Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 05.06.2012, 08:19   #16
Psychotic
/// Malwareteam
 
Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012) - Standard

Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012)



FRST


Downloade dir bitte Farbar's Recovery Scan Tool und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".


Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 05.06.2012, 14:49   #17
Wittenberg
 
Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012) - Standard

Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012)



von einem anderen PC geschrieben:
Hallo!
Habe mir FRST.exe auf USB-Stick geladen, dann den Rechner runtergefahren u. anschließend neu gestartet (Stick steckt), nach mehrmaligem Drücken der F8-Taste "Computer reparieren" gewählt. Jetzt kommt ein Fenster "Systemwiederherstellungsoptionen"; unter Benutzername ist "Administrator" vorgegeben (außerdem wählbar "gast" u. "***" = mein Name).
a) Soll ich Administrator lassen oder eines der beiden anderen wählen?
b) Was schreibe ich in die Zeile darunter (Kennwort) - mein Windows-Kennwort?
__________________


Alt 05.06.2012, 15:17   #18
Psychotic
/// Malwareteam
 
Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012) - Standard

Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012)



Dein Windowskonto + das dazugehörige Kennwort!
__________________
__________________

Alt 05.06.2012, 16:31   #19
Wittenberg
 
Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012) - Standard

Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012)



Hallo, anbei nun die gewünschte Datei:

Anhang 35734

Alt 06.06.2012, 06:22   #20
Psychotic
/// Malwareteam
 
Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012) - Standard

Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012)



Starte Windows, drücke die Windows- und die R-Taste gleichzeitig, schreibe folgendes in die Textbox:

Code:
ATTFilter
combofix /nombr
         
und klicke OK.

Combofix wird starten und ein log erstellen, poste es mir bitte!

__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 06.06.2012, 11:51   #21
Wittenberg
 
Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012) - Standard

Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012)



Hallo,
Combofix ist zwar durchgelaufen, hat aber keinen log erstellt.

Alt 06.06.2012, 11:52   #22
Psychotic
/// Malwareteam
 
Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012) - Standard

Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012)



Starte den Rechner im abgesicherten Modus mit Netzwerktreibern und führe Combofix von dort aus!


Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 06.06.2012, 12:49   #23
Wittenberg
 
Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012) - Standard

Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012)



von einem anderen Rechner geschrieben:

Auch im abgesicherten Modus mit Netzwerkbetreibern keine Änderung: Combifix läuft durch, erstellt aber keinenl log.
Beim Neustart danach kamen zwei Fenster:
1.) Can´t initialize mapi.log!
C:\Windiws\system32\config\systemprofile\AppData\Local\Temp\Mapi.log contains an invalid path.
2.) C:\Windows\system32\config\systemprofile\Desktop bezieht sich auf einen Pfad, der nicht verfügbar ist. Stellen Sie sicher, dass der Datenträger richtig eingelegt ist, bzw. dass eine Verbindung zum Internet oder dem eigenen Netzwerk besteht und wiederholen Sie den Vorgang. Es kann sein, dass die Informationen in einen anderen Pfad verschoben wurden, wenn der Pfad weiterhin nicht ermittelt werden kann.
Nachdem ich beide Meldungen mit dem Kreuz (oben rechts) weggegklickt habe, kam ein "verstümmeltes" Desktop mit nur einigen wenigen Symbolen; u.a. die neu angelegten Dateien (Combofix, OTL u.a. waren vom Dektop verschwunden.
Nach nochmaligem Neustart ("neu starten") kam nur noch die 2. Meldung. Jetzt stehen auf dem Desktop nur noch die Begriffe "Computer", "Internet Explorer", "Systemsteuerung" (diese 2x) und Papierkorb, aber keine Symbole mehr. Klickt man die Begriffe an, werden sie blau unterlegt, aber es tut sich nichts. Der restliche Bildschirm ist schwarz bis auf die Taskleiste mit "Start", Symbole für "Desktop anzeigen", "zwischen Fenstern umschalten" und "IE" (links) und "DE" und die Symbole für "Neue Updates sind verfügbar" und "Intel(R) Graphics Media Accelerator Driver for Mobile" sowie die Uhrzeit. Beim Klicken auf die Symbole passiert ebenfalls nichts.
Auch ein Herunterfahren über den Button Start ist nicht mehr möglich.

Alt 06.06.2012, 12:57   #24
Psychotic
/// Malwareteam
 
Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012) - Standard

Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012)



Du müsstest die Dateien unter C:\qoobox finden!
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 06.06.2012, 13:31   #25
Wittenberg
 
Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012) - Standard

Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012)



Ich habe den Dateiordner Qoobox gefunden; er enthält einen Unterordner "Quarantine" u. dieser wiederum einen Unterordner "Regsistry_backups", der jedoch leer ist.

Hallo!
Habe es jetzt aufgegeben u. entnervt erst mal die Recovery-CD eingeworfen.
Ich nehme jedoch an, dass dies nicht reichen wird, um die "bösen Geister" endgültig von meinem Rechner zu vertreiben. Dann ginge wohl nur noch eine Formatierung (?) - aber ich weiß a) nicht, wie das geht und b) nicht, ob die Recovery-CD dann reicht, um Vista wieder draufzuspielen.
Ich danke Dir tortz alledem für Deine Hilfe.

Alt 07.06.2012, 21:19   #26
Wittenberg
 
Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012) - Standard

Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012)



Hallo!
Habe Vista inzwischen mit der Recovery-CD neu aufgespielt; dazu die von Euch empfohlene Software (AVG, Malwarebytes, Spyware Blaster, Firefox einschl. AdblockPlus).
Bisher ist (fast) alles friedlich - aber ich fürchte, das ist nur die Ruhe vor dem Sturm.
Quick-Scan mit Malewarebytes hat keine Funde gemeldet, aber AVG meldet:
Objektname: <unknown>
Erkennungsname: Dienstfunktion NtMapViewOfSection-Hook -> 0x870D5AE8
Objekttyp: Datei
SDK-Typ: Rootkit
Ergebnis: versteckt
Aktionsverlauf
AVG hat das Element "nicht entfernt oder geheilt"
Will man es manuell entfernen, kommt der Hinweis: "Objekt wird durch eine Rootkt-Technik verborgen (wird normalerweise bei schädlicher Software verwendet). Möchten Sie das Objekt wirklich entfernen?"
Bestätigt man mit Ja, lässt es sich enternen, ist aber beim nächsten AVG- Scan wieder da.
Was kann ich tun?

Alt 11.06.2012, 07:11   #27
Psychotic
/// Malwareteam
 
Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012) - Standard

Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012)



OK - dann nochmal von vorne!


Schritt 1: defogger


Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
  • Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Sollte Defogger eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.



Schritt 2: OTL


Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.



Schritt 3: Gmer


Bitte
  • alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
  • keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
  • nichts am Rechner arbeiten,
  • nach jedem Scan der Rechner neu gestarten.
Gmer scannen lassen
  • Lade Dir Gmer von dieser Seite herunter (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen). Vista und Win7 User mit Rechtsklick und als Administrator starten.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    WARNING !!! GMER has found system modification, which might have been caused by ROOTKIT activity. Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Hacken bei:
    • IAT/EAT
    • Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
    • Show all (sollte abgehackt sein)
  • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!



Schritt 4: adwCleaner



Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.


Poste mir außerdem die Logdateien von avg!
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 11.06.2012, 08:49   #28
Wittenberg
 
Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012) - Standard

Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012)



Hallo,
habe defogger bereits gestern abend nochmal laufen lassen und die OTL-Dateien u. Gmer.txt erstellt, außerdem befindet sich in der Anlage die adw-Logdatei.
Wo finde ich die Logdateien von AVG (lass es gerade nochmal neu laufen?

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.06.2012 21:39:41 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,66 Gb Available Physical Memory | 33,03% Memory free
4,21 Gb Paging File | 2,79 Gb Available in Paging File | 66,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,22 Gb Total Space | 35,33 Gb Free Space | 47,60% Space Free | Partition Type: NTFS
Drive E: | 73,36 Gb Total Space | 73,26 Gb Free Space | 99,86% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.10 21:32:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.06.09 00:37:12 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2012.06.07 09:42:39 | 001,251,720 | ---- | M] () -- C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2012.06.06 23:05:25 | 000,935,480 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2012.06.06 23:05:23 | 001,104,440 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
PRC - [2012.05.08 15:15:02 | 000,185,856 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgidsagent.exe
PRC - [2012.04.05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgtray.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe
PRC - [2012.02.14 04:52:56 | 000,493,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgcfgex.exe
PRC - [2008.09.18 22:14:32 | 000,253,952 | ---- | M] (PIXELA CORPORATION) -- C:\Programme\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe
PRC - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007.08.13 12:14:32 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Mail\WinMail.exe
PRC - [2007.07.26 16:20:02 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007.07.20 20:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2007.07.06 11:06:52 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.06.27 12:28:40 | 000,436,088 | ---- | M] () -- C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2007.06.19 15:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2007.06.18 10:51:10 | 001,507,328 | ---- | M] (Interactive Digital Media) -- C:\Programme\IDM\Desktop SMS\DesktopSMS.exe
PRC - [2007.05.04 13:05:08 | 000,571,024 | ---- | M] (Toshiba) -- C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe
PRC - [2007.04.24 16:00:10 | 000,225,280 | ---- | M] (ATK0100) -- C:\Programme\ATK Hotkey\HControl.exe
PRC - [2007.03.22 17:09:28 | 002,420,736 | ---- | M] () -- C:\Programme\ATK Hotkey\ATKOSD.exe
PRC - [2007.03.01 08:01:00 | 000,180,736 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
PRC - [2007.02.05 18:13:14 | 000,094,208 | ---- | M] () -- C:\Programme\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007.01.05 02:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006.11.02 11:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.09 18:21:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e6001d416f7c468334934a2c6a41c631\System.Configuration.ni.dll
MOD - [2012.06.09 16:41:08 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7208ffa39630e9b923331f9df0947a12\System.Xml.ni.dll
MOD - [2012.06.09 16:40:37 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll
MOD - [2012.06.09 16:40:24 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll
MOD - [2012.06.09 16:38:44 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll
MOD - [2012.06.09 16:38:28 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll
MOD - [2012.06.08 23:30:03 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012.06.08 23:26:55 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2012.06.06 23:05:25 | 000,132,664 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll
MOD - [2012.06.06 23:05:23 | 001,104,440 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008.09.18 22:14:34 | 000,364,544 | ---- | M] () -- C:\Programme\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\pxl_m17n_tool.dll
MOD - [2007.06.27 12:28:40 | 000,436,088 | ---- | M] () -- C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
MOD - [2007.05.31 10:01:22 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007.01.18 09:30:00 | 000,094,208 | ---- | M] () -- C:\Programme\IDM\Desktop SMS\oehook.dll
MOD - [2007.01.17 18:08:34 | 000,009,336 | ---- | M] () -- C:\Programme\Norton Internet Security\Norton AntiVirus\NAVShExt.loc
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\IYIRAH.exe -- (IYIRAH)
SRV - [2012.06.07 09:42:39 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2012.06.06 23:05:25 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012.06.01 17:37:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 15:15:02 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Programme\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2007.08.13 12:25:54 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.07.26 16:20:02 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007.02.05 18:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Programme\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2007.01.14 01:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007.01.12 21:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007.01.09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007.01.09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007.01.09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007.01.09 23:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007.01.05 02:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006.11.02 14:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\391A.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.06.07 10:25:03 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012.05.16 18:07:18 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120609.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.05.16 18:07:18 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120609.016\NAVENG.SYS -- (NAVENG)
DRV - [2012.05.16 06:15:56 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.05.16 06:15:51 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys -- (EraserUtilDrv11210)
DRV - [2012.05.10 02:51:50 | 000,287,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20120606.001\IDSvix86.sys -- (IDSvix86)
DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.03.19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.02.22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011.12.23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2009.08.03 19:07:12 | 000,038,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV)
DRV - [2009.08.03 19:07:10 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2009.08.03 19:07:10 | 000,145,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW)
DRV - [2009.08.03 19:07:10 | 000,039,856 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symids.sys -- (SYMIDS)
DRV - [2009.08.03 19:07:10 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2009.08.03 19:07:10 | 000,012,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS)
DRV - [2007.11.30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007.11.30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007.11.30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007.07.30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.26 16:18:04 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007.07.13 16:18:20 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007.06.18 18:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.02.24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.01.18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2007.01.18 16:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2007.01.03 09:05:02 | 000,417,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006.12.14 15:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.10.18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={67BCAA11-D69B-4095-AAA7-D9730D1F585D}&mid=ba1aac90e62d47d0a112d153d419d095-f7812c5c2bd4458c81277ccfd80bb88d6b2aa4f8&lang=de&ds=AVG&pr=fr&d=2012-06-06 23:05:26&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6R8vgwQyqI&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bde4fb2d9-7f50-4e5f-8578-a6d8a00bce51%7D&mid=ba1aac90e62d47d0a112d153d419d095-f7812c5c2bd4458c81277ccfd80bb88d6b2aa4f8&ds=AVG&v=11.1.0.7&lang=de&pr=fr&d=2012-06-06%2023%3A05%3A26&sap=ku&q="
 
