Umleitung auf rocketnews und Deaktivierung Windows Sicherheitsdienst

Ina Neu · 01.06.2012, 10:06

Hallo Trojaner-Board,

ich benutze Firefox und werden seit ein paar Tagen bei Anklicken von Google-Suchergebnissen auf eine Seite rocketnews geleitet. Der Browser-Bildschirm bleibt dabei weiß, also keine Werbung usw.

Der Windows-Sicherheitsdienst ist deaktiviert und lässt sich nicht mehr aktivieren.

Avira-Suche erfolglos.

Hier meine Logfiles:

DDS-Editor

Zitat:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_31
Run by Ingrid at 10:54:02 on 2012-06-01
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.2047.908 [GMT 2:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ASUSTPE.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Klebezettel NG\klebez.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\lxczcoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\StkCSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ASUSTPE.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Klebezettel NG\klebez.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://mystart.incredimail.com/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.asus.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [CollaborationHost] c:\windows\system32\p2phost.exe -s
uRun: [IncrediMail Tray Application] c:\program files\incredimail\bin\IncMail.exe
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [Klebezettel NG] "c:\program files\klebezettel ng\klebez.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ASUSTPE] c:\windows\system32\ASUSTPE.exe
mRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{7FEB022C-329B-4818-80F5-3C12025FA45F} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{BDDF7634-F7EE-4F12-9699-B4660EC09607} : DhcpNameServer = 192.168.178.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ingrid\appdata\roaming\mozilla\firefox\profiles\00airb4s.default\
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - component: c:\users\ingrid\appdata\roaming\mozilla\firefox\profiles\00airb4s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\ingrid\appdata\roaming\mozilla\firefox\profiles\00airb4s.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
============= SERVICES / DRIVERS ===============
.
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2011-10-11 112032]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-11 36000]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AntiVirFirewallService;Avira FireWall;c:\program files\avira\antivir desktop\avfwsvc.exe [2011-10-11 619472]
R2 AntiVirMailService;Avira Email Schutz;c:\program files\avira\antivir desktop\avmailc.exe [2011-10-11 375760]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2011-10-11 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2011-10-11 110032]
R2 AntiVirWebService;Avira Browser Schutz;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-10-11 465360]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-11 83392]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [2008-2-20 24576]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2011-10-11 91968]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [2008-2-20 1324544]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 257696]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 129976]
.
=============== Created Last 30 ================
.
2012-05-29 16:55:53 200704 --sha-r- c:\windows\system32\msaatextk.dll
2012-05-29 14:45:21 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6181cbe2-c62d-4a7b-87e2-310f8b7e4583}\mpengine.dll
2012-05-02 10:42:24 -------- d-----w- c:\users\ingrid\appdata\roaming\KlebezettelNG
2012-05-02 10:41:32 -------- d-----w- c:\program files\Klebezettel NG
.
==================== Find3M ====================
.
2012-06-01 08:07:44 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-05-14 15:12:47 91968 ----a-w- c:\windows\system32\drivers\avfwim.sys
2012-05-14 15:12:47 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-14 15:12:47 112032 ----a-w- c:\windows\system32\drivers\avfwot.sys
2012-05-06 06:45:29 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 06:45:29 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-07 07:42:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-14 16:23:42 54784 ----a-w- c:\windows\system32\pdfcmon.dll
.
============= FINISH: 10:54:43,34 ===============

Attach-Editor:

Zitat:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 20.02.2008 03:12:40
System Uptime: 01.06.2012 08:55:43 (2 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | F5VL
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | CPU 1 | 996/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 32,956 GiB free.
D: is FIXED (NTFS) - 68 GiB total, 11,359 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}
Description: ATI Mobility Radeon X2300
Device ID: PCI\VEN_1002&DEV_718A&SUBSYS_14491043&REV_00\4&107F648&0&0008
Manufacturer: ATI Technologies Inc.
Name: ATI Mobility Radeon X2300
PNP Device ID: PCI\VEN_1002&DEV_718A&SUBSYS_14491043&REV_00\4&107F648&0&0008
Service: atikmdag
.
==== System Restore Points ===================
.
RP1283: 19.05.2012 10:00:09 - Windows-Sicherung
RP1284: 22.05.2012 18:42:10 - Windows Update
RP1285: 23.05.2012 19:17:03 - Geplanter Prüfpunkt
RP1286: 24.05.2012 17:07:15 - Geplanter Prüfpunkt
RP1287: 25.05.2012 16:20:02 - Windows Update
RP1288: 26.05.2012 10:00:11 - Windows-Sicherung
RP1289: 28.05.2012 09:57:09 - Geplanter Prüfpunkt
RP1290: 29.05.2012 16:43:56 - Windows Update
.
==== Installed Programs ======================
.
abramania mahjongg freeware 1.0
ACSynchro
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3) - Deutsch
Amazon MP3-Downloader 1.0.9
ASUS InstantFun
ASUS Live Update
ASUS Splendid Video Enhancement Technology
ASUS Touch Pad Extra
Asus_Camera_ScreenSaver
Atheros Driver Installation Program
ATI Uninstaller
ATK Hotkey
ATK Media
ATKOSD2
Avira Internet Security 2012
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
Catan - Städte und Ritter
ccc-Branding
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Compatibility Pack für 2007 Office System
ElsterFormular
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IncrediMail
IncrediMail 2.0
Interaktive Sprachreise - English Sprachkurs 1
Java Auto Updater
Java(TM) 6 Update 31
Klebezettel NG (Version 2.9.12)
Lexmark 1200 Series
LifeFrame2
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2000 Premium
Microsoft Office Word Viewer 2003
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 12.0 (x86 de)
Mozilla Maintenance Service
MSVC80_x86_v2
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NB Probe
Nero 7 Essentials
neroxml
Nokia Connectivity Cable Driver
PC Connectivity Solution
PDFCreator
PhotoMail Maker
Power4Gear eXtreme
PowerForPhone
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Task Manager 1.8d
Security Update for CAPICOM (KB931906)
Skins
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
USB2.0 1.3M WebCam
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live installer
WinFlash
Wireless Console 2
XnView 1.97.8
.
==== End Of File ===========================

Ich war mit einer solchen Problematik noch nie befasst und hoffe auf Hilfe.

Herzlich Dank dafür schon mal im voraus.

cosinus · 03.06.2012, 14:18

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Ina Neu · 03.06.2012, 23:39

Hallo Cosinus,

danke, dass Du mir hilfst. Ich hoffe, ich habe Deine Anweisungen richtig ausgeführt.

mbam-log:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.03.03

Windows Vista x86 NTFS
Internet Explorer 8.0.6001.18904
Ingrid :: INGRID-PC [Administrator]

03.06.2012 15:45:57
mbam-log-2012-06-03 (15-45-57).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 341808
Laufzeit: 2 Stunde(n), 2 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

eset-log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=fcd99d5f77969345b174313900d28349
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-03 10:27:55
# local_time=2012-06-04 12:27:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6000 NT 
# compatibility_mode=1792 16777175 100 0 20396042 20396042 0 0
# compatibility_mode=5892 16776574 100 100 437487 176272937 0 0
# compatibility_mode=8192 67108863 100 0 169 169 0 0
# scanned=254086
# found=12
# cleaned=0
# scan_time=22266
C:\Users\Ingrid_2\Downloads\SoftonicDownloader_fuer_die-siedler-ii-die-nachste-generation.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Windows\Temp\9978c1.exe	Win32/PSW.Delf.OBN trojan (unable to clean)	00000000000000000000000000000000	I
G:\$RECYCLE.BIN\S-1-5-21-845330391-596446110-4024825672-1000\$R59O5J9\Downloads\SoftonicDownloader_fuer_die-siedler-ii-die-nachste-generation.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
G:\$RECYCLE.BIN\S-1-5-21-845330391-596446110-4024825672-1001\$R45R5IS\SoftonicDownloader_fuer_die-siedler-ii-die-nachste-generation.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
G:\$RECYCLE.BIN\S-1-5-21-845330391-596446110-4024825672-1001\$R7HMZF3\SoftonicDownloader_fuer_die-siedler-ii-die-nachste-generation.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
G:\$RECYCLE.BIN\S-1-5-21-845330391-596446110-4024825672-1001\$RYYG7R7\PDFCreator-1_2_3_setup.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
G:\$RECYCLE.BIN\S-1-5-21-845330391-596446110-4024825672-1001\$RYYG7R7\SoftonicDownloader_fuer_die-siedler-ii-die-nachste-generation.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
G:\_C\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
G:\_C\Users\Ingrid_2\Downloads\PDFCreator-1_2_3_setup.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
G:\_C\Users\Ingrid_2\Downloads\SoftonicDownloader_fuer_die-siedler-ii-die-nachste-generation.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
G:\_C\_C\Users\Ingrid_2\Downloads\PDFCreator-1_2_3_setup.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
G:\_C\_C\Users\Ingrid_2\Downloads\SoftonicDownloader_fuer_die-siedler-ii-die-nachste-generation.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I

Danke für weitere Hilfe !!!

cosinus · 04.06.2012, 10:45

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Zitat:

C:\Users\Ingrid_2\Downloads\SoftonicDownloader_fuer_die-siedler-ii-die-nachste-generation.exe

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Ina Neu · 04.06.2012, 11:09

Hi Arne,

malware hatte ich kurz scannen lassen. War mir aber dann unsicher, ob ich alles richtig gemacht hatte und habe nach ein paar Minuten den Suchlauf abgebrochen und wieder neu gestartet. Ich finde auch auf Malwarebytes keine weiteren Berichte.

Habe das Spiel "Siedler von Catan" direkt über den Hersteller gekauft! Wie bekomme ich Softonic denn vom Rechner?

Gruß - Ina

cosinus · 04.06.2012, 16:00

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Ina Neu · 04.06.2012, 16:53

Windows funktioniert. Keine Probleme ausser den geschilderten festgestellt.

Ein Ordner "Autostart" ist leer. Sonst kann ich nichts feststellen.

cosinus · 04.06.2012, 20:21

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Ina Neu · 04.06.2012, 21:17

OTL-Txt

Code:

ATTFilter

OTL logfile created on: 04.06.2012 21:39:50 - Run 1
OTL by OldTimer - Version 3.2.46.0     Folder = C:\Users\Ingrid_2\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,52% Memory free
4,21 Gb Paging File | 3,34 Gb Available in Paging File | 79,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 33,31 Gb Free Space | 44,69% Space Free | Partition Type: NTFS
Drive D: | 67,69 Gb Total Space | 10,87 Gb Free Space | 16,06% Space Free | Partition Type: NTFS
 
