Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Umleitung auf rocketnews und Deaktivierung Windows Sicherheitsdienst (https://www.trojaner-board.de/116149-umleitung-rocketnews-deaktivierung-windows-sicherheitsdienst.html)

Ina Neu 01.06.2012 10:06
Umleitung auf rocketnews und Deaktivierung Windows Sicherheitsdienst
 
Hallo Trojaner-Board,

ich benutze Firefox und werden seit ein paar Tagen bei Anklicken von Google-Suchergebnissen auf eine Seite rocketnews geleitet. Der Browser-Bildschirm bleibt dabei weiß, also keine Werbung usw.

Der Windows-Sicherheitsdienst ist deaktiviert und lässt sich nicht mehr aktivieren.

Avira-Suche erfolglos.

Hier meine Logfiles:

DDS-Editor

Zitat:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_31
Run by Ingrid at 10:54:02 on 2012-06-01
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.2047.908 [GMT 2:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ASUSTPE.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Klebezettel NG\klebez.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\lxczcoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\StkCSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ASUSTPE.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Klebezettel NG\klebez.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://mystart.incredimail.com/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.asus.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [CollaborationHost] c:\windows\system32\p2phost.exe -s
uRun: [IncrediMail Tray Application] c:\program files\incredimail\bin\IncMail.exe
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [Klebezettel NG] "c:\program files\klebezettel ng\klebez.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ASUSTPE] c:\windows\system32\ASUSTPE.exe
mRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{7FEB022C-329B-4818-80F5-3C12025FA45F} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{BDDF7634-F7EE-4F12-9699-B4660EC09607} : DhcpNameServer = 192.168.178.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ingrid\appdata\roaming\mozilla\firefox\profiles\00airb4s.default\
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - component: c:\users\ingrid\appdata\roaming\mozilla\firefox\profiles\00airb4s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\ingrid\appdata\roaming\mozilla\firefox\profiles\00airb4s.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
============= SERVICES / DRIVERS ===============
.
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2011-10-11 112032]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-11 36000]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AntiVirFirewallService;Avira FireWall;c:\program files\avira\antivir desktop\avfwsvc.exe [2011-10-11 619472]
R2 AntiVirMailService;Avira Email Schutz;c:\program files\avira\antivir desktop\avmailc.exe [2011-10-11 375760]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2011-10-11 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2011-10-11 110032]
R2 AntiVirWebService;Avira Browser Schutz;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-10-11 465360]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-11 83392]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [2008-2-20 24576]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2011-10-11 91968]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [2008-2-20 1324544]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 257696]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 129976]
.
=============== Created Last 30 ================
.
2012-05-29 16:55:53 200704 --sha-r- c:\windows\system32\msaatextk.dll
2012-05-29 14:45:21 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6181cbe2-c62d-4a7b-87e2-310f8b7e4583}\mpengine.dll
2012-05-02 10:42:24 -------- d-----w- c:\users\ingrid\appdata\roaming\KlebezettelNG
2012-05-02 10:41:32 -------- d-----w- c:\program files\Klebezettel NG
.
==================== Find3M ====================
.
2012-06-01 08:07:44 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-05-14 15:12:47 91968 ----a-w- c:\windows\system32\drivers\avfwim.sys
2012-05-14 15:12:47 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-14 15:12:47 112032 ----a-w- c:\windows\system32\drivers\avfwot.sys
2012-05-06 06:45:29 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 06:45:29 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-07 07:42:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-14 16:23:42 54784 ----a-w- c:\windows\system32\pdfcmon.dll
.
============= FINISH: 10:54:43,34 ===============
Attach-Editor:

Zitat:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 20.02.2008 03:12:40
System Uptime: 01.06.2012 08:55:43 (2 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | F5VL
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | CPU 1 | 996/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 32,956 GiB free.
D: is FIXED (NTFS) - 68 GiB total, 11,359 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}
Description: ATI Mobility Radeon X2300
Device ID: PCI\VEN_1002&DEV_718A&SUBSYS_14491043&REV_00\4&107F648&0&0008
Manufacturer: ATI Technologies Inc.
Name: ATI Mobility Radeon X2300
PNP Device ID: PCI\VEN_1002&DEV_718A&SUBSYS_14491043&REV_00\4&107F648&0&0008
Service: atikmdag
.
==== System Restore Points ===================
.
RP1283: 19.05.2012 10:00:09 - Windows-Sicherung
RP1284: 22.05.2012 18:42:10 - Windows Update
RP1285: 23.05.2012 19:17:03 - Geplanter Prüfpunkt
RP1286: 24.05.2012 17:07:15 - Geplanter Prüfpunkt
RP1287: 25.05.2012 16:20:02 - Windows Update
RP1288: 26.05.2012 10:00:11 - Windows-Sicherung
RP1289: 28.05.2012 09:57:09 - Geplanter Prüfpunkt
RP1290: 29.05.2012 16:43:56 - Windows Update
.
==== Installed Programs ======================
.
abramania mahjongg freeware 1.0
ACSynchro
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3) - Deutsch
Amazon MP3-Downloader 1.0.9
ASUS InstantFun
ASUS Live Update
ASUS Splendid Video Enhancement Technology
ASUS Touch Pad Extra
Asus_Camera_ScreenSaver
Atheros Driver Installation Program
ATI Uninstaller
ATK Hotkey
ATK Media
ATKOSD2
Avira Internet Security 2012
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
Catan - Städte und Ritter
ccc-Branding
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Compatibility Pack für 2007 Office System
ElsterFormular
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IncrediMail
IncrediMail 2.0
Interaktive Sprachreise - English Sprachkurs 1
Java Auto Updater
Java(TM) 6 Update 31
Klebezettel NG (Version 2.9.12)
Lexmark 1200 Series
LifeFrame2
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2000 Premium
Microsoft Office Word Viewer 2003
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 12.0 (x86 de)
Mozilla Maintenance Service
MSVC80_x86_v2
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NB Probe
Nero 7 Essentials
neroxml
Nokia Connectivity Cable Driver
PC Connectivity Solution
PDFCreator
PhotoMail Maker
Power4Gear eXtreme
PowerForPhone
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Task Manager 1.8d
Security Update for CAPICOM (KB931906)
Skins
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
USB2.0 1.3M WebCam
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live installer
WinFlash
Wireless Console 2
XnView 1.97.8
.
==== End Of File ===========================
Ich war mit einer solchen Problematik noch nie befasst und hoffe auf Hilfe.

Herzlich Dank dafür schon mal im voraus.:)

cosinus 03.06.2012 14:18
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Ina Neu 03.06.2012 23:39
Hallo Cosinus,

danke, dass Du mir hilfst. Ich hoffe, ich habe Deine Anweisungen richtig ausgeführt.

mbam-log:

Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.03.03

Windows Vista x86 NTFS
Internet Explorer 8.0.6001.18904
Ingrid :: INGRID-PC [Administrator]

03.06.2012 15:45:57
mbam-log-2012-06-03 (15-45-57).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 341808
Laufzeit: 2 Stunde(n), 2 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
eset-log:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=fcd99d5f77969345b174313900d28349
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-03 10:27:55
# local_time=2012-06-04 12:27:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=1792 16777175 100 0 20396042 20396042 0 0
# compatibility_mode=5892 16776574 100 100 437487 176272937 0 0
# compatibility_mode=8192 67108863 100 0 169 169 0 0
# scanned=254086
# found=12
# cleaned=0
# scan_time=22266
C:\Users\Ingrid_2\Downloads\SoftonicDownloader_fuer_die-siedler-ii-die-nachste-generation.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
C:\Windows\Temp\9978c1.exe        Win32/PSW.Delf.OBN trojan (unable to clean)        00000000000000000000000000000000        I
G:\$RECYCLE.BIN\S-1-5-21-845330391-596446110-4024825672-1000\$R59O5J9\Downloads\SoftonicDownloader_fuer_die-siedler-ii-die-nachste-generation.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
G:\$RECYCLE.BIN\S-1-5-21-845330391-596446110-4024825672-1001\$R45R5IS\SoftonicDownloader_fuer_die-siedler-ii-die-nachste-generation.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
G:\$RECYCLE.BIN\S-1-5-21-845330391-596446110-4024825672-1001\$R7HMZF3\SoftonicDownloader_fuer_die-siedler-ii-die-nachste-generation.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
G:\$RECYCLE.BIN\S-1-5-21-845330391-596446110-4024825672-1001\$RYYG7R7\PDFCreator-1_2_3_setup.exe        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
G:\$RECYCLE.BIN\S-1-5-21-845330391-596446110-4024825672-1001\$RYYG7R7\SoftonicDownloader_fuer_die-siedler-ii-die-nachste-generation.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
G:\_C\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
G:\_C\Users\Ingrid_2\Downloads\PDFCreator-1_2_3_setup.exe        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
G:\_C\Users\Ingrid_2\Downloads\SoftonicDownloader_fuer_die-siedler-ii-die-nachste-generation.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
G:\_C\_C\Users\Ingrid_2\Downloads\PDFCreator-1_2_3_setup.exe        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
G:\_C\_C\Users\Ingrid_2\Downloads\SoftonicDownloader_fuer_die-siedler-ii-die-nachste-generation.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
Danke für weitere Hilfe !!!

cosinus 04.06.2012 10:45
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.


Zitat:
C:\Users\Ingrid_2\Downloads\SoftonicDownloader_fuer_die-siedler-ii-die-nachste-generation.exe
Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Ina Neu 04.06.2012 11:09
Hi Arne,

malware hatte ich kurz scannen lassen. War mir aber dann unsicher, ob ich alles richtig gemacht hatte und habe nach ein paar Minuten den Suchlauf abgebrochen und wieder neu gestartet. Ich finde auch auf malwarebytes keine weiteren Berichte.

Habe das Spiel "Siedler von Catan" direkt über den Hersteller gekauft! Wie bekomme ich Softonic denn vom Rechner? :wtf:

Gruß - Ina

cosinus 04.06.2012 16:00
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Ina Neu 04.06.2012 16:53
Windows funktioniert. Keine Probleme ausser den geschilderten festgestellt.

Ein Ordner "Autostart" ist leer. Sonst kann ich nichts feststellen.

cosinus 04.06.2012 20:21
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Ina Neu 04.06.2012 21:17
OTL-Txt

Code:
OTL logfile created on: 04.06.2012 21:39:50 - Run 1
OTL by OldTimer - Version 3.2.46.0    Folder = C:\Users\Ingrid_2\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,52% Memory free
4,21 Gb Paging File | 3,34 Gb Available in Paging File | 79,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 33,31 Gb Free Space | 44,69% Space Free | Partition Type: NTFS
Drive D: | 67,69 Gb Total Space | 10,87 Gb Free Space | 16,06% Space Free | Partition Type: NTFS
 
