erstelltes Thema erscheint nicht

LisaCharly · 07.12.2012, 16:37

Hallo,
bitte herzlich darum, daß irgendjemand mir mitteilt, warum mein neu erstelltes Thema nicht angenommen wird. Was habe ich falsch gemacht?

Habe gestern in "Plagegeister aller Art und deren Bekämpfung" eine neues Thema erstellt, Titel: "Chatzum Search öffnet Seiten"
Ich kann es aber trotz intensiver Suche in allen Foren nicht finden. Auch unter meinem Benutzernamen steht: noch kein Thema ertellt.
Es könnte ja sein, daß ich etwas falsch gemacht habe und deshalb mein Thema nicht angenommen wurde.

Gruß
LisaCharly

E-Mail-Adresse entfernt /cosinus

M-K-D-B · 08.12.2012, 13:10

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Ich konnte dein erstelltes Thema auch nicht finden.
Aber jetzt hast du ja ein neues Thema und wir können uns hier um dein Problem kümmern.

Schritt 1
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).

Starte bitte die OTL.exe.
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
Setze einen Haken bei Scanne alle Benutzer.
Unter Extra Registry, wähle bitte Use SafeList.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Schließe bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Scan Button.
Am Ende des Suchlaufs werden 2 Logdateien erstellt.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Schritt 2
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
Wenn der Scan beendet wurde (Finished), klicke auf OK.
Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt. Poste deren Inhalt mit deiner nächsten Antwort.

Klicke den Re-enable Button nicht ohne Anweisung!

Schritt 3
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Nein.
Klicke auf Scan
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Schritt 4
Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die beiden Logdateien von OTL,
die Logdatei von DeFogger,
die Logdatei von aswMBR,
die Logdatei von TDSSKiller.

LisaCharly · 09.12.2012, 21:01

Hallo Matthias,
danke das Du dich gemeldet hast!
Ich hatte den ersten Schritt schon ausgeführt und dann gesehen, daß ich vor dem Scannen den Inhalt der "Codebox" in die Textbox kopieren muß. Leider weiß ich nicht, was die "Codebox" ist bzw. wo ich die finden kann.

Gruß
LisaCharly

M-K-D-B · 09.12.2012, 22:19

Servus,

was du tun musst, steht alles in meiner Anleitung.

Lies sie dir in Ruhe durch und führe sie genau so aus. Keine Angst, das haben schon Hunderte vor dir geschafft, du schaffst es auch.

LisaCharly · 11.12.2012, 20:59

Hallo Matthias,
hier nun die erforderlichen Dateien.
Nochmal kurze Beschreibung der Probleme:
1. Wenn ich in Firefox einen neuen Tab öffnete, erschien Chatzum Search.
Deshalb den AdwCleaner durchgeführt; danach schien das Problem gelöst.
Da ich aber unter c: noch eine Datei chatzum_nt fand, befürchte ich, das dem nicht so ist.
2. Der Explorer stürzte sofort nach dem öffnen ab und startet neu. Nachdem ich die Einstellung so geändert habe, daß jeder Ordner in einem neuen Fenster geöffnet wird, Absturz nur noch wenn ich länger im Explorer arbeite.

Gruß
LisaCharlyOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 11.12.2012 19:58:12 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rita\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 6,15 Gb Available Physical Memory | 77,67% Memory free
15,83 Gb Paging File | 13,81 Gb Available in Paging File | 87,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,30 Gb Total Space | 100,31 Gb Free Space | 53,84% Space Free | Partition Type: NTFS
Drive D: | 254,45 Gb Total Space | 254,25 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 152,28 Gb Free Space | 32,69% Space Free | Partition Type: NTFS
Drive G: | 1,84 Gb Total Space | 1,59 Gb Free Space | 86,17% Space Free | Partition Type: FAT
 