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.06.06 23:05:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.06.06 23:03:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012.06.06 23:05:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.06.07 12:13:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.07 21:42:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.06.06 22:15:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.06.07 22:19:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bw6rjb4y.default\extensions
[2012.06.07 12:13:56 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bw6rjb4y.default\extensions\ffxtlbr@incredibar.com
[2012.06.07 12:13:29 | 000,002,203 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bw6rjb4y.default\searchplugins\MyStart Search.xml
[2012.06.06 22:13:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.06 23:03:53 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012.06.07 12:13:42 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2012.06.06 23:05:37 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.7
[2012.06.06 22:55:45 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BW6RJB4Y.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.09 16:25:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.06.01 17:38:43 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.06 23:05:22 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{198A7525-D125-43C4-92B6-956B826585EC}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Toshiba\Wallpapers\Wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Toshiba\Wallpapers\Wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1c368af6-b00f-11e1-bb8b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1c368af6-b00f-11e1-bb8b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\EPSETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.10 21:32:09 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.06.09 18:19:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.06.09 16:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.06.09 16:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012.06.09 12:58:47 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.06.07 22:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Creativity Suite
[2012.06.07 22:30:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\InstallShield
[2012.06.07 22:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012.06.07 22:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2012.06.07 22:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
[2012.06.07 22:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2012.06.07 12:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\Incredibar.com
[2012.06.07 12:13:41 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012.06.07 12:13:00 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012.06.07 12:12:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.06.07 09:41:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Symantec
[2012.06.07 09:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveUpdate Notice
[2012.06.07 01:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.06.07 01:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012.06.07 01:42:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012.06.07 01:41:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012.06.07 01:38:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Help
[2012.06.07 01:38:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.06.07 01:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.06.07 01:37:51 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.06.07 01:01:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.06.07 00:35:21 | 000,000,000 | ---D | C] -- C:\Program Files\PIXELA
[2012.06.07 00:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PIXELA
[2012.06.07 00:27:32 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Eigene Dateien
[2012.06.07 00:26:56 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Eigene Bücher
[2012.06.07 00:18:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2012.06.07 00:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.06.07 00:17:36 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012.06.06 23:45:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WhiteLabelOffice
[2012.06.06 23:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\White Label Office 3
[2012.06.06 23:39:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Apple Computer
[2012.06.06 23:39:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple Computer
[2012.06.06 23:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.06.06 23:39:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012.06.06 23:38:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.06.06 23:38:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.06.06 23:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.06.06 23:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012.06.06 23:37:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple
[2012.06.06 23:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012.06.06 23:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.06.06 23:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012.06.06 23:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.06.06 23:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.06.06 23:07:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\AVG2012
[2012.06.06 23:05:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\AVG Secure Search
[2012.06.06 23:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.06.06 23:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012.06.06 23:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012.06.06 23:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012.06.06 23:03:38 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012.06.06 23:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012.06.06 23:03:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012.06.06 23:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012.06.06 22:58:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe
[2012.06.06 22:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.06.06 22:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012.06.06 22:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012.06.06 22:30:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.06.06 22:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012.06.06 22:15:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla
[2012.06.06 22:15:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla
[2012.06.06 22:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.06.06 22:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.06.06 22:13:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.06.06 22:05:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Toshiba
[2012.06.06 22:05:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.06.06 22:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.06 22:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.06 22:04:55 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.06 22:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.06 21:52:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Toshiba
[2012.06.06 21:52:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe
[2012.06.06 21:51:43 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.06.06 21:51:43 | 000,000,000 | R--D | C] -- C:\Users\***\Searches
[2012.06.06 21:51:43 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.06.06 21:51:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities
[2012.06.06 21:51:31 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts
[2012.06.06 21:51:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore
[2012.06.06 21:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\ToshibaEurope
[2012.06.06 21:49:15 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft
[2012.06.06 21:49:15 | 000,000,000 | R--D | C] -- C:\Users\***\Videos
[2012.06.06 21:49:15 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games
[2012.06.06 21:49:15 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures
[2012.06.06 21:49:15 | 000,000,000 | R--D | C] -- C:\Users\***\Music
[2012.06.06 21:49:15 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.06.06 21:49:15 | 000,000,000 | R--D | C] -- C:\Users\***\Links
[2012.06.06 21:49:15 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites
[2012.06.06 21:49:15 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads
[2012.06.06 21:49:15 | 000,000,000 | R--D | C] -- C:\Users\***\Documents
[2012.06.06 21:49:15 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop
[2012.06.06 21:49:15 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten
[2012.06.06 21:49:15 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten
[2012.06.06 21:49:15 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData
[2012.06.06 21:49:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp
[2012.06.06 21:49:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft
[2012.06.06 21:49:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2012.06.06 21:45:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.06.06 21:45:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.06.06 21:45:28 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.06.06 21:45:28 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.06.06 21:45:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.06.06 21:45:28 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.06.06 21:45:28 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.06.06 21:45:28 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.06.06 21:45:28 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.06.06 21:45:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.06.06 21:45:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.06.06 21:45:07 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.06.06 21:43:26 | 000,737,280 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2012.06.06 21:43:26 | 000,737,280 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athr.sys
[2012.06.06 21:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2012.06.06 21:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2012.06.06 21:38:01 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.10 21:32:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.06.10 21:26:21 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.06.10 21:24:50 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.06.10 21:06:48 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.10 21:06:48 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.10 21:06:48 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.10 21:06:48 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.10 20:58:58 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.10 20:58:58 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.10 20:58:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.10 20:58:24 | 2138,300,416 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.10 20:51:06 | 100,143,439 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.06.09 17:38:40 | 000,026,378 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012.06.09 16:36:18 | 000,392,816 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.09 15:16:52 | 000,002,631 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk
[2012.06.09 12:16:12 | 034,537,472 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2012.06.09 12:16:12 | 000,327,680 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2012.06.09 12:16:12 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2012.06.09 01:20:10 | 000,001,820 | ---- | M] () -- C:\Windows\System32\rasctrnm.h
[2012.06.09 01:12:59 | 001,654,487 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2012.06.07 23:03:50 | 000,004,608 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.07 22:29:49 | 000,002,091 | ---- | M] () -- C:\Users\Public\Desktop\CX4300_5500_DX4400 Handbuch.lnk
[2012.06.07 22:21:32 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012.06.07 22:21:00 | 000,000,027 | ---- | M] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2012.06.07 21:42:28 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.07 12:14:00 | 000,000,447 | ---- | M] () -- C:\user.js
[2012.06.07 10:25:03 | 000,124,464 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012.06.07 10:25:03 | 000,010,635 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012.06.07 10:25:03 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012.06.07 10:08:52 | 000,000,000 | ---- | M] () -- C:\Windows\WinInit.ini
[2012.06.07 09:51:12 | 000,000,584 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - ***.job
[2012.06.07 01:56:46 | 000,002,707 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office PowerPoint 2007.lnk
[2012.06.07 01:06:56 | 000,000,565 | ---- | M] () -- C:\Users\***\Desktop\Camcorder.lnk
[2012.06.07 01:01:38 | 000,000,887 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Video.lnk
[2012.06.07 00:35:21 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\ImageMixer.lnk
[2012.06.07 00:35:21 | 000,000,871 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.4.lnk
[2012.06.07 00:32:43 | 000,000,583 | ---- | M] () -- C:\Users\***\Desktop\Eigene Bücher.lnk
[2012.06.07 00:32:23 | 000,001,372 | ---- | M] () -- C:\Users\***\Desktop\Eigene Dateien.lnk
[2012.06.07 00:18:19 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.06.06 23:48:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdFs_01_00_00.Wdf
[2012.06.06 23:40:47 | 000,000,363 | ---- | M] () -- C:\Users\***\Desktop\Downloads.lnk
[2012.06.06 23:39:19 | 000,001,669 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.06.06 23:23:10 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.06.06 23:05:42 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.06.06 22:47:17 | 000,000,881 | ---- | M] () -- C:\Users\***\Desktop\SpywareBlaster.lnk
[2012.06.06 22:43:00 | 000,000,104 | ---- | M] () -- C:\Users\***\Desktop\Window Mail.lnk
[2012.06.06 22:04:57 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.06 21:43:05 | 000,000,000 | RHS- | M] () -- C:\Windows\System32\drivers\TOSHIBA_Satellite L40_05662-GR_PSL48E-01000.MRK
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.10 21:26:21 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.06.10 21:23:37 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.06.10 20:51:06 | 100,143,439 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.06.09 17:38:40 | 000,026,378 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012.06.09 01:20:10 | 000,001,820 | ---- | C] () -- C:\Windows\System32\rasctrnm.h
[2012.06.09 01:12:59 | 001,654,487 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2012.06.08 23:31:07 | 034,537,472 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2012.06.08 23:31:07 | 000,327,680 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2012.06.08 23:31:07 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2012.06.07 23:03:47 | 000,004,608 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.07 22:30:14 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012.06.07 22:30:14 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012.06.07 22:30:14 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012.06.07 22:30:14 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012.06.07 22:30:14 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012.06.07 22:30:14 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012.06.07 22:30:14 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012.06.07 22:30:14 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012.06.07 22:30:14 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012.06.07 22:30:14 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012.06.07 22:30:14 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012.06.07 22:30:14 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012.06.07 22:30:14 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012.06.07 22:30:14 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012.06.07 22:30:14 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012.06.07 22:30:14 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012.06.07 22:30:14 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012.06.07 22:30:14 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012.06.07 22:30:14 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012.06.07 22:30:13 | 000,013,732 | ---- | C] () -- C:\Windows\System32\EPPICLocal_EN.cfg
[2012.06.07 22:30:13 | 000,006,442 | ---- | C] () -- C:\Windows\System32\EPPICLocal_IT.cfg
[2012.06.07 22:30:13 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_PT.cfg
[2012.06.07 22:30:13 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_BP.cfg
[2012.06.07 22:30:13 | 000,006,335 | ---- | C] () -- C:\Windows\System32\EPPICLocal_GE.cfg
[2012.06.07 22:30:13 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_FR.cfg
[2012.06.07 22:30:13 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_CF.cfg
[2012.06.07 22:30:13 | 000,006,122 | ---- | C] () -- C:\Windows\System32\EPPICLocal_DU.cfg
[2012.06.07 22:30:13 | 000,006,103 | ---- | C] () -- C:\Windows\System32\EPPICLocal_ES.cfg
[2012.06.07 22:30:13 | 000,005,817 | ---- | C] () -- C:\Windows\System32\EPPICLocal_KO.cfg
[2012.06.07 22:30:13 | 000,005,436 | ---- | C] () -- C:\Windows\System32\EPPICLocal_SC.cfg
[2012.06.07 22:30:13 | 000,002,889 | ---- | C] () -- C:\Windows\System32\EPPICLocal_RU.cfg
[2012.06.07 22:30:13 | 000,002,426 | ---- | C] () -- C:\Windows\System32\EPPICLocal_TC.cfg
[2012.06.07 22:29:49 | 000,002,091 | ---- | C] () -- C:\Users\Public\Desktop\CX4300_5500_DX4400 Handbuch.lnk
[2012.06.07 22:21:32 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012.06.07 22:21:00 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2012.06.07 12:13:58 | 000,000,447 | ---- | C] () -- C:\user.js
[2012.06.07 10:08:52 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini
[2012.06.07 09:23:40 | 000,000,584 | ---- | C] () -- C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - ***.job
[2012.06.07 01:56:46 | 000,002,707 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office PowerPoint 2007.lnk
[2012.06.07 01:56:05 | 000,002,631 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk
[2012.06.07 01:06:56 | 000,000,565 | ---- | C] () -- C:\Users\***\Desktop\Camcorder.lnk
[2012.06.07 01:01:38 | 000,000,887 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Video.lnk
[2012.06.07 00:35:21 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\ImageMixer.lnk
[2012.06.07 00:35:21 | 000,000,871 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.4.lnk
[2012.06.07 00:27:48 | 000,001,372 | ---- | C] () -- C:\Users\***\Desktop\Eigene Dateien.lnk
[2012.06.07 00:27:44 | 000,000,583 | ---- | C] () -- C:\Users\***\Desktop\Eigene Bücher.lnk
[2012.06.07 00:18:19 | 000,000,864 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.06.06 23:40:47 | 000,000,363 | ---- | C] () -- C:\Users\***\Desktop\Downloads.lnk
[2012.06.06 23:39:19 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.06.06 23:37:48 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.06.06 23:23:10 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.06.06 23:23:10 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.06.06 23:05:42 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.06.06 22:47:17 | 000,000,881 | ---- | C] () -- C:\Users\***\Desktop\SpywareBlaster.lnk
[2012.06.06 22:43:00 | 000,000,104 | ---- | C] () -- C:\Users\***\Desktop\Window Mail.lnk
[2012.06.06 22:13:57 | 000,000,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.06.06 22:13:57 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.06 22:04:57 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.06 21:51:44 | 000,000,954 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.06.06 21:51:42 | 000,000,949 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.06.06 21:51:31 | 000,000,920 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012.06.06 21:43:26 | 000,089,991 | ---- | C] () -- C:\Windows\System32\netathr.inf
[2012.06.06 21:43:26 | 000,030,578 | ---- | C] () -- C:\Windows\System32\athrext.cat
[2012.06.06 21:43:05 | 000,000,000 | RHS- | C] () -- C:\Windows\System32\drivers\TOSHIBA_Satellite L40_05662-GR_PSL48E-01000.MRK
[2012.06.06 21:38:03 | 2138,300,416 | -HS- | C] () -- C:\hiberfil.sys
 