Computer Name: INGRID-PC | User Name: Ingrid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.04 21:35:08 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ingrid_2\Desktop\OTL.exe
PRC - [2012.05.14 17:12:44 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.14 17:12:37 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.05.14 17:12:36 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2012.05.14 17:12:36 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.05.14 17:12:36 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.14 17:12:36 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.14 17:12:36 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.06 13:01:46 | 004,433,408 | ---- | M] (Hollie-Soft) -- C:\Program Files\Klebezettel NG\klebez.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.10.27 16:48:00 | 000,353,736 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
PRC - [2010.10.27 16:47:59 | 000,255,432 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
PRC - [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.06.07 21:44:56 | 000,176,128 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.04.19 21:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007.04.19 16:43:42 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxczcoms.exe
PRC - [2007.04.17 23:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.02.15 11:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.02.06 04:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.18 06:41:34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.01.18 05:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2006.12.29 02:17:50 | 000,123,248 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2006.12.21 09:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006.12.19 03:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006.12.13 01:06:42 | 000,106,496 | ---- | M] (ASUS) -- C:\Windows\System32\ASUSTPE.exe
PRC - [2006.12.10 18:31:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkCSrv.exe
PRC - [2005.07.07 01:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.10.27 16:48:03 | 000,071,112 | ---- | M] () -- C:\Program Files\IncrediMail\bin\wlessfp1.dll
MOD - [2010.10.27 16:48:01 | 000,251,336 | ---- | M] () -- C:\Program Files\IncrediMail\bin\ImLookExU.dll
MOD - [2010.10.17 18:09:32 | 000,079,224 | ---- | M] () -- C:\Program Files\IncrediMail\bin\pmc.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.14 17:12:44 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.14 17:12:37 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.14 17:12:36 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012.05.14 17:12:36 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.14 17:12:36 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.06 08:45:30 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.12.08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.08.15 23:47:58 | 000,361,216 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.06.20 03:17:50 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2007.04.19 16:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxczcoms.exe -- (lxcz_device)
SRV - [2007.02.06 04:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006.12.29 02:17:50 | 000,123,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2006.12.10 18:31:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkCSrv.exe -- (StkSSrv)
SRV - [2006.11.02 14:35:32 | 000,051,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2006.11.02 14:35:09 | 000,052,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2006.11.02 14:34:46 | 000,287,744 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\SearchIndexer.exe -- (WSearch)
SRV - [2006.11.02 14:34:32 | 000,263,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2006.11.02 11:46:05 | 000,065,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\atikmdag.sys -- (atikmdag)
DRV - [2012.05.14 17:12:47 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.14 17:12:47 | 000,112,032 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2012.05.14 17:12:47 | 000,091,968 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2012.05.14 17:12:47 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.02.05 15:03:37 | 001,214,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011.10.11 16:33:12 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.10.11 16:33:12 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.02.23 12:04:39 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2007.01.24 12:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007.01.23 05:01:00 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007.01.19 17:19:12 | 001,324,544 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini)
DRV - [2006.12.28 10:17:18 | 000,018,688 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2006.12.14 09:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2006.11.02 11:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,080,488 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 11:50:16 | 000,078,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)
DRV - [2006.11.02 11:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 11:49:49 | 000,027,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp)
DRV - [2006.11.02 11:49:44 | 000,023,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci)
DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 11:49:26 | 000,015,464 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2006.11.02 11:49:24 | 000,014,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\intelide.sys -- (intelide)
DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 11:03:00 | 000,242,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2006.11.02 10:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006.11.02 10:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2006.11.02 10:55:16 | 000,062,080 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2006.11.02 10:55:11 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2006.11.02 10:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006.11.02 10:55:08 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass)
DRV - [2006.11.02 10:55:05 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2006.11.02 10:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr)
DRV - [2006.11.02 10:55:01 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidusb.sys -- (HidUsb)
DRV - [2006.11.02 10:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006.11.02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006.11.02 10:51:38 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2006.11.02 10:51:33 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2006.11.02 10:51:32 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2006.11.02 10:51:30 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\parport.sys -- (Parport)
DRV - [2006.11.02 10:51:12 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mouhid.sys -- (mouhid)
DRV - [2006.11.02 10:51:12 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2006.11.02 10:42:03 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2006.11.02 10:35:12 | 000,082,432 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus)
DRV - [2006.11.02 10:35:03 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2006.11.02 10:30:57 | 000,225,280 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2006.11.02 10:30:19 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2006.11.02 10:30:18 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2006.11.02 10:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe)
DRV - [2006.11.02 10:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7)
DRV - [2006.11.02 10:30:18 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.10.14 05:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.10.07 00:59:06 | 000,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com/
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBF
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1001\..\SearchScopes,DefaultScope = {F9981949-4D0B-429A-B5D5-7D0B6B457271}
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1001\..\SearchScopes\{F9981949-4D0B-429A-B5D5-7D0B6B457271}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GGLD_de
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.27 12:57:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.11 17:14:22 | 000,000,000 | ---D | M]
 
[2010.07.01 10:13:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ingrid\AppData\Roaming\mozilla\Extensions
[2012.06.04 00:09:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions
[2010.08.13 17:44:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.04.29 09:31:55 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2012.06.04 00:09:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\staged
[2012.04.27 12:57:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.07 09:42:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-845330391-596446110-4024825672-1000..\Run: [CollaborationHost] C:\Windows\System32\p2phost.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-845330391-596446110-4024825672-1000..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-845330391-596446110-4024825672-1000..\Run: [IncrediMail Tray Application] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-845330391-596446110-4024825672-1000..\Run: [Klebezettel NG] C:\Program Files\Klebezettel NG\klebez.exe (Hollie-Soft)
O4 - HKU\S-1-5-21-845330391-596446110-4024825672-1001..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-845330391-596446110-4024825672-1001..\Run: [Klebezettel NG] C:\Program Files\Klebezettel NG\klebez.exe (Hollie-Soft)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FEB022C-329B-4818-80F5-3C12025FA45F}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDDF7634-F7EE-4F12-9699-B4660EC09607}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\ASUS\wallpapers\ASUS.jpg
O24 - Desktop BackupWallPaper: C:\Windows\ASUS\wallpapers\ASUS.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ASUS Camera ScreenSaver - hkey= - key= - C:\Windows\ASScrProlog.exe ()
MsConfig - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\ASScrPro.exe ()
MsConfig - StartUpReg: ATKMEDIA - hkey= - key= - C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: FlashPlayerUpdate - hkey= - key= -  File not found
MsConfig - StartUpReg: lxczbmgr.exe - hkey= - key= - C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player 9 ActiveX
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: wave1 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.03 18:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.03 15:36:03 | 000,000,000 | ---D | C] -- C:\Users\Ingrid\AppData\Roaming\Malwarebytes
[2012.06.03 15:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.03 15:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.03 15:35:37 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.03 15:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.04 21:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.04 21:24:16 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.04 21:24:16 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.04 17:24:29 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2012.06.04 17:24:18 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Bktmmbxmea.job
[2012.06.04 17:24:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.04 15:49:40 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.06.04 12:38:50 | 000,000,680 | ---- | M] () -- C:\Users\Ingrid\AppData\Local\d3d9caps.dat
[2012.06.04 12:37:31 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ECD24ADB-9D77-428F-9399-7DBC00BB9DED}.job
[2012.06.03 18:03:56 | 000,640,596 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.03 18:03:56 | 000,609,730 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.03 18:03:56 | 000,116,328 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.03 18:03:56 | 000,103,512 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.03 15:44:44 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.29 18:55:53 | 000,200,704 | RHS- | M] () -- C:\Windows\System32\msaatextk.dll
[2012.05.25 17:04:47 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.14 17:12:47 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.14 17:12:47 | 000,112,032 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys
[2012.05.14 17:12:47 | 000,091,968 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys
[2012.05.14 17:12:47 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.03 15:35:39 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.29 18:55:53 | 000,200,704 | RHS- | C] () -- C:\Windows\System32\msaatextk.dll
[2012.05.29 18:55:53 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\Bktmmbxmea.job
 
========== LOP Check ==========
 
[2012.04.02 14:40:45 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\elsterformular
[2011.03.27 18:17:20 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\IrfanView
[2012.05.02 13:22:45 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\KlebezettelNG
[2011.04.01 12:26:40 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\Nokia
[2011.07.30 13:22:25 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\PC Suite
[2012.04.02 09:12:08 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\pdfforge
[2008.07.05 14:59:08 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\PeerNetworking
[2011.01.15 02:23:34 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\TuneUp Software
[2008.04.06 16:05:12 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\WEB.DE
[2012.04.02 14:42:20 | 000,000,000 | ---D | M] -- C:\Users\Ingrid_2\AppData\Roaming\elsterformular
[2011.09.22 22:54:34 | 000,000,000 | ---D | M] -- C:\Users\Ingrid_2\AppData\Roaming\FreeDoko
[2011.03.18 13:59:26 | 000,000,000 | ---D | M] -- C:\Users\Ingrid_2\AppData\Roaming\IrfanView
[2012.05.05 09:29:03 | 000,000,000 | ---D | M] -- C:\Users\Ingrid_2\AppData\Roaming\KlebezettelNG
[2011.04.01 12:26:19 | 000,000,000 | ---D | M] -- C:\Users\Ingrid_2\AppData\Roaming\PC Suite
[2012.06.01 22:24:41 | 000,000,000 | ---D | M] -- C:\Users\Ingrid_2\AppData\Roaming\QuickScan
[2011.01.15 02:30:48 | 000,000,000 | ---D | M] -- C:\Users\Ingrid_2\AppData\Roaming\TuneUp Software
[2012.01.13 15:54:38 | 000,000,000 | ---D | M] -- C:\Users\Ingrid_2\AppData\Roaming\XnView
[2012.06.04 17:24:18 | 000,000,312 | ---- | M] () -- C:\Windows\Tasks\Bktmmbxmea.job
[2012.06.04 15:49:43 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.06.04 12:37:31 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{ECD24ADB-9D77-428F-9399-7DBC00BB9DED}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.08.27 18:57:05 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\Adobe
[2008.02.23 15:41:58 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\Ahead
[2009.06.05 18:10:11 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\Apple Computer
[2008.07.05 14:43:53 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\ATI
[2012.01.17 22:35:22 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\Avira
[2012.04.02 14:40:45 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\elsterformular
[2008.02.23 01:04:30 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\Google
[2008.02.20 17:45:50 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\Identities
[2011.03.27 18:17:20 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\IrfanView
[2012.05.02 13:22:45 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\KlebezettelNG
[2008.02.20 17:46:56 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\Macromedia
[2012.06.03 15:36:03 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\Media Center Programs
[2011.08.27 18:57:05 | 000,000,000 | --SD | M] -- C:\Users\Ingrid\AppData\Roaming\Microsoft
[2008.02.23 12:44:33 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\Microsoft Web Folders
[2010.07.01 10:13:21 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\Mozilla
[2011.04.01 12:26:40 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\Nokia
[2011.07.30 13:22:25 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\PC Suite
[2012.04.02 09:12:08 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\pdfforge
[2008.07.05 14:59:08 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\PeerNetworking
[2011.01.15 02:23:34 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\TuneUp Software
[2008.04.06 16:05:12 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\WEB.DE
[2011.06.11 23:11:09 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\WinRAR
[2009.07.23 09:41:23 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\drivers\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.02.23 11:52:03 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2008.02.23 11:52:02 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.02.23 11:52:02 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\System32\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2012.05.29 18:55:53 | 000,200,704 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\system32\msaatextk.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:798A3728

< End of report >
Extras.Txt

Code:
OTL Extras logfile created on: 04.06.2012 21:39:50 - Run 1
OTL by OldTimer - Version 3.2.46.0    Folder = C:\Users\Ingrid_2\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,52% Memory free
4,21 Gb Paging File | 3,34 Gb Available in Paging File | 79,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 33,31 Gb Free Space | 44,69% Space Free | Partition Type: NTFS
Drive D: | 67,69 Gb Total Space | 10,87 Gb Free Space | 16,06% Space Free | Partition Type: NTFS
 