Computer Name: RITA-PC | User Name: Rita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.06 15:55:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rita\Downloads\OTL.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Rita\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.23 12:32:38 | 001,466,760 | ---- | M] (Garmin) -- C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2011.10.22 17:19:04 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011.03.13 18:59:18 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011.02.08 03:55:14 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010.11.12 08:24:12 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010.10.07 22:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010.10.06 05:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.10.06 05:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.09.24 00:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010.08.17 22:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010.02.03 08:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.11.02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.06.19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2002.05.03 10:47:46 | 000,069,632 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.15 15:33:37 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5e3ccfdf88ccd6a9ff4e6ddae7e3fec6\System.Xaml.ni.dll
MOD - [2012.11.15 15:33:37 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\d6dc54d6b4aadbc921d00c3b76647e61\System.Xml.Linq.ni.dll
MOD - [2012.11.14 17:00:19 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c881e2d2ec912499834feb85c4c2e483\PresentationFramework.ni.dll
MOD - [2012.11.14 17:00:08 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\58f50a891bafb8fd7149e6eebc2b7b52\PresentationCore.ni.dll
MOD - [2012.11.14 17:00:01 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\05ebffcb5aac31412fea8c38cbac8df8\WindowsBase.ni.dll
MOD - [2012.11.14 16:59:59 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\cbb227c0a77a5b15a1255220984239f2\PresentationFramework.Aero.ni.dll
MOD - [2012.11.14 16:57:52 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll
MOD - [2012.11.14 16:57:45 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll
MOD - [2012.11.14 16:57:41 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll
MOD - [2012.11.14 16:57:41 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\e450f586600c27379b52c1058292cfd9\System.Security.ni.dll
MOD - [2012.11.14 16:57:39 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll
MOD - [2012.11.14 16:57:36 | 009,093,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll
MOD - [2012.11.14 16:57:31 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2012.10.11 11:54:00 | 000,427,520 | ---- | M] () -- c:\progra~2\mocaflix\sprote~1.dll
MOD - [2010.09.24 00:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009.11.02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2010.11.30 21:19:52 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010.11.29 23:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.11.29 09:26:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.03.13 18:59:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011.03.13 18:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2011.02.08 03:55:14 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.11.12 23:24:12 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2010.10.06 05:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.10.06 05:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.13 18:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011.03.13 18:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011.03.13 18:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011.03.13 18:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011.03.13 18:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011.03.13 18:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011.03.13 18:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 04:42:20 | 001,413,168 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.02.08 03:55:06 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.01.27 01:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.11.29 23:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.21 17:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.17 09:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2010.09.17 09:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010.09.17 09:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2010.09.17 09:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2010.08.24 10:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.08.11 07:11:26 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010.07.08 10:03:48 | 002,228,736 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.05.24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007.11.02 13:22:30 | 000,145,448 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217mdm.sys -- (s217mdm)
DRV:64bit: - [2007.11.02 13:22:30 | 000,138,792 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217unic.sys -- (s217unic)
DRV:64bit: - [2007.11.02 13:22:30 | 000,124,968 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217obex.sys -- (s217obex)
DRV:64bit: - [2007.11.02 13:22:30 | 000,033,832 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217nd5.sys -- (s217nd5)
DRV:64bit: - [2007.11.02 13:22:28 | 000,108,072 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217bus.sys -- (s217bus)
DRV:64bit: - [2007.11.02 13:22:28 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217mdfl.sys -- (s217mdfl)
DRV - [2010.07.26 21:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 01:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.mocaflix.com/
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3306867040-4245769040-2452352677-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-3306867040-4245769040-2452352677-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.chatzum.com/
IE - HKU\S-1-5-21-3306867040-4245769040-2452352677-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - No CLSID value found
IE - HKU\S-1-5-21-3306867040-4245769040-2452352677-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3306867040-4245769040-2452352677-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKU\S-1-5-21-3306867040-4245769040-2452352677-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3306867040-4245769040-2452352677-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3306867040-4245769040-2452352677-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-3306867040-4245769040-2452352677-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-3306867040-4245769040-2452352677-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-3306867040-4245769040-2452352677-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.mocaflix.com/
IE - HKU\S-1-5-21-3306867040-4245769040-2452352677-1002\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3306867040-4245769040-2452352677-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaulturl: "hxxp://websearch.mocaflix.com/?l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.7
FF - prefs.js..extensions.enabledAddons: %7Bada4b710-8346-4b82-8199-5de2b400a6ae%7D:2.0.2
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.3.1
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.0.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://websearch.mocaflix.com/?l=1&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\firefoxextension\ [2012.04.22 18:52:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 14:32:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.02 11:47:19 | 000,000,000 | ---D | M]
 
