok
20:57:56.0604 5156 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
20:57:56.0807 5156 wuauserv - ok
20:57:56.0870 5156 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:57:56.0901 5156 WudfPf - ok
20:57:56.0916 5156 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:57:56.0932 5156 WUDFRd - ok
20:57:56.0979 5156 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:57:57.0026 5156 wudfsvc - ok
20:57:57.0041 5156 ================ Scan global ===============================
20:57:57.0119 5156 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
20:57:57.0338 5156 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
20:57:57.0369 5156 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
20:57:57.0587 5156 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
20:57:57.0634 5156 [Global] - ok
20:57:57.0634 5156 ================ Scan MBR ==================================
20:57:57.0743 5156 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
20:57:59.0600 5156 \Device\Harddisk0\DR0 - ok
20:57:59.0600 5156 ================ Scan VBR ==================================
20:57:59.0678 5156 [ 53889F71107F1E55FB3326BE215D9115 ] \Device\Harddisk0\DR0\Partition1
20:57:59.0849 5156 \Device\Harddisk0\DR0\Partition1 - ok
20:57:59.0896 5156 [ B31D35F2B1C85C389BF86D6108AB7280 ] \Device\Harddisk0\DR0\Partition2
20:57:59.0912 5156 \Device\Harddisk0\DR0\Partition2 - ok
20:57:59.0912 5156 ============================================================
20:57:59.0912 5156 Scan finished
20:57:59.0912 5156 ============================================================
20:57:59.0943 3276 Detected object count: 6
20:57:59.0943 3276 Actual detected object count: 6
20:58:12.0267 3276 BlueletAudio ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:12.0267 3276 BlueletAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:58:12.0282 3276 BT ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:12.0282 3276 BT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:58:12.0282 3276 Btcsrusb ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:12.0282 3276 Btcsrusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:58:12.0298 3276 BTHidMgr ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:12.0298 3276 BTHidMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:58:12.0298 3276 cpConMgr ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:12.0298 3276 cpConMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:58:12.0298 3276 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:12.0298 3276 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:58:18.0569 6112 Deinitialize success

Alt 18.06.2013, 11:54   #12
markusg
/// Malware-holic
 
ihavenet Virus - Standard

ihavenet Virus



kein Ding, kann aber sein, dass wir nicht ganz fertig werden bzw du ein wenig Geduld haben musst, da ich ab übermorgen für ne Woche im Urlaub bin.
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu ihavenet Virus
antivirus, avira, browser, chrome, compu, computer, falsche, falsche seite, falsche seiten, falschen, gelöscht, gen, google, google chrome, ihavenet, ihavenet virus, leute, programm, seite, seiten, virus, werbungen, woche, wochen




Ähnliche Themen: ihavenet Virus


  1. Ihavenet - Virus
    Log-Analyse und Auswertung - 17.11.2013 (6)
  2. ihavenet virus
    Log-Analyse und Auswertung - 09.10.2013 (28)
  3. ihavenet-Virus
    Plagegeister aller Art und deren Bekämpfung - 09.10.2013 (11)
  4. 2x | Ihavenet - Virus
    Mülltonne - 30.09.2013 (1)
  5. IHAVENET-virus??
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (12)
  6. Ihavenet.com Virus
    Plagegeister aller Art und deren Bekämpfung - 28.02.2013 (30)
  7. Ihavenet Virus
    Plagegeister aller Art und deren Bekämpfung - 12.12.2012 (13)
  8. ihavenet virus
    Plagegeister aller Art und deren Bekämpfung - 06.12.2012 (3)
  9. ihavenet Virus
    Log-Analyse und Auswertung - 01.12.2012 (13)
  10. Ihavenet.com Browser Hijacker- bei Googlesuche öffnen sich andere Seiten (Weiterleitung über Ihavenet.com)
    Log-Analyse und Auswertung - 21.11.2012 (13)
  11. Ihavenet.com - Virus
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (9)
  12. ihavenet - Virus
    Log-Analyse und Auswertung - 03.11.2012 (20)
  13. ihavenet.com virus auf dem PC
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (5)
  14. ihavenet virus
    Log-Analyse und Auswertung - 07.10.2012 (1)
  15. ihavenet- virus
    Plagegeister aller Art und deren Bekämpfung - 17.09.2012 (13)
  16. Ihavenet.com Virus
    Log-Analyse und Auswertung - 13.09.2012 (12)
  17. ihavenet-virus.. help
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (3)

Zum Thema ihavenet Virus - Hallo Leute, ich habe seit 2 Wochen Ihavenet-Virus. Obwohl mein Antivirus Programm "Avira" den Computer &Browser für sicher stellt, werde ich immer von Google auf falsche Seiten umgeleitet. Oft sind - ihavenet Virus...
Archiv
Du betrachtest: ihavenet Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.