Computer Name: INGRID-PC | User Name: Ingrid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-845330391-596446110-4024825672-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-845330391-596446110-4024825672-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08970447-B4F5-46A2-94FF-B0FA4CE68E0E}" = lport=445 | protocol=6 | dir=in | app=system |
"{09B5BCBF-06AA-4358-88DD-477C2A526E2C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1C15B6DE-4287-4E54-80E0-E7B21BAB15C9}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{221474D5-5900-4437-8418-37107C53E09B}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{23237A96-FD5F-42A1-A703-6EA9C1FEF93A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{24682132-1956-4AF1-8B2D-55F7F23789B8}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{24877949-8CDD-4C83-A14F-CF12A54E4B97}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32DDEA68-EF31-499C-9028-9E1A3E34A1F9}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{3494B169-16DA-4ECF-BE33-5FF1F2C8E89D}" = lport=138 | protocol=17 | dir=in | app=system |
"{3B0C4EBD-2157-412B-BD9C-1CEE6F51EBDF}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4DC68ECE-2971-4F21-94B1-01C1DE7BE192}" = lport=137 | protocol=17 | dir=in | app=system |
"{52FAC40A-6653-461F-B307-B45FD021AA28}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{724CFB75-F585-4808-AA23-3466311F089C}" = rport=445 | protocol=6 | dir=out | app=system |
"{77F2255B-CE70-40E1-9FF5-EFF769582E95}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{837800C1-4135-4C5D-85FC-5F9D2A564DB7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8597AFED-81CC-494F-A786-218EBEDABC90}" = rport=10243 | protocol=6 | dir=out | app=system |
"{859CF67F-E39A-428A-8FB6-472EDFE9E8ED}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{85ED855A-CDEC-477F-BC94-9AE5BBA250A1}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{962689DE-7DAF-430E-808A-BF764DA80FB9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1010A03-3CC5-4286-8E44-338AC01E25D7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BCCF7FF4-D4C3-41BD-A498-A36C855F8D03}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C3246888-6F0D-4B08-8112-026F1034B68C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CD46F886-EB00-4F68-A0A6-6D9471E3A060}" = rport=137 | protocol=17 | dir=out | app=system |
"{D0F70F99-8731-4A0E-B5CC-68DB17CC3D83}" = lport=139 | protocol=6 | dir=in | app=system |
"{DC19C32C-F216-4B18-90D3-593A017276FB}" = rport=138 | protocol=17 | dir=out | app=system |
"{E4528AD6-1D35-47DB-A441-3D15BC3FDD6A}" = rport=2869 | protocol=6 | dir=out | app=system |
"{F3AA887E-F2B2-493B-802C-C5673BFE24CC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F82A8173-1E25-4B30-9820-00131AD1D49B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FC421976-E6E7-4BD1-A249-390BC59D5A82}" = rport=139 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003EAB28-92A2-44F8-A9A1-86963E482BBB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{02216D47-704F-4C64-BB1F-72B47C33B0AC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0CD94801-68E2-4DFB-BEB0-97907162BC92}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\imapp.exe |
"{2A868F3B-CBD6-4920-910B-EB479DF61873}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2E840FF5-CFAD-416B-B9D5-77093D8103BB}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe |
"{40523510-886B-4F15-957D-143B214DBF08}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{422EFB73-C6E9-4A4D-A3A7-C038BCAC13A9}" = protocol=6 | dir=in | app=c:\users\ingrid_2\appdata\local\temp\iminstaller\incredimail_installer.exe |
"{44BE1FA1-CEB4-4335-BA04-42E93091A4BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{485E03DE-D6A2-4C13-B207-14FB7C90A707}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{4F231829-999E-4025-912A-C66A45ED958D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4FC2FB74-B527-4E65-A6A6-7996ABC5723F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{57038670-8399-4C70-8A82-8A83D05B6D85}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{596437D1-452F-4889-B939-F06BB711DAE6}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe |
"{623B0617-2B99-4920-90BD-2BE63222F900}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6C9E6CF9-63D4-42C2-9593-00C86678EE7D}" = protocol=6 | dir=out | app=system |
"{7831578A-421A-4C2B-8F8D-25BFB3656593}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\incmail.exe |
"{7CE7A2C4-2B23-449E-BD27-B057434FBE55}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{83E39432-0031-4067-B088-6399CE322378}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{890702A3-3C1D-4610-AD2E-0998F486EDD0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8B4D3648-F3C4-4D46-B3FD-645447C836D5}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{905FE97B-574C-4388-B62B-32ED95B16A4C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{912844C2-E234-4C46-B575-DA1EC77F4433}" = protocol=17 | dir=in | app=c:\users\ingrid_2\appdata\local\temp\iminstaller\incredimail_installer.exe |
"{9A1D2740-268C-4155-8FF2-EB0F12F4F121}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A076B3B6-6288-44B0-A6FD-A588BDC17C6A}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\impcnt.exe |
"{A8367209-0EBE-4BA8-8292-8F8D81856A15}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A852B0FB-F7AC-4CB0-A787-1CC41164628D}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\imapp.exe |
"{A920EC5E-B9D4-48EF-80AB-3BA778B9A2BF}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{AFB12964-56D1-4CFA-A8D9-8515F07237EF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BA8F1DE1-313B-499F-A72D-07417789365D}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{BD143932-6955-4479-B47F-67C1A74AEFF9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C6ABBED0-5C31-40B0-A93E-3F7CB10E5407}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\incmail.exe |
"{C9E581A1-3613-4FCB-8AC3-705689639493}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\impcnt.exe |
"{DEFC455C-5902-476D-B990-15559A7BA6E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E68FD722-BB27-4F0B-B486-6F7BD4796D22}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EEF35270-C79A-4139-A42F-10B1BD704466}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{FA2F827A-630D-4251-8271-25BDFE7848A6}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{FD0DBB45-C889-4472-AC73-E7A6A375E34A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04F707AE-1AFD-FCB3-15FB-678EB18E5276}" = Catalyst Control Center Graphics Light
"{0B75F2BE-EA34-C35E-795B-14B6AD05EF33}" = CCC Help English
"{0C352FE8-D3C7-5679-3916-94B703AE2568}" = Catalyst Control Center Localization Portuguese
"{0CEF967E-5776-AAB4-24B7-B77B1CFD1F1B}" = ccc-utility
"{12127C0A-4364-AF17-890A-161497C7C445}" = CCC Help Polish
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{1F1D117B-2819-5686-F837-6F573CD98D1B}" = Catalyst Control Center Localization Thai
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26DBD556-77EA-04E4-ED34-9C341ECBCD10}" = Catalyst Control Center Localization Turkish
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2DE63F00-FDAA-54A5-CB0D-14CE878A6BEB}" = Catalyst Control Center Localization Czech
"{34B92C91-1B7F-CA25-A565-D7B93050A7E5}" = Catalyst Control Center Localization Spanish
"{363AA734-FEDD-B361-AC59-99F8F323881A}" = CCC Help Norwegian
"{36CEB090-7231-0532-59A3-3D5CD5EBB689}" = Catalyst Control Center Graphics Previews Vista
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3E46600E-8E92-AE52-F505-2552A0EA1697}" = CCC Help Danish
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4385133D-4A33-2565-7B46-80A89EA0E888}" = Catalyst Control Center Localization Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F81901F-3655-4340-8227-F687F69A3C79}}_is1" = Klebezettel NG (Version 2.9.12)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{61F128C7-59EB-98EA-FE59-2BE6332DF04B}" = CCC Help Chinese Traditional
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{63B3A1B7-DE32-A193-486A-6A39D08C235C}" = CCC Help Chinese Standard
"{63EC2860-FAC7-5BC0-5F6A-BCE20C0EBC80}" = Catalyst Control Center Localization Norwegian
"{666472B6-06A7-0C3A-6165-9A133013BDB2}" = Catalyst Control Center Localization Chinese Traditional
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B387AB8-A460-5B93-0517-0A9B0D4318B9}" = Catalyst Control Center Graphics Full New
"{6CF08F61-9C7D-8F20-ADED-7A40AEE6F2B7}" = Catalyst Control Center Localization Chinese Standard
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72DCA752-2EAC-3FC8-60C9-19A0D3884302}" = CCC Help Hungarian
"{7463A3EB-F88E-00FC-6081-AD02FB321C54}" = Catalyst Control Center Localization Swedish
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{780950E3-008C-FE5E-AEE6-5EF77D81B31F}" = Catalyst Control Center Core Implementation
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7D83D3A4-0F45-8075-0AB6-B6D1106CF1B8}" = CCC Help Dutch
"{83A40382-EA9B-A1DF-C2E9-32D65E0B8C23}" = Catalyst Control Center Localization Hungarian
"{83E06C1E-B97B-2679-5EFA-7D0D7FA1ADF1}" = CCC Help Swedish
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{863373A8-5B31-2CBA-16E2-6780AE724DB4}" = CCC Help Portuguese
"{876FF807-179D-663C-3989-B9E97DD7DF43}" = Catalyst Control Center Localization Russian
"{88F36928-8B64-08CB-983A-8B2042CF15D0}" = Catalyst Control Center Localization Dutch
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{937EC4CC-5B69-2990-FC5B-512E1520D0DA}" = CCC Help Russian
"{93DDECDF-0AA0-B360-6A6F-288099DD2D98}" = CCC Help Finnish
"{99D9B4EB-FE36-8A77-ABA9-1FA02E635E63}" = Catalyst Control Center Localization Danish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3103F91-39CE-BEDE-680A-D41F26F97D8F}" = CCC Help Thai
"{A6752CB8-1FA2-070B-C80E-B3B67781603C}" = CCC Help Spanish
"{A7714FC2-BFEC-31A6-AA47-321676B73DFA}" = CCC Help German
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AD757BEF-0720-BA67-FD34-5FB5D950BD60}" = Catalyst Control Center Localization French
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B01C55C2-37BC-3B95-CAE2-4D12F50FAF8F}" = Catalyst Control Center Localization Korean
"{B021DB07-517A-1FE9-05E1-2FF29870C53D}" = Catalyst Control Center Localization German
"{B5D76EC0-13E1-DFEE-9DA4-5F8BC9F4C5CF}" = Catalyst Control Center Graphics Previews Common
"{BC61F51E-8AF7-46B9-AF20-B33B5EE81031}" = Nero 7 Essentials
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C3834E9A-09EE-3809-3479-0A2E0487EB64}" = CCC Help Greek
"{CD54A3A7-2CE4-CB17-F5BC-ED6F48501AF8}" = CCC Help French
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF65258-EB04-DA25-3C8B-93E44F2321C6}" = CCC Help Italian
"{D1371B55-1ABB-113F-980B-5531C9529416}" = CCC Help Czech
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{DB5C6904-E162-3DA7-8D92-9F5D70FA9E7F}" = CCC Help Japanese
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E0C2FD92-2054-781C-7719-F3FE978B571A}" = Catalyst Control Center Localization Finnish
"{E36D7B40-4411-3B38-DAC0-4CF6574C1DB9}" = Skins
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{ED03EBC3-0621-1ED7-11FA-E22D8FC79909}" = Catalyst Control Center Localization Polish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F33B21FC-D4B9-522A-5B67-F87A0BAA3268}" = CCC Help Korean
"{F36828A9-4231-579E-2393-E43B299D77B8}" = Catalyst Control Center Localization Japanese
"{F6D1EEB6-544C-7071-DB1B-11FA4A9AC432}" = Catalyst Control Center Graphics Full Existing
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = PowerForPhone
"{FC9CCB53-0EC6-A64E-52C2-68C70858AA56}" = CCC Help Turkish
"{FF216817-DAE6-3280-28EF-C4F12A88E33F}" = Catalyst Control Center Localization Greek
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"abramania mahjongg freeware 1.0" = abramania mahjongg freeware 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"ATI Uninstaller" = ATI Uninstaller
"Avira AntiVir Desktop" = Avira Internet Security 2012
"Catan - Staedte und Ritter" = Catan - Städte und Ritter
"CCleaner" = CCleaner
"ElsterFormular 13.1.1.8531p" = ElsterFormular
"ESET Online Scanner" = ESET Online Scanner v3
"IncrediMail" = IncrediMail 2.0
"ISRE1_15_676824" = Interaktive Sprachreise - English Sprachkurs 1
"Lexmark 1200 Series" = Lexmark 1200 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PhotoMail" = PhotoMail Maker
"Security Task Manager" = Security Task Manager 1.8d
"ST6UNST #1" = ACSynchro
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB2.0 1.3M WebCam" = USB2.0 1.3M WebCam
"XnView_is1" = XnView 1.97.8
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 02.06.2012 04:04:54 | Computer Name = Ingrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 02.06.2012 11:05:54 | Computer Name = Ingrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 02.06.2012 11:59:58 | Computer Name = Ingrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 03.06.2012 02:27:54 | Computer Name = Ingrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 03.06.2012 02:32:38 | Computer Name = Ingrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 03.06.2012 12:13:55 | Computer Name = Ingrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 03.06.2012 12:13:55 | Computer Name = Ingrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 04.06.2012 01:48:14 | Computer Name = Ingrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 04.06.2012 01:52:06 | Computer Name = Ingrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 04.06.2012 11:25:41 | Computer Name = Ingrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ System Events ]
Error - 03.06.2012 02:26:06 | Computer Name = Ingrid-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 1, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 03.06.2012 02:26:06 | Computer Name = Ingrid-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 6, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 03.06.2012 02:26:06 | Computer Name = Ingrid-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 7, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 04.06.2012 01:45:06 | Computer Name = Ingrid-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 1, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 04.06.2012 01:45:06 | Computer Name = Ingrid-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 6, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 04.06.2012 01:45:06 | Computer Name = Ingrid-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 7, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 04.06.2012 03:07:11 | Computer Name = Ingrid-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 04.06.2012 11:23:47 | Computer Name = Ingrid-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 1, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 04.06.2012 11:23:47 | Computer Name = Ingrid-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 6, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 04.06.2012 11:23:47 | Computer Name = Ingrid-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 7, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
 
< End of report >
Danke!!! Ina

cosinus 08.06.2012 09:15
Sry hab deinen Strang übersehen :headbang:

Zitat:
(IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
Müsst ihr als Mailclient unbedingt dieses sch... Programm verwenden? :(
Incredimail ist zwar bunt und nett animiert, aber leider als Spyware einzustufen, da es das Nutzerverhalten analysiert und diese an den Hersteller übermittelt.
Ich kann nur die sofortige Deinstallation und Umstieg auf einen anderen Mailclient wie zB Mozilla Thunderbird empfehlen.