[2011.12.16 11:52:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\Extensions
[2012.12.07 20:46:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\Firefox\Profiles\h2n1xlg0.default\extensions
[2012.12.01 11:26:47 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Rita\AppData\Roaming\mozilla\Firefox\Profiles\h2n1xlg0.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.11.15 15:38:33 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Rita\AppData\Roaming\mozilla\Firefox\Profiles\h2n1xlg0.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012.11.22 11:17:20 | 000,000,000 | ---D | M] (SaveAs) -- C:\Users\Rita\AppData\Roaming\mozilla\Firefox\Profiles\h2n1xlg0.default\extensions\50adfe8e2e97e@50adfe8e2e9b8.com
[2012.09.20 08:18:12 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\firefox\profiles\h2n1xlg0.default\extensions\amznUWL2@amazon.com.xpi
[2012.12.06 16:00:54 | 000,109,804 | ---- | M] () (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\firefox\profiles\h2n1xlg0.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2012.08.24 09:20:22 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\firefox\profiles\h2n1xlg0.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012.11.25 13:13:14 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\firefox\profiles\h2n1xlg0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.01 11:26:47 | 000,710,866 | ---- | M] () (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\firefox\profiles\h2n1xlg0.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.11.22 11:17:19 | 000,000,544 | ---- | M] () -- C:\Users\Rita\AppData\Roaming\mozilla\firefox\profiles\h2n1xlg0.default\searchplugins\WebSearch.xml
[2012.12.06 14:32:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.02 11:47:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (SaveAs Class) - {34DF74E8-7D43-1CEE-BA74-7225F6205EB4} - C:\ProgramData\SaveAs\50adfe8e2eae4.ocx ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3306867040-4245769040-2452352677-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-3306867040-4245769040-2452352677-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3306867040-4245769040-2452352677-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rita\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3306867040-4245769040-2452352677-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - res://C:\PROGRA~2\MICROS~1\Office\1031\phdintl.dll/phdContext.htm File not found
O8 - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - res://C:\PROGRA~2\MICROS~1\Office\1031\phdintl.dll/phdContext.htm File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED3976E2-EE94-4416-8503-DFC2E9B6A97E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\progra~2\mocaflix\sprote~1.dll) - c:\progra~2\mocaflix\sprote~1.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd - C:\Windows\SysWow64\pdvcodec.dll (Matsushita Electric Industrial Co., Ltd.)
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.09 12:18:30 | 000,000,000 | R--D | C] -- C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012.12.07 21:10:51 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Roaming\ParetoLogic
[2012.12.07 21:10:51 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Roaming\DriverCure
[2012.12.07 21:10:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2012.12.06 16:52:19 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.12.06 16:51:35 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012.12.06 16:51:33 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012.12.06 16:51:29 | 000,000,000 | ---D | C] -- C:\Windows\el
[2012.12.06 16:51:27 | 000,000,000 | ---D | C] -- C:\Windows\es
[2012.12.06 16:51:25 | 000,000,000 | ---D | C] -- C:\Windows\fr
[2012.12.06 16:51:23 | 000,000,000 | ---D | C] -- C:\Windows\he
[2012.12.06 16:51:21 | 000,000,000 | ---D | C] -- C:\Windows\it
[2012.12.06 16:51:19 | 000,000,000 | ---D | C] -- C:\Windows\nl
[2012.12.06 16:51:16 | 000,000,000 | ---D | C] -- C:\Windows\ru
[2012.12.06 16:51:13 | 000,000,000 | ---D | C] -- C:\Windows\ar
[2012.12.06 16:48:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012.12.06 16:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012.12.06 16:38:11 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012.12.06 16:38:11 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012.12.06 16:38:11 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012.12.06 16:38:11 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012.12.06 16:38:11 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012.12.06 16:38:11 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012.12.06 16:38:11 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012.12.06 16:38:11 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012.12.06 15:13:57 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{66E2F6A7-298E-4EF0-A61F-747A46BFCF85}
[2012.12.06 14:53:46 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Roaming\Malwarebytes
[2012.12.06 14:53:42 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.06 14:53:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.06 14:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.06 14:32:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.12.05 17:20:23 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{D501D416-841F-4D21-9F3F-6CDB3C0B0922}
[2012.12.02 19:40:29 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{C2057799-37A2-4DF5-A56B-BAE7C9403A3D}
[2012.12.02 11:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.01 18:26:48 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{BEFC6E3E-06F7-4375-9426-D4BC01AC11F0}
[2012.11.30 10:31:03 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{1C634F90-39BF-4295-9062-1D3813CEFAD9}
[2012.11.29 13:13:31 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{FF70CEBB-A9A2-41AF-8BC5-CF26966D4B2D}
[2012.11.28 12:39:02 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{5BFC3B52-551D-4958-98EE-B52CE182B879}
[2012.11.27 15:36:57 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{34B58A2C-72E8-4260-8A2B-E7266FBD3F93}
[2012.11.26 14:43:36 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{2A7AC3A5-D422-4996-915B-B1A061D3F8BF}
[2012.11.23 14:58:36 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{5237B8CC-24E1-4538-8EE3-9BF0CD73EC8B}
[2012.11.22 11:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MocaFlix
[2012.11.22 11:17:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2012.11.22 11:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveAs
[2012.11.22 11:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs
[2012.11.22 10:41:04 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{392E0CC6-0D82-4E60-A31E-56BEF369D4E1}
[2012.11.21 10:20:18 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{6372F3BA-E0A9-43C3-B8D8-79B3A9C5BEDC}
[2012.11.20 11:22:35 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{EE97A51C-4538-4B31-B285-DDA8CE76EE6F}
[2012.11.19 10:54:22 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{50A63D65-AC51-4539-ADA0-90A09F29E657}
[2012.11.18 10:06:52 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{C4658DFD-34F5-43C2-A432-7BC7E05E7E86}
[2012.11.17 12:00:05 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{64DDDB26-258D-4140-9E6F-96D5BB30D367}
[2012.11.15 22:26:27 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{4370C0FE-7865-457F-B2D1-D52855F298FB}
[2012.11.15 09:32:23 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{96756242-A138-444A-9969-770451DF6878}