Computer Name: INGRID-PC | User Name: Ingrid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.04 21:35:08 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ingrid_2\Desktop\OTL.exe
PRC - [2012.05.14 17:12:44 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.14 17:12:37 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.05.14 17:12:36 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2012.05.14 17:12:36 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.05.14 17:12:36 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.14 17:12:36 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.14 17:12:36 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.06 13:01:46 | 004,433,408 | ---- | M] (Hollie-Soft) -- C:\Program Files\Klebezettel NG\klebez.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.10.27 16:48:00 | 000,353,736 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
PRC - [2010.10.27 16:47:59 | 000,255,432 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
PRC - [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.06.07 21:44:56 | 000,176,128 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.04.19 21:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007.04.19 16:43:42 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxczcoms.exe
PRC - [2007.04.17 23:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.02.15 11:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.02.06 04:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.18 06:41:34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.01.18 05:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2006.12.29 02:17:50 | 000,123,248 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2006.12.21 09:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006.12.19 03:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006.12.13 01:06:42 | 000,106,496 | ---- | M] (ASUS) -- C:\Windows\System32\ASUSTPE.exe
PRC - [2006.12.10 18:31:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkCSrv.exe
PRC - [2005.07.07 01:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.10.27 16:48:03 | 000,071,112 | ---- | M] () -- C:\Program Files\IncrediMail\bin\wlessfp1.dll
MOD - [2010.10.27 16:48:01 | 000,251,336 | ---- | M] () -- C:\Program Files\IncrediMail\bin\ImLookExU.dll
MOD - [2010.10.17 18:09:32 | 000,079,224 | ---- | M] () -- C:\Program Files\IncrediMail\bin\pmc.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.14 17:12:44 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.14 17:12:37 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.14 17:12:36 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012.05.14 17:12:36 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.14 17:12:36 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.06 08:45:30 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.12.08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.08.15 23:47:58 | 000,361,216 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.06.20 03:17:50 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2007.04.19 16:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxczcoms.exe -- (lxcz_device)
SRV - [2007.02.06 04:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006.12.29 02:17:50 | 000,123,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2006.12.10 18:31:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkCSrv.exe -- (StkSSrv)
SRV - [2006.11.02 14:35:32 | 000,051,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2006.11.02 14:35:09 | 000,052,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2006.11.02 14:34:46 | 000,287,744 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\SearchIndexer.exe -- (WSearch)
SRV - [2006.11.02 14:34:32 | 000,263,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2006.11.02 11:46:05 | 000,065,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\atikmdag.sys -- (atikmdag)
DRV - [2012.05.14 17:12:47 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.14 17:12:47 | 000,112,032 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2012.05.14 17:12:47 | 000,091,968 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2012.05.14 17:12:47 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.02.05 15:03:37 | 001,214,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011.10.11 16:33:12 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.10.11 16:33:12 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.02.23 12:04:39 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2007.01.24 12:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007.01.23 05:01:00 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007.01.19 17:19:12 | 001,324,544 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini)
DRV - [2006.12.28 10:17:18 | 000,018,688 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2006.12.14 09:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2006.11.02 11:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,080,488 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 11:50:16 | 000,078,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)
DRV - [2006.11.02 11:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 11:49:49 | 000,027,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp)
DRV - [2006.11.02 11:49:44 | 000,023,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci)
DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 11:49:26 | 000,015,464 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2006.11.02 11:49:24 | 000,014,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\intelide.sys -- (intelide)
DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 11:03:00 | 000,242,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2006.11.02 10:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006.11.02 10:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2006.11.02 10:55:16 | 000,062,080 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2006.11.02 10:55:11 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2006.11.02 10:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006.11.02 10:55:08 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass)
DRV - [2006.11.02 10:55:05 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2006.11.02 10:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr)
DRV - [2006.11.02 10:55:01 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidusb.sys -- (HidUsb)
DRV - [2006.11.02 10:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006.11.02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006.11.02 10:51:38 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2006.11.02 10:51:33 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2006.11.02 10:51:32 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2006.11.02 10:51:30 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\parport.sys -- (Parport)
DRV - [2006.11.02 10:51:12 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mouhid.sys -- (mouhid)
DRV - [2006.11.02 10:51:12 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2006.11.02 10:42:03 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2006.11.02 10:35:12 | 000,082,432 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus)
DRV - [2006.11.02 10:35:03 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2006.11.02 10:30:57 | 000,225,280 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2006.11.02 10:30:19 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2006.11.02 10:30:18 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2006.11.02 10:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe)
DRV - [2006.11.02 10:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7)
DRV - [2006.11.02 10:30:18 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.10.14 05:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.10.07 00:59:06 | 000,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com/
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBF
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1001\..\SearchScopes,DefaultScope = {F9981949-4D0B-429A-B5D5-7D0B6B457271}
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1001\..\SearchScopes\{F9981949-4D0B-429A-B5D5-7D0B6B457271}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GGLD_de
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.27 12:57:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.11 17:14:22 | 000,000,000 | ---D | M]
 
[2010.07.01 10:13:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ingrid\AppData\Roaming\mozilla\Extensions
[2012.06.04 00:09:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions
[2010.08.13 17:44:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.04.29 09:31:55 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2012.06.04 00:09:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\staged
[2012.04.27 12:57:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.07 09:42:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-845330391-596446110-4024825672-1000..\Run: [CollaborationHost] C:\Windows\System32\p2phost.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-845330391-596446110-4024825672-1000..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-845330391-596446110-4024825672-1000..\Run: [IncrediMail Tray Application] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-845330391-596446110-4024825672-1000..\Run: [Klebezettel NG] C:\Program Files\Klebezettel NG\klebez.exe (Hollie-Soft)
O4 - HKU\S-1-5-21-845330391-596446110-4024825672-1001..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-845330391-596446110-4024825672-1001..\Run: [Klebezettel NG] C:\Program Files\Klebezettel NG\klebez.exe (Hollie-Soft)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FEB022C-329B-4818-80F5-3C12025FA45F}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDDF7634-F7EE-4F12-9699-B4660EC09607}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\ASUS\wallpapers\ASUS.jpg
O24 - Desktop BackupWallPaper: C:\Windows\ASUS\wallpapers\ASUS.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ASUS Camera ScreenSaver - hkey= - key= - C:\Windows\ASScrProlog.exe ()
MsConfig - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\ASScrPro.exe ()
MsConfig - StartUpReg: ATKMEDIA - hkey= - key= - C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: FlashPlayerUpdate - hkey= - key= -  File not found
MsConfig - StartUpReg: lxczbmgr.exe - hkey= - key= - C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player 9 ActiveX
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: wave1 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.03 18:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.03 15:36:03 | 000,000,000 | ---D | C] -- C:\Users\Ingrid\AppData\Roaming\Malwarebytes
[2012.06.03 15:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.03 15:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.03 15:35:37 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.03 15:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.04 21:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.04 21:24:16 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.04 21:24:16 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.04 17:24:29 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2012.06.04 17:24:18 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Bktmmbxmea.job
[2012.06.04 17:24:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.04 15:49:40 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.06.04 12:38:50 | 000,000,680 | ---- | M] () -- C:\Users\Ingrid\AppData\Local\d3d9caps.dat
[2012.06.04 12:37:31 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ECD24ADB-9D77-428F-9399-7DBC00BB9DED}.job
[2012.06.03 18:03:56 | 000,640,596 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.03 18:03:56 | 000,609,730 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.03 18:03:56 | 000,116,328 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.03 18:03:56 | 000,103,512 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.03 15:44:44 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.29 18:55:53 | 000,200,704 | RHS- | M] () -- C:\Windows\System32\msaatextk.dll
[2012.05.25 17:04:47 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.14 17:12:47 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.14 17:12:47 | 000,112,032 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys
[2012.05.14 17:12:47 | 000,091,968 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys
[2012.05.14 17:12:47 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.03 15:35:39 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.29 18:55:53 | 000,200,704 | RHS- | C] () -- C:\Windows\System32\msaatextk.dll
[2012.05.29 18:55:53 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\Bktmmbxmea.job
 
========== LOP Check ==========
 
[2012.04.02 14:40:45 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\elsterformular
[2011.03.27 18:17:20 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\IrfanView
[2012.05.02 13:22:45 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\KlebezettelNG
[2011.04.01 12:26:40 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\Nokia
[2011.07.30 13:22:25 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\PC Suite
[2012.04.02 09:12:08 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\pdfforge
[2008.07.05 14:59:08 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\PeerNetworking
[2011.01.15 02:23:34 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\TuneUp Software
[2008.04.06 16:05:12 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\WEB.DE
[2012.04.02 14:42:20 | 000,000,000 | ---D | M] -- C:\Users\Ingrid_2\AppData\Roaming\elsterformular
[2011.09.22 22:54:34 | 000,000,000 | ---D | M] -- C:\Users\Ingrid_2\AppData\Roaming\FreeDoko
[2011.03.18 13:59:26 | 000,000,000 | ---D | M] -- C:\Users\Ingrid_2\AppData\Roaming\IrfanView
[2012.05.05 09:29:03 | 000,000,000 | ---D | M] -- C:\Users\Ingrid_2\AppData\Roaming\KlebezettelNG
[2011.04.01 12:26:19 | 000,000,000 | ---D | M] -- C:\Users\Ingrid_2\AppData\Roaming\PC Suite
[2012.06.01 22:24:41 | 000,000,000 | ---D | M] -- C:\Users\Ingrid_2\AppData\Roaming\QuickScan
[2011.01.15 02:30:48 | 000,000,000 | ---D | M] -- C:\Users\Ingrid_2\AppData\Roaming\TuneUp Software
[2012.01.13 15:54:38 | 000,000,000 | ---D | M] -- C:\Users\Ingrid_2\AppData\Roaming\XnView
[2012.06.04 17:24:18 | 000,000,312 | ---- | M] () -- C:\Windows\Tasks\Bktmmbxmea.job
[2012.06.04 15:49:43 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.06.04 12:37:31 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{ECD24ADB-9D77-428F-9399-7DBC00BB9DED}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.08.27 18:57:05 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\Adobe
[2008.02.23 15:41:58 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\Ahead
[2009.06.05 18:10:11 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\Apple Computer
[2008.07.05 14:43:53 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\ATI
[2012.01.17 22:35:22 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\Avira
[2012.04.02 14:40:45 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\elsterformular
[2008.02.23 01:04:30 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\Google
[2008.02.20 17:45:50 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\Identities
[2011.03.27 18:17:20 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\IrfanView
[2012.05.02 13:22:45 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\KlebezettelNG
[2008.02.20 17:46:56 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\Macromedia
[2012.06.03 15:36:03 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\Media Center Programs
[2011.08.27 18:57:05 | 000,000,000 | --SD | M] -- C:\Users\Ingrid\AppData\Roaming\Microsoft
[2008.02.23 12:44:33 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\Microsoft Web Folders
[2010.07.01 10:13:21 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\Mozilla
[2011.04.01 12:26:40 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\Nokia
[2011.07.30 13:22:25 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\PC Suite
[2012.04.02 09:12:08 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\pdfforge
[2008.07.05 14:59:08 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\PeerNetworking
[2011.01.15 02:23:34 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\TuneUp Software
[2008.04.06 16:05:12 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\WEB.DE
[2011.06.11 23:11:09 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\WinRAR
[2009.07.23 09:41:23 | 000,000,000 | ---D | M] -- C:\Users\Ingrid\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\drivers\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.02.23 11:52:03 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2008.02.23 11:52:02 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.02.23 11:52:02 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\System32\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2012.05.29 18:55:53 | 000,200,704 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\system32\msaatextk.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:798A3728

< End of report >

Extras.Txt

Code:

ATTFilter

OTL Extras logfile created on: 04.06.2012 21:39:50 - Run 1
OTL by OldTimer - Version 3.2.46.0     Folder = C:\Users\Ingrid_2\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,52% Memory free
4,21 Gb Paging File | 3,34 Gb Available in Paging File | 79,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 33,31 Gb Free Space | 44,69% Space Free | Partition Type: NTFS
Drive D: | 67,69 Gb Total Space | 10,87 Gb Free Space | 16,06% Space Free | Partition Type: NTFS
 