========== LOP Check ==========
 
[2012.06.06 23:07:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVG2012
[2012.06.07 01:01:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.06.06 22:05:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Toshiba
[2012.06.06 23:45:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WhiteLabelOffice
[2012.06.10 20:55:04 | 000,016,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10.06.2012 21:39:41 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,66 Gb Available Physical Memory | 33,03% Memory free
4,21 Gb Paging File | 2,79 Gb Available in Paging File | 66,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,22 Gb Total Space | 35,33 Gb Free Space | 47,60% Space Free | Partition Type: NTFS
Drive E: | 73,36 Gb Total Space | 73,26 Gb Free Space | 99,86% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06FD41AB-3990-4CBE-A4D4-ED75B5783A91}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{0AAE4BAD-0348-4CFE-B33C-8667BE70098C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2BFDFC41-41FD-486B-9799-659F313786B0}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | 
"{2C4EB0EE-54F3-424F-AD5B-2E548301BA35}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | 
"{334B7467-ADA6-4066-B48A-4303249F879D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{64468822-5D68-468D-BADC-8662408C8A22}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{6EEAF812-A131-4C2E-80AF-825E296CD577}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | 
"{74B84D4B-6641-4890-AE90-2213B3A6D571}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{7C7FBD9B-97F3-4FF6-8FFB-8EA02563BD6F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | 
"{9482993D-FD8B-4F93-A15E-47AB5F0779DC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A01CE0AE-4BF2-4F3F-8667-AB893EF29E95}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | 
"{A9A092E0-E1DD-4EA1-9EDE-0C09C8816CDD}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{AF5B5861-2636-4B33-B071-57ED3D39A9CE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | 
"{FA0EB838-5CAA-4EB5-9E76-D82E49920962}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2C544254-39F2-4ACA-B779-ABF7297C96CF}" = Accessibility
"{320D4FBD-53F7-476B-A4AF-E26A02645918}" = MAGIX Video easy HD
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.442
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3F2A2C4F-34FC-4B9C-A80F-14F8617AD61B}" = SymNet
"{4073AAEC-B01B-4000-BC9B-1447E3A7BD87}" = AVG 2012
"{45E8C241-5D1A-4E86-B5DA-3CCABD427417}" = Symantec Real Time Storage Protection Component
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Vista x86 Ver.3.33.03
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDBF6D3-08D7-4B78-8C6C-FD9CC66CB369}" = MAGIX Speed burnR (MSI)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E520B22-546E-4AD3-8958-7D1EB8587AB1}" = Music Transfer Utility Ver.1
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BCF75973-29C2-4245-80E3-B3C2B7E7548B}" = AVG 2012
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CAE4E520-4695-4A96-8661-B62FA5FB669E}" = ImageMixer 3 SE Ver.4 Transfer Utility
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{FF478E4A-AC94-4847-8036-1DB8EC19355A}" = MAGIX Screenshare
"AVG" = AVG 2012
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"incredibar" = Incredibar Toolbar  on IE and Chrome
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX_MSI_Video_easy_2" = MAGIX Video easy HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 13.0 (x86 de)" = Mozilla Firefox 13.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"myphotobook" = myphotobook 3.1
"SpywareBlaster_is1" = SpywareBlaster 4.6
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VLC media player" = VLC media player 2.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.06.2012 10:44:00 | Computer Name = ***-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 09.06.2012 12:06:21 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ccApp.exe, Version 106.2.0.21, Zeitstempel 0x45a467ef,
 fehlerhaftes Modul NSCWSCR2.DLL, Version 2007.4.0.2, Zeitstempel 0x468eb2ed, Ausnahmecode
 0xc0000005, Fehleroffset 0x0001ca18,  Prozess-ID 0xf3c, Anwendungsstartzeit 01cd46599c9da9db.
 
Error - 09.06.2012 12:08:51 | Computer Name = ***-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 09.06.2012 12:28:58 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ccApp.exe, Version 106.2.0.21, Zeitstempel 0x45a467ef,
 fehlerhaftes Modul NSCWSCR2.DLL, Version 2007.4.0.2, Zeitstempel 0x468eb2ed, Ausnahmecode
 0xc0000005, Fehleroffset 0x0001ca18,  Prozess-ID 0xe74, Anwendungsstartzeit 01cd465cdaca6eff.
 
Error - 09.06.2012 12:33:45 | Computer Name = ***-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 10.06.2012 14:48:12 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ccApp.exe, Version 106.2.0.21, Zeitstempel 0x45a467ef,
 fehlerhaftes Modul NSCWSCR2.DLL, Version 2007.4.0.2, Zeitstempel 0x468eb2ed, Ausnahmecode
 0xc0000005, Fehleroffset 0x0001ca18,  Prozess-ID 0xe00, Anwendungsstartzeit 01cd47396a5bde49.
 
Error - 10.06.2012 14:54:01 | Computer Name = ***-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 10.06.2012 15:01:24 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ccApp.exe, Version 106.2.0.21, Zeitstempel 0x45a467ef,
 fehlerhaftes Modul NSCWSCR2.DLL, Version 2007.4.0.2, Zeitstempel 0x468eb2ed, Ausnahmecode
 0xc0000005, Fehleroffset 0x0001ca18,  Prozess-ID 0xfac, Anwendungsstartzeit 01cd473b50da7269.
 
Error - 10.06.2012 15:06:45 | Computer Name = ***-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 10.06.2012 15:30:49 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 13.0.0.4535 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 614  Anfangszeit: 01cd473c286d8cd9  Zeitpunkt der
 Beendigung: 60000
 
[ System Events ]
Error - 09.06.2012 09:45:07 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description = 
 
Error - 09.06.2012 09:45:07 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description = 
 
Error - 09.06.2012 09:45:07 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 09.06.2012 09:45:07 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 09.06.2012 09:45:07 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 09.06.2012 09:45:07 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 09.06.2012 10:33:03 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 09.06.2012 12:05:06 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 09.06.2012 12:05:06 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 09.06.2012 12:05:06 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---


GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-10 22:41:02
Windows 6.0.6000  Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.DL03
Running: 6vk2oly2.exe; Driver: C:\Users\***\AppData\Local\Temp\kxlyrpog.sys


---- System - GMER 1.0.15 ----

SSDT            86D84A50                                                                                                                     ZwAlertResumeThread
SSDT            86D84B30                                                                                                                     ZwAlertThread
SSDT            86D83CA0                                                                                                                     ZwAllocateVirtualMemory
SSDT            86D18738                                                                                                                     ZwConnectPort
SSDT            86D859C0                                                                                                                     ZwCreateMutant
SSDT            86D7A5B8                                                                                                                     ZwCreateThread
SSDT            86D83B00                                                                                                                     ZwFreeVirtualMemory
SSDT            86D84890                                                                                                                     ZwImpersonateAnonymousToken
SSDT            86D84970                                                                                                                     ZwImpersonateThread
SSDT            86D83A20                                                                                                                     ZwMapViewOfSection
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwNotifyChangeKey [0x8F895004]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwNotifyChangeMultipleKeys [0x8F8950D4]
SSDT            86D85900                                                                                                                     ZwOpenEvent
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwOpenProcess [0x8F894D76]
SSDT            86D83D70                                                                                                                     ZwOpenProcessToken
SSDT            86D83760                                                                                                                     ZwOpenThreadToken
SSDT            86D81330                                                                                                                     ZwResumeThread
SSDT            86D84F28                                                                                                                     ZwSetContextThread
SSDT            86D83850                                                                                                                     ZwSetInformationProcess
SSDT            86D84E38                                                                                                                     ZwSetInformationThread
SSDT            86D85820                                                                                                                     ZwSuspendProcess
SSDT            86D84C78                                                                                                                     ZwSuspendThread
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateProcess [0x8F894E1E]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateThread [0x8F894EBA]
SSDT            86D83940                                                                                                                     ZwUnmapViewOfSection
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwWriteVirtualMemory [0x8F894F56]

---- Kernel code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\DRIVERS\tos_sps32.sys                                                                                    section is writeable [0x87AAE000, 0x4036D, 0xE8000020]
.dsrt           C:\Windows\system32\DRIVERS\tos_sps32.sys                                                                                    unknown last section [0x87AF7000, 0x510, 0x40000040]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                       avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                      Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                      Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                      SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                      avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                      SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                      avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                                    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----
         
--- --- ---


Zitat:
# AdwCleaner v1.609 - Logfile created 06/11/2012 at 09:33:33
# Updated 10/06/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium (32 bits)
# User : *** - ***-PC
# Running from : C:\Users\***\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : vToolbarUpdater11.1.0
Found : Web Assistant Updater

***** [Files / Folders] *****

Folder Found : C:\Users\***\AppData\Local\AVG Secure Search
Folder Found : C:\Users\***\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\***\AppData\LocalLow\Incredibar.com
Folder Found : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bw6rjb4y.default\extensions\ffxtlbr@incredibar.com
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Incredibar.com
Folder Found : C:\Program Files\Web Assistant
Folder Found : C:\Program Files\Common Files\AVG Secure Search
File Found : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bw6rjb4y.default\searchplugins\MyStart Search.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Incredibar.com
Key Found : HKLM\SOFTWARE\Software
Key Found : HKLM\SOFTWARE\Web Assistant
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\I
Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Found : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Found : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.16982