[2012.11.14 16:58:19 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.11.14 16:58:19 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.11.14 16:54:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.14 16:54:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.14 16:54:42 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.14 16:54:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.14 16:54:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.14 16:54:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.14 16:54:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.14 16:54:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.14 16:54:42 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.14 16:54:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.14 16:54:41 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.14 16:54:41 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.14 16:54:40 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.14 16:54:40 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.14 16:54:40 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.14 16:52:15 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.11.14 16:52:14 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.11.14 16:52:14 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.11.14 16:52:14 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.11.14 16:48:51 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.11.14 16:48:51 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.11.14 16:48:51 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012.11.14 16:48:51 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012.11.14 16:48:51 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012.11.14 16:48:51 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.11.14 16:48:49 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.11.14 16:48:49 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.11.14 16:48:49 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.11.14 16:48:47 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.14 16:48:47 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[10 C:\Users\Rita\Documents\*.tmp files -> C:\Users\Rita\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.11 19:48:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.10 18:29:15 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.10 18:29:15 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.09 12:18:12 | 000,000,404 | -H-- | M] () -- C:\Windows\tasks\OptimizerProUpdaterTask{79E9FB28-E9B4-4154-9AFA-73B895D3BFE1}.job
[2012.12.09 12:17:20 | 2078,388,223 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.06 16:56:44 | 000,001,362 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012.12.06 16:48:27 | 000,000,020 | ---- | M] () -- C:\Windows\4úY
[2012.12.06 15:46:22 | 000,000,000 | ---- | M] () -- C:\Users\Rita\defogger_reenable
[2012.12.06 14:53:43 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.06 14:32:58 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.22 22:15:33 | 000,002,324 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012.11.21 17:51:16 | 000,000,020 | ---- | M] () -- C:\Windows\v
[2012.11.16 17:58:04 | 000,423,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.16 17:41:51 | 000,001,471 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2012.11.16 17:41:51 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.11.16 17:41:41 | 000,002,000 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012.11.14 17:22:12 | 001,529,706 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.14 17:22:12 | 000,665,812 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.14 17:22:12 | 000,627,654 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.14 17:22:12 | 000,133,992 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.14 17:22:12 | 000,110,374 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.14 10:49:45 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.11.14 10:49:45 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.11.14 10:46:11 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[10 C:\Users\Rita\Documents\*.tmp files -> C:\Users\Rita\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.06 16:51:12 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012.12.06 16:51:05 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2012.12.06 16:48:26 | 000,000,020 | ---- | C] () -- C:\Windows\4úY
[2012.12.06 16:40:25 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.12.06 15:46:22 | 000,000,000 | ---- | C] () -- C:\Users\Rita\defogger_reenable
[2012.12.06 14:53:43 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.06 14:32:58 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.22 11:17:11 | 000,000,404 | -H-- | C] () -- C:\Windows\tasks\OptimizerProUpdaterTask{79E9FB28-E9B4-4154-9AFA-73B895D3BFE1}.job
[2012.11.21 17:51:16 | 000,000,020 | ---- | C] () -- C:\Windows\v
[2012.11.14 16:58:21 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.14 16:52:13 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.14 10:46:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.11.14 10:46:11 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012.09.30 18:25:10 | 000,004,433 | ---- | C] () -- C:\Windows\jwwp_x.ini
[2012.07.15 10:48:24 | 000,004,934 | ---- | C] () -- C:\ProgramData\innbfrij.xis
[2012.02.14 19:13:54 | 001,456,640 | ---- | C] () -- C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi
[2012.01.01 21:11:39 | 001,557,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.30 17:37:38 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011.12.18 20:32:44 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.12.16 18:57:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.12.16 12:17:20 | 000,000,017 | ---- | C] () -- C:\Users\Rita\AppData\Local\resmon.resmoncfg
[2011.10.22 17:05:52 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.05.31 04:24:17 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.05.31 04:23:33 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.05.31 04:23:31 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.05.31 04:23:30 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.04.13 03:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2012.11.09 23:09:20 | 000,000,596 | ---- | M] () -- C:\Users\Rita\AppData\Roaming\Mozilla\Firefox\Profiles\h2n1xlg0.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.11.29 10:19:58 | 000,892,008 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.11.29 10:19:58 | 000,892,008 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.11.29 10:19:58 | 000,892,008 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012.11.29 09:26:08 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012.11.29 09:26:08 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012.11.29 09:26:08 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011.03.28 17:27:18 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011.03.28 17:27:18 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011.03.28 17:27:18 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012.10.08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012.10.08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012.11.29 10:19:58 | 000,892,008 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012.11.29 10:19:58 | 000,892,008 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012.11.29 10:19:58 | 000,892,008 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012.11.29 09:26:08 | 000,916,960 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012.11.29 09:26:08 | 000,916,960 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012.11.29 09:26:08 | 000,916,960 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011.03.28 17:27:18 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011.03.28 17:27:18 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011.03.28 17:27:18 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012.10.08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012.10.08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
 