Computer Name: INGRID-PC | User Name: Ingrid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-845330391-596446110-4024825672-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-845330391-596446110-4024825672-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08970447-B4F5-46A2-94FF-B0FA4CE68E0E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{09B5BCBF-06AA-4358-88DD-477C2A526E2C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1C15B6DE-4287-4E54-80E0-E7B21BAB15C9}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{221474D5-5900-4437-8418-37107C53E09B}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | 
"{23237A96-FD5F-42A1-A703-6EA9C1FEF93A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{24682132-1956-4AF1-8B2D-55F7F23789B8}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{24877949-8CDD-4C83-A14F-CF12A54E4B97}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{32DDEA68-EF31-499C-9028-9E1A3E34A1F9}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | 
"{3494B169-16DA-4ECF-BE33-5FF1F2C8E89D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3B0C4EBD-2157-412B-BD9C-1CEE6F51EBDF}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{4DC68ECE-2971-4F21-94B1-01C1DE7BE192}" = lport=137 | protocol=17 | dir=in | app=system | 
"{52FAC40A-6653-461F-B307-B45FD021AA28}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{724CFB75-F585-4808-AA23-3466311F089C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{77F2255B-CE70-40E1-9FF5-EFF769582E95}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{837800C1-4135-4C5D-85FC-5F9D2A564DB7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8597AFED-81CC-494F-A786-218EBEDABC90}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{859CF67F-E39A-428A-8FB6-472EDFE9E8ED}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{85ED855A-CDEC-477F-BC94-9AE5BBA250A1}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{962689DE-7DAF-430E-808A-BF764DA80FB9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A1010A03-3CC5-4286-8E44-338AC01E25D7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BCCF7FF4-D4C3-41BD-A498-A36C855F8D03}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C3246888-6F0D-4B08-8112-026F1034B68C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CD46F886-EB00-4F68-A0A6-6D9471E3A060}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D0F70F99-8731-4A0E-B5CC-68DB17CC3D83}" = lport=139 | protocol=6 | dir=in | app=system | 
"{DC19C32C-F216-4B18-90D3-593A017276FB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E4528AD6-1D35-47DB-A441-3D15BC3FDD6A}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{F3AA887E-F2B2-493B-802C-C5673BFE24CC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F82A8173-1E25-4B30-9820-00131AD1D49B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{FC421976-E6E7-4BD1-A249-390BC59D5A82}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003EAB28-92A2-44F8-A9A1-86963E482BBB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{02216D47-704F-4C64-BB1F-72B47C33B0AC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0CD94801-68E2-4DFB-BEB0-97907162BC92}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\imapp.exe | 
"{2A868F3B-CBD6-4920-910B-EB479DF61873}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2E840FF5-CFAD-416B-B9D5-77093D8103BB}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe | 
"{40523510-886B-4F15-957D-143B214DBF08}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{422EFB73-C6E9-4A4D-A3A7-C038BCAC13A9}" = protocol=6 | dir=in | app=c:\users\ingrid_2\appdata\local\temp\iminstaller\incredimail_installer.exe | 
"{44BE1FA1-CEB4-4335-BA04-42E93091A4BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{485E03DE-D6A2-4C13-B207-14FB7C90A707}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe | 
"{4F231829-999E-4025-912A-C66A45ED958D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4FC2FB74-B527-4E65-A6A6-7996ABC5723F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{57038670-8399-4C70-8A82-8A83D05B6D85}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{596437D1-452F-4889-B939-F06BB711DAE6}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe | 
"{623B0617-2B99-4920-90BD-2BE63222F900}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6C9E6CF9-63D4-42C2-9593-00C86678EE7D}" = protocol=6 | dir=out | app=system | 
"{7831578A-421A-4C2B-8F8D-25BFB3656593}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\incmail.exe | 
"{7CE7A2C4-2B23-449E-BD27-B057434FBE55}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{83E39432-0031-4067-B088-6399CE322378}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{890702A3-3C1D-4610-AD2E-0998F486EDD0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8B4D3648-F3C4-4D46-B3FD-645447C836D5}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{905FE97B-574C-4388-B62B-32ED95B16A4C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{912844C2-E234-4C46-B575-DA1EC77F4433}" = protocol=17 | dir=in | app=c:\users\ingrid_2\appdata\local\temp\iminstaller\incredimail_installer.exe | 
"{9A1D2740-268C-4155-8FF2-EB0F12F4F121}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A076B3B6-6288-44B0-A6FD-A588BDC17C6A}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\impcnt.exe | 
"{A8367209-0EBE-4BA8-8292-8F8D81856A15}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A852B0FB-F7AC-4CB0-A787-1CC41164628D}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\imapp.exe | 
"{A920EC5E-B9D4-48EF-80AB-3BA778B9A2BF}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{AFB12964-56D1-4CFA-A8D9-8515F07237EF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{BA8F1DE1-313B-499F-A72D-07417789365D}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe | 
"{BD143932-6955-4479-B47F-67C1A74AEFF9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C6ABBED0-5C31-40B0-A93E-3F7CB10E5407}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\incmail.exe | 
"{C9E581A1-3613-4FCB-8AC3-705689639493}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\impcnt.exe | 
"{DEFC455C-5902-476D-B990-15559A7BA6E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E68FD722-BB27-4F0B-B486-6F7BD4796D22}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{EEF35270-C79A-4139-A42F-10B1BD704466}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe | 
"{FA2F827A-630D-4251-8271-25BDFE7848A6}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe | 
"{FD0DBB45-C889-4472-AC73-E7A6A375E34A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04F707AE-1AFD-FCB3-15FB-678EB18E5276}" = Catalyst Control Center Graphics Light
"{0B75F2BE-EA34-C35E-795B-14B6AD05EF33}" = CCC Help English
"{0C352FE8-D3C7-5679-3916-94B703AE2568}" = Catalyst Control Center Localization Portuguese
"{0CEF967E-5776-AAB4-24B7-B77B1CFD1F1B}" = ccc-utility
"{12127C0A-4364-AF17-890A-161497C7C445}" = CCC Help Polish
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{1F1D117B-2819-5686-F837-6F573CD98D1B}" = Catalyst Control Center Localization Thai
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26DBD556-77EA-04E4-ED34-9C341ECBCD10}" = Catalyst Control Center Localization Turkish
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2DE63F00-FDAA-54A5-CB0D-14CE878A6BEB}" = Catalyst Control Center Localization Czech
"{34B92C91-1B7F-CA25-A565-D7B93050A7E5}" = Catalyst Control Center Localization Spanish
"{363AA734-FEDD-B361-AC59-99F8F323881A}" = CCC Help Norwegian
"{36CEB090-7231-0532-59A3-3D5CD5EBB689}" = Catalyst Control Center Graphics Previews Vista
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3E46600E-8E92-AE52-F505-2552A0EA1697}" = CCC Help Danish
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4385133D-4A33-2565-7B46-80A89EA0E888}" = Catalyst Control Center Localization Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F81901F-3655-4340-8227-F687F69A3C79}}_is1" = Klebezettel NG (Version 2.9.12)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{61F128C7-59EB-98EA-FE59-2BE6332DF04B}" = CCC Help Chinese Traditional
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{63B3A1B7-DE32-A193-486A-6A39D08C235C}" = CCC Help Chinese Standard
"{63EC2860-FAC7-5BC0-5F6A-BCE20C0EBC80}" = Catalyst Control Center Localization Norwegian
"{666472B6-06A7-0C3A-6165-9A133013BDB2}" = Catalyst Control Center Localization Chinese Traditional
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B387AB8-A460-5B93-0517-0A9B0D4318B9}" = Catalyst Control Center Graphics Full New
"{6CF08F61-9C7D-8F20-ADED-7A40AEE6F2B7}" = Catalyst Control Center Localization Chinese Standard
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72DCA752-2EAC-3FC8-60C9-19A0D3884302}" = CCC Help Hungarian
"{7463A3EB-F88E-00FC-6081-AD02FB321C54}" = Catalyst Control Center Localization Swedish
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{780950E3-008C-FE5E-AEE6-5EF77D81B31F}" = Catalyst Control Center Core Implementation
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7D83D3A4-0F45-8075-0AB6-B6D1106CF1B8}" = CCC Help Dutch
"{83A40382-EA9B-A1DF-C2E9-32D65E0B8C23}" = Catalyst Control Center Localization Hungarian
"{83E06C1E-B97B-2679-5EFA-7D0D7FA1ADF1}" = CCC Help Swedish
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{863373A8-5B31-2CBA-16E2-6780AE724DB4}" = CCC Help Portuguese
"{876FF807-179D-663C-3989-B9E97DD7DF43}" = Catalyst Control Center Localization Russian
"{88F36928-8B64-08CB-983A-8B2042CF15D0}" = Catalyst Control Center Localization Dutch
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{937EC4CC-5B69-2990-FC5B-512E1520D0DA}" = CCC Help Russian
"{93DDECDF-0AA0-B360-6A6F-288099DD2D98}" = CCC Help Finnish
"{99D9B4EB-FE36-8A77-ABA9-1FA02E635E63}" = Catalyst Control Center Localization Danish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3103F91-39CE-BEDE-680A-D41F26F97D8F}" = CCC Help Thai
"{A6752CB8-1FA2-070B-C80E-B3B67781603C}" = CCC Help Spanish
"{A7714FC2-BFEC-31A6-AA47-321676B73DFA}" = CCC Help German
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AD757BEF-0720-BA67-FD34-5FB5D950BD60}" = Catalyst Control Center Localization French
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B01C55C2-37BC-3B95-CAE2-4D12F50FAF8F}" = Catalyst Control Center Localization Korean
"{B021DB07-517A-1FE9-05E1-2FF29870C53D}" = Catalyst Control Center Localization German
"{B5D76EC0-13E1-DFEE-9DA4-5F8BC9F4C5CF}" = Catalyst Control Center Graphics Previews Common
"{BC61F51E-8AF7-46B9-AF20-B33B5EE81031}" = Nero 7 Essentials
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C3834E9A-09EE-3809-3479-0A2E0487EB64}" = CCC Help Greek
"{CD54A3A7-2CE4-CB17-F5BC-ED6F48501AF8}" = CCC Help French
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF65258-EB04-DA25-3C8B-93E44F2321C6}" = CCC Help Italian
"{D1371B55-1ABB-113F-980B-5531C9529416}" = CCC Help Czech
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{DB5C6904-E162-3DA7-8D92-9F5D70FA9E7F}" = CCC Help Japanese
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E0C2FD92-2054-781C-7719-F3FE978B571A}" = Catalyst Control Center Localization Finnish
"{E36D7B40-4411-3B38-DAC0-4CF6574C1DB9}" = Skins
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{ED03EBC3-0621-1ED7-11FA-E22D8FC79909}" = Catalyst Control Center Localization Polish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F33B21FC-D4B9-522A-5B67-F87A0BAA3268}" = CCC Help Korean
"{F36828A9-4231-579E-2393-E43B299D77B8}" = Catalyst Control Center Localization Japanese
"{F6D1EEB6-544C-7071-DB1B-11FA4A9AC432}" = Catalyst Control Center Graphics Full Existing
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = PowerForPhone
"{FC9CCB53-0EC6-A64E-52C2-68C70858AA56}" = CCC Help Turkish
"{FF216817-DAE6-3280-28EF-C4F12A88E33F}" = Catalyst Control Center Localization Greek
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"abramania mahjongg freeware 1.0" = abramania mahjongg freeware 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"ATI Uninstaller" = ATI Uninstaller
"Avira AntiVir Desktop" = Avira Internet Security 2012
"Catan - Staedte und Ritter" = Catan - Städte und Ritter
"CCleaner" = CCleaner
"ElsterFormular 13.1.1.8531p" = ElsterFormular
"ESET Online Scanner" = ESET Online Scanner v3
"IncrediMail" = IncrediMail 2.0
"ISRE1_15_676824" = Interaktive Sprachreise - English Sprachkurs 1
"Lexmark 1200 Series" = Lexmark 1200 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PhotoMail" = PhotoMail Maker
"Security Task Manager" = Security Task Manager 1.8d
"ST6UNST #1" = ACSynchro
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB2.0 1.3M WebCam" = USB2.0 1.3M WebCam
"XnView_is1" = XnView 1.97.8
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 02.06.2012 04:04:54 | Computer Name = Ingrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.06.2012 11:05:54 | Computer Name = Ingrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.06.2012 11:59:58 | Computer Name = Ingrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 03.06.2012 02:27:54 | Computer Name = Ingrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 03.06.2012 02:32:38 | Computer Name = Ingrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 03.06.2012 12:13:55 | Computer Name = Ingrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 03.06.2012 12:13:55 | Computer Name = Ingrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.06.2012 01:48:14 | Computer Name = Ingrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.06.2012 01:52:06 | Computer Name = Ingrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.06.2012 11:25:41 | Computer Name = Ingrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 03.06.2012 02:26:06 | Computer Name = Ingrid-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 1, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 03.06.2012 02:26:06 | Computer Name = Ingrid-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 6, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 03.06.2012 02:26:06 | Computer Name = Ingrid-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 7, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 04.06.2012 01:45:06 | Computer Name = Ingrid-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 1, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 04.06.2012 01:45:06 | Computer Name = Ingrid-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 6, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 04.06.2012 01:45:06 | Computer Name = Ingrid-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 7, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 04.06.2012 03:07:11 | Computer Name = Ingrid-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 04.06.2012 11:23:47 | Computer Name = Ingrid-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 1, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 04.06.2012 11:23:47 | Computer Name = Ingrid-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 6, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 04.06.2012 11:23:47 | Computer Name = Ingrid-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 7, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
 
< End of report >

Danke!!! Ina

cosinus · 08.06.2012, 09:15

Sry hab deinen Strang übersehen

Zitat:

(IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IncMail.exe

Müsst ihr als Mailclient unbedingt dieses sch... Programm verwenden?