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={67BCAA11-D69B-4095-AAA7-D9730D1F585D}&mid=ba1aac90e62d47d0a112d153d419d095-f7812c5c2bd4458c81277ccfd80bb88d6b2aa4f8&lang=de&ds=AVG&pr=fr&d=2012-06-06 23:05:26&v=11.1.0.7&sap=nt

-\\ Mozilla Firefox v13.0 (de)

Profile name : default
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bw6rjb4y.default\prefs.js

Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.1.0.7");
Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Found : user_pref("extensions.enabledAddons", "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3,{F53C93F1-07D5-4[...]
Found : user_pref("extensions.incredibar.actvtyRptTime", "1339096495111");
Found : user_pref("extensions.incredibar.admin", false);
Found : user_pref("extensions.incredibar.aflt", "orgnl");
Found : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Found : user_pref("extensions.incredibar.cntry", "DE");
Found : user_pref("extensions.incredibar.dfltLng", "EN");
Found : user_pref("extensions.incredibar.dfltSrch", false);
Found : user_pref("extensions.incredibar.dfltlng", "EN");
Found : user_pref("extensions.incredibar.dfltsrch", "false");
Found : user_pref("extensions.incredibar.did", "10665");
Found : user_pref("extensions.incredibar.envrmnt", "production");
Found : user_pref("extensions.incredibar.excTlbr", false);
Found : user_pref("extensions.incredibar.hdrMd5", "B4310DEA131EF4E25240520BAE61438B");
Found : user_pref("extensions.incredibar.hmpg", false);
Found : user_pref("extensions.incredibar.hrdid", "0");
Found : user_pref("extensions.incredibar.id", "c2e05a33000000000000001b9e4fbb5d");
Found : user_pref("extensions.incredibar.installerproductid", "26");
Found : user_pref("extensions.incredibar.instlDay", "15498");
Found : user_pref("extensions.incredibar.instlRef", "");
Found : user_pref("extensions.incredibar.instlday", "15498");
Found : user_pref("extensions.incredibar.instlref", "");
Found : user_pref("extensions.incredibar.isDcmntCmplt", false);
Found : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Found : user_pref("extensions.incredibar.keywordurl", "");
Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1412:13:57");
Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Found : user_pref("extensions.incredibar.newTab", false);
Found : user_pref("extensions.incredibar.newtab", "false");
Found : user_pref("extensions.incredibar.newtaburl", "");
Found : user_pref("extensions.incredibar.noFFXTlbr", false);
Found : user_pref("extensions.incredibar.ppd", "");
Found : user_pref("extensions.incredibar.prdct", "incredibar");
Found : user_pref("extensions.incredibar.productid", "26");
Found : user_pref("extensions.incredibar.propectorlck", 77658189);
Found : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Found : user_pref("extensions.incredibar.sg", "none");
Found : user_pref("extensions.incredibar.smplGrp", "none");
Found : user_pref("extensions.incredibar.smplgrp", "none");
Found : user_pref("extensions.incredibar.srch", "");
Found : user_pref("extensions.incredibar.srchprvdr", "");
Found : user_pref("extensions.incredibar.tlbrId", "base");
Found : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8vgwQyqI&loc=IB_T[...]
Found : user_pref("extensions.incredibar.tlbrid", "base");
Found : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6R8vgwQyqI&loc=IB_T[...]
Found : user_pref("extensions.incredibar.upn2", "6R8vgwQyqI");
Found : user_pref("extensions.incredibar.upn2n", "92824493741227040");
Found : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1412:13:57");
Found : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnts", "1.5.11.1412:13:57");
Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Found : user_pref("extensions.incredibar_i.dfltLng", "");
Found : user_pref("extensions.incredibar_i.did", "10665");
Found : user_pref("extensions.incredibar_i.excTlbr", false);
Found : user_pref("extensions.incredibar_i.id", "c2e05a33000000000000001b9e4fbb5d");
Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Found : user_pref("extensions.incredibar_i.instlDay", "15498");
Found : user_pref("extensions.incredibar_i.instlRef", "");
Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Found : user_pref("extensions.incredibar_i.newTab", false);
Found : user_pref("extensions.incredibar_i.ppd", "");
Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Found : user_pref("extensions.incredibar_i.productid", "26");
Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8vgwQyqI&loc=IB[...]
Found : user_pref("extensions.incredibar_i.upn2", "6R8vgwQyqI");
Found : user_pref("extensions.incredibar_i.upn2n", "92824493741227040");
Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1412:13:57");
Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Found : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Bde4fb2d9-7f50-4e5f-8578-a6d8a00bce51%[...]
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://isearch.avg.com/[...]
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://isearch.avg.[...]
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

*************************

AdwCleaner[R1].txt - [16078 octets] - [11/06/2012 09:33:33]

########## EOF - C:\AdwCleaner[R1].txt - [16207 octets] ##########

Alt 11.06.2012, 08:57   #29
Psychotic
/// Malwareteam
 
Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012) - Standard

Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012)



Mehrere Anti-Virus-Programme
Code:
ATTFilter
Norton Internet Security
AVG
         
Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast. Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Ausserdem bremst es auch das System aus. Entscheide Dich für eine Variante und deinstalliere die andere über Systemsteuerung => Software. Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast.
Zitat:
Speedy hat letztens eine einleuchtende Erklärung dazu geliefert: "Man stelle sich einen Torwart vor, der das Tor hüten soll (Anti-Virus-Programm), der Ball kommt angeflogen (Virus), der Torhüter konzentriert sich auf den Ball und fängt ihn. Jetzt stelle Dir zwei Torhüter im Tor vor ...., die knallen aneinander und der Ball kann ungehindert ins Tor wandern."

Schritt 2: Uninstall
  • Klicke Start-->Systemsteuerung.
  • Öffne Programme und Funktionen.
  • Suche und deinstalliere folgende Einträge:
    Zitat:
    incredibar
  • Schließe das Fenster.


Schritt 3: aswMBR


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.



Schritt 4: Scan mit TDSS-Killer


Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Klicke Change parameters, wähle Detect TDLFS file system, klicke OK.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 11.06.2012, 09:47   #30
Wittenberg
 
Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012) - Standard

Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012)



Habe Norton Internet Security deinstalliert u. AVG belassen.
Weiterhin habe ich "incredibar" desinstalliert.
Anbei die Logdateien:

Zitat:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-11 10:26:22
-----------------------------
10:26:22.091 OS Version: Windows 6.0.6000
10:26:22.091 Number of processors: 2 586 0xF0D
10:26:22.106 ComputerName: ***-PC UserName: ***
10:26:38.533 Initialize success
10:29:51.090 AVAST engine defs: 12061001
10:30:00.872 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:30:00.872 Disk 0 Vendor: TOSHIBA_ DL03 Size: 152627MB BusType: 3
10:30:00.903 Disk 0 MBR read successfully
10:30:00.903 Disk 0 MBR scan
10:30:00.934 Disk 0 Windows VISTA default MBR code
10:30:00.950 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
10:30:00.965 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76000 MB offset 3074048
10:30:01.028 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 75125 MB offset 158722048
10:30:01.043 Disk 0 scanning sectors +312578048
10:30:01.277 Disk 0 scanning C:\Windows\system32\drivers
10:30:13.991 Service scanning
10:30:47.177 Modules scanning
10:30:56.241 Disk 0 trace - called modules:
10:30:56.272 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
10:30:56.272 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84887ad8]
10:30:56.288 3 ntkrnlpa.exe[820b07e2] -> nt!IofCallDriver -> [0x83e72808]
10:30:56.288 5 acpi.sys[8046932a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8481b030]
10:30:57.209 AVAST engine scan C:\Windows
10:31:00.064 AVAST engine scan C:\Windows\system32
10:35:19.443 AVAST engine scan C:\Windows\system32\drivers
10:35:35.636 AVAST engine scan C:\Users\***
10:37:36.661 AVAST engine scan C:\ProgramData
10:38:36.908 Scan finished successfully
10:38:49.451 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
10:38:49.466 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"