<           >

< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 11.12.2012 19:58:12 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rita\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 6,15 Gb Available Physical Memory | 77,67% Memory free
15,83 Gb Paging File | 13,81 Gb Available in Paging File | 87,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,30 Gb Total Space | 100,31 Gb Free Space | 53,84% Space Free | Partition Type: NTFS
Drive D: | 254,45 Gb Total Space | 254,25 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 152,28 Gb Free Space | 32,69% Space Free | Partition Type: NTFS
Drive G: | 1,84 Gb Total Space | 1,59 Gb Free Space | 86,17% Space Free | Partition Type: FAT
 
Computer Name: RITA-PC | User Name: Rita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3306867040-4245769040-2452352677-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F881F3-65AE-48DA-825A-AED43D901D8B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{08466D8F-FBAC-4D60-8C47-E0252D0569BF}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1502223B-6A64-40B7-9D90-E4C291EA07D9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{155C5FB5-3D23-4346-BFD9-3ED8D9502139}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1BEBDD36-132D-4182-9899-698BC73F13A5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{21E58766-EAF6-46CC-8AEF-DE76EEE59589}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3572F0EB-613C-4D5D-94F9-6C6DD17BBEBE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3F6894B5-7DBA-49BC-89E0-52D0638810FD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{5AC9E851-B583-4BC6-9D9C-F152A5862325}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5E7A33F1-F76B-45E1-8A67-BF003EF74064}" = rport=139 | protocol=6 | dir=out | app=system | 
"{68C2B933-51A8-4A9A-A8BA-E44024FB5D6F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{751E3A73-1BAB-4F51-B661-8A69FE665E47}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{8252D178-72B7-4C8A-AD74-8E31879048C2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{83205428-AE03-4693-B21B-F63692E1DE2E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{8804EF7B-B3B6-40E6-98BE-E37F40BF870A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{9002830C-AAD4-4279-B175-2F629C224184}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{907088A4-90A3-4801-84C3-A6F2973D8BEC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9464C45A-6B64-4753-870B-4921F1644437}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{96C114E9-469A-4997-95BE-38220DE8B103}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{ACEB2468-01BE-4339-9A0E-38D8E50A28B1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B0FDEFD4-C155-4A4C-81E2-F3E5496084FE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B7F0216A-D157-46E4-AF17-BC40BCC59106}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BBCAE95C-B1D9-4560-BBEC-7A762B61A02E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BFE962F4-7ACF-4535-970E-E82E41D82A7E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C7022E60-6522-437E-85E0-9090D4EF44A8}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CAE7E8DF-79CF-4002-B6DA-29AB5A1BFB90}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CD8A375F-F5E8-45AF-92EE-C01D66E5501F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{CE9BAD53-BDA0-475B-BADE-D8028E6AED71}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DF3309E9-F719-4886-8AA5-6142FA1A60B8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E2E1F4C1-17C5-4FC7-8DC3-D672FC1658B7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{F7A569A8-2A26-46BC-8802-B78576AF3A0C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18BD6347-4FF7-47B1-B7B1-D497F01A6D25}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1D9306CF-1BF8-4B55-BB73-690313F630FB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{25E544F8-62B3-426D-A530-B5A39F855AEA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{274D53E1-0CC2-4BEE-A02A-8400D63083F4}" = protocol=17 | dir=in | app=c:\users\rita\appdata\roaming\dropbox\bin\dropbox.exe | 
"{2D41FDF1-1395-47D1-925C-AE00CA5D4051}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{319D5919-C7C1-496E-97A1-F06D222881FD}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3285DC7A-CFA5-4808-A89E-C40F479C9785}" = protocol=6 | dir=out | app=system | 
"{3CA62D83-B2EC-4F35-83EF-8C28CC0A8B88}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{44A602D7-7C18-453A-8F35-5DEAF5983CE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5294AA54-7A8A-4F91-833F-91F2CE58DAB1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5299EA90-DAAE-4E8A-8259-78EBFC8176B1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{66A90C8C-B7BA-4CB1-910A-B46C7402345C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8A218DEC-B500-474C-AADC-4CA962D4031B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{93B67676-038A-4342-8FB2-2C6D23BB691E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9A45C278-3170-449B-8F56-DEDF438CFEA9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A7067C5B-9E4C-4668-BE2A-A6A3519EF84A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AE72AB9F-EE39-4403-87CC-EE312B332D89}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{B4C0B2A3-3CA3-467D-BA12-AC749294CFE5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B8019388-C7E5-4547-9D62-9EC150D13FB2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C5F15E07-B0E2-4B48-B6F6-51A0F464C696}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{DA2FCE0B-AEE8-4A67-B697-8C5C89F4EC25}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{DA9D74F3-9F31-4FF0-BEAA-3C82626392FC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{E5C5A0FD-6B6D-47EB-98F0-64832687CA95}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ED2699C9-528E-4B6A-8FCB-0A57AF9ECDEF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EF213244-ED86-4655-A41E-7A9D8F920711}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F3E4AFC4-07F4-4E8C-99EC-5E3568817100}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F55477E2-EF2C-4361-928B-AB03AD8CAE6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F55FA9A0-63B6-4C5D-B28F-3E61CD5F085C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FD446D4F-411F-4240-AF01-A5F8048F5537}" = protocol=6 | dir=in | app=c:\users\rita\appdata\roaming\dropbox\bin\dropbox.exe | 
"{FD6050C6-11FE-4FA5-8FF4-BEE3542C9F46}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{FF9250BD-E486-4D06-8901-99A1633D28A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{2F497265-79B3-4C56-A2AA-4103DF422B66}C:\users\rita\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\rita\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{C2FA54A9-B2EA-4FD7-8318-739C85D26D53}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{C7076261-9BA9-4687-9BF5-F3C994BF7760}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{3A7750E3-2064-477D-B630-E918827065AB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{88974580-6EDA-4B14-9D96-230125E28FD6}C:\users\rita\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\rita\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{AC01043D-6306-4EDF-A85E-87B6A8E945AC}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series" = Canon iP4800 series Printer Driver
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{000AD938-EEBB-46F5-BD33-23CB34A57C54}" = Movie Maker
"{01944037-D136-45EE-A007-403EAD929FC7}" = Windows Live Writer
"{01ABAEC3-8F96-4D00-9672-E49AAFDC0685}" = Windows Live Writer Resources
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{061FF8F3-5226-4278-8AAB-282C1B024F58}" = Photo Common
"{06EED60F-7FFC-43A7-936E-AA4A8BD948B4}" = Windows Live Writer
"{087D261B-73AE-4B8A-8F18-2EE80DD2ED8B}" = Фотоальбом
"{0AD576A7-EDCE-469E-ADD7-1AC9DB200C6B}" = Windows Live Mail
"{0BC39E89-506A-4ADA-8924-27AEE2C97618}" = Windows Live Writer
"{0BFF2188-2D8E-4BE2-95D0-B3CCD4C6A0C9}" = Photo Common
"{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}" = Movie Maker
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{16726771-C380-4280-BAF9-1223B3838786}" = SaveAs