Incredimail ist zwar bunt und nett animiert, aber leider als Spyware einzustufen, da es das Nutzerverhalten analysiert und diese an den Hersteller übermittelt.
Ich kann nur die sofortige Deinstallation und Umstieg auf einen anderen Mailclient wie zB Mozilla Thunderbird empfehlen.

Zitat:

(TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)

TuneUp ist eine Software, die ich als Problembeschaffungsmaßnahme bzw. Schlangenöl bezeichnen würde

Das zieht sich - warum auch immer - fast durchgängig durch alle Logs hier, warum weiß ich nicht, denn TuneUp ist eigentlich der letzte Schrott => TuneUp: Wundermittel oder Placebo Reloaded | DerFisch.de

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBF
IE - HKU\S-1-5-21-845330391-596446110-4024825672-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/?search={searchTerms}&loc=search_box
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
[2010.08.13 17:44:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.04.29 09:31:55 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:798A3728
:Files
C:\Windows\System32\acovcnt.exe
C:\Windows\tasks\Bktmmbxmea.job
C:\Windows\System32\msaatextk.dll
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Ina Neu · 08.06.2012, 16:02

Danke, dass Du mir weiter hilfst

Code:

ATTFilter

All processes killed
========== OTL ==========
HKU\S-1-5-21-845330391-596446110-4024825672-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-845330391-596446110-4024825672-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-845330391-596446110-4024825672-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
HKEY_USERS\S-1-5-21-845330391-596446110-4024825672-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-845330391-596446110-4024825672-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-845330391-596446110-4024825672-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-845330391-596446110-4024825672-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\searchplugin folder moved successfully.
C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\modules folder moved successfully.
C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\META-INF folder moved successfully.
C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\defaults folder moved successfully.
C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components folder moved successfully.
C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\chrome folder moved successfully.
C:\Users\Ingrid\AppData\Roaming\mozilla\Firefox\Profiles\00airb4s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} folder moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
ADS C:\ProgramData\TEMP:798A3728 deleted successfully.
========== FILES ==========
C:\Windows\System32\acovcnt.exe moved successfully.
C:\Windows\tasks\Bktmmbxmea.job moved successfully.
C:\Windows\System32\msaatextk.dll moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Ingrid
->Temp folder emptied: 12868002 bytes
->Temporary Internet Files folder emptied: 42809115 bytes
->Java cache emptied: 13811795 bytes
->FireFox cache emptied: 49164618 bytes
->Flash cache emptied: 849 bytes
 
User: Ingrid_2
->Temp folder emptied: 760646034 bytes
->Temporary Internet Files folder emptied: 246818676 bytes
->Java cache emptied: 592171 bytes
->FireFox cache emptied: 813911446 bytes
->Flash cache emptied: 94869 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 63104 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11917370 bytes
RecycleBin emptied: 564114886 bytes
 
Total Files Cleaned = 2.400,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Ingrid
->Flash cache emptied: 0 bytes
 
User: Ingrid_2
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.46.0 log created on 06082012_164206

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

LG - Ina

cosinus · 08.06.2012, 17:29

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Ina Neu · 08.06.2012, 17:50

Code:

ATTFilter

18:43:42.0110 1152	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
18:43:42.0297 1152	============================================================
18:43:42.0297 1152	Current date / time: 2012/06/08 18:43:42.0297
18:43:42.0297 1152	SystemInfo:
18:43:42.0297 1152	
18:43:42.0297 1152	OS Version: 6.0.6000 ServicePack: 0.0
18:43:42.0297 1152	Product type: Workstation
18:43:42.0297 1152	ComputerName: INGRID-PC
18:43:42.0297 1152	UserName: Ingrid
18:43:42.0297 1152	Windows directory: C:\Windows
18:43:42.0297 1152	System windows directory: C:\Windows
18:43:42.0297 1152	Processor architecture: Intel x86
18:43:42.0297 1152	Number of processors: 2
18:43:42.0297 1152	Page size: 0x1000
18:43:42.0297 1152	Boot type: Normal boot
18:43:42.0297 1152	============================================================
18:43:43.0578 1152	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x93E52, SectorsPerTrack: 0x4, TracksPerCylinder: 0x81, Type 'K0', Flags 0x00000050
18:43:43.0594 1152	============================================================
18:43:43.0594 1152	\Device\Harddisk0\DR0:
18:43:43.0594 1152	MBR partitions:
18:43:43.0594 1152	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xDAC800, BlocksNum 0x950C800
18:43:43.0610 1152	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xA2B9800, BlocksNum 0x8760000
18:43:43.0610 1152	============================================================
18:43:43.0703 1152	C: <-> \Device\Harddisk0\DR0\Partition0
18:43:43.0750 1152	D: <-> \Device\Harddisk0\DR0\Partition1
18:43:43.0750 1152	============================================================
18:43:43.0750 1152	Initialize success
18:43:43.0750 1152	============================================================
18:45:30.0656 3980	============================================================
18:45:30.0656 3980	Scan started
18:45:30.0656 3980	Mode: Manual; 
18:45:30.0656 3980	============================================================
18:45:31.0453 3980	ACPI            (192bdbd1540645c4a2aa69f24cce197f) C:\Windows\system32\drivers\acpi.sys
18:45:31.0469 3980	ACPI - ok
18:45:31.0563 3980	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:45:31.0563 3980	AdobeARMservice - ok
18:45:31.0672 3980	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:45:31.0672 3980	AdobeFlashPlayerUpdateSvc - ok
18:45:31.0735 3980	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
18:45:31.0750 3980	adp94xx - ok
18:45:31.0781 3980	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
18:45:31.0797 3980	adpahci - ok
18:45:31.0828 3980	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
18:45:31.0828 3980	adpu160m - ok
18:45:31.0860 3980	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
18:45:31.0875 3980	adpu320 - ok
18:45:31.0938 3980	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
18:45:31.0953 3980	AeLookupSvc - ok
18:45:32.0000 3980	AFD             (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
18:45:32.0000 3980	AFD - ok
18:45:32.0047 3980	agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
18:45:32.0047 3980	agp440 - ok
18:45:32.0078 3980	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:45:32.0078 3980	aic78xx - ok
18:45:32.0094 3980	ALG             (e69fb0e3112c40fdc0ef7d21a52dc951) C:\Windows\System32\alg.exe
18:45:32.0094 3980	ALG - ok
18:45:32.0110 3980	aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
18:45:32.0110 3980	aliide - ok
18:45:32.0156 3980	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
18:45:32.0156 3980	amdagp - ok
18:45:32.0172 3980	amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
18:45:32.0172 3980	amdide - ok
18:45:32.0203 3980	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
18:45:32.0203 3980	AmdK7 - ok
18:45:32.0250 3980	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
18:45:32.0250 3980	AmdK8 - ok
18:45:32.0375 3980	AntiVirFirewallService (6acc11e9d2f01c88251123d26c1c5489) C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
18:45:32.0391 3980	AntiVirFirewallService - ok
18:45:32.0453 3980	AntiVirMailService (b7fa28aefa586fb5a04876c7b31d03e6) C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
18:45:32.0469 3980	AntiVirMailService - ok
18:45:32.0516 3980	AntiVirSchedulerService (2e35310d600f4cc64624786a813a041e) C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:45:32.0516 3980	AntiVirSchedulerService - ok
18:45:32.0578 3980	AntiVirService  (984102b9e2f6513008ed4e0c5ac4151d) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:45:32.0578 3980	AntiVirService - ok
18:45:32.0641 3980	AntiVirWebService (9bc7247fd7379307bcff92cf8eb64b87) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
18:45:32.0641 3980	AntiVirWebService - ok
18:45:32.0766 3980	Appinfo         (cfa455816879f06f1c4e5bbf9e8aef7d) C:\Windows\System32\appinfo.dll
18:45:32.0766 3980	Appinfo - ok
18:45:32.0813 3980	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
18:45:32.0828 3980	arc - ok
18:45:32.0860 3980	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
18:45:32.0860 3980	arcsas - ok
18:45:32.0922 3980	ASLDRService    (66597ad6098352d11239c0c42100b176) C:\Program Files\ATK Hotkey\ASLDRSrv.exe
18:45:32.0922 3980	ASLDRService - ok
18:45:32.0969 3980	AsyncMac        (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
18:45:32.0969 3980	AsyncMac - ok
18:45:33.0016 3980	atapi           (4f4fcb8b6ea06784fb6d475b7ec7300f) C:\Windows\system32\drivers\atapi.sys
18:45:33.0016 3980	atapi - ok
18:45:33.0141 3980	athr            (69660af85f35a658d258fc8567318328) C:\Windows\system32\DRIVERS\athr.sys
18:45:33.0156 3980	athr - ok
18:45:33.0250 3980	Ati External Event Utility (112482dd7abcf5c76a81b37d4174f4c0) C:\Windows\system32\Ati2evxx.exe
18:45:33.0250 3980	Ati External Event Utility - ok
18:45:33.0281 3980	atikmdag - ok
18:45:33.0344 3980	AudioEndpointBuilder (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll
18:45:33.0344 3980	AudioEndpointBuilder - ok
18:45:33.0375 3980	Audiosrv        (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll
18:45:33.0375 3980	Audiosrv - ok
18:45:33.0422 3980	avfwim          (e6263cdd0ef3b98cfa2a251a21d8be2e) C:\Windows\system32\DRIVERS\avfwim.sys
18:45:33.0422 3980	avfwim - ok
18:45:33.0485 3980	avfwot          (48929a52c039738c3193581f7fc483a5) C:\Windows\system32\DRIVERS\avfwot.sys
18:45:33.0485 3980	avfwot - ok
18:45:33.0531 3980	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
18:45:33.0531 3980	avgntflt - ok
18:45:33.0578 3980	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
18:45:33.0610 3980	avipbb - ok
18:45:33.0656 3980	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
18:45:33.0656 3980	avkmgr - ok
18:45:33.0719 3980	Beep            (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
18:45:33.0719 3980	Beep - ok
18:45:33.0781 3980	BFE             (98ebdffb824a7c265337d68dd480e45c) C:\Windows\System32\bfe.dll
18:45:33.0781 3980	BFE - ok
18:45:33.0860 3980	BITS            (da551697e34d2b9943c8b1c8eaffe89a) C:\Windows\System32\qmgr.dll
18:45:33.0875 3980	BITS - ok
18:45:33.0891 3980	blbdrive - ok
18:45:33.0906 3980	bowser          (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
18:45:33.0922 3980	bowser - ok
18:45:33.0985 3980	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:45:33.0985 3980	BrFiltLo - ok
18:45:34.0016 3980	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:45:34.0016 3980	BrFiltUp - ok
18:45:34.0047 3980	Browser         (beb6470532b7461d7bb426e3facb424f) C:\Windows\System32\browser.dll
18:45:34.0063 3980	Browser - ok
18:45:34.0094 3980	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:45:34.0094 3980	Brserid - ok
18:45:34.0141 3980	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:45:34.0141 3980	BrSerWdm - ok
18:45:34.0156 3980	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:45:34.0172 3980	BrUsbMdm - ok
18:45:34.0188 3980	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:45:34.0188 3980	BrUsbSer - ok
18:45:34.0235 3980	BthEnum         (a820438255f37ab8baa2bd59753a8d81) C:\Windows\system32\DRIVERS\BthEnum.sys
18:45:34.0235 3980	BthEnum - ok
18:45:34.0250 3980	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:45:34.0266 3980	BTHMODEM - ok
18:45:34.0297 3980	BthPan          (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
18:45:34.0297 3980	BthPan - ok
18:45:34.0344 3980	BTHPORT         (4a74bbb2b6761789f42a6613479bdb1d) C:\Windows\system32\Drivers\BTHport.sys
18:45:34.0344 3980	BTHPORT - ok
18:45:34.0375 3980	BthServ         (58ee7f5e68310bc8d4e7cebd8358c12e) C:\Windows\System32\bthserv.dll
18:45:34.0375 3980	BthServ - ok
18:45:34.0406 3980	BTHUSB          (1a407f9b707a06f55aa150f9aa072b09) C:\Windows\system32\Drivers\BTHUSB.sys
18:45:34.0406 3980	BTHUSB - ok
18:45:34.0453 3980	BVRPMPR5        (18e0f9c1e7ec4aae40b3f67eab0aee99) C:\Windows\system32\drivers\BVRPMPR5.SYS
18:45:34.0469 3980	BVRPMPR5 - ok
18:45:34.0500 3980	cdfs            (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
18:45:34.0500 3980	cdfs - ok
18:45:34.0547 3980	cdrom           (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
18:45:34.0547 3980	cdrom - ok
18:45:34.0594 3980	CertPropSvc     (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
18:45:34.0594 3980	CertPropSvc - ok
18:45:34.0641 3980	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
18:45:34.0641 3980	circlass - ok
18:45:34.0688 3980	CLFS            (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
18:45:34.0688 3980	CLFS - ok
18:45:34.0750 3980	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:45:34.0750 3980	clr_optimization_v2.0.50727_32 - ok
18:45:34.0766 3980	CmBatt          (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
18:45:34.0766 3980	CmBatt - ok
18:45:34.0797 3980	cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
18:45:34.0797 3980	cmdide - ok
18:45:34.0828 3980	Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\DRIVERS\compbatt.sys
18:45:34.0828 3980	Compbatt - ok
18:45:34.0844 3980	COMSysApp - ok
18:45:34.0860 3980	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
18:45:34.0860 3980	crcdisk - ok
18:45:34.0891 3980	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
18:45:34.0906 3980	Crusoe - ok
18:45:34.0969 3980	CryptSvc        (1c26fb097170a2a91066d1e3a24366e3) C:\Windows\system32\cryptsvc.dll
18:45:34.0969 3980	CryptSvc - ok
18:45:35.0031 3980	DcomLaunch      (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll
18:45:35.0047 3980	DcomLaunch - ok
18:45:35.0063 3980	DfsC            (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
18:45:35.0063 3980	DfsC - ok
18:45:35.0219 3980	DFSR            (e0d584aa76c7d845ba9f3a788260528f) C:\Windows\system32\DFSR.exe
18:45:35.0266 3980	DFSR - ok
18:45:35.0422 3980	Dhcp            (17210d8064ec116a3fc6b5e45e577d43) C:\Windows\System32\dhcpcsvc.dll
18:45:35.0422 3980	Dhcp - ok
18:45:35.0485 3980	disk            (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
18:45:35.0485 3980	disk - ok
18:45:35.0531 3980	Dnscache        (eecba1dd142bf8693c476be8f32fe253) C:\Windows\System32\dnsrslvr.dll
18:45:35.0531 3980	Dnscache - ok
18:45:35.0547 3980	dot3svc         (1f795d214820e496bf1124434a6db546) C:\Windows\System32\dot3svc.dll
18:45:35.0547 3980	dot3svc - ok
18:45:35.0594 3980	DPS             (8ef243e3baf1ab4f6202edeb8890319b) C:\Windows\system32\dps.dll
18:45:35.0594 3980	DPS - ok
18:45:35.0625 3980	drmkaud         (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
18:45:35.0625 3980	drmkaud - ok
18:45:35.0672 3980	DXGKrnl         (f032a2f91287a0b800891c7bef9ca7a8) C:\Windows\System32\drivers\dxgkrnl.sys
18:45:35.0703 3980	DXGKrnl - ok
18:45:35.0735 3980	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:45:35.0735 3980	E1G60 - ok
18:45:35.0766 3980	EapHost         (90a0a875642e18618010645311b4e89e) C:\Windows\System32\eapsvc.dll
18:45:35.0766 3980	EapHost - ok
18:45:35.0813 3980	Ecache          (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
18:45:35.0828 3980	Ecache - ok
18:45:35.0891 3980	ehRecvr         (b4580122b0a7b263b6ee9acba69c8013) C:\Windows\ehome\ehRecvr.exe
18:45:35.0906 3980	ehRecvr - ok
18:45:35.0922 3980	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
18:45:35.0938 3980	ehSched - ok
18:45:35.0953 3980	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
18:45:35.0953 3980	ehstart - ok
18:45:36.0000 3980	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
18:45:36.0016 3980	elxstor - ok
18:45:36.0078 3980	EMDMgmt         (3226fda08988526e819e364e8cce4cee) C:\Windows\system32\emdmgmt.dll
18:45:36.0094 3980	EMDMgmt - ok
18:45:36.0156 3980	EventSystem     (7b4971c3d43525175a4ea0d143e0412e) C:\Windows\system32\es.dll
18:45:36.0156 3980	EventSystem - ok
18:45:36.0203 3980	fastfat         (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
18:45:36.0203 3980	fastfat - ok
18:45:36.0235 3980	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
18:45:36.0235 3980	fdc - ok
18:45:36.0281 3980	fdPHost         (e43bce1a77d6fd4ed5f8e0482b9e7df1) C:\Windows\system32\fdPHost.dll
18:45:36.0281 3980	fdPHost - ok
18:45:36.0313 3980	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
18:45:36.0313 3980	FDResPub - ok
18:45:36.0344 3980	FileInfo        (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
18:45:36.0344 3980	FileInfo - ok
18:45:36.0375 3980	Filetrace       (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
18:45:36.0375 3980	Filetrace - ok
18:45:36.0406 3980	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
18:45:36.0406 3980	flpydisk - ok
18:45:36.0422 3980	FltMgr          (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
18:45:36.0422 3980	FltMgr - ok
18:45:36.0516 3980	FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:45:36.0516 3980	FontCache3.0.0.0 - ok
18:45:36.0531 3980	Fs_Rec          (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
18:45:36.0547 3980	Fs_Rec - ok
18:45:36.0594 3980	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
18:45:36.0594 3980	gagp30kx - ok
18:45:36.0672 3980	ghaio           (fbb754b5d0bb19e139214cba2542a883) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
18:45:36.0672 3980	ghaio - ok
18:45:36.0735 3980	gpsvc           (bcf6589c42d8f6a20f33ef133ffe0524) C:\Windows\System32\gpsvc.dll
18:45:36.0735 3980	gpsvc - ok
18:45:36.0813 3980	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:45:36.0813 3980	HdAudAddService - ok
18:45:36.0844 3980	HDAudBus        (5fd053f305b77ebe97f284b20d89dc1c) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:45:36.0844 3980	HDAudBus - ok
18:45:36.0875 3980	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:45:36.0875 3980	HidBth - ok
18:45:36.0891 3980	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:45:36.0891 3980	HidIr - ok
18:45:36.0922 3980	hidserv         (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
18:45:36.0922 3980	hidserv - ok
18:45:36.0953 3980	HidUsb          (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
18:45:36.0953 3980	HidUsb - ok
18:45:36.0985 3980	hkmsvc          (d40aa05e29bf6ed29b139f044b461e9b) C:\Windows\system32\kmsvc.dll
18:45:36.0985 3980	hkmsvc - ok
18:45:37.0031 3980	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
18:45:37.0047 3980	HpCISSs - ok
18:45:37.0110 3980	HTTP            (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
18:45:37.0110 3980	HTTP - ok
18:45:37.0141 3980	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
18:45:37.0156 3980	i2omp - ok
18:45:37.0203 3980	i8042prt        (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
18:45:37.0203 3980	i8042prt - ok
18:45:37.0235 3980	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
18:45:37.0250 3980	iaStorV - ok
18:45:37.0375 3980	idsvc           (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:45:37.0391 3980	idsvc - ok
18:45:37.0422 3980	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:45:37.0422 3980	iirsp - ok
18:45:37.0469 3980	IKEEXT          (35662fe4d8622f667aa5a5568f7f1b40) C:\Windows\System32\ikeext.dll
18:45:37.0485 3980	IKEEXT - ok
18:45:37.0641 3980	IntcAzAudAddService (aef2fa29204056b81bc4cbf30260dee1) C:\Windows\system32\drivers\RTKVHDA.sys
18:45:37.0688 3980	IntcAzAudAddService - ok
18:45:37.0828 3980	intelide        (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
18:45:37.0828 3980	intelide - ok
18:45:37.0860 3980	intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