Zitat:
10:40:33.0843 4060 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
10:40:34.0077 4060 ============================================================
10:40:34.0077 4060 Current date / time: 2012/06/11 10:40:34.0077
10:40:34.0077 4060 SystemInfo:
10:40:34.0077 4060
10:40:34.0077 4060 OS Version: 6.0.6000 ServicePack: 0.0
10:40:34.0077 4060 Product type: Workstation
10:40:34.0077 4060 ComputerName: ***-PC
10:40:34.0077 4060 UserName: ***
10:40:34.0077 4060 Windows directory: C:\Windows
10:40:34.0077 4060 System windows directory: C:\Windows
10:40:34.0077 4060 Processor architecture: Intel x86
10:40:34.0077 4060 Number of processors: 2
10:40:34.0077 4060 Page size: 0x1000
10:40:34.0077 4060 Boot type: Normal boot
10:40:34.0077 4060 ============================================================
10:40:35.0294 4060 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x209CD, SectorsPerTrack: 0x1A, TracksPerCylinder: 0x5A, Type 'K0', Flags 0x00000050
10:40:35.0309 4060 ============================================================
10:40:35.0309 4060 \Device\Harddisk0\DR0:
10:40:35.0309 4060 MBR partitions:
10:40:35.0309 4060 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x9470000
10:40:35.0309 4060 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x975E800, BlocksNum 0x92BA800
10:40:35.0309 4060 ============================================================
10:40:35.0356 4060 C: <-> \Device\Harddisk0\DR0\Partition0
10:40:35.0403 4060 E: <-> \Device\Harddisk0\DR0\Partition1
10:40:35.0403 4060 ============================================================
10:40:35.0403 4060 Initialize success
10:40:35.0403 4060 ============================================================
10:41:11.0220 3172 ============================================================
10:41:11.0220 3172 Scan started
10:41:11.0220 3172 Mode: Manual; TDLFS;
10:41:11.0220 3172 ============================================================
10:41:12.0000 3172 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
10:41:12.0016 3172 ACPI - ok
10:41:12.0110 3172 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:41:12.0110 3172 AdobeARMservice - ok
10:41:12.0203 3172 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
10:41:12.0203 3172 adp94xx - ok
10:41:12.0250 3172 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
10:41:12.0250 3172 adpahci - ok
10:41:12.0266 3172 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
10:41:12.0266 3172 adpu160m - ok
10:41:12.0297 3172 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
10:41:12.0297 3172 adpu320 - ok
10:41:12.0344 3172 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
10:41:12.0344 3172 AeLookupSvc - ok
10:41:12.0375 3172 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
10:41:12.0375 3172 AFD - ok
10:41:12.0390 3172 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
10:41:12.0406 3172 AgereModemAudio - ok
10:41:12.0562 3172 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
10:41:12.0578 3172 AgereSoftModem - ok
10:41:12.0624 3172 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
10:41:12.0624 3172 agp440 - ok
10:41:12.0656 3172 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:41:12.0656 3172 aic78xx - ok
10:41:12.0671 3172 ALG (e69fb0e3112c40fdc0ef7d21a52dc951) C:\Windows\System32\alg.exe
10:41:12.0671 3172 ALG - ok
10:41:12.0671 3172 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
10:41:12.0718 3172 aliide - ok
10:41:12.0734 3172 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
10:41:12.0734 3172 amdagp - ok
10:41:12.0749 3172 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
10:41:12.0749 3172 amdide - ok
10:41:12.0765 3172 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
10:41:12.0765 3172 AmdK7 - ok
10:41:12.0780 3172 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
10:41:12.0780 3172 AmdK8 - ok
10:41:12.0843 3172 Appinfo (cfa455816879f06f1c4e5bbf9e8aef7d) C:\Windows\System32\appinfo.dll
10:41:12.0843 3172 Appinfo - ok
10:41:12.0983 3172 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:41:12.0983 3172 Apple Mobile Device - ok
10:41:13.0014 3172 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
10:41:13.0014 3172 arc - ok
10:41:13.0030 3172 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
10:41:13.0046 3172 arcsas - ok
10:41:13.0124 3172 ASLDRService (66597ad6098352d11239c0c42100b176) C:\Program Files\ATK Hotkey\ASLDRSrv.exe
10:41:13.0124 3172 ASLDRService - ok
10:41:13.0139 3172 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
10:41:13.0139 3172 AsyncMac - ok
10:41:13.0170 3172 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
10:41:13.0170 3172 atapi - ok
10:41:13.0280 3172 athr (b0c272def210b149c0bfa0d85600ce4b) C:\Windows\system32\DRIVERS\athr.sys
10:41:13.0295 3172 athr - ok
10:41:13.0373 3172 AudioEndpointBuilder (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll
10:41:13.0389 3172 AudioEndpointBuilder - ok
10:41:13.0389 3172 Audiosrv (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll
10:41:13.0404 3172 Audiosrv - ok
10:41:13.0514 3172 Automatisches LiveUpdate - Scheduler (b5d974c1fd078a68c7536c561b031d39) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
10:41:13.0529 3172 Automatisches LiveUpdate - Scheduler - ok
10:41:14.0044 3172 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\avgidsagent.exe
10:41:14.0216 3172 AVGIDSAgent - ok
10:41:14.0387 3172 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
10:41:14.0403 3172 AVGIDSDriver - ok
10:41:14.0403 3172 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
10:41:14.0403 3172 AVGIDSFilter - ok
10:41:14.0418 3172 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys
10:41:14.0418 3172 AVGIDSHX - ok
10:41:14.0434 3172 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
10:41:14.0434 3172 AVGIDSShim - ok
10:41:14.0528 3172 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
10:41:14.0528 3172 Avgldx86 - ok
10:41:14.0543 3172 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
10:41:14.0543 3172 Avgmfx86 - ok
10:41:14.0559 3172 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
10:41:14.0559 3172 Avgrkx86 - ok
10:41:14.0590 3172 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys
10:41:14.0606 3172 Avgtdix - ok
10:41:14.0699 3172 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
10:41:14.0699 3172 avgwd - ok
10:41:14.0746 3172 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
10:41:14.0762 3172 Beep - ok
10:41:14.0824 3172 BFE (98ebdffb824a7c265337d68dd480e45c) C:\Windows\System32\bfe.dll
10:41:14.0824 3172 BFE - ok
10:41:14.0949 3172 BITS (da551697e34d2b9943c8b1c8eaffe89a) C:\Windows\System32\qmgr.dll
10:41:14.0964 3172 BITS - ok
10:41:14.0980 3172 blbdrive - ok
10:41:15.0089 3172 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
10:41:15.0105 3172 Bonjour Service - ok
10:41:15.0136 3172 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
10:41:15.0136 3172 bowser - ok
10:41:15.0152 3172 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:41:15.0167 3172 BrFiltLo - ok
10:41:15.0167 3172 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:41:15.0167 3172 BrFiltUp - ok
10:41:15.0198 3172 Browser (beb6470532b7461d7bb426e3facb424f) C:\Windows\System32\browser.dll
10:41:15.0198 3172 Browser - ok
10:41:15.0230 3172 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:41:15.0230 3172 Brserid - ok
10:41:15.0245 3172 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:41:15.0245 3172 BrSerWdm - ok
10:41:15.0245 3172 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:41:15.0245 3172 BrUsbMdm - ok
10:41:15.0261 3172 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:41:15.0261 3172 BrUsbSer - ok
10:41:15.0276 3172 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
10:41:15.0276 3172 BTHMODEM - ok
10:41:15.0292 3172 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
10:41:15.0308 3172 cdfs - ok
10:41:15.0323 3172 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
10:41:15.0323 3172 cdrom - ok
10:41:15.0370 3172 CertPropSvc (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
10:41:15.0370 3172 CertPropSvc - ok
10:41:15.0432 3172 CFSvcs (c82162949bba6cc5d006c7bd008f3cf1) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
10:41:15.0432 3172 CFSvcs - ok
10:41:15.0448 3172 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
10:41:15.0448 3172 circlass - ok
10:41:15.0526 3172 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
10:41:15.0542 3172 CLFS - ok
10:41:15.0635 3172 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:41:15.0635 3172 clr_optimization_v2.0.50727_32 - ok
10:41:15.0666 3172 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
10:41:15.0666 3172 CmBatt - ok
10:41:15.0682 3172 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
10:41:15.0682 3172 cmdide - ok
10:41:15.0713 3172 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
10:41:15.0713 3172 Compbatt - ok
10:41:15.0713 3172 COMSysApp - ok
10:41:15.0744 3172 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
10:41:15.0744 3172 crcdisk - ok
10:41:15.0744 3172 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
10:41:15.0744 3172 Crusoe - ok
10:41:15.0807 3172 CryptSvc (1c26fb097170a2a91066d1e3a24366e3) C:\Windows\system32\cryptsvc.dll
10:41:15.0822 3172 CryptSvc - ok
10:41:15.0900 3172 DcomLaunch (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll
10:41:15.0916 3172 DcomLaunch - ok
10:41:15.0932 3172 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
10:41:15.0932 3172 DfsC - ok
10:41:16.0150 3172 DFSR (e0d584aa76c7d845ba9f3a788260528f) C:\Windows\system32\DFSR.exe
10:41:16.0166 3172 DFSR - ok
10:41:16.0353 3172 Dhcp (dc45739bc22d528d2b3e50d3f6761750) C:\Windows\System32\dhcpcsvc.dll
10:41:16.0353 3172 Dhcp - ok
10:41:16.0431 3172 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
10:41:16.0431 3172 disk - ok
10:41:16.0478 3172 Dnscache (eecba1dd142bf8693c476be8f32fe253) C:\Windows\System32\dnsrslvr.dll
10:41:16.0478 3172 Dnscache - ok
10:41:16.0524 3172 dot3svc (1f795d214820e496bf1124434a6db546) C:\Windows\System32\dot3svc.dll
10:41:16.0524 3172 dot3svc - ok
10:41:16.0571 3172 DPS (032c90ad677bf7b7a8013d6087c7a921) C:\Windows\system32\dps.dll
10:41:16.0587 3172 DPS - ok
10:41:16.0618 3172 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
10:41:16.0618 3172 drmkaud - ok
10:41:16.0696 3172 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
10:41:16.0712 3172 DXGKrnl - ok
10:41:16.0758 3172 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:41:16.0758 3172 E1G60 - ok
10:41:16.0805 3172 EapHost (90a0a875642e18618010645311b4e89e) C:\Windows\System32\eapsvc.dll
10:41:16.0805 3172 EapHost - ok
10:41:16.0836 3172 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
10:41:16.0836 3172 Ecache - ok
10:41:16.0930 3172 ehRecvr (b4580122b0a7b263b6ee9acba69c8013) C:\Windows\ehome\ehRecvr.exe
10:41:16.0930 3172 ehRecvr - ok
10:41:16.0961 3172 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
10:41:16.0961 3172 ehSched - ok
10:41:16.0977 3172 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
10:41:16.0977 3172 ehstart - ok
10:41:17.0008 3172 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
10:41:17.0024 3172 elxstor - ok
10:41:17.0102 3172 EMDMgmt (3226fda08988526e819e364e8cce4cee) C:\Windows\system32\emdmgmt.dll
10:41:17.0117 3172 EMDMgmt - ok
10:41:17.0180 3172 EventSystem (7b4971c3d43525175a4ea0d143e0412e) C:\Windows\system32\es.dll
10:41:17.0180 3172 EventSystem - ok
10:41:17.0211 3172 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
10:41:17.0211 3172 fastfat - ok
10:41:17.0242 3172 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
10:41:17.0242 3172 fdc - ok
10:41:17.0258 3172 fdPHost (e43bce1a77d6fd4ed5f8e0482b9e7df1) C:\Windows\system32\fdPHost.dll
10:41:17.0258 3172 fdPHost - ok
10:41:17.0273 3172 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
10:41:17.0273 3172 FDResPub - ok
10:41:17.0289 3172 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
10:41:17.0304 3172 FileInfo - ok
10:41:17.0304 3172 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
10:41:17.0304 3172 Filetrace - ok
10:41:17.0523 3172 FirebirdServerMAGIXInstance (167d24a045499ebef438f231976158df) C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
10:41:17.0554 3172 FirebirdServerMAGIXInstance - ok
10:41:17.0726 3172 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
10:41:17.0726 3172 flpydisk - ok
10:41:17.0741 3172 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
10:41:17.0741 3172 FltMgr - ok
10:41:17.0850 3172 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:41:17.0850 3172 FontCache3.0.0.0 - ok
10:41:17.0850 3172 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
10:41:17.0850 3172 Fs_Rec - ok
10:41:17.0882 3172 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
10:41:17.0882 3172 gagp30kx - ok
10:41:17.0944 3172 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:41:17.0944 3172 GEARAspiWDM - ok
10:41:18.0006 3172 gpsvc (bcf6589c42d8f6a20f33ef133ffe0524) C:\Windows\System32\gpsvc.dll
10:41:18.0022 3172 gpsvc - ok
10:41:18.0084 3172 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
10:41:18.0100 3172 HdAudAddService - ok
10:41:18.0116 3172 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:41:18.0116 3172 HDAudBus - ok
10:41:18.0131 3172 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:41:18.0131 3172 HidBth - ok
10:41:18.0147 3172 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:41:18.0147 3172 HidIr - ok
10:41:18.0162 3172 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
10:41:18.0162 3172 hidserv - ok
10:41:18.0178 3172 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
10:41:18.0178 3172 HidUsb - ok
10:41:18.0209 3172 hkmsvc (d40aa05e29bf6ed29b139f044b461e9b) C:\Windows\system32\kmsvc.dll
10:41:18.0225 3172 hkmsvc - ok
10:41:18.0240 3172 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
10:41:18.0240 3172 HpCISSs - ok
10:41:18.0303 3172 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
10:41:18.0318 3172 HTTP - ok
10:41:18.0350 3172 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
10:41:18.0350 3172 i2omp - ok
10:41:18.0428 3172 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
10:41:18.0428 3172 i8042prt - ok
10:41:18.0506 3172 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\DRIVERS\iaStor.sys
10:41:18.0506 3172 iaStor - ok
10:41:18.0537 3172 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
10:41:18.0537 3172 iaStorV - ok
10:41:18.0724 3172 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:41:18.0740 3172 idsvc - ok
10:41:18.0927 3172 igfx (b3bf4555e6bc33b3ade8d7d7c2aa9b39) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:41:18.0974 3172 igfx - ok
10:41:19.0145 3172 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:41:19.0145 3172 iirsp - ok
10:41:19.0208 3172 IKEEXT (35662fe4d8622f667aa5a5568f7f1b40) C:\Windows\System32\ikeext.dll
10:41:19.0223 3172 IKEEXT - ok
10:41:19.0442 3172 IntcAzAudAddService (6f62bafe6150f3952f877051c65786fe) C:\Windows\system32\drivers\RTKVHDA.sys
10:41:19.0488 3172 IntcAzAudAddService - ok