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{19AFD9A4-B584-41C8-91EA-38EB2FC1BD50}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1FEE19BC-6F0C-42E4-82FF-FB597F6141DF}" = Windows Live Essentials
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2177152C-83DD-4540-B2F0-970F7303B7BA}" = Windows Live Writer Resources
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2AC4C6D7-512D-4B78-A85B-2C16E748AB8E}" = Movie Maker
"{2B068A64-F867-44E9-8827-A795647C8730}" = Фотографии (общедоступная версия)
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{373EF285-A2DC-44EB-8D79-18918F33CB3A}" = Windows Live Messenger
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3C41298B-A3F5-40C8-8BE3-A9A3F0644B0A}" = Windows Live Writer
"{3C5EA394-1031-11D2-A2CB-00C04F72F31D}" = Microsoft PhotoDraw 2000 V2
"{3C63F944-803E-49A7-B3A2-B8AB3313E883}" = Windows Live UX Platform Language Pack
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{43CCAC37-4E31-495F-9077-471E4E92DCEA}" = Windows Live Messenger
"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos
"{45411273-7307-4F9D-BCAF-7E5ED0A36050}" = Garmin Lifetime Updater
"{476C5E21-9418-4A76-80A3-0C6A470AC637}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack
"{4AF53C99-315D-4536-873F-029D2D274AE2}" = Photo Common
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{5006FD66-7E9B-4F92-BD36-275AD7712348}" = معرض الصور
"{525E7EA7-481F-499D-A7F7-4682AC46A454}" = Movie Maker
"{5681FEA2-1CF8-461E-B611-55D2C50FC4EF}" = بريد Windows Live
"{5917D694-AFC3-46BF-8CAB-0DABAF9D6FCB}" = Windows Live UX Platform Language Pack
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5FE3BC4E-2BD5-4D6B-8BC4-640A42626AAD}" = Почта Windows Live
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62BBCDDC-4979-4E59-9D97-5B8E874C3191}" = Movie Maker
"{631C4E4F-6FDC-4CC0-A067-E9876A9BA7FD}" = 影像中心
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{69FCA957-224F-4623-8BE0-6295CFB2C3E4}" = Windows Live Mail
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{701FE1BC-834A-4857-AF62-6EBA50CFBC78}" = Movie Maker
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73669388-1011-4B57-A90F-8B0415093AB2}" = Windows Live Writer
"{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{794D971F-7EC1-4F71-A51C-773074CAB8DA}" = Windows Live Writer
"{79A1AF43-BD17-4A81-B38A-6D6535D3F377}" = Windows Live Writer
"{7CDBE27D-87EC-434E-AFE4-D0116AE876BB}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{8030AE22-7FA0-4880-A538-8906EDBF49F4}" = Windows Live Writer Resources
"{81CF4226-47C1-418C-8718-1B3ED2C37878}" = Windows Live Essentials
"{83C9377F-5ED1-4AD8-B113-7C876AEAF3AB}" = Windows Live Messenger
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{87425773-10F4-4858-8CBF-465093FA43DE}" = Windows Live Mail
"{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8AAEB5A5-A397-46B6-8AF3-B6DC790C4E48}" = Windows Live Messenger
"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E241C05-52BF-4862-AD1F-AAE465C0075B}" = Windows Live Mail
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8F7FECEC-088F-431D-A5FB-2B59E1E69943}" = Galería de fotos
"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96914829-DF65-40AE-8A31-6F3E96BAEBBD}" = Windows Live Mail
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{989889A7-D13D-4DA4-B059-B250784DFABC}" = Photo Common
"{9B4D3AFE-8679-4704-AA4C-BAB0E41870EF}" = Windows Live Essentials
"{9C60D080-84E7-43A5-8ECA-28253D253BD7}" = Windows Live Essentials
"{A0E4C4A6-1CC7-4442-8CAE-2D825B7BC1C1}" = Windows Live Writer Resources
"{A132CE8A-79EA-4BB5-9A24-4348B4DDD48A}" = Photo Common
"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker
"{A19A8C25-272A-4CD6-8BA8-3772321A021B}" = Συλλογή φωτογραφιών
"{A58FCEF4-3191-466C-8949-0FFFFFB7631D}" = Windows Live Writer Resources
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ADE1F206-1365-4B14-9A24-4B1A7DD58BAC}" = Windows Live UX Platform Language Pack
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker
"{B096A0E4-26A1-4E9F-8548-577964B9434B}" = Windows Live Essentials
"{B27EDD14-869E-4A44-905A-5DE652F7278F}" = Windows Live Messenger
"{B306F739-A414-4698-BFAD-0AB23F73D14F}" = Windows Live Messenger
"{B328282C-DCE9-49B7-8B98-C08D9AA28C46}" = Windows Live Mail
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B67B2671-2981-466B-BA14-25538AA871DC}" = Windows Live Messenger
"{B693A4C3-B708-4F25-978E-56CA2517914C}" = Windows Live UX Platform Language Pack
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B77D2795-23C0-4DBD-B7B5-CFB542D1FA3F}" = Windows Live Writer Resources
"{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}" = Ulead Photo Express 4.0 SE
"{BC5AB595-ABEA-42D3-BD4F-C8014EB20F2B}" = Falk Navi-Manager
"{BFA6D5AD-25EA-475F-AD80-ECD408C674AB}" = Movie Maker
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C40D110E-0718-4E11-A69B-D4EC7BF2EB04}" = Windows Live UX Platform Language Pack
"{C41A3B9E-A238-4E83-AD37-D1EDD1105F5A}" = Windows Live Writer
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack
"{C4E8BC59-BD60-4B73-999B-758890DF4E62}" = Windows Live Writer Resources
"{C595F480-788A-4F8F-8277-1A91F32CA879}" = Windows Live Writer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C8BBA220-8549-462A-B411-1AF44DE098B5}" = Photo Common
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CE542E0D-E056-4426-9F98-084C13E18641}" = Windows Live UX Platform Language Pack
"{D04EBB49-C985-4A38-8695-62000861293A}" = Raccolta foto
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0F03C35-6196-4992-8621-6F390DFA9073}" = Windows Live Messenger
"{D16E0F0C-5D10-45CF-A585-CE3689B5A913}" = Windows Live Writer
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D4EA8070-20E0-4BAF-BC44-D166C292FEBE}" = Windows Live Writer Resources
"{D5082B89-2E86-447E-A02C-922534592FA8}" = Photo Common
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DB169E8F-5332-4DBF-B085-84AA2C373304}" = Windows Live Messenger
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B5FDF0-6940-44B2-8204-CFA746A6B4AF}" = Movie Maker
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E37CD6E8-BC51-4D48-9840-803EC3B418D3}" = גלריית התמונות
"{E570053D-8ABC-4938-9E23-C634E08E7490}" = Windows Live Mail
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E7AE39C6-B669-433F-A351-CA132C611310}" = Windows Live UX Platform Language Pack
"{EA2BE047-FF29-4336-BB70-6AF201085BAF}" = Windows Live 程式集
"{EA348D4B-FB4D-4449-8749-654CA51F56A6}" = Windows Live UX Platform Language Pack
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0 
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common
"{F54A07A9-9716-4094-9E79-F5E929679FFF}" = Windows Live Writer Resources
"{F5E338CE-E1C6-4F7D-8300-44DBD05B9F14}" = Galeria de Fotografias
"{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery
"{F7304CCF-B4A0-49C7-88A8-CD3F28FFBF9A}" = Основные компоненты Windows Live
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA75723A-BF4A-40A2-BFCB-BBC320C27DC9}" = Windows Live Mail
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FEFD91C5-A25D-48D9-89DA-0FB7BB8B3EF7}" = Windows Live Writer Resources
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"AsusScr_K3 Series_ENG_Basic" = AsusScr_K3 Series_ENG_Basic
"Bookworm Deluxe" = Bookworm Deluxe
"Cooking Dash" = Cooking Dash
"Doxillion" = Doxillion Document Converter
"ExpressBurn" = Express Burn CD DVD Blu-Ray Brenner
"ExpressZip" = Express Zip File Compression Software
"Governor of Poker" = Governor of Poker
"Hotel Dash Suite Success" = Hotel Dash Suite Success
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SP_8e4eb48d" = Search Assistant MocaFlix 1.66
"WinLiveSuite" = Windows Live Essentials
"Works2003Setup" = Microsoft Works 2003-Setup-Start
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3306867040-4245769040-2452352677-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3306867040-4245769040-2452352677-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.11.2012 11:44:00 | Computer Name = Rita-PC | Source = Application Error | ID = 1000
Error - 16.11.2012 12:26:22 | Computer Name = Rita-PC | Source = Application Hang
 | ID = 1002
 