Zitat:
(TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
TuneUp ist eine Software, die ich als Problembeschaffungsmaßnahme bzw. Schlangenöl bezeichnen würde :balla:
Das zieht sich - warum auch immer - fast durchgängig durch alle Logs hier, warum weiß ich nicht, denn TuneUp ist eigentlich der letzte Schrott => TuneUp: Wundermittel oder Placebo Reloaded | DerFisch.de :stirn:


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBF
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/?search={searchTerms}&loc=search_box
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
[2010.08.13 17:44:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.04.29 09:31:55 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:798A3728
:Files
C:\Windows\System32\acovcnt.exe
C:\Windows\tasks\Bktmmbxmea.job
C:\Windows\System32\msaatextk.dll
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Ina Neu 08.06.2012 16:02
Danke, dass Du mir weiter hilfst :)

Code:
All processes killed
========== OTL ==========
HKU\S-1-5-21-845330391-596446110-4024825672-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-845330391-596446110-4024825672-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-845330391-596446110-4024825672-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
HKEY_USERS\S-1-5-21-845330391-596446110-4024825672-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-845330391-596446110-4024825672-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-845330391-596446110-4024825672-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-845330391-596446110-4024825672-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\searchplugin folder moved successfully.
C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\modules folder moved successfully.
C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\META-INF folder moved successfully.
C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\defaults folder moved successfully.
C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components folder moved successfully.
C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\chrome folder moved successfully.
C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} folder moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
ADS C:\ProgramData\TEMP:798A3728 deleted successfully.
========== FILES ==========
C:\Windows\System32\acovcnt.exe moved successfully.
C:\Windows\tasks\Bktmmbxmea.job moved successfully.
C:\Windows\System32\msaatextk.dll moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Ingrid
->Temp folder emptied: 12868002 bytes
->Temporary Internet Files folder emptied: 42809115 bytes
->Java cache emptied: 13811795 bytes
->FireFox cache emptied: 49164618 bytes
->Flash cache emptied: 849 bytes
 
User: Ingrid_2
->Temp folder emptied: 760646034 bytes
->Temporary Internet Files folder emptied: 246818676 bytes
->Java cache emptied: 592171 bytes
->FireFox cache emptied: 813911446 bytes
->Flash cache emptied: 94869 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 63104 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11917370 bytes
RecycleBin emptied: 564114886 bytes
 
Total Files Cleaned = 2.400,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Ingrid
->Flash cache emptied: 0 bytes
 
User: Ingrid_2
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.46.0 log created on 06082012_164206