10:41:19.0676 3172 intelide (988981c840084f480ba9e3319cebde1b) C:\Windows\system32\drivers\intelide.sys
10:41:19.0676 3172 intelide - ok
10:41:19.0722 3172 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
10:41:19.0722 3172 intelppm - ok
10:41:19.0754 3172 IPBusEnum (88cf5281ed9880d74dc9011cf8b5262d) C:\Windows\system32\ipbusenum.dll
10:41:19.0754 3172 IPBusEnum - ok
10:41:19.0769 3172 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:41:19.0769 3172 IpFilterDriver - ok
10:41:19.0816 3172 iphlpsvc (ecc9ad72cfc4ab41cf6a9bcc11f9fef6) C:\Windows\System32\iphlpsvc.dll
10:41:19.0816 3172 iphlpsvc - ok
10:41:19.0832 3172 IpInIp - ok
10:41:19.0847 3172 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
10:41:19.0847 3172 IPMIDRV - ok
10:41:19.0863 3172 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
10:41:19.0878 3172 IPNAT - ok
10:41:20.0003 3172 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
10:41:20.0019 3172 iPod Service - ok
10:41:20.0034 3172 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
10:41:20.0034 3172 IRENUM - ok
10:41:20.0066 3172 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
10:41:20.0066 3172 isapnp - ok
10:41:20.0097 3172 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
10:41:20.0112 3172 iScsiPrt - ok
10:41:20.0112 3172 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:41:20.0112 3172 iteatapi - ok
10:41:20.0128 3172 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:41:20.0128 3172 iteraid - ok
10:41:20.0237 3172 IYIRAH - ok
10:41:20.0268 3172 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
10:41:20.0268 3172 kbdclass - ok
10:41:20.0315 3172 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
10:41:20.0315 3172 kbdhid - ok
10:41:20.0346 3172 KeyIso (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
10:41:20.0346 3172 KeyIso - ok
10:41:20.0393 3172 KR10I (a383f2cea0a8f4e76e71abc869bd5748) C:\Windows\system32\drivers\kr10i.sys
10:41:20.0409 3172 KR10I - ok
10:41:20.0440 3172 KR10N (6e9922332386c2a49936b30b2b6fd298) C:\Windows\system32\drivers\kr10n.sys
10:41:20.0440 3172 KR10N - ok
10:41:20.0502 3172 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
10:41:20.0502 3172 KSecDD - ok
10:41:20.0596 3172 KtmRm (45c537fe5dde9a0146aeff76e615737d) C:\Windows\system32\msdtckrm.dll
10:41:20.0596 3172 KtmRm - ok
10:41:20.0627 3172 LanmanServer (53d1482fc1aa36ac015a85e6cf2146bd) C:\Windows\system32\srvsvc.dll
10:41:20.0643 3172 LanmanServer - ok
10:41:20.0690 3172 LanmanWorkstation (435f0f6dc87a4b5da78f1fa309884189) C:\Windows\System32\wkssvc.dll
10:41:20.0705 3172 LanmanWorkstation - ok
10:41:21.0064 3172 LiveUpdate (a97eeb81f05bce3d7aa6c81f04ef39a4) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
10:41:21.0126 3172 LiveUpdate - ok
10:41:21.0189 3172 LiveUpdate Notice Ex - ok
10:41:21.0282 3172 LiveUpdate Notice Service (2d1389e05a807d956829f44bd4b60389) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
10:41:21.0298 3172 LiveUpdate Notice Service - ok
10:41:21.0454 3172 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
10:41:21.0470 3172 lltdio - ok
10:41:21.0516 3172 lltdsvc (7450dbcf754391dd6363fffd5ef0e789) C:\Windows\System32\lltdsvc.dll
10:41:21.0516 3172 lltdsvc - ok
10:41:21.0532 3172 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
10:41:21.0532 3172 lmhosts - ok
10:41:21.0563 3172 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
10:41:21.0563 3172 LSI_FC - ok
10:41:21.0594 3172 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
10:41:21.0594 3172 LSI_SAS - ok
10:41:21.0626 3172 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
10:41:21.0626 3172 LSI_SCSI - ok
10:41:21.0641 3172 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
10:41:21.0657 3172 luafv - ok
10:41:21.0672 3172 Mcx2Svc (e93c1ad58e88a0846eaee10671c2a8f3) C:\Windows\system32\Mcx2Svc.dll
10:41:21.0672 3172 Mcx2Svc - ok
10:41:21.0704 3172 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
10:41:21.0704 3172 megasas - ok
10:41:21.0719 3172 MEMSWEEP2 - ok
10:41:21.0750 3172 MMCSS (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
10:41:21.0750 3172 MMCSS - ok
10:41:21.0766 3172 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
10:41:21.0766 3172 Modem - ok
10:41:21.0813 3172 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
10:41:21.0813 3172 monitor - ok
10:41:21.0860 3172 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
10:41:21.0860 3172 mouclass - ok
10:41:21.0906 3172 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
10:41:21.0906 3172 mouhid - ok
10:41:21.0953 3172 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
10:41:21.0953 3172 MountMgr - ok
10:41:22.0078 3172 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:41:22.0094 3172 MozillaMaintenance - ok
10:41:22.0125 3172 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
10:41:22.0140 3172 mpio - ok
10:41:22.0156 3172 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
10:41:22.0156 3172 mpsdrv - ok
10:41:22.0218 3172 MpsSvc (563ed845885c6a7c09a7715d8bd0585c) C:\Windows\system32\mpssvc.dll
10:41:22.0234 3172 MpsSvc - ok
10:41:22.0296 3172 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:41:22.0296 3172 Mraid35x - ok
10:41:22.0343 3172 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
10:41:22.0343 3172 MRxDAV - ok
10:41:22.0390 3172 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:41:22.0390 3172 mrxsmb - ok
10:41:22.0421 3172 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:41:22.0421 3172 mrxsmb10 - ok
10:41:22.0452 3172 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:41:22.0452 3172 mrxsmb20 - ok
10:41:22.0468 3172 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
10:41:22.0468 3172 msahci - ok
10:41:22.0484 3172 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
10:41:22.0499 3172 msdsm - ok
10:41:22.0515 3172 MSDTC (bc64a92d821efea8bab8e8caf1b668bc) C:\Windows\System32\msdtc.exe
10:41:22.0530 3172 MSDTC - ok
10:41:22.0530 3172 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
10:41:22.0546 3172 Msfs - ok
10:41:22.0577 3172 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
10:41:22.0577 3172 msisadrv - ok
10:41:22.0624 3172 MSiSCSI (8acf956d9154e893e789881430c12632) C:\Windows\system32\iscsiexe.dll
10:41:22.0624 3172 MSiSCSI - ok
10:41:22.0640 3172 msiserver - ok
10:41:22.0655 3172 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
10:41:22.0655 3172 MSKSSRV - ok
10:41:22.0671 3172 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
10:41:22.0671 3172 MSPCLOCK - ok
10:41:22.0686 3172 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
10:41:22.0686 3172 MSPQM - ok
10:41:22.0702 3172 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
10:41:22.0718 3172 MsRPC - ok
10:41:22.0733 3172 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
10:41:22.0733 3172 mssmbios - ok
10:41:22.0749 3172 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
10:41:22.0749 3172 MSTEE - ok
10:41:22.0780 3172 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
10:41:22.0780 3172 MTsensor - ok
10:41:22.0796 3172 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
10:41:22.0796 3172 Mup - ok
10:41:22.0858 3172 napagent (1cdbb5d002fe2bc5300aa20550d8a52e) C:\Windows\system32\qagentRT.dll
10:41:22.0858 3172 napagent - ok
10:41:22.0905 3172 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
10:41:22.0905 3172 NativeWifiP - ok
10:41:22.0983 3172 NDIS (fffe00134c554e113ee186eeddb0ff30) C:\Windows\system32\drivers\ndis.sys
10:41:22.0998 3172 NDIS - ok
10:41:23.0030 3172 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
10:41:23.0030 3172 NdisTapi - ok
10:41:23.0045 3172 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
10:41:23.0061 3172 Ndisuio - ok
10:41:23.0076 3172 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
10:41:23.0076 3172 NdisWan - ok
10:41:23.0092 3172 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
10:41:23.0108 3172 NDProxy - ok
10:41:23.0108 3172 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
10:41:23.0108 3172 NetBIOS - ok
10:41:23.0154 3172 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
10:41:23.0154 3172 netbt - ok
10:41:23.0186 3172 Netlogon (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
10:41:23.0186 3172 Netlogon - ok
10:41:23.0248 3172 Netman (90a4dae28b94497f83bea0f2a3b77092) C:\Windows\System32\netman.dll
10:41:23.0248 3172 Netman - ok
10:41:23.0279 3172 netprofm (7c5c3d9ceee838856b828ab6f98a2857) C:\Windows\System32\netprofm.dll
10:41:23.0295 3172 netprofm - ok
10:41:23.0388 3172 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:41:23.0404 3172 NetTcpPortSharing - ok
10:41:23.0420 3172 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:41:23.0435 3172 nfrd960 - ok
10:41:23.0466 3172 NlaSvc (c424117a562f2de37a42266894c79aeb) C:\Windows\System32\nlasvc.dll
10:41:23.0466 3172 NlaSvc - ok
10:41:23.0482 3172 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
10:41:23.0482 3172 Npfs - ok
10:41:23.0513 3172 nsi (23b8201a363de0e649fc75ee9874dee2) C:\Windows\system32\nsisvc.dll
10:41:23.0529 3172 nsi - ok
10:41:23.0529 3172 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
10:41:23.0529 3172 nsiproxy - ok
10:41:23.0638 3172 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
10:41:23.0669 3172 Ntfs - ok
10:41:23.0685 3172 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:41:23.0685 3172 ntrigdigi - ok
10:41:23.0700 3172 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
10:41:23.0700 3172 Null - ok
10:41:23.0716 3172 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
10:41:23.0732 3172 nvraid - ok
10:41:23.0747 3172 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
10:41:23.0747 3172 nvstor - ok
10:41:23.0778 3172 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
10:41:23.0778 3172 nv_agp - ok
10:41:23.0794 3172 NwlnkFlt - ok
10:41:23.0794 3172 NwlnkFwd - ok
10:41:23.0997 3172 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:41:24.0012 3172 odserv - ok
10:41:24.0012 3172 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
10:41:24.0028 3172 ohci1394 - ok
10:41:24.0075 3172 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:41:24.0075 3172 ose - ok
10:41:24.0168 3172 p2pimsvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
10:41:24.0200 3172 p2pimsvc - ok
10:41:24.0215 3172 p2psvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
10:41:24.0231 3172 p2psvc - ok
10:41:24.0262 3172 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
10:41:24.0262 3172 Parport - ok
10:41:24.0278 3172 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
10:41:24.0278 3172 partmgr - ok
10:41:24.0293 3172 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
10:41:24.0293 3172 Parvdm - ok
10:41:24.0293 3172 PcaSvc (d8c5c215c932233a4f1d7f368f4e4e65) C:\Windows\System32\pcasvc.dll
10:41:24.0309 3172 PcaSvc - ok
10:41:24.0324 3172 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
10:41:24.0324 3172 pci - ok
10:41:24.0340 3172 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
10:41:24.0340 3172 pciide - ok
10:41:24.0371 3172 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
10:41:24.0371 3172 pcmcia - ok
10:41:24.0465 3172 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:41:24.0496 3172 PEAUTH - ok
10:41:24.0668 3172 pla (cd05a38d166beade18030bafc0c0a939) C:\Windows\system32\pla.dll
10:41:24.0699 3172 pla - ok
10:41:24.0886 3172 PlugPlay (747bb4c31f3b6e8d1b5ed0ad61518cb5) C:\Windows\system32\umpnpmgr.dll
10:41:24.0886 3172 PlugPlay - ok
10:41:24.0995 3172 PNRPAutoReg (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
10:41:24.0995 3172 PNRPAutoReg - ok
10:41:25.0011 3172 PNRPsvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
10:41:25.0026 3172 PNRPsvc - ok
10:41:25.0089 3172 PolicyAgent (5ebdec613bd377ce9a85382be5c6b83b) C:\Windows\System32\ipsecsvc.dll
10:41:25.0104 3172 PolicyAgent - ok
10:41:25.0167 3172 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
10:41:25.0167 3172 PptpMiniport - ok
10:41:25.0198 3172 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
10:41:25.0198 3172 Processor - ok
10:41:25.0245 3172 ProfSvc (213112e152e68f0e4705e36f052a2880) C:\Windows\system32\profsvc.dll
10:41:25.0245 3172 ProfSvc - ok
10:41:25.0276 3172 ProtectedStorage (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
10:41:25.0276 3172 ProtectedStorage - ok
10:41:25.0323 3172 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
10:41:25.0323 3172 PSched - ok
10:41:25.0432 3172 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
10:41:25.0448 3172 ql2300 - ok
10:41:25.0479 3172 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:41:25.0479 3172 ql40xx - ok
10:41:25.0526 3172 QWAVE (ca61bdfd3713a7ce75f2812afc431594) C:\Windows\system32\qwave.dll
10:41:25.0526 3172 QWAVE - ok
10:41:25.0541 3172 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
10:41:25.0541 3172 QWAVEdrv - ok
10:41:25.0557 3172 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
10:41:25.0557 3172 RasAcd - ok
10:41:25.0588 3172 RasAuto (f14f4aab9f54d099fe99192bdb100ac9) C:\Windows\System32\rasauto.dll
10:41:25.0588 3172 RasAuto - ok
10:41:25.0619 3172 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:41:25.0619 3172 Rasl2tp - ok
10:41:25.0650 3172 RasMan (11d65e29bc9d1e4114d18fe68194394c) C:\Windows\System32\rasmans.dll
10:41:25.0666 3172 RasMan - ok
10:41:25.0682 3172 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
10:41:25.0682 3172 RasPppoe - ok
10:41:25.0713 3172 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
10:41:25.0713 3172 rdbss - ok
10:41:25.0728 3172 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:41:25.0728 3172 RDPCDD - ok
10:41:25.0760 3172 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
10:41:25.0775 3172 rdpdr - ok
10:41:25.0775 3172 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
10:41:25.0775 3172 RDPENCDD - ok
10:41:25.0806 3172 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
10:41:25.0822 3172 RDPWD - ok
10:41:25.0869 3172 RemoteAccess (6c1a43c589ee8011a1ebfd51c01b77ce) C:\Windows\System32\mprdim.dll
10:41:25.0869 3172 RemoteAccess - ok
10:41:25.0900 3172 RemoteRegistry (9a043808667c8c1893da7275af373f0e) C:\Windows\system32\regsvc.dll
10:41:25.0916 3172 RemoteRegistry - ok
10:41:25.0931 3172 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
10:41:25.0947 3172 rimmptsk - ok
10:41:25.0947 3172 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
10:41:25.0962 3172 rimsptsk - ok
10:41:25.0994 3172 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
10:41:25.0994 3172 rismxdp - ok
10:41:26.0025 3172 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
10:41:26.0025 3172 RpcLocator - ok
10:41:26.0103 3172 RpcSs (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll
10:41:26.0118 3172 RpcSs - ok
10:41:26.0150 3172 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
10:41:26.0150 3172 rspndr - ok
10:41:26.0196 3172 RTL8023xp (5c5612756b380bcedbf566a780ff9afe) C:\Windows\system32\DRIVERS\Rtnicxp.sys
10:41:26.0196 3172 RTL8023xp - ok
10:41:26.0228 3172 SamSs (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