Description = Programm WINWORD.EXE, Version 9.0.0.3822 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 11ec

Startzeit: 01cdc4170c881408

Endzeit: 15

Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE

Berichts-ID: 56f67c3c-300a-11e2-b8d1-742f68b55eec

Error - 16.11.2012 12:33:04 | Computer Name = Rita-PC | Source = Application Hang
 | ID = 1002
 
Description = Programm WINWORD.EXE, Version 9.0.0.3822 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1744

Startzeit: 01cdc418018a14fe

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE

Berichts-ID: 47445518-300b-11e2-b8d1-742f68b55eec

Error - 16.11.2012 12:36:46 | Computer Name = Rita-PC | Source = Application Hang
 | ID = 1002
 
Description = Programm WINWORD.EXE, Version 9.0.0.3822 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 13b8

Startzeit: 01cdc418712f7524

Endzeit: 15

Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE

Berichts-ID: c21d974d-300b-11e2-88b8-742f68b55eec

Error - 16.11.2012 14:09:14 | Computer Name = Rita-PC | Source = Application Error
 | ID = 1000
 
Description = Name der fehlerhaften Anwendung: setE8F7.tmp, Version: 11.0.0.28844, Zeitstempel: 0x4250bcf6
Name des fehlerhaften Moduls: setE8F7.tmp, Version: 11.0.0.28844, Zeitstempel: 0x4250bcf6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000742e
ID des fehlerhaften Prozesses: 0x11f8
Startzeit der fehlerhaften Anwendung: 0x01cdc4257c3d1b4e
Pfad der fehlerhaften Anwendung: C:\Users\Rita\AppData\Local\Temp\setE8F7.tmp
Pfad des fehlerhaften Moduls: C:\Users\Rita\AppData\Local\Temp\setE8F7.tmp
Berichtskennung: ba67a88e-3018-11e2-bb83-742f68b55eec
Error - 16.11.2012 15:59:08 | Computer Name = Rita-PC | Source = Application Error
 | ID = 1000
 
Error - 18.11.2012 07:45:07 | Computer Name = Rita-PC | Source = Application Error | ID = 1000
Error - 18.11.2012 07:45:42 | Computer Name = Rita-PC | Source = Application Error
 | ID = 1000
 
Error - 18.11.2012 11:50:01 | Computer Name = Rita-PC | Source = Application Error | ID = 1000
Error - 18.11.2012 12:21:29 | Computer Name = Rita-PC | Source = Application Error
 | ID = 1000
 