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
LG - Ina

cosinus 08.06.2012 17:29
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Ina Neu 08.06.2012 17:50
Code:
18:43:42.0110 1152        TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
18:43:42.0297 1152        ============================================================
18:43:42.0297 1152        Current date / time: 2012/06/08 18:43:42.0297
18:43:42.0297 1152        SystemInfo:
18:43:42.0297 1152       
18:43:42.0297 1152        OS Version: 6.0.6000 ServicePack: 0.0
18:43:42.0297 1152        Product type: Workstation
18:43:42.0297 1152        ComputerName: INGRID-PC
18:43:42.0297 1152        UserName: Ingrid
18:43:42.0297 1152        Windows directory: C:\Windows
18:43:42.0297 1152        System windows directory: C:\Windows
18:43:42.0297 1152        Processor architecture: Intel x86
18:43:42.0297 1152        Number of processors: 2
18:43:42.0297 1152        Page size: 0x1000
18:43:42.0297 1152        Boot type: Normal boot
18:43:42.0297 1152        ============================================================
18:43:43.0578 1152        Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x93E52, SectorsPerTrack: 0x4, TracksPerCylinder: 0x81, Type 'K0', Flags 0x00000050
18:43:43.0594 1152        ============================================================
18:43:43.0594 1152        \Device\Harddisk0\DR0:
18:43:43.0594 1152        MBR partitions:
18:43:43.0594 1152        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xDAC800, BlocksNum 0x950C800
18:43:43.0610 1152        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xA2B9800, BlocksNum 0x8760000
18:43:43.0610 1152        ============================================================
18:43:43.0703 1152        C: <-> \Device\Harddisk0\DR0\Partition0
18:43:43.0750 1152        D: <-> \Device\Harddisk0\DR0\Partition1
18:43:43.0750 1152        ============================================================
18:43:43.0750 1152        Initialize success
18:43:43.0750 1152        ============================================================
18:45:30.0656 3980        ============================================================
18:45:30.0656 3980        Scan started
18:45:30.0656 3980        Mode: Manual;
18:45:30.0656 3980        ============================================================
18:45:31.0453 3980        ACPI            (192bdbd1540645c4a2aa69f24cce197f) C:\Windows\system32\drivers\acpi.sys
18:45:31.0469 3980        ACPI - ok
18:45:31.0563 3980        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:45:31.0563 3980        AdobeARMservice - ok
18:45:31.0672 3980        AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:45:31.0672 3980        AdobeFlashPlayerUpdateSvc - ok
18:45:31.0735 3980        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
18:45:31.0750 3980        adp94xx - ok
18:45:31.0781 3980        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
18:45:31.0797 3980        adpahci - ok
18:45:31.0828 3980        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
18:45:31.0828 3980        adpu160m - ok
18:45:31.0860 3980        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
18:45:31.0875 3980        adpu320 - ok
18:45:31.0938 3980        AeLookupSvc    (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
18:45:31.0953 3980        AeLookupSvc - ok
18:45:32.0000 3980        AFD            (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
18:45:32.0000 3980        AFD - ok
18:45:32.0047 3980        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
18:45:32.0047 3980        agp440 - ok
18:45:32.0078 3980        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:45:32.0078 3980        aic78xx - ok
18:45:32.0094 3980        ALG            (e69fb0e3112c40fdc0ef7d21a52dc951) C:\Windows\System32\alg.exe
18:45:32.0094 3980        ALG - ok
18:45:32.0110 3980        aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
18:45:32.0110 3980        aliide - ok
18:45:32.0156 3980        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
18:45:32.0156 3980        amdagp - ok
18:45:32.0172 3980        amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
18:45:32.0172 3980        amdide - ok
18:45:32.0203 3980        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
18:45:32.0203 3980        AmdK7 - ok
18:45:32.0250 3980        AmdK8          (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
18:45:32.0250 3980        AmdK8 - ok
18:45:32.0375 3980        AntiVirFirewallService (6acc11e9d2f01c88251123d26c1c5489) C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
18:45:32.0391 3980        AntiVirFirewallService - ok
18:45:32.0453 3980        AntiVirMailService (b7fa28aefa586fb5a04876c7b31d03e6) C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
18:45:32.0469 3980        AntiVirMailService - ok
18:45:32.0516 3980        AntiVirSchedulerService (2e35310d600f4cc64624786a813a041e) C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:45:32.0516 3980        AntiVirSchedulerService - ok
18:45:32.0578 3980        AntiVirService  (984102b9e2f6513008ed4e0c5ac4151d) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:45:32.0578 3980        AntiVirService - ok
18:45:32.0641 3980        AntiVirWebService (9bc7247fd7379307bcff92cf8eb64b87) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
18:45:32.0641 3980        AntiVirWebService - ok
18:45:32.0766 3980        Appinfo        (cfa455816879f06f1c4e5bbf9e8aef7d) C:\Windows\System32\appinfo.dll
18:45:32.0766 3980        Appinfo - ok
18:45:32.0813 3980        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
18:45:32.0828 3980        arc - ok
18:45:32.0860 3980        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
18:45:32.0860 3980        arcsas - ok
18:45:32.0922 3980        ASLDRService    (66597ad6098352d11239c0c42100b176) C:\Program Files\ATK Hotkey\ASLDRSrv.exe
18:45:32.0922 3980        ASLDRService - ok
18:45:32.0969 3980        AsyncMac        (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
18:45:32.0969 3980        AsyncMac - ok
18:45:33.0016 3980        atapi          (4f4fcb8b6ea06784fb6d475b7ec7300f) C:\Windows\system32\drivers\atapi.sys
18:45:33.0016 3980        atapi - ok
18:45:33.0141 3980        athr            (69660af85f35a658d258fc8567318328) C:\Windows\system32\DRIVERS\athr.sys
18:45:33.0156 3980        athr - ok
18:45:33.0250 3980        Ati External Event Utility (112482dd7abcf5c76a81b37d4174f4c0) C:\Windows\system32\Ati2evxx.exe
18:45:33.0250 3980        Ati External Event Utility - ok
18:45:33.0281 3980        atikmdag - ok
18:45:33.0344 3980        AudioEndpointBuilder (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll
18:45:33.0344 3980        AudioEndpointBuilder - ok
18:45:33.0375 3980        Audiosrv        (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll
18:45:33.0375 3980        Audiosrv - ok
18:45:33.0422 3980        avfwim          (e6263cdd0ef3b98cfa2a251a21d8be2e) C:\Windows\system32\DRIVERS\avfwim.sys
18:45:33.0422 3980        avfwim - ok
18:45:33.0485 3980        avfwot          (48929a52c039738c3193581f7fc483a5) C:\Windows\system32\DRIVERS\avfwot.sys
18:45:33.0485 3980        avfwot - ok
18:45:33.0531 3980        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
18:45:33.0531 3980        avgntflt - ok
18:45:33.0578 3980        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
18:45:33.0610 3980        avipbb - ok
18:45:33.0656 3980        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
18:45:33.0656 3980        avkmgr - ok
18:45:33.0719 3980        Beep            (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
18:45:33.0719 3980        Beep - ok
18:45:33.0781 3980        BFE            (98ebdffb824a7c265337d68dd480e45c) C:\Windows\System32\bfe.dll
18:45:33.0781 3980        BFE - ok
18:45:33.0860 3980        BITS            (da551697e34d2b9943c8b1c8eaffe89a) C:\Windows\System32\qmgr.dll
18:45:33.0875 3980        BITS - ok
18:45:33.0891 3980        blbdrive - ok
18:45:33.0906 3980        bowser          (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
18:45:33.0922 3980        bowser - ok
18:45:33.0985 3980        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:45:33.0985 3980        BrFiltLo - ok
18:45:34.0016 3980        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:45:34.0016 3980        BrFiltUp - ok
18:45:34.0047 3980        Browser        (beb6470532b7461d7bb426e3facb424f) C:\Windows\System32\browser.dll
18:45:34.0063 3980        Browser - ok
18:45:34.0094 3980        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:45:34.0094 3980        Brserid - ok
18:45:34.0141 3980        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:45:34.0141 3980        BrSerWdm - ok
18:45:34.0156 3980        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:45:34.0172 3980        BrUsbMdm - ok
18:45:34.0188 3980        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:45:34.0188 3980        BrUsbSer - ok
18:45:34.0235 3980        BthEnum        (a820438255f37ab8baa2bd59753a8d81) C:\Windows\system32\DRIVERS\BthEnum.sys
18:45:34.0235 3980        BthEnum - ok
18:45:34.0250 3980        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:45:34.0266 3980        BTHMODEM - ok
18:45:34.0297 3980        BthPan          (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
18:45:34.0297 3980        BthPan - ok
18:45:34.0344 3980        BTHPORT        (4a74bbb2b6761789f42a6613479bdb1d) C:\Windows\system32\Drivers\BTHport.sys
18:45:34.0344 3980        BTHPORT - ok
18:45:34.0375 3980        BthServ        (58ee7f5e68310bc8d4e7cebd8358c12e) C:\Windows\System32\bthserv.dll
18:45:34.0375 3980        BthServ - ok
18:45:34.0406 3980        BTHUSB          (1a407f9b707a06f55aa150f9aa072b09) C:\Windows\system32\Drivers\BTHUSB.sys
18:45:34.0406 3980        BTHUSB - ok
18:45:34.0453 3980        BVRPMPR5        (18e0f9c1e7ec4aae40b3f67eab0aee99) C:\Windows\system32\drivers\BVRPMPR5.SYS
18:45:34.0469 3980        BVRPMPR5 - ok
18:45:34.0500 3980        cdfs            (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
18:45:34.0500 3980        cdfs - ok
18:45:34.0547 3980        cdrom          (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
18:45:34.0547 3980        cdrom - ok
18:45:34.0594 3980        CertPropSvc    (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
18:45:34.0594 3980        CertPropSvc - ok
18:45:34.0641 3980        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
18:45:34.0641 3980        circlass - ok
18:45:34.0688 3980        CLFS            (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
18:45:34.0688 3980        CLFS - ok
18:45:34.0750 3980        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:45:34.0750 3980        clr_optimization_v2.0.50727_32 - ok
18:45:34.0766 3980        CmBatt          (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
18:45:34.0766 3980        CmBatt - ok
18:45:34.0797 3980        cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
18:45:34.0797 3980        cmdide - ok
18:45:34.0828 3980        Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\DRIVERS\compbatt.sys
18:45:34.0828 3980        Compbatt - ok
18:45:34.0844 3980        COMSysApp - ok
18:45:34.0860 3980        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
18:45:34.0860 3980        crcdisk - ok
18:45:34.0891 3980        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
18:45:34.0906 3980        Crusoe - ok
18:45:34.0969 3980        CryptSvc        (1c26fb097170a2a91066d1e3a24366e3) C:\Windows\system32\cryptsvc.dll
18:45:34.0969 3980        CryptSvc - ok
18:45:35.0031 3980        DcomLaunch      (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll
18:45:35.0047 3980        DcomLaunch - ok
18:45:35.0063 3980        DfsC            (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
18:45:35.0063 3980        DfsC - ok
18:45:35.0219 3980        DFSR            (e0d584aa76c7d845ba9f3a788260528f) C:\Windows\system32\DFSR.exe
18:45:35.0266 3980        DFSR - ok
18:45:35.0422 3980        Dhcp            (17210d8064ec116a3fc6b5e45e577d43) C:\Windows\System32\dhcpcsvc.dll
18:45:35.0422 3980        Dhcp - ok
18:45:35.0485 3980        disk            (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
18:45:35.0485 3980        disk - ok
18:45:35.0531 3980        Dnscache        (eecba1dd142bf8693c476be8f32fe253) C:\Windows\System32\dnsrslvr.dll
18:45:35.0531 3980        Dnscache - ok
18:45:35.0547 3980        dot3svc        (1f795d214820e496bf1124434a6db546) C:\Windows\System32\dot3svc.dll
18:45:35.0547 3980        dot3svc - ok
18:45:35.0594 3980        DPS            (8ef243e3baf1ab4f6202edeb8890319b) C:\Windows\system32\dps.dll
18:45:35.0594 3980        DPS - ok
18:45:35.0625 3980        drmkaud        (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
18:45:35.0625 3980        drmkaud - ok
18:45:35.0672 3980        DXGKrnl        (f032a2f91287a0b800891c7bef9ca7a8) C:\Windows\System32\drivers\dxgkrnl.sys
18:45:35.0703 3980        DXGKrnl - ok
18:45:35.0735 3980        E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:45:35.0735 3980        E1G60 - ok
18:45:35.0766 3980        EapHost        (90a0a875642e18618010645311b4e89e) C:\Windows\System32\eapsvc.dll
18:45:35.0766 3980        EapHost - ok
18:45:35.0813 3980        Ecache          (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
18:45:35.0828 3980        Ecache - ok
18:45:35.0891 3980        ehRecvr        (b4580122b0a7b263b6ee9acba69c8013) C:\Windows\ehome\ehRecvr.exe
18:45:35.0906 3980        ehRecvr - ok
18:45:35.0922 3980        ehSched        (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
18:45:35.0938 3980        ehSched - ok
18:45:35.0953 3980        ehstart        (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
18:45:35.0953 3980        ehstart - ok
18:45:36.0000 3980        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
18:45:36.0016 3980        elxstor - ok
18:45:36.0078 3980        EMDMgmt        (3226fda08988526e819e364e8cce4cee) C:\Windows\system32\emdmgmt.dll
18:45:36.0094 3980        EMDMgmt - ok
18:45:36.0156 3980        EventSystem    (7b4971c3d43525175a4ea0d143e0412e) C:\Windows\system32\es.dll
18:45:36.0156 3980        EventSystem - ok
18:45:36.0203 3980        fastfat        (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
18:45:36.0203 3980        fastfat - ok
18:45:36.0235 3980        fdc            (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
18:45:36.0235 3980        fdc - ok
18:45:36.0281 3980        fdPHost        (e43bce1a77d6fd4ed5f8e0482b9e7df1) C:\Windows\system32\fdPHost.dll
18:45:36.0281 3980        fdPHost - ok
18:45:36.0313 3980        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
18:45:36.0313 3980        FDResPub - ok
18:45:36.0344 3980        FileInfo        (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
18:45:36.0344 3980        FileInfo - ok
18:45:36.0375 3980        Filetrace      (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
18:45:36.0375 3980        Filetrace - ok
18:45:36.0406 3980        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
18:45:36.0406 3980        flpydisk - ok
18:45:36.0422 3980        FltMgr          (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
18:45:36.0422 3980        FltMgr - ok
18:45:36.0516 3980        FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:45:36.0516 3980        FontCache3.0.0.0 - ok
18:45:36.0531 3980        Fs_Rec          (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
18:45:36.0547 3980        Fs_Rec - ok
18:45:36.0594 3980        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
18:45:36.0594 3980        gagp30kx - ok
18:45:36.0672 3980        ghaio          (fbb754b5d0bb19e139214cba2542a883) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
18:45:36.0672 3980        ghaio - ok
18:45:36.0735 3980        gpsvc          (bcf6589c42d8f6a20f33ef133ffe0524) C:\Windows\System32\gpsvc.dll
18:45:36.0735 3980        gpsvc - ok
18:45:36.0813 3980        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:45:36.0813 3980        HdAudAddService - ok
18:45:36.0844 3980        HDAudBus        (5fd053f305b77ebe97f284b20d89dc1c) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:45:36.0844 3980        HDAudBus - ok
18:45:36.0875 3980        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:45:36.0875 3980        HidBth - ok
18:45:36.0891 3980        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:45:36.0891 3980        HidIr - ok
18:45:36.0922 3980        hidserv        (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
18:45:36.0922 3980        hidserv - ok
18:45:36.0953 3980        HidUsb          (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
18:45:36.0953 3980        HidUsb - ok
18:45:36.0985 3980        hkmsvc          (d40aa05e29bf6ed29b139f044b461e9b) C:\Windows\system32\kmsvc.dll
18:45:36.0985 3980        hkmsvc - ok
18:45:37.0031 3980        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
18:45:37.0047 3980        HpCISSs - ok
18:45:37.0110 3980        HTTP            (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
18:45:37.0110 3980        HTTP - ok
18:45:37.0141 3980        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
18:45:37.0156 3980        i2omp - ok
18:45:37.0203 3980        i8042prt        (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
18:45:37.0203 3980        i8042prt - ok
18:45:37.0235 3980        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
18:45:37.0250 3980        iaStorV - ok
18:45:37.0375 3980        idsvc          (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:45:37.0391 3980        idsvc - ok
18:45:37.0422 3980        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:45:37.0422 3980        iirsp - ok
18:45:37.0469 3980        IKEEXT          (35662fe4d8622f667aa5a5568f7f1b40) C:\Windows\System32\ikeext.dll
18:45:37.0485 3980        IKEEXT - ok
18:45:37.0641 3980        IntcAzAudAddService (aef2fa29204056b81bc4cbf30260dee1) C:\Windows\system32\drivers\RTKVHDA.sys
18:45:37.0688 3980        IntcAzAudAddService - ok
18:45:37.0828 3980        intelide        (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