10:41:26.0228 3172 SamSs - ok
10:41:26.0259 3172 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:41:26.0274 3172 sbp2port - ok
10:41:26.0306 3172 SCardSvr (565b4b9e5ad2f2f18a4f8aafa6c06bbb) C:\Windows\System32\SCardSvr.dll
10:41:26.0321 3172 SCardSvr - ok
10:41:26.0399 3172 Schedule (886cec884b5be29ab9828b8ab46b11f7) C:\Windows\system32\schedsvc.dll
10:41:26.0415 3172 Schedule - ok
10:41:26.0446 3172 SCPolicySvc (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
10:41:26.0462 3172 SCPolicySvc - ok
10:41:26.0493 3172 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
10:41:26.0493 3172 sdbus - ok
10:41:26.0524 3172 SDRSVC (f7b6bf02240d0a764adf8c8966735552) C:\Windows\System32\SDRSVC.dll
10:41:26.0524 3172 SDRSVC - ok
10:41:26.0524 3172 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:41:26.0540 3172 secdrv - ok
10:41:26.0555 3172 seclogon (8388c4133ddbe62ad7bc3ec9f14271ed) C:\Windows\system32\seclogon.dll
10:41:26.0555 3172 seclogon - ok
10:41:26.0586 3172 SENS (34350ae2c1d33d21c7305f861bd8dad8) C:\Windows\System32\sens.dll
10:41:26.0602 3172 SENS - ok
10:41:26.0602 3172 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
10:41:26.0602 3172 Serenum - ok
10:41:26.0618 3172 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
10:41:26.0633 3172 Serial - ok
10:41:26.0664 3172 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
10:41:26.0664 3172 sermouse - ok
10:41:26.0727 3172 SessionEnv (78878235da4df0d116e86837a0a21df8) C:\Windows\system32\sessenv.dll
10:41:26.0727 3172 SessionEnv - ok
10:41:26.0742 3172 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
10:41:26.0758 3172 sffdisk - ok
10:41:26.0758 3172 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
10:41:26.0774 3172 sffp_mmc - ok
10:41:26.0789 3172 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
10:41:26.0789 3172 sffp_sd - ok
10:41:26.0805 3172 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
10:41:26.0805 3172 sfloppy - ok
10:41:26.0852 3172 SharedAccess (9a82bf4c90b00a63150a606a1e2fd82b) C:\Windows\System32\ipnathlp.dll
10:41:26.0852 3172 SharedAccess - ok
10:41:26.0898 3172 ShellHWDetection (b264dfa21677728613267fe63802b332) C:\Windows\System32\shsvcs.dll
10:41:26.0898 3172 ShellHWDetection - ok
10:41:26.0914 3172 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
10:41:26.0914 3172 sisagp - ok
10:41:26.0930 3172 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
10:41:26.0930 3172 SiSRaid2 - ok
10:41:26.0961 3172 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
10:41:26.0961 3172 SiSRaid4 - ok
10:41:27.0210 3172 slsvc (a1dcd30534835cb67733ad00175125a6) C:\Windows\system32\SLsvc.exe
10:41:27.0273 3172 slsvc - ok
10:41:27.0429 3172 SLUINotify (56da296e7b376a727e7bdc5ac7fbee02) C:\Windows\system32\SLUINotify.dll
10:41:27.0444 3172 SLUINotify - ok
10:41:27.0491 3172 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
10:41:27.0507 3172 Smb - ok
10:41:27.0522 3172 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
10:41:27.0538 3172 SNMPTRAP - ok
10:41:27.0538 3172 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
10:41:27.0538 3172 spldr - ok
10:41:27.0569 3172 Spooler (da612ef2556776df2630b68bf2d48935) C:\Windows\System32\spoolsv.exe
10:41:27.0585 3172 Spooler - ok
10:41:27.0632 3172 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
10:41:27.0632 3172 srv - ok
10:41:27.0694 3172 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
10:41:27.0694 3172 srv2 - ok
10:41:27.0710 3172 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
10:41:27.0710 3172 srvnet - ok
10:41:27.0756 3172 SSDPSRV (8d3e4baff8b3997138c38eb1b600519a) C:\Windows\System32\ssdpsrv.dll
10:41:27.0772 3172 SSDPSRV - ok
10:41:27.0834 3172 stisvc (a941e099ef46e3cc12f898cbe1c39910) C:\Windows\System32\wiaservc.dll
10:41:27.0850 3172 stisvc - ok
10:41:27.0897 3172 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
10:41:27.0897 3172 swenum - ok
10:41:27.0928 3172 swprv (749ada8d6c18a08adfede69cbf5db2e0) C:\Windows\System32\swprv.dll
10:41:27.0944 3172 swprv - ok
10:41:27.0959 3172 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:41:27.0959 3172 Symc8xx - ok
10:41:27.0975 3172 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:41:27.0990 3172 Sym_hi - ok
10:41:27.0990 3172 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:41:27.0990 3172 Sym_u3 - ok
10:41:28.0053 3172 SynTP (baa29028e7db52837198465c5c53a2f0) C:\Windows\system32\DRIVERS\SynTP.sys
10:41:28.0068 3172 SynTP - ok
10:41:28.0131 3172 SysMain (8f2b5fede18bd3c4c926cbf88e6f1264) C:\Windows\system32\sysmain.dll
10:41:28.0146 3172 SysMain - ok
10:41:28.0178 3172 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
10:41:28.0193 3172 TabletInputService - ok
10:41:28.0224 3172 TapiSrv (ef3dd33c740fc2f82e7e4622f1c49289) C:\Windows\System32\tapisrv.dll
10:41:28.0240 3172 TapiSrv - ok
10:41:28.0256 3172 TBS (68fa52794ae9acc61bde16fe0956b414) C:\Windows\System32\tbssvc.dll
10:41:28.0271 3172 TBS - ok
10:41:28.0365 3172 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
10:41:28.0380 3172 Tcpip - ok
10:41:28.0396 3172 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
10:41:28.0396 3172 Tcpip6 - ok
10:41:28.0427 3172 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
10:41:28.0427 3172 tcpipreg - ok
10:41:28.0490 3172 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
10:41:28.0490 3172 tdcmdpst - ok
10:41:28.0490 3172 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
10:41:28.0505 3172 TDPIPE - ok
10:41:28.0505 3172 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
10:41:28.0521 3172 TDTCP - ok
10:41:28.0536 3172 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
10:41:28.0536 3172 tdx - ok
10:41:28.0552 3172 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
10:41:28.0568 3172 TermDD - ok
10:41:28.0630 3172 TermService (fad71c1e8e4047b154e899ae31eb8caa) C:\Windows\System32\termsrv.dll
10:41:28.0630 3172 TermService - ok
10:41:28.0692 3172 Themes (b264dfa21677728613267fe63802b332) C:\Windows\system32\shsvcs.dll
10:41:28.0692 3172 Themes - ok
10:41:28.0739 3172 THREADORDER (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
10:41:28.0739 3172 THREADORDER - ok
10:41:28.0880 3172 TNaviSrv (8f840d5ab73e0c8a5a1a14cb022efab3) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
10:41:28.0895 3172 TNaviSrv - ok
10:41:28.0926 3172 TODDSrv (d540858e65bfa6fded41ad2495ece344) C:\Windows\system32\TODDSrv.exe
10:41:28.0926 3172 TODDSrv - ok
10:41:28.0989 3172 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
10:41:28.0989 3172 tos_sps32 - ok
10:41:29.0020 3172 TrkWks (6bba0582c0025d43729a1112d3b57897) C:\Windows\System32\trkwks.dll
10:41:29.0036 3172 TrkWks - ok
10:41:29.0098 3172 TrustedInstaller (34e388a395fedba1d0511ed39bbf4074) C:\Windows\servicing\TrustedInstaller.exe
10:41:29.0098 3172 TrustedInstaller - ok
10:41:29.0145 3172 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:41:29.0145 3172 tssecsrv - ok
10:41:29.0176 3172 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
10:41:29.0176 3172 tunmp - ok
10:41:29.0207 3172 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
10:41:29.0207 3172 tunnel - ok
10:41:29.0223 3172 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
10:41:29.0223 3172 uagp35 - ok
10:41:29.0270 3172 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
10:41:29.0270 3172 udfs - ok
10:41:29.0301 3172 UI0Detect (24a333f4f14dcfb6ff6d5a1b9e5d79dd) C:\Windows\system32\UI0Detect.exe
10:41:29.0316 3172 UI0Detect - ok
10:41:29.0410 3172 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
10:41:29.0410 3172 UleadBurningHelper - ok
10:41:29.0457 3172 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
10:41:29.0457 3172 uliagpkx - ok
10:41:29.0488 3172 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
10:41:29.0488 3172 uliahci - ok
10:41:29.0504 3172 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:41:29.0519 3172 UlSata - ok
10:41:29.0535 3172 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:41:29.0535 3172 ulsata2 - ok
10:41:29.0550 3172 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
10:41:29.0550 3172 umbus - ok
10:41:29.0613 3172 upnphost (8eb871a3deb6b3d5a85eb6ddfc390b59) C:\Windows\System32\upnphost.dll
10:41:29.0613 3172 upnphost - ok
10:41:29.0660 3172 usbccgp (0adb101083dfa5039b1e65fb36551ab1) C:\Windows\system32\DRIVERS\usbccgp.sys
10:41:29.0660 3172 usbccgp - ok
10:41:29.0691 3172 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:41:29.0691 3172 usbcir - ok
10:41:29.0738 3172 usbehci (0e3c51bafaa9e00a870ed20adfdc28e7) C:\Windows\system32\DRIVERS\usbehci.sys
10:41:29.0738 3172 usbehci - ok
10:41:29.0769 3172 usbhub (ec74d1322d1fbff709bdcbe20c703e1b) C:\Windows\system32\DRIVERS\usbhub.sys
10:41:29.0784 3172 usbhub - ok
10:41:29.0784 3172 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
10:41:29.0800 3172 usbohci - ok
10:41:29.0816 3172 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
10:41:29.0816 3172 usbprint - ok
10:41:29.0862 3172 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
10:41:29.0862 3172 usbscan - ok
10:41:29.0909 3172 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:41:29.0909 3172 USBSTOR - ok
10:41:29.0925 3172 usbuhci (c6b35b6c43751867d95752f1c5c8a3f2) C:\Windows\system32\DRIVERS\usbuhci.sys
10:41:29.0925 3172 usbuhci - ok
10:41:29.0972 3172 UxSms (f79d0d7c9004474cb42746d9b2c30a2b) C:\Windows\System32\uxsms.dll
10:41:29.0987 3172 UxSms - ok
10:41:30.0034 3172 vds (c9d0bafee0d0a2681f048ca61bc0da96) C:\Windows\System32\vds.exe
10:41:30.0050 3172 vds - ok
10:41:30.0065 3172 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
10:41:30.0065 3172 vga - ok
10:41:30.0065 3172 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
10:41:30.0081 3172 VgaSave - ok
10:41:30.0096 3172 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
10:41:30.0096 3172 viaagp - ok
10:41:30.0112 3172 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
10:41:30.0112 3172 ViaC7 - ok
10:41:30.0128 3172 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
10:41:30.0128 3172 viaide - ok
10:41:30.0143 3172 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
10:41:30.0143 3172 volmgr - ok
10:41:30.0174 3172 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
10:41:30.0174 3172 volmgrx - ok
10:41:30.0237 3172 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
10:41:30.0237 3172 volsnap - ok
10:41:30.0284 3172 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
10:41:30.0284 3172 vsmraid - ok
10:41:30.0408 3172 VSS (e0e29d9ef2524abd11749c7c2fd7f607) C:\Windows\system32\vssvc.exe
10:41:30.0424 3172 VSS - ok
10:41:30.0596 3172 vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
10:41:30.0627 3172 vToolbarUpdater11.1.0 - ok
10:41:30.0814 3172 W32Time (62b0d0f6f5580d9d0dfa5e0b466ff2ed) C:\Windows\system32\w32time.dll
10:41:30.0830 3172 W32Time - ok
10:41:30.0892 3172 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:41:30.0892 3172 WacomPen - ok
10:41:30.0939 3172 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
10:41:30.0939 3172 Wanarp - ok
10:41:30.0939 3172 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
10:41:30.0954 3172 Wanarpv6 - ok
10:41:30.0986 3172 wcncsvc (c1b19162e0509ceab4cdf664e139d956) C:\Windows\System32\wcncsvc.dll
10:41:31.0001 3172 wcncsvc - ok
10:41:31.0017 3172 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
10:41:31.0032 3172 WcsPlugInService - ok
10:41:31.0032 3172 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
10:41:31.0032 3172 Wd - ok
10:41:31.0110 3172 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
10:41:31.0126 3172 Wdf01000 - ok
10:41:31.0173 3172 WdiServiceHost (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
10:41:31.0173 3172 WdiServiceHost - ok
10:41:31.0188 3172 WdiSystemHost (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
10:41:31.0188 3172 WdiSystemHost - ok
10:41:31.0298 3172 Web Assistant Updater (5cab8953e4a9301553ae5fbe7832767a) C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
10:41:31.0313 3172 Web Assistant Updater - ok
10:41:31.0360 3172 WebClient (01e41c264eedcb827820a1909162579f) C:\Windows\System32\webclnt.dll
10:41:31.0376 3172 WebClient - ok
10:41:31.0422 3172 Wecsvc (9cf67ff7f8d34cbf115d0c278b9f74aa) C:\Windows\system32\wecsvc.dll
10:41:31.0422 3172 Wecsvc - ok
10:41:31.0454 3172 wercplsupport (b68cab45db1dab59d92acadfad6364a8) C:\Windows\System32\wercplsupport.dll
10:41:31.0454 3172 wercplsupport - ok
10:41:31.0469 3172 WerSvc (36ba0707680ef4236fd752bee982cc25) C:\Windows\System32\WerSvc.dll
10:41:31.0485 3172 WerSvc - ok
10:41:31.0547 3172 WinDefend (0d5ad0e71ff5ddac5dd2f443b499abd0) C:\Program Files\Windows Defender\mpsvc.dll
10:41:31.0563 3172 WinDefend - ok
10:41:31.0563 3172 WinHttpAutoProxySvc - ok
10:41:31.0641 3172 Winmgmt (38a7b89de4e3417c122317949667fdd8) C:\Windows\system32\wbem\WMIsvc.dll
10:41:31.0656 3172 Winmgmt - ok
10:41:31.0719 3172 WinRM (3f6823040030c3e4da1cf11cd40b7534) C:\Windows\system32\WsmSvc.dll
10:41:31.0734 3172 WinRM - ok
10:41:31.0812 3172 Wlansvc (b410476a00961bf3fc368a346d8ea6a7) C:\Windows\System32\wlansvc.dll
10:41:31.0828 3172 Wlansvc - ok
10:41:31.0890 3172 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
10:41:31.0906 3172 WmiAcpi - ok
10:41:31.0953 3172 wmiApSrv (a279323bee5fffafda222910bce92132) C:\Windows\system32\wbem\WmiApSrv.exe
10:41:31.0953 3172 wmiApSrv - ok
10:41:32.0109 3172 WMPNetworkSvc (acb2e63d50157e3ea7140f29d9e76a48) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:41:32.0124 3172 WMPNetworkSvc - ok
10:41:32.0171 3172 WPCSvc (3d3b3b80c12abe506f56930c46422c28) C:\Windows\System32\wpcsvc.dll
10:41:32.0171 3172 WPCSvc - ok
10:41:32.0187 3172 WPDBusEnum (c24844a1d0d9528b19d5bc266b8cd572) C:\Windows\system32\wpdbusenum.dll
10:41:32.0202 3172 WPDBusEnum - ok
10:41:32.0234 3172 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
10:41:32.0234 3172 ws2ifsl - ok
10:41:32.0249 3172 wscsvc (f97cbb919af6d0a6643d1a59c15014d1) C:\Windows\System32\wscsvc.dll
10:41:32.0265 3172 wscsvc - ok
10:41:32.0265 3172 WSearch - ok
10:41:32.0468 3172 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
10:41:32.0530 3172 wuauserv - ok
10:41:32.0702 3172 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:41:32.0717 3172 WUDFRd - ok
10:41:32.0748 3172 wudfsvc (db5bf5aab72b1b99b5331231d09ebb26) C:\Windows\System32\WUDFSvc.dll
10:41:32.0748 3172 wudfsvc - ok
10:41:32.0780 3172 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:41:34.0074 3172 \Device\Harddisk0\DR0 - ok
10:41:34.0106 3172 Boot (0x1200) (309f65c7d66c32a8ffafe4fa1a1833d8) \Device\Harddisk0\DR0\Partition0
10:41:34.0121 3172 \Device\Harddisk0\DR0\Partition0 - ok
10:41:34.0137 3172 Boot (0x1200) (7ca7067072ca0c6b94be6d44e0a6f922) \Device\Harddisk0\DR0\Partition1
10:41:34.0137 3172 \Device\Harddisk0\DR0\Partition1 - ok
10:41:34.0152 3172 ============================================================
10:41:34.0152 3172 Scan finished
10:41:34.0152 3172 ============================================================
10:41:34.0168 1940 Detected object count: 0
10:41:34.0168 1940 Actual detected object count: 0