18:45:37.0860 3980	intelppm - ok
18:45:37.0906 3980	IPBusEnum       (88cf5281ed9880d74dc9011cf8b5262d) C:\Windows\system32\ipbusenum.dll
18:45:37.0906 3980	IPBusEnum - ok
18:45:37.0953 3980	IpFilterDriver  (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:45:37.0953 3980	IpFilterDriver - ok
18:45:37.0985 3980	iphlpsvc        (ecc9ad72cfc4ab41cf6a9bcc11f9fef6) C:\Windows\System32\iphlpsvc.dll
18:45:37.0985 3980	iphlpsvc - ok
18:45:38.0000 3980	IpInIp - ok
18:45:38.0031 3980	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
18:45:38.0031 3980	IPMIDRV - ok
18:45:38.0047 3980	IPNAT           (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
18:45:38.0047 3980	IPNAT - ok
18:45:38.0078 3980	IRENUM          (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
18:45:38.0078 3980	IRENUM - ok
18:45:38.0110 3980	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
18:45:38.0110 3980	isapnp - ok
18:45:38.0141 3980	iScsiPrt        (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
18:45:38.0141 3980	iScsiPrt - ok
18:45:38.0172 3980	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:45:38.0172 3980	iteatapi - ok
18:45:38.0219 3980	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:45:38.0219 3980	iteraid - ok
18:45:38.0266 3980	kbdclass        (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
18:45:38.0266 3980	kbdclass - ok
18:45:38.0281 3980	kbdhid          (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
18:45:38.0281 3980	kbdhid - ok
18:45:38.0313 3980	kbfiltr         (cc2a86d7bbf14977340dca61bbcba771) C:\Windows\system32\DRIVERS\kbfiltr.sys
18:45:38.0313 3980	kbfiltr - ok
18:45:38.0360 3980	KeyIso          (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
18:45:38.0360 3980	KeyIso - ok
18:45:38.0406 3980	KSecDD          (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
18:45:38.0422 3980	KSecDD - ok
18:45:38.0485 3980	KtmRm           (45c537fe5dde9a0146aeff76e615737d) C:\Windows\system32\msdtckrm.dll
18:45:38.0500 3980	KtmRm - ok
18:45:38.0531 3980	LanmanServer    (53d1482fc1aa36ac015a85e6cf2146bd) C:\Windows\system32\srvsvc.dll
18:45:38.0563 3980	LanmanServer - ok
18:45:38.0656 3980	LanmanWorkstation (435f0f6dc87a4b5da78f1fa309884189) C:\Windows\System32\wkssvc.dll
18:45:38.0672 3980	LanmanWorkstation - ok
18:45:38.0703 3980	lltdio          (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
18:45:38.0703 3980	lltdio - ok
18:45:38.0735 3980	lltdsvc         (7450dbcf754391dd6363fffd5ef0e789) C:\Windows\System32\lltdsvc.dll
18:45:38.0750 3980	lltdsvc - ok
18:45:38.0766 3980	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
18:45:38.0766 3980	lmhosts - ok
18:45:38.0797 3980	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
18:45:38.0797 3980	LSI_FC - ok
18:45:38.0828 3980	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
18:45:38.0828 3980	LSI_SAS - ok
18:45:38.0860 3980	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
18:45:38.0860 3980	LSI_SCSI - ok
18:45:38.0891 3980	luafv           (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
18:45:38.0906 3980	luafv - ok
18:45:38.0938 3980	lxcz_device - ok
18:45:38.0969 3980	Mcx2Svc         (e93c1ad58e88a0846eaee10671c2a8f3) C:\Windows\system32\Mcx2Svc.dll
18:45:38.0969 3980	Mcx2Svc - ok
18:45:39.0016 3980	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
18:45:39.0016 3980	megasas - ok
18:45:39.0063 3980	MMCSS           (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
18:45:39.0063 3980	MMCSS - ok
18:45:39.0078 3980	Modem           (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
18:45:39.0078 3980	Modem - ok
18:45:39.0125 3980	MODEMCSA        (7e222a1baaa42c8559db2ce8a12ad828) C:\Windows\system32\drivers\MODEMCSA.sys
18:45:39.0125 3980	MODEMCSA - ok
18:45:39.0172 3980	monitor         (ec839ba91e45cce6eadafc418fff8206) C:\Windows\system32\DRIVERS\monitor.sys
18:45:39.0172 3980	monitor - ok
18:45:39.0203 3980	mouclass        (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
18:45:39.0219 3980	mouclass - ok
18:45:39.0250 3980	mouhid          (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
18:45:39.0250 3980	mouhid - ok
18:45:39.0281 3980	MountMgr        (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
18:45:39.0281 3980	MountMgr - ok
18:45:39.0360 3980	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:45:39.0360 3980	MozillaMaintenance - ok
18:45:39.0391 3980	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
18:45:39.0391 3980	mpio - ok
18:45:39.0422 3980	mpsdrv          (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
18:45:39.0422 3980	mpsdrv - ok
18:45:39.0469 3980	MpsSvc          (563ed845885c6a7c09a7715d8bd0585c) C:\Windows\system32\mpssvc.dll
18:45:39.0485 3980	MpsSvc - ok
18:45:39.0531 3980	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:45:39.0531 3980	Mraid35x - ok
18:45:39.0578 3980	MRxDAV          (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
18:45:39.0578 3980	MRxDAV - ok
18:45:39.0610 3980	mrxsmb          (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:45:39.0625 3980	mrxsmb - ok
18:45:39.0641 3980	mrxsmb10        (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:45:39.0656 3980	mrxsmb10 - ok
18:45:39.0656 3980	mrxsmb20        (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:45:39.0656 3980	mrxsmb20 - ok
18:45:39.0703 3980	msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
18:45:39.0703 3980	msahci - ok
18:45:39.0735 3980	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
18:45:39.0735 3980	msdsm - ok
18:45:39.0781 3980	MSDTC           (bc64a92d821efea8bab8e8caf1b668bc) C:\Windows\System32\msdtc.exe
18:45:39.0781 3980	MSDTC - ok
18:45:39.0813 3980	Msfs            (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
18:45:39.0813 3980	Msfs - ok
18:45:39.0860 3980	msisadrv        (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
18:45:39.0860 3980	msisadrv - ok
18:45:39.0922 3980	MSiSCSI         (8acf956d9154e893e789881430c12632) C:\Windows\system32\iscsiexe.dll
18:45:39.0922 3980	MSiSCSI - ok
18:45:39.0938 3980	msiserver - ok
18:45:39.0953 3980	MSKSSRV         (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
18:45:39.0969 3980	MSKSSRV - ok
18:45:40.0016 3980	MSPCLOCK        (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
18:45:40.0016 3980	MSPCLOCK - ok
18:45:40.0031 3980	MSPQM           (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
18:45:40.0031 3980	MSPQM - ok
18:45:40.0078 3980	MsRPC           (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
18:45:40.0078 3980	MsRPC - ok
18:45:40.0094 3980	mssmbios        (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
18:45:40.0094 3980	mssmbios - ok
18:45:40.0125 3980	MSTEE           (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
18:45:40.0125 3980	MSTEE - ok
18:45:40.0156 3980	MTsensor        (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
18:45:40.0156 3980	MTsensor - ok
18:45:40.0188 3980	Mup             (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
18:45:40.0188 3980	Mup - ok
18:45:40.0235 3980	napagent        (1cdbb5d002fe2bc5300aa20550d8a52e) C:\Windows\system32\qagentRT.dll
18:45:40.0235 3980	napagent - ok
18:45:40.0266 3980	NativeWifiP     (497de786240303ee67ab01f5690c24c2) C:\Windows\system32\DRIVERS\nwifi.sys
18:45:40.0281 3980	NativeWifiP - ok
18:45:40.0422 3980	NBService       (6d8fcdd5bb3b676ef58fa234073492c6) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
18:45:40.0438 3980	NBService - ok
18:45:40.0500 3980	NDIS            (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
18:45:40.0516 3980	NDIS - ok
18:45:40.0531 3980	NdisTapi        (7584f1794b23b83d63cc124a8c56d103) C:\Windows\system32\DRIVERS\ndistapi.sys
18:45:40.0531 3980	NdisTapi - ok
18:45:40.0563 3980	Ndisuio         (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
18:45:40.0563 3980	Ndisuio - ok
18:45:40.0578 3980	NdisWan         (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
18:45:40.0594 3980	NdisWan - ok
18:45:40.0594 3980	NDProxy         (874c12e3ad1431cabc854697d302c563) C:\Windows\system32\drivers\NDProxy.sys
18:45:40.0594 3980	NDProxy - ok
18:45:40.0625 3980	NetBIOS         (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
18:45:40.0641 3980	NetBIOS - ok
18:45:40.0656 3980	netbt           (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
18:45:40.0656 3980	netbt - ok
18:45:40.0703 3980	Netlogon        (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
18:45:40.0703 3980	Netlogon - ok
18:45:40.0750 3980	Netman          (90a4dae28b94497f83bea0f2a3b77092) C:\Windows\System32\netman.dll
18:45:40.0766 3980	Netman - ok
18:45:40.0781 3980	netprofm        (7c5c3d9ceee838856b828ab6f98a2857) C:\Windows\System32\netprofm.dll
18:45:40.0797 3980	netprofm - ok
18:45:40.0891 3980	NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:45:40.0891 3980	NetTcpPortSharing - ok
18:45:41.0031 3980	NETw3v32        (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
18:45:41.0078 3980	NETw3v32 - ok
18:45:41.0219 3980	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:45:41.0219 3980	nfrd960 - ok
18:45:41.0266 3980	NlaSvc          (c424117a562f2de37a42266894c79aeb) C:\Windows\System32\nlasvc.dll
18:45:41.0281 3980	NlaSvc - ok
18:45:41.0375 3980	NMIndexingService (060daf68493ad7adf104413e5a62afa8) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
18:45:41.0375 3980	NMIndexingService - ok
18:45:41.0406 3980	Npfs            (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
18:45:41.0406 3980	Npfs - ok
18:45:41.0438 3980	nsi             (23b8201a363de0e649fc75ee9874dee2) C:\Windows\system32\nsisvc.dll
18:45:41.0438 3980	nsi - ok
18:45:41.0469 3980	nsiproxy        (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
18:45:41.0485 3980	nsiproxy - ok
18:45:41.0578 3980	Ntfs            (3f379380a4a2637f559444e338cf1b51) C:\Windows\system32\drivers\Ntfs.sys
18:45:41.0610 3980	Ntfs - ok
18:45:41.0625 3980	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:45:41.0625 3980	ntrigdigi - ok
18:45:41.0641 3980	Null            (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
18:45:41.0641 3980	Null - ok
18:45:41.0938 3980	nvlddmkm        (cfddedc1151839dd71f78472645214a5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:45:42.0031 3980	nvlddmkm - ok
18:45:42.0172 3980	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
18:45:42.0172 3980	nvraid - ok
18:45:42.0188 3980	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
18:45:42.0203 3980	nvstor - ok
18:45:42.0235 3980	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
18:45:42.0235 3980	nv_agp - ok
18:45:42.0250 3980	NwlnkFlt - ok
18:45:42.0266 3980	NwlnkFwd - ok
18:45:42.0328 3980	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
18:45:42.0328 3980	ohci1394 - ok
18:45:42.0406 3980	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:45:42.0406 3980	ose - ok
18:45:42.0485 3980	p2pimsvc        (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
18:45:42.0500 3980	p2pimsvc - ok
18:45:42.0516 3980	p2psvc          (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
18:45:42.0531 3980	p2psvc - ok
18:45:42.0578 3980	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:45:42.0578 3980	Parport - ok
18:45:42.0610 3980	partmgr         (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
18:45:42.0610 3980	partmgr - ok
18:45:42.0641 3980	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:45:42.0641 3980	Parvdm - ok
18:45:42.0672 3980	PcaSvc          (d8c5c215c932233a4f1d7f368f4e4e65) C:\Windows\System32\pcasvc.dll
18:45:42.0672 3980	PcaSvc - ok
18:45:42.0719 3980	pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
18:45:42.0735 3980	pccsmcfd - ok
18:45:42.0766 3980	pci             (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
18:45:42.0766 3980	pci - ok
18:45:42.0797 3980	pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
18:45:42.0797 3980	pciide - ok
18:45:42.0844 3980	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:45:42.0844 3980	pcmcia - ok
18:45:42.0938 3980	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:45:42.0969 3980	PEAUTH - ok
18:45:43.0094 3980	pla             (cd05a38d166beade18030bafc0c0a939) C:\Windows\system32\pla.dll
18:45:43.0141 3980	pla - ok
18:45:43.0172 3980	PlugPlay        (747bb4c31f3b6e8d1b5ed0ad61518cb5) C:\Windows\system32\umpnpmgr.dll
18:45:43.0188 3980	PlugPlay - ok
18:45:43.0235 3980	PNRPAutoReg     (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
18:45:43.0250 3980	PNRPAutoReg - ok
18:45:43.0266 3980	PNRPsvc         (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
18:45:43.0281 3980	PNRPsvc - ok
18:45:43.0313 3980	PolicyAgent     (5ebdec613bd377ce9a85382be5c6b83b) C:\Windows\System32\ipsecsvc.dll
18:45:43.0328 3980	PolicyAgent - ok
18:45:43.0391 3980	PptpMiniport    (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
18:45:43.0391 3980	PptpMiniport - ok
18:45:43.0406 3980	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
18:45:43.0406 3980	Processor - ok
18:45:43.0453 3980	ProfSvc         (213112e152e68f0e4705e36f052a2880) C:\Windows\system32\profsvc.dll
18:45:43.0453 3980	ProfSvc - ok
18:45:43.0485 3980	ProtectedStorage (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
18:45:43.0485 3980	ProtectedStorage - ok
18:45:43.0516 3980	PSched          (b74edf14453c9987e99e66535047ebee) C:\Windows\system32\DRIVERS\pacer.sys
18:45:43.0516 3980	PSched - ok
18:45:43.0656 3980	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
18:45:43.0688 3980	ql2300 - ok
18:45:43.0719 3980	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:45:43.0719 3980	ql40xx - ok
18:45:43.0766 3980	QWAVE           (ca61bdfd3713a7ce75f2812afc431594) C:\Windows\system32\qwave.dll
18:45:43.0781 3980	QWAVE - ok
18:45:43.0813 3980	QWAVEdrv        (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
18:45:43.0813 3980	QWAVEdrv - ok
18:45:43.0828 3980	RasAcd          (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
18:45:43.0828 3980	RasAcd - ok
18:45:43.0860 3980	RasAuto         (f14f4aab9f54d099fe99192bdb100ac9) C:\Windows\System32\rasauto.dll
18:45:43.0860 3980	RasAuto - ok
18:45:43.0891 3980	Rasl2tp         (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:45:43.0891 3980	Rasl2tp - ok
18:45:43.0922 3980	RasMan          (11d65e29bc9d1e4114d18fe68194394c) C:\Windows\System32\rasmans.dll
18:45:43.0938 3980	RasMan - ok
18:45:43.0938 3980	RasPppoe        (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
18:45:43.0953 3980	RasPppoe - ok
18:45:43.0969 3980	rdbss           (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
18:45:43.0985 3980	rdbss - ok
18:45:44.0016 3980	RDPCDD          (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:45:44.0016 3980	RDPCDD - ok
18:45:44.0047 3980	rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
18:45:44.0047 3980	rdpdr - ok
18:45:44.0063 3980	RDPENCDD        (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
18:45:44.0063 3980	RDPENCDD - ok
18:45:44.0094 3980	RDPWD           (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
18:45:44.0094 3980	RDPWD - ok
18:45:44.0172 3980	RemoteAccess    (6c1a43c589ee8011a1ebfd51c01b77ce) C:\Windows\System32\mprdim.dll
18:45:44.0188 3980	RemoteAccess - ok
18:45:44.0219 3980	RemoteRegistry  (9a043808667c8c1893da7275af373f0e) C:\Windows\system32\regsvc.dll
18:45:44.0219 3980	RemoteRegistry - ok
18:45:44.0266 3980	RFCOMM          (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
18:45:44.0266 3980	RFCOMM - ok
18:45:44.0281 3980	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
18:45:44.0297 3980	RpcLocator - ok
18:45:44.0360 3980	RpcSs           (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll
18:45:44.0375 3980	RpcSs - ok
18:45:44.0391 3980	rspndr          (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
18:45:44.0391 3980	rspndr - ok
18:45:44.0438 3980	RTL8023xp       (8de22fb05e4a0f797b1e442eb4b3b51c) C:\Windows\system32\DRIVERS\Rtnicxp.sys
18:45:44.0438 3980	RTL8023xp - ok
18:45:44.0469 3980	RTL8169         (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
18:45:44.0469 3980	RTL8169 - ok
18:45:44.0500 3980	RTSTOR          (43bfcad27999b694652512521851888b) C:\Windows\system32\drivers\RTSTOR.SYS
18:45:44.0516 3980	RTSTOR - ok
18:45:44.0547 3980	SamSs           (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
18:45:44.0547 3980	SamSs - ok