18:45:37.0828 3980        intelide - ok
18:45:37.0860 3980        intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
18:45:37.0860 3980        intelppm - ok
18:45:37.0906 3980        IPBusEnum      (88cf5281ed9880d74dc9011cf8b5262d) C:\Windows\system32\ipbusenum.dll
18:45:37.0906 3980        IPBusEnum - ok
18:45:37.0953 3980        IpFilterDriver  (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:45:37.0953 3980        IpFilterDriver - ok
18:45:37.0985 3980        iphlpsvc        (ecc9ad72cfc4ab41cf6a9bcc11f9fef6) C:\Windows\System32\iphlpsvc.dll
18:45:37.0985 3980        iphlpsvc - ok
18:45:38.0000 3980        IpInIp - ok
18:45:38.0031 3980        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
18:45:38.0031 3980        IPMIDRV - ok
18:45:38.0047 3980        IPNAT          (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
18:45:38.0047 3980        IPNAT - ok
18:45:38.0078 3980        IRENUM          (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
18:45:38.0078 3980        IRENUM - ok
18:45:38.0110 3980        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
18:45:38.0110 3980        isapnp - ok
18:45:38.0141 3980        iScsiPrt        (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
18:45:38.0141 3980        iScsiPrt - ok
18:45:38.0172 3980        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:45:38.0172 3980        iteatapi - ok
18:45:38.0219 3980        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:45:38.0219 3980        iteraid - ok
18:45:38.0266 3980        kbdclass        (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
18:45:38.0266 3980        kbdclass - ok
18:45:38.0281 3980        kbdhid          (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
18:45:38.0281 3980        kbdhid - ok
18:45:38.0313 3980        kbfiltr        (cc2a86d7bbf14977340dca61bbcba771) C:\Windows\system32\DRIVERS\kbfiltr.sys
18:45:38.0313 3980        kbfiltr - ok
18:45:38.0360 3980        KeyIso          (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
18:45:38.0360 3980        KeyIso - ok
18:45:38.0406 3980        KSecDD          (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
18:45:38.0422 3980        KSecDD - ok
18:45:38.0485 3980        KtmRm          (45c537fe5dde9a0146aeff76e615737d) C:\Windows\system32\msdtckrm.dll
18:45:38.0500 3980        KtmRm - ok
18:45:38.0531 3980        LanmanServer    (53d1482fc1aa36ac015a85e6cf2146bd) C:\Windows\system32\srvsvc.dll
18:45:38.0563 3980        LanmanServer - ok
18:45:38.0656 3980        LanmanWorkstation (435f0f6dc87a4b5da78f1fa309884189) C:\Windows\System32\wkssvc.dll
18:45:38.0672 3980        LanmanWorkstation - ok
18:45:38.0703 3980        lltdio          (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
18:45:38.0703 3980        lltdio - ok
18:45:38.0735 3980        lltdsvc        (7450dbcf754391dd6363fffd5ef0e789) C:\Windows\System32\lltdsvc.dll
18:45:38.0750 3980        lltdsvc - ok
18:45:38.0766 3980        lmhosts        (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
18:45:38.0766 3980        lmhosts - ok
18:45:38.0797 3980        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
18:45:38.0797 3980        LSI_FC - ok
18:45:38.0828 3980        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
18:45:38.0828 3980        LSI_SAS - ok
18:45:38.0860 3980        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
18:45:38.0860 3980        LSI_SCSI - ok
18:45:38.0891 3980        luafv          (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
18:45:38.0906 3980        luafv - ok
18:45:38.0938 3980        lxcz_device - ok
18:45:38.0969 3980        Mcx2Svc        (e93c1ad58e88a0846eaee10671c2a8f3) C:\Windows\system32\Mcx2Svc.dll
18:45:38.0969 3980        Mcx2Svc - ok
18:45:39.0016 3980        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
18:45:39.0016 3980        megasas - ok
18:45:39.0063 3980        MMCSS          (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
18:45:39.0063 3980        MMCSS - ok
18:45:39.0078 3980        Modem          (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
18:45:39.0078 3980        Modem - ok
18:45:39.0125 3980        MODEMCSA        (7e222a1baaa42c8559db2ce8a12ad828) C:\Windows\system32\drivers\MODEMCSA.sys
18:45:39.0125 3980        MODEMCSA - ok
18:45:39.0172 3980        monitor        (ec839ba91e45cce6eadafc418fff8206) C:\Windows\system32\DRIVERS\monitor.sys
18:45:39.0172 3980        monitor - ok
18:45:39.0203 3980        mouclass        (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
18:45:39.0219 3980        mouclass - ok
18:45:39.0250 3980        mouhid          (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
18:45:39.0250 3980        mouhid - ok
18:45:39.0281 3980        MountMgr        (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
18:45:39.0281 3980        MountMgr - ok
18:45:39.0360 3980        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:45:39.0360 3980        MozillaMaintenance - ok
18:45:39.0391 3980        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
18:45:39.0391 3980        mpio - ok
18:45:39.0422 3980        mpsdrv          (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
18:45:39.0422 3980        mpsdrv - ok
18:45:39.0469 3980        MpsSvc          (563ed845885c6a7c09a7715d8bd0585c) C:\Windows\system32\mpssvc.dll
18:45:39.0485 3980        MpsSvc - ok
18:45:39.0531 3980        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:45:39.0531 3980        Mraid35x - ok
18:45:39.0578 3980        MRxDAV          (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
18:45:39.0578 3980        MRxDAV - ok
18:45:39.0610 3980        mrxsmb          (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:45:39.0625 3980        mrxsmb - ok
18:45:39.0641 3980        mrxsmb10        (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:45:39.0656 3980        mrxsmb10 - ok
18:45:39.0656 3980        mrxsmb20        (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:45:39.0656 3980        mrxsmb20 - ok
18:45:39.0703 3980        msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
18:45:39.0703 3980        msahci - ok
18:45:39.0735 3980        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
18:45:39.0735 3980        msdsm - ok
18:45:39.0781 3980        MSDTC          (bc64a92d821efea8bab8e8caf1b668bc) C:\Windows\System32\msdtc.exe
18:45:39.0781 3980        MSDTC - ok
18:45:39.0813 3980        Msfs            (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
18:45:39.0813 3980        Msfs - ok
18:45:39.0860 3980        msisadrv        (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
18:45:39.0860 3980        msisadrv - ok
18:45:39.0922 3980        MSiSCSI        (8acf956d9154e893e789881430c12632) C:\Windows\system32\iscsiexe.dll
18:45:39.0922 3980        MSiSCSI - ok
18:45:39.0938 3980        msiserver - ok
18:45:39.0953 3980        MSKSSRV        (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
18:45:39.0969 3980        MSKSSRV - ok
18:45:40.0016 3980        MSPCLOCK        (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
18:45:40.0016 3980        MSPCLOCK - ok
18:45:40.0031 3980        MSPQM          (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
18:45:40.0031 3980        MSPQM - ok
18:45:40.0078 3980        MsRPC          (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
18:45:40.0078 3980        MsRPC - ok
18:45:40.0094 3980        mssmbios        (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
18:45:40.0094 3980        mssmbios - ok
18:45:40.0125 3980        MSTEE          (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
18:45:40.0125 3980        MSTEE - ok
18:45:40.0156 3980        MTsensor        (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
18:45:40.0156 3980        MTsensor - ok
18:45:40.0188 3980        Mup            (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
18:45:40.0188 3980        Mup - ok
18:45:40.0235 3980        napagent        (1cdbb5d002fe2bc5300aa20550d8a52e) C:\Windows\system32\qagentRT.dll
18:45:40.0235 3980        napagent - ok
18:45:40.0266 3980        NativeWifiP    (497de786240303ee67ab01f5690c24c2) C:\Windows\system32\DRIVERS\nwifi.sys
18:45:40.0281 3980        NativeWifiP - ok
18:45:40.0422 3980        NBService      (6d8fcdd5bb3b676ef58fa234073492c6) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
18:45:40.0438 3980        NBService - ok
18:45:40.0500 3980        NDIS            (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
18:45:40.0516 3980        NDIS - ok
18:45:40.0531 3980        NdisTapi        (7584f1794b23b83d63cc124a8c56d103) C:\Windows\system32\DRIVERS\ndistapi.sys
18:45:40.0531 3980        NdisTapi - ok
18:45:40.0563 3980        Ndisuio        (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
18:45:40.0563 3980        Ndisuio - ok
18:45:40.0578 3980        NdisWan        (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
18:45:40.0594 3980        NdisWan - ok
18:45:40.0594 3980        NDProxy        (874c12e3ad1431cabc854697d302c563) C:\Windows\system32\drivers\NDProxy.sys
18:45:40.0594 3980        NDProxy - ok
18:45:40.0625 3980        NetBIOS        (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
18:45:40.0641 3980        NetBIOS - ok
18:45:40.0656 3980        netbt          (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
18:45:40.0656 3980        netbt - ok
18:45:40.0703 3980        Netlogon        (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
18:45:40.0703 3980        Netlogon - ok
18:45:40.0750 3980        Netman          (90a4dae28b94497f83bea0f2a3b77092) C:\Windows\System32\netman.dll
18:45:40.0766 3980        Netman - ok
18:45:40.0781 3980        netprofm        (7c5c3d9ceee838856b828ab6f98a2857) C:\Windows\System32\netprofm.dll
18:45:40.0797 3980        netprofm - ok
18:45:40.0891 3980        NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:45:40.0891 3980        NetTcpPortSharing - ok
18:45:41.0031 3980        NETw3v32        (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
18:45:41.0078 3980        NETw3v32 - ok
18:45:41.0219 3980        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:45:41.0219 3980        nfrd960 - ok
18:45:41.0266 3980        NlaSvc          (c424117a562f2de37a42266894c79aeb) C:\Windows\System32\nlasvc.dll
18:45:41.0281 3980        NlaSvc - ok
18:45:41.0375 3980        NMIndexingService (060daf68493ad7adf104413e5a62afa8) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
18:45:41.0375 3980        NMIndexingService - ok
18:45:41.0406 3980        Npfs            (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
18:45:41.0406 3980        Npfs - ok
18:45:41.0438 3980        nsi            (23b8201a363de0e649fc75ee9874dee2) C:\Windows\system32\nsisvc.dll
18:45:41.0438 3980        nsi - ok
18:45:41.0469 3980        nsiproxy        (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
18:45:41.0485 3980        nsiproxy - ok
18:45:41.0578 3980        Ntfs            (3f379380a4a2637f559444e338cf1b51) C:\Windows\system32\drivers\Ntfs.sys
18:45:41.0610 3980        Ntfs - ok
18:45:41.0625 3980        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:45:41.0625 3980        ntrigdigi - ok
18:45:41.0641 3980        Null            (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
18:45:41.0641 3980        Null - ok
18:45:41.0938 3980        nvlddmkm        (cfddedc1151839dd71f78472645214a5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:45:42.0031 3980        nvlddmkm - ok
18:45:42.0172 3980        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
18:45:42.0172 3980        nvraid - ok
18:45:42.0188 3980        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
18:45:42.0203 3980        nvstor - ok
18:45:42.0235 3980        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
18:45:42.0235 3980        nv_agp - ok
18:45:42.0250 3980        NwlnkFlt - ok
18:45:42.0266 3980        NwlnkFwd - ok
18:45:42.0328 3980        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
18:45:42.0328 3980        ohci1394 - ok
18:45:42.0406 3980        ose            (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:45:42.0406 3980        ose - ok
18:45:42.0485 3980        p2pimsvc        (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
18:45:42.0500 3980        p2pimsvc - ok
18:45:42.0516 3980        p2psvc          (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
18:45:42.0531 3980        p2psvc - ok
18:45:42.0578 3980        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:45:42.0578 3980        Parport - ok
18:45:42.0610 3980        partmgr        (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
18:45:42.0610 3980        partmgr - ok
18:45:42.0641 3980        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:45:42.0641 3980        Parvdm - ok
18:45:42.0672 3980        PcaSvc          (d8c5c215c932233a4f1d7f368f4e4e65) C:\Windows\System32\pcasvc.dll
18:45:42.0672 3980        PcaSvc - ok
18:45:42.0719 3980        pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
18:45:42.0735 3980        pccsmcfd - ok
18:45:42.0766 3980        pci            (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
18:45:42.0766 3980        pci - ok
18:45:42.0797 3980        pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
18:45:42.0797 3980        pciide - ok
18:45:42.0844 3980        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:45:42.0844 3980        pcmcia - ok
18:45:42.0938 3980        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:45:42.0969 3980        PEAUTH - ok
18:45:43.0094 3980        pla            (cd05a38d166beade18030bafc0c0a939) C:\Windows\system32\pla.dll
18:45:43.0141 3980        pla - ok
18:45:43.0172 3980        PlugPlay        (747bb4c31f3b6e8d1b5ed0ad61518cb5) C:\Windows\system32\umpnpmgr.dll
18:45:43.0188 3980        PlugPlay - ok
18:45:43.0235 3980        PNRPAutoReg    (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
18:45:43.0250 3980        PNRPAutoReg - ok
18:45:43.0266 3980        PNRPsvc        (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
18:45:43.0281 3980        PNRPsvc - ok
18:45:43.0313 3980        PolicyAgent    (5ebdec613bd377ce9a85382be5c6b83b) C:\Windows\System32\ipsecsvc.dll
18:45:43.0328 3980        PolicyAgent - ok
18:45:43.0391 3980        PptpMiniport    (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
18:45:43.0391 3980        PptpMiniport - ok
18:45:43.0406 3980        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
18:45:43.0406 3980        Processor - ok
18:45:43.0453 3980        ProfSvc        (213112e152e68f0e4705e36f052a2880) C:\Windows\system32\profsvc.dll
18:45:43.0453 3980        ProfSvc - ok
18:45:43.0485 3980        ProtectedStorage (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
18:45:43.0485 3980        ProtectedStorage - ok
18:45:43.0516 3980        PSched          (b74edf14453c9987e99e66535047ebee) C:\Windows\system32\DRIVERS\pacer.sys
18:45:43.0516 3980        PSched - ok
18:45:43.0656 3980        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
18:45:43.0688 3980        ql2300 - ok
18:45:43.0719 3980        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:45:43.0719 3980        ql40xx - ok
18:45:43.0766 3980        QWAVE          (ca61bdfd3713a7ce75f2812afc431594) C:\Windows\system32\qwave.dll
18:45:43.0781 3980        QWAVE - ok
18:45:43.0813 3980        QWAVEdrv        (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
18:45:43.0813 3980        QWAVEdrv - ok
18:45:43.0828 3980        RasAcd          (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
18:45:43.0828 3980        RasAcd - ok
18:45:43.0860 3980        RasAuto        (f14f4aab9f54d099fe99192bdb100ac9) C:\Windows\System32\rasauto.dll
18:45:43.0860 3980        RasAuto - ok
18:45:43.0891 3980        Rasl2tp        (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:45:43.0891 3980        Rasl2tp - ok
18:45:43.0922 3980        RasMan          (11d65e29bc9d1e4114d18fe68194394c) C:\Windows\System32\rasmans.dll
18:45:43.0938 3980        RasMan - ok
18:45:43.0938 3980        RasPppoe        (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
18:45:43.0953 3980        RasPppoe - ok
18:45:43.0969 3980        rdbss          (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
18:45:43.0985 3980        rdbss - ok
18:45:44.0016 3980        RDPCDD          (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:45:44.0016 3980        RDPCDD - ok
18:45:44.0047 3980        rdpdr          (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
18:45:44.0047 3980        rdpdr - ok
18:45:44.0063 3980        RDPENCDD        (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
18:45:44.0063 3980        RDPENCDD - ok
18:45:44.0094 3980        RDPWD          (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
18:45:44.0094 3980        RDPWD - ok
18:45:44.0172 3980        RemoteAccess    (6c1a43c589ee8011a1ebfd51c01b77ce) C:\Windows\System32\mprdim.dll
18:45:44.0188 3980        RemoteAccess - ok
18:45:44.0219 3980        RemoteRegistry  (9a043808667c8c1893da7275af373f0e) C:\Windows\system32\regsvc.dll
18:45:44.0219 3980        RemoteRegistry - ok
18:45:44.0266 3980        RFCOMM          (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
18:45:44.0266 3980        RFCOMM - ok
18:45:44.0281 3980        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
18:45:44.0297 3980        RpcLocator - ok
18:45:44.0360 3980        RpcSs          (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll
18:45:44.0375 3980        RpcSs - ok
18:45:44.0391 3980        rspndr          (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
18:45:44.0391 3980        rspndr - ok
18:45:44.0438 3980        RTL8023xp      (8de22fb05e4a0f797b1e442eb4b3b51c) C:\Windows\system32\DRIVERS\Rtnicxp.sys
18:45:44.0438 3980        RTL8023xp - ok
18:45:44.0469 3980        RTL8169        (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
18:45:44.0469 3980        RTL8169 - ok
18:45:44.0500 3980        RTSTOR          (43bfcad27999b694652512521851888b) C:\Windows\system32\drivers\RTSTOR.SYS
18:45:44.0516 3980        RTSTOR - ok