Antwort

Themen zu Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012)
80000000.@, 800000cb.@, antivir, autorun, bho, bonjour, corp./icp, dateisystem, desktop, ebay, error, firefox, flash player, format, heuristiks/extra, heuristiks/shuriken, home, install.exe, installation, logfile, microsoft office word, nvstor.sys, office 2007, plug-in, problem, realtek, registry, rundll, searchscopes, security, senden, software, symantec, trojan.sirefef, trojan.small, trojaner, trojaner tr/atraps.gen, version=1.0, vista, wallpapers, windows, wlan.




Ähnliche Themen: Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012)


  1. Trojaner tr/atraps.gen2 und tr/sirefef.abx befall
    Log-Analyse und Auswertung - 09.10.2013 (3)
  2. Trojaner ATRAPS.Gen2, ATRAPS.Gen und Sirefef.A.12
    Plagegeister aller Art und deren Bekämpfung - 15.08.2013 (10)
  3. Trojaner TR/Sirefef.BC.57, TR/Sirefef.AG.9, TR/ATRAPS.Gen2, TR/Necurs.A.71 und SpyHunter 4 auf Rechner
    Log-Analyse und Auswertung - 07.05.2013 (7)
  4. Trojaner Befall TR/ATRAPS.GEN ,TR/ATRAPS.GEN2 , TR/Cutwail.jhg , TR/ZAccess.H , TR/Sirefef.A.37
    Plagegeister aller Art und deren Bekämpfung - 08.10.2012 (17)
  5. Trojaner TR/ATRAPS.GEN und .GEN2 sowie TR/SIREFEF.A.50
    Log-Analyse und Auswertung - 03.09.2012 (1)
  6. Trojaner geangelt TR/ATRAPS.Gen2 TR/Sirefef.16896
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (38)
  7. Avira Antivirus Premium 2012: Funde von TR/ATRAPS.GEN TR/ATRAPS.GEN2 TR/Sirefef.P.666 BDS/ZAccess.T
    Log-Analyse und Auswertung - 25.07.2012 (3)
  8. Trojaner Atraps.Gen, Atraps.Gen2 und Sirefef.AB.20 - gelöscht, aber auch sicher?
    Log-Analyse und Auswertung - 14.07.2012 (23)
  9. Antivir findet 4 Trojaner: TR/ATRAPS.Gen, TR/ATRAPS.Gen2, Sirefef.P.342, Dldr.Phdet.E.41
    Log-Analyse und Auswertung - 11.07.2012 (1)
  10. Trojaner-Dauerschleife: TR/ATRAPS.Gen2 ; TR/Sirefef.AG.35 ; TR/Small.FI
    Log-Analyse und Auswertung - 06.07.2012 (15)
  11. Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 von Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 21.06.2012 (31)
  12. Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35
    Log-Analyse und Auswertung - 20.06.2012 (31)
  13. Trojaner TR/ATRAPS.Gen2, TR/Sirefef.AG.35 u TR/Small.FI auf meinem PC
    Plagegeister aller Art und deren Bekämpfung - 17.06.2012 (19)
  14. Avira meldet Trojaner ATRAPS.GEN2 und Sirefef.AG.35
    Plagegeister aller Art und deren Bekämpfung - 12.06.2012 (27)
  15. Trojaner TR/ATRAPS.Gen2 und TR/Sirefef.AG.35 auch bei mir eingeschlagen
    Log-Analyse und Auswertung - 09.06.2012 (3)
  16. Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (3)
  17. !Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35
    Plagegeister aller Art und deren Bekämpfung - 01.06.2012 (24)

Zum Thema Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012) - FRST Downloade dir bitte Farbar's Recovery Scan Tool und speichere diese auf einen USB Stick. Schließe den USB Stick an das infizierte System an Du musst das System nun in - Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012)...
Archiv
Du betrachtest: Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.