18:45:44.0578 3980	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:45:44.0578 3980	sbp2port - ok
18:45:44.0641 3980	SCardSvr        (565b4b9e5ad2f2f18a4f8aafa6c06bbb) C:\Windows\System32\SCardSvr.dll
18:45:44.0641 3980	SCardSvr - ok
18:45:44.0703 3980	Schedule        (886cec884b5be29ab9828b8ab46b11f7) C:\Windows\system32\schedsvc.dll
18:45:44.0719 3980	Schedule - ok
18:45:44.0781 3980	SCPolicySvc     (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
18:45:44.0781 3980	SCPolicySvc - ok
18:45:44.0813 3980	sdbus           (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
18:45:44.0813 3980	sdbus - ok
18:45:44.0860 3980	SDRSVC          (f7b6bf02240d0a764adf8c8966735552) C:\Windows\System32\SDRSVC.dll
18:45:44.0875 3980	SDRSVC - ok
18:45:44.0906 3980	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:45:44.0906 3980	secdrv - ok
18:45:44.0922 3980	seclogon        (8388c4133ddbe62ad7bc3ec9f14271ed) C:\Windows\system32\seclogon.dll
18:45:44.0922 3980	seclogon - ok
18:45:44.0953 3980	SENS            (34350ae2c1d33d21c7305f861bd8dad8) C:\Windows\System32\sens.dll
18:45:44.0953 3980	SENS - ok
18:45:45.0000 3980	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:45:45.0016 3980	Serenum - ok
18:45:45.0047 3980	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:45:45.0047 3980	Serial - ok
18:45:45.0094 3980	sermouse        (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
18:45:45.0094 3980	sermouse - ok
18:45:45.0219 3980	ServiceLayer    (7d3903af48e6c1dc2704eafcb608d031) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
18:45:45.0235 3980	ServiceLayer - ok
18:45:45.0297 3980	SessionEnv      (78878235da4df0d116e86837a0a21df8) C:\Windows\system32\sessenv.dll
18:45:45.0297 3980	SessionEnv - ok
18:45:45.0344 3980	sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
18:45:45.0344 3980	sffdisk - ok
18:45:45.0360 3980	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
18:45:45.0360 3980	sffp_mmc - ok
18:45:45.0391 3980	sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
18:45:45.0391 3980	sffp_sd - ok
18:45:45.0406 3980	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
18:45:45.0422 3980	sfloppy - ok
18:45:45.0469 3980	SharedAccess    (11aac56c04d26195d21c4f5229db4726) C:\Windows\System32\ipnathlp.dll
18:45:45.0485 3980	SharedAccess - ok
18:45:45.0875 3980	ShellHWDetection (b264dfa21677728613267fe63802b332) C:\Windows\System32\shsvcs.dll
18:45:45.0891 3980	ShellHWDetection - ok
18:45:45.0922 3980	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
18:45:45.0922 3980	sisagp - ok
18:45:45.0969 3980	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
18:45:45.0969 3980	SiSRaid2 - ok
18:45:46.0016 3980	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
18:45:46.0016 3980	SiSRaid4 - ok
18:45:46.0344 3980	slsvc           (7610645679bb5994210d21a347e0c479) C:\Windows\system32\SLsvc.exe
18:45:46.0391 3980	slsvc - ok
18:45:46.0516 3980	SLUINotify      (49670f3e42a0178a0ab425ae15d88e7c) C:\Windows\system32\SLUINotify.dll
18:45:46.0516 3980	SLUINotify - ok
18:45:46.0578 3980	Smb             (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
18:45:46.0578 3980	Smb - ok
18:45:46.0656 3980	smserial        (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
18:45:46.0688 3980	smserial - ok
18:45:46.0735 3980	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
18:45:46.0735 3980	SNMPTRAP - ok
18:45:46.0766 3980	spldr           (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
18:45:46.0766 3980	spldr - ok
18:45:46.0891 3980	spmgr           (d1e30eea74ed4c65a72afde5b6fa36ee) C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
18:45:46.0891 3980	spmgr - ok
18:45:46.0922 3980	Spooler         (da612ef2556776df2630b68bf2d48935) C:\Windows\System32\spoolsv.exe
18:45:46.0938 3980	Spooler - ok
18:45:46.0985 3980	srv             (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
18:45:47.0000 3980	srv - ok
18:45:47.0031 3980	srv2            (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
18:45:47.0047 3980	srv2 - ok
18:45:47.0094 3980	srvnet          (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
18:45:47.0110 3980	srvnet - ok
18:45:47.0156 3980	SSDPSRV         (8d3e4baff8b3997138c38eb1b600519a) C:\Windows\System32\ssdpsrv.dll
18:45:47.0156 3980	SSDPSRV - ok
18:45:47.0203 3980	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:45:47.0203 3980	ssmdrv - ok
18:45:47.0281 3980	stisvc          (a941e099ef46e3cc12f898cbe1c39910) C:\Windows\System32\wiaservc.dll
18:45:47.0281 3980	stisvc - ok
18:45:47.0406 3980	StkCMini        (b14cbd454ea369692cee1810d0d27aa7) C:\Windows\system32\Drivers\StkCMini.sys
18:45:47.0438 3980	StkCMini - ok
18:45:47.0469 3980	StkSSrv         (7f0abdf07c58c57918de14085dd36342) C:\Windows\System32\StkCSrv.exe
18:45:47.0469 3980	StkSSrv - ok
18:45:47.0516 3980	swenum          (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
18:45:47.0516 3980	swenum - ok
18:45:47.0563 3980	swprv           (749ada8d6c18a08adfede69cbf5db2e0) C:\Windows\System32\swprv.dll
18:45:47.0578 3980	swprv - ok
18:45:47.0594 3980	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:45:47.0594 3980	Symc8xx - ok
18:45:47.0625 3980	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:45:47.0625 3980	Sym_hi - ok
18:45:47.0656 3980	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:45:47.0656 3980	Sym_u3 - ok
18:45:47.0703 3980	SynTP           (24b43e9a3e6cacf9afc69f48e9deb690) C:\Windows\system32\DRIVERS\SynTP.sys
18:45:47.0719 3980	SynTP - ok
18:45:47.0750 3980	SysMain         (c1fdff9afd8c6c905485981b41dcfb40) C:\Windows\system32\sysmain.dll
18:45:47.0766 3980	SysMain - ok
18:45:47.0797 3980	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
18:45:47.0813 3980	TabletInputService - ok
18:45:47.0828 3980	TapiSrv         (ef3dd33c740fc2f82e7e4622f1c49289) C:\Windows\System32\tapisrv.dll
18:45:47.0844 3980	TapiSrv - ok
18:45:47.0860 3980	TBS             (68fa52794ae9acc61bde16fe0956b414) C:\Windows\System32\tbssvc.dll
18:45:47.0860 3980	TBS - ok
18:45:47.0953 3980	Tcpip           (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
18:45:47.0969 3980	Tcpip - ok
18:45:48.0000 3980	Tcpip6          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
18:45:48.0016 3980	Tcpip6 - ok
18:45:48.0047 3980	tcpipreg        (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
18:45:48.0047 3980	tcpipreg - ok
18:45:48.0078 3980	TDPIPE          (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
18:45:48.0078 3980	TDPIPE - ok
18:45:48.0094 3980	TDTCP           (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
18:45:48.0094 3980	TDTCP - ok
18:45:48.0125 3980	tdx             (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
18:45:48.0125 3980	tdx - ok
18:45:48.0141 3980	TermDD          (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
18:45:48.0156 3980	TermDD - ok
18:45:48.0219 3980	TermService     (fad71c1e8e4047b154e899ae31eb8caa) C:\Windows\System32\termsrv.dll
18:45:48.0235 3980	TermService - ok
18:45:48.0281 3980	Themes          (b264dfa21677728613267fe63802b332) C:\Windows\system32\shsvcs.dll
18:45:48.0281 3980	Themes - ok
18:45:48.0328 3980	THREADORDER     (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
18:45:48.0328 3980	THREADORDER - ok
18:45:48.0344 3980	TPM             (6d9ad3534a9cf7e4b86c6eae8bc335f6) C:\Windows\system32\drivers\tpm.sys
18:45:48.0360 3980	TPM - ok
18:45:48.0422 3980	TrkWks          (6bba0582c0025d43729a1112d3b57897) C:\Windows\System32\trkwks.dll
18:45:48.0422 3980	TrkWks - ok
18:45:48.0485 3980	TrustedInstaller (34e388a395fedba1d0511ed39bbf4074) C:\Windows\servicing\TrustedInstaller.exe
18:45:48.0485 3980	TrustedInstaller - ok
18:45:48.0500 3980	tssecsrv        (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:45:48.0516 3980	tssecsrv - ok
18:45:48.0547 3980	TuneUp.Defrag   (77d14696d77d2a6f04a466ddd49026be) C:\Windows\System32\TuneUpDefragService.exe
18:45:48.0563 3980	TuneUp.Defrag - ok
18:45:48.0688 3980	tunmp           (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
18:45:48.0688 3980	tunmp - ok
18:45:48.0719 3980	tunnel          (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
18:45:48.0719 3980	tunnel - ok
18:45:48.0766 3980	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
18:45:48.0781 3980	uagp35 - ok
18:45:48.0813 3980	udfs            (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
18:45:48.0813 3980	udfs - ok
18:45:48.0860 3980	UI0Detect       (24a333f4f14dcfb6ff6d5a1b9e5d79dd) C:\Windows\system32\UI0Detect.exe
18:45:48.0860 3980	UI0Detect - ok
18:45:48.0891 3980	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
18:45:48.0906 3980	uliagpkx - ok
18:45:48.0922 3980	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
18:45:48.0938 3980	uliahci - ok
18:45:48.0953 3980	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:45:48.0969 3980	UlSata - ok
18:45:48.0985 3980	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:45:48.0985 3980	ulsata2 - ok
18:45:49.0016 3980	umbus           (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
18:45:49.0016 3980	umbus - ok
18:45:49.0047 3980	upnphost        (8eb871a3deb6b3d5a85eb6ddfc390b59) C:\Windows\System32\upnphost.dll
18:45:49.0063 3980	upnphost - ok
18:45:49.0141 3980	usbccgp         (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
18:45:49.0141 3980	usbccgp - ok
18:45:49.0172 3980	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:45:49.0172 3980	usbcir - ok
18:45:49.0203 3980	usbehci         (63fe924d8a1113c3ba6750693fbec7d3) C:\Windows\system32\DRIVERS\usbehci.sys
18:45:49.0203 3980	usbehci - ok
18:45:49.0235 3980	usbhub          (5edec5510592c905e91817707dce62a2) C:\Windows\system32\DRIVERS\usbhub.sys
18:45:49.0250 3980	usbhub - ok
18:45:49.0266 3980	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\DRIVERS\usbohci.sys
18:45:49.0266 3980	usbohci - ok
18:45:49.0266 3980	usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
18:45:49.0281 3980	usbprint - ok
18:45:49.0313 3980	usbscan         (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
18:45:49.0328 3980	usbscan - ok
18:45:49.0344 3980	USBSTOR         (fdbaabf07244c60b0f4e0a6e71a107c6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:45:49.0344 3980	USBSTOR - ok
18:45:49.0375 3980	usbuhci         (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
18:45:49.0375 3980	usbuhci - ok
18:45:49.0406 3980	UxSms           (f79d0d7c9004474cb42746d9b2c30a2b) C:\Windows\System32\uxsms.dll
18:45:49.0406 3980	UxSms - ok
18:45:49.0469 3980	vds             (c9d0bafee0d0a2681f048ca61bc0da96) C:\Windows\System32\vds.exe
18:45:49.0485 3980	vds - ok
18:45:49.0516 3980	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
18:45:49.0516 3980	vga - ok
18:45:49.0547 3980	VgaSave         (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
18:45:49.0547 3980	VgaSave - ok
18:45:49.0594 3980	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
18:45:49.0594 3980	viaagp - ok
18:45:49.0625 3980	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
18:45:49.0625 3980	ViaC7 - ok
18:45:49.0656 3980	viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
18:45:49.0656 3980	viaide - ok
18:45:49.0688 3980	volmgr          (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
18:45:49.0688 3980	volmgr - ok
18:45:49.0719 3980	volmgrx         (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
18:45:49.0735 3980	volmgrx - ok
18:45:49.0766 3980	volsnap         (11ef6c1caef76b685233450a126125d6) C:\Windows\system32\drivers\volsnap.sys
18:45:49.0781 3980	volsnap - ok
18:45:49.0797 3980	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
18:45:49.0797 3980	vsmraid - ok
18:45:49.0891 3980	VSS             (e0e29d9ef2524abd11749c7c2fd7f607) C:\Windows\system32\vssvc.exe
18:45:49.0906 3980	VSS - ok
18:45:49.0953 3980	W32Time         (62b0d0f6f5580d9d0dfa5e0b466ff2ed) C:\Windows\system32\w32time.dll
18:45:49.0969 3980	W32Time - ok
18:45:49.0985 3980	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:45:49.0985 3980	WacomPen - ok
18:45:50.0031 3980	Wanarp          (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
18:45:50.0031 3980	Wanarp - ok
18:45:50.0031 3980	Wanarpv6        (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
18:45:50.0031 3980	Wanarpv6 - ok
18:45:50.0078 3980	wcncsvc         (c1b19162e0509ceab4cdf664e139d956) C:\Windows\System32\wcncsvc.dll
18:45:50.0094 3980	wcncsvc - ok
18:45:50.0110 3980	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
18:45:50.0125 3980	WcsPlugInService - ok
18:45:50.0141 3980	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
18:45:50.0141 3980	Wd - ok
18:45:50.0219 3980	Wdf01000        (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
18:45:50.0235 3980	Wdf01000 - ok
18:45:50.0281 3980	WdiServiceHost  (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
18:45:50.0281 3980	WdiServiceHost - ok
18:45:50.0313 3980	WdiSystemHost   (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
18:45:50.0313 3980	WdiSystemHost - ok
18:45:50.0344 3980	WebClient       (01e41c264eedcb827820a1909162579f) C:\Windows\System32\webclnt.dll
18:45:50.0360 3980	WebClient - ok
18:45:50.0391 3980	Wecsvc          (9cf67ff7f8d34cbf115d0c278b9f74aa) C:\Windows\system32\wecsvc.dll
18:45:50.0391 3980	Wecsvc - ok
18:45:50.0406 3980	wercplsupport   (b68cab45db1dab59d92acadfad6364a8) C:\Windows\System32\wercplsupport.dll
18:45:50.0422 3980	wercplsupport - ok
18:45:50.0453 3980	WerSvc          (36ba0707680ef4236fd752bee982cc25) C:\Windows\System32\WerSvc.dll
18:45:50.0453 3980	WerSvc - ok
18:45:50.0547 3980	WinDefend       (ec0180032c6d201ef26fad1a0c14e674) C:\Program Files\Windows Defender\mpsvc.dll
18:45:50.0547 3980	WinDefend - ok
18:45:50.0563 3980	WinHttpAutoProxySvc - ok
18:45:50.0641 3980	Winmgmt         (38a7b89de4e3417c122317949667fdd8) C:\Windows\system32\wbem\WMIsvc.dll
18:45:50.0641 3980	Winmgmt - ok
18:45:50.0703 3980	WinRM           (3f6823040030c3e4da1cf11cd40b7534) C:\Windows\system32\WsmSvc.dll
18:45:50.0719 3980	WinRM - ok
18:45:50.0813 3980	Wlansvc         (7640acea41348bfef34b76e245501261) C:\Windows\System32\wlansvc.dll
18:45:50.0828 3980	Wlansvc - ok
18:45:50.0891 3980	WLSetupSvc      (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
18:45:50.0891 3980	WLSetupSvc - ok
18:45:50.0953 3980	WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
18:45:50.0953 3980	WmiAcpi - ok
18:45:51.0016 3980	wmiApSrv        (a279323bee5fffafda222910bce92132) C:\Windows\system32\wbem\WmiApSrv.exe
18:45:51.0016 3980	wmiApSrv - ok
18:45:51.0125 3980	WMPNetworkSvc   (acb2e63d50157e3ea7140f29d9e76a48) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:45:51.0141 3980	WMPNetworkSvc - ok
18:45:51.0172 3980	WPCSvc          (3d3b3b80c12abe506f56930c46422c28) C:\Windows\System32\wpcsvc.dll
18:45:51.0172 3980	WPCSvc - ok
18:45:51.0203 3980	WPDBusEnum      (c24844a1d0d9528b19d5bc266b8cd572) C:\Windows\system32\wpdbusenum.dll
18:45:51.0203 3980	WPDBusEnum - ok
18:45:51.0235 3980	ws2ifsl         (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
18:45:51.0235 3980	ws2ifsl - ok
18:45:51.0266 3980	wscsvc          (f97cbb919af6d0a6643d1a59c15014d1) C:\Windows\System32\wscsvc.dll
18:45:51.0281 3980	wscsvc - ok
18:45:51.0281 3980	WSearch - ok
18:45:51.0453 3980	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
18:45:51.0500 3980	wuauserv - ok
18:45:51.0672 3980	WUDFRd          (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:45:51.0672 3980	WUDFRd - ok
18:45:51.0719 3980	wudfsvc         (db5bf5aab72b1b99b5331231d09ebb26) C:\Windows\System32\WUDFSvc.dll
18:45:51.0719 3980	wudfsvc - ok
18:45:51.0766 3980	MBR (0x1B8)     (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0
18:45:52.0016 3980	\Device\Harddisk0\DR0 - ok
18:45:52.0031 3980	Boot (0x1200)   (5888d2f33f14558e28cbf7d862ff1b4b) \Device\Harddisk0\DR0\Partition0
18:45:52.0031 3980	\Device\Harddisk0\DR0\Partition0 - ok
18:45:52.0078 3980	Boot (0x1200)   (b70199c36d2afe97c3f5a8a20103ded0) \Device\Harddisk0\DR0\Partition1
18:45:52.0078 3980	\Device\Harddisk0\DR0\Partition1 - ok
18:45:52.0078 3980	============================================================
18:45:52.0078 3980	Scan finished
18:45:52.0078 3980	============================================================
18:45:52.0125 0604	Detected object count: 0
18:45:52.0125 0604	Actual detected object count: 0