18:45:44.0547 3980        SamSs          (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
18:45:44.0547 3980        SamSs - ok
18:45:44.0578 3980        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:45:44.0578 3980        sbp2port - ok
18:45:44.0641 3980        SCardSvr        (565b4b9e5ad2f2f18a4f8aafa6c06bbb) C:\Windows\System32\SCardSvr.dll
18:45:44.0641 3980        SCardSvr - ok
18:45:44.0703 3980        Schedule        (886cec884b5be29ab9828b8ab46b11f7) C:\Windows\system32\schedsvc.dll
18:45:44.0719 3980        Schedule - ok
18:45:44.0781 3980        SCPolicySvc    (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
18:45:44.0781 3980        SCPolicySvc - ok
18:45:44.0813 3980        sdbus          (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
18:45:44.0813 3980        sdbus - ok
18:45:44.0860 3980        SDRSVC          (f7b6bf02240d0a764adf8c8966735552) C:\Windows\System32\SDRSVC.dll
18:45:44.0875 3980        SDRSVC - ok
18:45:44.0906 3980        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:45:44.0906 3980        secdrv - ok
18:45:44.0922 3980        seclogon        (8388c4133ddbe62ad7bc3ec9f14271ed) C:\Windows\system32\seclogon.dll
18:45:44.0922 3980        seclogon - ok
18:45:44.0953 3980        SENS            (34350ae2c1d33d21c7305f861bd8dad8) C:\Windows\System32\sens.dll
18:45:44.0953 3980        SENS - ok
18:45:45.0000 3980        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:45:45.0016 3980        Serenum - ok
18:45:45.0047 3980        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:45:45.0047 3980        Serial - ok
18:45:45.0094 3980        sermouse        (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
18:45:45.0094 3980        sermouse - ok
18:45:45.0219 3980        ServiceLayer    (7d3903af48e6c1dc2704eafcb608d031) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
18:45:45.0235 3980        ServiceLayer - ok
18:45:45.0297 3980        SessionEnv      (78878235da4df0d116e86837a0a21df8) C:\Windows\system32\sessenv.dll
18:45:45.0297 3980        SessionEnv - ok
18:45:45.0344 3980        sffdisk        (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
18:45:45.0344 3980        sffdisk - ok
18:45:45.0360 3980        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
18:45:45.0360 3980        sffp_mmc - ok
18:45:45.0391 3980        sffp_sd        (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
18:45:45.0391 3980        sffp_sd - ok
18:45:45.0406 3980        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
18:45:45.0422 3980        sfloppy - ok
18:45:45.0469 3980        SharedAccess    (11aac56c04d26195d21c4f5229db4726) C:\Windows\System32\ipnathlp.dll
18:45:45.0485 3980        SharedAccess - ok
18:45:45.0875 3980        ShellHWDetection (b264dfa21677728613267fe63802b332) C:\Windows\System32\shsvcs.dll
18:45:45.0891 3980        ShellHWDetection - ok
18:45:45.0922 3980        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
18:45:45.0922 3980        sisagp - ok
18:45:45.0969 3980        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
18:45:45.0969 3980        SiSRaid2 - ok
18:45:46.0016 3980        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
18:45:46.0016 3980        SiSRaid4 - ok
18:45:46.0344 3980        slsvc          (7610645679bb5994210d21a347e0c479) C:\Windows\system32\SLsvc.exe
18:45:46.0391 3980        slsvc - ok
18:45:46.0516 3980        SLUINotify      (49670f3e42a0178a0ab425ae15d88e7c) C:\Windows\system32\SLUINotify.dll
18:45:46.0516 3980        SLUINotify - ok
18:45:46.0578 3980        Smb            (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
18:45:46.0578 3980        Smb - ok
18:45:46.0656 3980        smserial        (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
18:45:46.0688 3980        smserial - ok
18:45:46.0735 3980        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
18:45:46.0735 3980        SNMPTRAP - ok
18:45:46.0766 3980        spldr          (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
18:45:46.0766 3980        spldr - ok
18:45:46.0891 3980        spmgr          (d1e30eea74ed4c65a72afde5b6fa36ee) C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
18:45:46.0891 3980        spmgr - ok
18:45:46.0922 3980        Spooler        (da612ef2556776df2630b68bf2d48935) C:\Windows\System32\spoolsv.exe
18:45:46.0938 3980        Spooler - ok
18:45:46.0985 3980        srv            (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
18:45:47.0000 3980        srv - ok
18:45:47.0031 3980        srv2            (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
18:45:47.0047 3980        srv2 - ok
18:45:47.0094 3980        srvnet          (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
18:45:47.0110 3980        srvnet - ok
18:45:47.0156 3980        SSDPSRV        (8d3e4baff8b3997138c38eb1b600519a) C:\Windows\System32\ssdpsrv.dll
18:45:47.0156 3980        SSDPSRV - ok
18:45:47.0203 3980        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:45:47.0203 3980        ssmdrv - ok
18:45:47.0281 3980        stisvc          (a941e099ef46e3cc12f898cbe1c39910) C:\Windows\System32\wiaservc.dll
18:45:47.0281 3980        stisvc - ok
18:45:47.0406 3980        StkCMini        (b14cbd454ea369692cee1810d0d27aa7) C:\Windows\system32\Drivers\StkCMini.sys
18:45:47.0438 3980        StkCMini - ok
18:45:47.0469 3980        StkSSrv        (7f0abdf07c58c57918de14085dd36342) C:\Windows\System32\StkCSrv.exe
18:45:47.0469 3980        StkSSrv - ok
18:45:47.0516 3980        swenum          (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
18:45:47.0516 3980        swenum - ok
18:45:47.0563 3980        swprv          (749ada8d6c18a08adfede69cbf5db2e0) C:\Windows\System32\swprv.dll
18:45:47.0578 3980        swprv - ok
18:45:47.0594 3980        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:45:47.0594 3980        Symc8xx - ok
18:45:47.0625 3980        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:45:47.0625 3980        Sym_hi - ok
18:45:47.0656 3980        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:45:47.0656 3980        Sym_u3 - ok
18:45:47.0703 3980        SynTP          (24b43e9a3e6cacf9afc69f48e9deb690) C:\Windows\system32\DRIVERS\SynTP.sys
18:45:47.0719 3980        SynTP - ok
18:45:47.0750 3980        SysMain        (c1fdff9afd8c6c905485981b41dcfb40) C:\Windows\system32\sysmain.dll
18:45:47.0766 3980        SysMain - ok
18:45:47.0797 3980        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
18:45:47.0813 3980        TabletInputService - ok
18:45:47.0828 3980        TapiSrv        (ef3dd33c740fc2f82e7e4622f1c49289) C:\Windows\System32\tapisrv.dll
18:45:47.0844 3980        TapiSrv - ok
18:45:47.0860 3980        TBS            (68fa52794ae9acc61bde16fe0956b414) C:\Windows\System32\tbssvc.dll
18:45:47.0860 3980        TBS - ok
18:45:47.0953 3980        Tcpip          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
18:45:47.0969 3980        Tcpip - ok
18:45:48.0000 3980        Tcpip6          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
18:45:48.0016 3980        Tcpip6 - ok
18:45:48.0047 3980        tcpipreg        (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
18:45:48.0047 3980        tcpipreg - ok
18:45:48.0078 3980        TDPIPE          (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
18:45:48.0078 3980        TDPIPE - ok
18:45:48.0094 3980        TDTCP          (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
18:45:48.0094 3980        TDTCP - ok
18:45:48.0125 3980        tdx            (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
18:45:48.0125 3980        tdx - ok
18:45:48.0141 3980        TermDD          (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
18:45:48.0156 3980        TermDD - ok
18:45:48.0219 3980        TermService    (fad71c1e8e4047b154e899ae31eb8caa) C:\Windows\System32\termsrv.dll
18:45:48.0235 3980        TermService - ok
18:45:48.0281 3980        Themes          (b264dfa21677728613267fe63802b332) C:\Windows\system32\shsvcs.dll
18:45:48.0281 3980        Themes - ok
18:45:48.0328 3980        THREADORDER    (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
18:45:48.0328 3980        THREADORDER - ok
18:45:48.0344 3980        TPM            (6d9ad3534a9cf7e4b86c6eae8bc335f6) C:\Windows\system32\drivers\tpm.sys
18:45:48.0360 3980        TPM - ok
18:45:48.0422 3980        TrkWks          (6bba0582c0025d43729a1112d3b57897) C:\Windows\System32\trkwks.dll
18:45:48.0422 3980        TrkWks - ok
18:45:48.0485 3980        TrustedInstaller (34e388a395fedba1d0511ed39bbf4074) C:\Windows\servicing\TrustedInstaller.exe
18:45:48.0485 3980        TrustedInstaller - ok
18:45:48.0500 3980        tssecsrv        (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:45:48.0516 3980        tssecsrv - ok
18:45:48.0547 3980        TuneUp.Defrag  (77d14696d77d2a6f04a466ddd49026be) C:\Windows\System32\TuneUpDefragService.exe
18:45:48.0563 3980        TuneUp.Defrag - ok
18:45:48.0688 3980        tunmp          (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
18:45:48.0688 3980        tunmp - ok
18:45:48.0719 3980        tunnel          (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
18:45:48.0719 3980        tunnel - ok
18:45:48.0766 3980        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
18:45:48.0781 3980        uagp35 - ok
18:45:48.0813 3980        udfs            (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
18:45:48.0813 3980        udfs - ok
18:45:48.0860 3980        UI0Detect      (24a333f4f14dcfb6ff6d5a1b9e5d79dd) C:\Windows\system32\UI0Detect.exe
18:45:48.0860 3980        UI0Detect - ok
18:45:48.0891 3980        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
18:45:48.0906 3980        uliagpkx - ok
18:45:48.0922 3980        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
18:45:48.0938 3980        uliahci - ok
18:45:48.0953 3980        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:45:48.0969 3980        UlSata - ok
18:45:48.0985 3980        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:45:48.0985 3980        ulsata2 - ok
18:45:49.0016 3980        umbus          (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
18:45:49.0016 3980        umbus - ok
18:45:49.0047 3980        upnphost        (8eb871a3deb6b3d5a85eb6ddfc390b59) C:\Windows\System32\upnphost.dll
18:45:49.0063 3980        upnphost - ok
18:45:49.0141 3980        usbccgp        (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
18:45:49.0141 3980        usbccgp - ok
18:45:49.0172 3980        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:45:49.0172 3980        usbcir - ok
18:45:49.0203 3980        usbehci        (63fe924d8a1113c3ba6750693fbec7d3) C:\Windows\system32\DRIVERS\usbehci.sys
18:45:49.0203 3980        usbehci - ok
18:45:49.0235 3980        usbhub          (5edec5510592c905e91817707dce62a2) C:\Windows\system32\DRIVERS\usbhub.sys
18:45:49.0250 3980        usbhub - ok
18:45:49.0266 3980        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\DRIVERS\usbohci.sys
18:45:49.0266 3980        usbohci - ok
18:45:49.0266 3980        usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
18:45:49.0281 3980        usbprint - ok
18:45:49.0313 3980        usbscan        (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
18:45:49.0328 3980        usbscan - ok
18:45:49.0344 3980        USBSTOR        (fdbaabf07244c60b0f4e0a6e71a107c6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:45:49.0344 3980        USBSTOR - ok
18:45:49.0375 3980        usbuhci        (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
18:45:49.0375 3980        usbuhci - ok
18:45:49.0406 3980        UxSms          (f79d0d7c9004474cb42746d9b2c30a2b) C:\Windows\System32\uxsms.dll
18:45:49.0406 3980        UxSms - ok
18:45:49.0469 3980        vds            (c9d0bafee0d0a2681f048ca61bc0da96) C:\Windows\System32\vds.exe
18:45:49.0485 3980        vds - ok
18:45:49.0516 3980        vga            (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
18:45:49.0516 3980        vga - ok
18:45:49.0547 3980        VgaSave        (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
18:45:49.0547 3980        VgaSave - ok
18:45:49.0594 3980        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
18:45:49.0594 3980        viaagp - ok
18:45:49.0625 3980        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
18:45:49.0625 3980        ViaC7 - ok
18:45:49.0656 3980        viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
18:45:49.0656 3980        viaide - ok
18:45:49.0688 3980        volmgr          (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
18:45:49.0688 3980        volmgr - ok
18:45:49.0719 3980        volmgrx        (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
18:45:49.0735 3980        volmgrx - ok
18:45:49.0766 3980        volsnap        (11ef6c1caef76b685233450a126125d6) C:\Windows\system32\drivers\volsnap.sys
18:45:49.0781 3980        volsnap - ok
18:45:49.0797 3980        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
18:45:49.0797 3980        vsmraid - ok
18:45:49.0891 3980        VSS            (e0e29d9ef2524abd11749c7c2fd7f607) C:\Windows\system32\vssvc.exe
18:45:49.0906 3980        VSS - ok
18:45:49.0953 3980        W32Time        (62b0d0f6f5580d9d0dfa5e0b466ff2ed) C:\Windows\system32\w32time.dll
18:45:49.0969 3980        W32Time - ok
18:45:49.0985 3980        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:45:49.0985 3980        WacomPen - ok
18:45:50.0031 3980        Wanarp          (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
18:45:50.0031 3980        Wanarp - ok
18:45:50.0031 3980        Wanarpv6        (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
18:45:50.0031 3980        Wanarpv6 - ok
18:45:50.0078 3980        wcncsvc        (c1b19162e0509ceab4cdf664e139d956) C:\Windows\System32\wcncsvc.dll
18:45:50.0094 3980        wcncsvc - ok
18:45:50.0110 3980        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
18:45:50.0125 3980        WcsPlugInService - ok
18:45:50.0141 3980        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
18:45:50.0141 3980        Wd - ok
18:45:50.0219 3980        Wdf01000        (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
18:45:50.0235 3980        Wdf01000 - ok
18:45:50.0281 3980        WdiServiceHost  (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
18:45:50.0281 3980        WdiServiceHost - ok
18:45:50.0313 3980        WdiSystemHost  (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
18:45:50.0313 3980        WdiSystemHost - ok
18:45:50.0344 3980        WebClient      (01e41c264eedcb827820a1909162579f) C:\Windows\System32\webclnt.dll
18:45:50.0360 3980        WebClient - ok
18:45:50.0391 3980        Wecsvc          (9cf67ff7f8d34cbf115d0c278b9f74aa) C:\Windows\system32\wecsvc.dll
18:45:50.0391 3980        Wecsvc - ok
18:45:50.0406 3980        wercplsupport  (b68cab45db1dab59d92acadfad6364a8) C:\Windows\System32\wercplsupport.dll
18:45:50.0422 3980        wercplsupport - ok
18:45:50.0453 3980        WerSvc          (36ba0707680ef4236fd752bee982cc25) C:\Windows\System32\WerSvc.dll
18:45:50.0453 3980        WerSvc - ok
18:45:50.0547 3980        WinDefend      (ec0180032c6d201ef26fad1a0c14e674) C:\Program Files\Windows Defender\mpsvc.dll
18:45:50.0547 3980        WinDefend - ok
18:45:50.0563 3980        WinHttpAutoProxySvc - ok
18:45:50.0641 3980        Winmgmt        (38a7b89de4e3417c122317949667fdd8) C:\Windows\system32\wbem\WMIsvc.dll
18:45:50.0641 3980        Winmgmt - ok
18:45:50.0703 3980        WinRM          (3f6823040030c3e4da1cf11cd40b7534) C:\Windows\system32\WsmSvc.dll
18:45:50.0719 3980        WinRM - ok
18:45:50.0813 3980        Wlansvc        (7640acea41348bfef34b76e245501261) C:\Windows\System32\wlansvc.dll
18:45:50.0828 3980        Wlansvc - ok
18:45:50.0891 3980        WLSetupSvc      (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
18:45:50.0891 3980        WLSetupSvc - ok
18:45:50.0953 3980        WmiAcpi        (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
18:45:50.0953 3980        WmiAcpi - ok
18:45:51.0016 3980        wmiApSrv        (a279323bee5fffafda222910bce92132) C:\Windows\system32\wbem\WmiApSrv.exe
18:45:51.0016 3980        wmiApSrv - ok
18:45:51.0125 3980        WMPNetworkSvc  (acb2e63d50157e3ea7140f29d9e76a48) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:45:51.0141 3980        WMPNetworkSvc - ok
18:45:51.0172 3980        WPCSvc          (3d3b3b80c12abe506f56930c46422c28) C:\Windows\System32\wpcsvc.dll
18:45:51.0172 3980        WPCSvc - ok
18:45:51.0203 3980        WPDBusEnum      (c24844a1d0d9528b19d5bc266b8cd572) C:\Windows\system32\wpdbusenum.dll
18:45:51.0203 3980        WPDBusEnum - ok
18:45:51.0235 3980        ws2ifsl        (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
18:45:51.0235 3980        ws2ifsl - ok
18:45:51.0266 3980        wscsvc          (f97cbb919af6d0a6643d1a59c15014d1) C:\Windows\System32\wscsvc.dll
18:45:51.0281 3980        wscsvc - ok
18:45:51.0281 3980        WSearch - ok
18:45:51.0453 3980        wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
18:45:51.0500 3980        wuauserv - ok
18:45:51.0672 3980        WUDFRd          (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:45:51.0672 3980        WUDFRd - ok
18:45:51.0719 3980        wudfsvc        (db5bf5aab72b1b99b5331231d09ebb26) C:\Windows\System32\WUDFSvc.dll
18:45:51.0719 3980        wudfsvc - ok
18:45:51.0766 3980        MBR (0x1B8)    (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0
18:45:52.0016 3980        \Device\Harddisk0\DR0 - ok
18:45:52.0031 3980        Boot (0x1200)  (5888d2f33f14558e28cbf7d862ff1b4b) \Device\Harddisk0\DR0\Partition0
18:45:52.0031 3980        \Device\Harddisk0\DR0\Partition0 - ok
18:45:52.0078 3980        Boot (0x1200)  (b70199c36d2afe97c3f5a8a20103ded0) \Device\Harddisk0\DR0\Partition1
18:45:52.0078 3980        \Device\Harddisk0\DR0\Partition1 - ok
18:45:52.0078 3980        ============================================================
18:45:52.0078 3980        Scan finished
18:45:52.0078 3980        ============================================================
18:45:52.0125 0604        Detected object count: 0
18:45:52.0125 0604        Actual detected object count: 0