cosinus · 08.06.2012, 17:58

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Ina Neu · 08.06.2012, 19:29

Combofix ausgeführt:

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-06-08.02 - Ingrid 08.06.2012  19:24:52.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.49.1031.18.2047.1202 [GMT 2:00]
ausgeführt von:: c:\users\Ingrid_2\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-08 bis 2012-06-08  ))))))))))))))))))))))))))))))
.
.
2012-06-08 18:19 . 2012-06-08 18:19	--------	d-----w-	c:\users\Ingrid\AppData\Local\temp
2012-06-08 14:53 . 2012-06-08 17:26	45056	----a-w-	c:\windows\system32\acovcnt.exe
2012-06-08 14:42 . 2012-06-08 14:42	--------	d-----w-	C:\_OTL
2012-06-05 15:00 . 2012-06-05 15:00	--------	d-----w-	c:\program files\7-Zip
2012-06-04 10:16 . 2012-06-04 10:16	--------	d-----w-	c:\users\Ingrid_2\AppData\Roaming\Malwarebytes
2012-06-03 16:14 . 2012-06-03 16:14	--------	d-----w-	c:\program files\ESET
2012-06-03 13:36 . 2012-06-03 13:36	--------	d-----w-	c:\users\Ingrid\AppData\Roaming\Malwarebytes
2012-06-03 13:35 . 2012-06-03 13:35	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-03 13:35 . 2012-06-03 13:44	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-06-03 13:35 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-29 14:45 . 2012-05-08 16:40	6737808	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6181CBE2-C62D-4A7B-87E2-310F8B7E4583}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-14 15:12 . 2011-10-11 14:43	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-14 15:12 . 2011-10-11 14:43	91968	----a-w-	c:\windows\system32\drivers\avfwim.sys
2012-05-14 15:12 . 2011-10-11 14:43	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-14 15:12 . 2011-10-11 14:43	112032	----a-w-	c:\windows\system32\drivers\avfwot.sys
2012-05-06 06:45 . 2012-04-01 19:45	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-06 06:45 . 2011-05-20 07:56	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-07 07:42 . 2010-04-15 15:46	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-03-14 16:23 . 2012-04-02 07:11	54784	----a-w-	c:\windows\system32\pdfcmon.dll
2012-04-21 01:18 . 2012-04-27 10:57	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2006-11-02 191488]
"IncrediMail Tray Application"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-10-27 353736]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-10-27 353736]
"Klebezettel NG"="c:\program files\Klebezettel NG\klebez.exe" [2012-04-06 4433408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2006-12-12 106496]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-10-27 353736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-14 348624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37	843712	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2008-02-20 02:39	37232	----a-w-	c:\windows\ASScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2008-02-20 02:39	33136	----a-w-	c:\windows\ASScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2006-11-02 16:27	61440	----a-w-	c:\program files\ASUS\ATK Media\DMedia.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2006-11-02 12:35	125440	----a-w-	c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxczbmgr.exe]
2007-04-19 13:45	74672	----a-w-	c:\program files\Lexmark 1200 Series\LXCZbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57	153136	----a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-02-23 09:56	1232896	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 12:36	201728	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PowerForPhone"=c:\program files\PowerForPhone\PowerForPhone.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 54817054
*Deregistered* - 54817054
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 06:45]
.
2012-06-07 c:\windows\Tasks\User_Feed_Synchronization-{ECD24ADB-9D77-428F-9399-7DBC00BB9DED}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Ingrid\AppData\Roaming\Mozilla\Firefox\Profiles\00airb4s.default\
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-08 20:19
Windows 6.0.6000  NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,21,e3,2d,1e,96,39,8b,44,94,da,c2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,21,e3,2d,1e,96,39,8b,44,94,da,c2,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2012-06-08  20:24:05
ComboFix-quarantined-files.txt  2012-06-08 18:24
.
Vor Suchlauf: 7 Verzeichnis(se), 37.652.025.344 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 38.396.186.624 Bytes frei
.
- - End Of File - - 11BB24FFA1E7633602273D1679DBC382

--- --- ---

04.06.2012, 16:00	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Umleitung auf rocketnews und Deaktivierung Windows Sicherheitsdienst Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ --> Umleitung auf rocketnews und Deaktivierung Windows Sicherheitsdienst

Umleitung auf rocketnews und Deaktivierung Windows Sicherheitsdienst

Plagegeister aller Art und deren Bekämpfung: Umleitung auf rocketnews und Deaktivierung Windows Sicherheitsdienst