cosinus 08.06.2012 17:58
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Ina Neu 08.06.2012 19:29
Combofix ausgeführt:

Combofix Logfile:
Code:
ComboFix 12-06-08.02 - Ingrid 08.06.2012  19:24:52.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6000.0.1252.49.1031.18.2047.1202 [GMT 2:00]
ausgeführt von:: c:\users\Ingrid_2\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-08 bis 2012-06-08  ))))))))))))))))))))))))))))))
.
.
2012-06-08 18:19 . 2012-06-08 18:19        --------        d-----w-        c:\users\Ingrid\AppData\Local\temp
2012-06-08 14:53 . 2012-06-08 17:26        45056        ----a-w-        c:\windows\system32\acovcnt.exe
2012-06-08 14:42 . 2012-06-08 14:42        --------        d-----w-        C:\_OTL
2012-06-05 15:00 . 2012-06-05 15:00        --------        d-----w-        c:\program files\7-Zip
2012-06-04 10:16 . 2012-06-04 10:16        --------        d-----w-        c:\users\Ingrid_2\AppData\Roaming\Malwarebytes
2012-06-03 16:14 . 2012-06-03 16:14        --------        d-----w-        c:\program files\ESET
2012-06-03 13:36 . 2012-06-03 13:36        --------        d-----w-        c:\users\Ingrid\AppData\Roaming\Malwarebytes
2012-06-03 13:35 . 2012-06-03 13:35        --------        d-----w-        c:\programdata\Malwarebytes
2012-06-03 13:35 . 2012-06-03 13:44        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-06-03 13:35 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-05-29 14:45 . 2012-05-08 16:40        6737808        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6181CBE2-C62D-4A7B-87E2-310F8B7E4583}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-14 15:12 . 2011-10-11 14:43        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-14 15:12 . 2011-10-11 14:43        91968        ----a-w-        c:\windows\system32\drivers\avfwim.sys
2012-05-14 15:12 . 2011-10-11 14:43        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-14 15:12 . 2011-10-11 14:43        112032        ----a-w-        c:\windows\system32\drivers\avfwot.sys
2012-05-06 06:45 . 2012-04-01 19:45        419488        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-05-06 06:45 . 2011-05-20 07:56        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-07 07:42 . 2010-04-15 15:46        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2012-03-14 16:23 . 2012-04-02 07:11        54784        ----a-w-        c:\windows\system32\pdfcmon.dll
2012-04-21 01:18 . 2012-04-27 10:57        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2006-11-02 191488]
"IncrediMail Tray Application"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-10-27 353736]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-10-27 353736]
"Klebezettel NG"="c:\program files\Klebezettel NG\klebez.exe" [2012-04-06 4433408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2006-12-12 106496]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-10-27 353736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-14 348624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37        843712        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2008-02-20 02:39        37232        ----a-w-        c:\windows\ASScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2008-02-20 02:39        33136        ----a-w-        c:\windows\ASScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2006-11-02 16:27        61440        ----a-w-        c:\program files\ASUS\ATK Media\DMedia.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2006-11-02 12:35        125440        ----a-w-        c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxczbmgr.exe]
2007-04-19 13:45        74672        ----a-w-        c:\program files\Lexmark 1200 Series\LXCZbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57        153136        ----a-w-        c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-02-23 09:56        1232896        ----a-w-        c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02        254696        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 12:36        201728        ----a-w-        c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PowerForPhone"=c:\program files\PowerForPhone\PowerForPhone.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 54817054
*Deregistered* - 54817054
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 06:45]
.
2012-06-07 c:\windows\Tasks\User_Feed_Synchronization-{ECD24ADB-9D77-428F-9399-7DBC00BB9DED}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Ingrid\AppData\Roaming\Mozilla\Firefox\Profiles\00airb4s.default\
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-08 20:19
Windows 6.0.6000  NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,21,e3,2d,1e,96,39,8b,44,94,da,c2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,21,e3,2d,1e,96,39,8b,44,94,da,c2,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2012-06-08  20:24:05
ComboFix-quarantined-files.txt  2012-06-08 18:24
.
Vor Suchlauf: 7 Verzeichnis(se), 37.652.025.344 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 38.396.186.624 Bytes frei
.
- - End Of File - - 11BB24FFA1E7633602273D1679DBC382
--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:39 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129