Error - 19.11.2012 06:02:15 | Computer Name = Rita-PC | Source = Application Error | ID = 1000
Error - 19.11.2012 06:51:35 | Computer Name = Rita-PC | Source = Application Error
 | ID = 1000
 
Error - 20.11.2012 13:37:24 | Computer Name = Rita-PC | Source = Application Error | ID = 1000
Error - 20.11.2012 14:56:48 | Computer Name = Rita-PC | Source = Application Hang
 | ID = 1002
 
Description = Programm Skype.exe, Version 5.10.0.116 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: eec

Startzeit: 01cdc727e2713e6c

Endzeit: 16

Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe

Berichts-ID: 

Error - 20.11.2012 14:57:31 | Computer Name = Rita-PC | Source = Application Hang
 | ID = 1002
 
Description = Programm explorer.exe, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 12b0

Startzeit: 01cdc745be58a224

Endzeit: 31

Anwendungspfad: C:\Windows\explorer.exe

Berichts-ID: 

Error - 20.11.2012 14:59:48 | Computer Name = Rita-PC | Source = Application Error
 | ID = 1000
 
Description = Name der fehlerhaften Anwendung: set81E1.tmp, Version: 11.0.0.28844, Zeitstempel: 0x4250bcf6
Name des fehlerhaften Moduls: set81E1.tmp, Version: 11.0.0.28844, Zeitstempel: 0x4250bcf6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000742e
ID des fehlerhaften Prozesses: 0x16d4
Startzeit der fehlerhaften Anwendung: 0x01cdc75135f78a25
Pfad der fehlerhaften Anwendung: C:\Users\Rita\AppData\Local\Temp\set81E1.tmp
Pfad des fehlerhaften Moduls: C:\Users\Rita\AppData\Local\Temp\set81E1.tmp
Berichtskennung: 747c4578-3344-11e2-8f26-742f68b55eec
Error - 20.11.2012 15:01:03 | Computer Name = Rita-PC | Source = Application Error
 | ID = 1000
 
Description = Name der fehlerhaften Anwendung: setAA96.tmp, Version: 11.0.0.28844, Zeitstempel: 0x4250bcf6
Name des fehlerhaften Moduls: setAA96.tmp, Version: 11.0.0.28844, Zeitstempel: 0x4250bcf6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000742e
ID des fehlerhaften Prozesses: 0x11bc
Startzeit der fehlerhaften Anwendung: 0x01cdc751631b476c
Pfad der fehlerhaften Anwendung: C:\Users\Rita\AppData\Local\Temp\setAA96.tmp
Pfad des fehlerhaften Moduls: C:\Users\Rita\AppData\Local\Temp\setAA96.tmp
Berichtskennung: a0d157ce-3344-11e2-8f26-742f68b55eec
 
Error encountered while reading event logs.
 
< End of report >

--- --- ---

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:18 on 11/12/2012 (Rita)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-11 20:27:14
-----------------------------
20:27:14.148 OS Version: Windows x64 6.1.7601 Service Pack 1
20:27:14.148 Number of processors: 4 586 0x2A07
20:27:14.148 ComputerName: RITA-PC UserName: Rita
20:27:14.968 Initialize success
20:28:10.753 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:28:10.753 Disk 0 Vendor: ST950032 0003 Size: 476940MB BusType: 3
20:28:10.768 Disk 0 MBR read successfully
20:28:10.784 Disk 0 MBR scan
20:28:10.784 Disk 0 Windows 7 default MBR code
20:28:10.799 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
20:28:10.835 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 190776 MB offset 52430848
20:28:10.845 Disk 0 Partition - 00 0F Extended LBA 260562 MB offset 443140096
20:28:10.875 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 260561 MB offset 443142144
20:28:10.905 Disk 0 scanning C:\Windows\system32\drivers
20:28:19.588 Service scanning
20:28:37.072 Modules scanning
20:28:37.092 Disk 0 trace - called modules:
20:28:37.122 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
20:28:37.132 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009a15060]
20:28:37.152 3 CLASSPNP.SYS[fffff88001bb943f] -> nt!IofCallDriver -> [0xfffffa8007b0de40]
20:28:37.152 5 ACPI.sys[fffff88000f637a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b10050]
20:28:37.162 Scan finished successfully
20:29:16.045 Disk 0 MBR has been saved successfully to "C:\Users\Rita\Downloads\MBR.dat"
20:29:16.055 The log file has been saved successfully to "C:\Users\Rita\Downloads\aswMBR.txt"

LisaCharly · 11.12.2012, 21:06

Hier die fehlende Datei:

20:31:55.0149 4804 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:31:55.0389 4804 ============================================================
20:31:55.0389 4804 Current date / time: 2012/12/11 20:31:55.0389
20:31:55.0389 4804 SystemInfo:
20:31:55.0389 4804
20:31:55.0399 4804 OS Version: 6.1.7601 ServicePack: 1.0
20:31:55.0399 4804 Product type: Workstation
20:31:55.0399 4804 ComputerName: RITA-PC
20:31:55.0399 4804 UserName: Rita
20:31:55.0399 4804 Windows directory: C:\Windows
20:31:55.0399 4804 System windows directory: C:\Windows
20:31:55.0399 4804 Running under WOW64
20:31:55.0399 4804 Processor architecture: Intel x64
20:31:55.0399 4804 Number of processors: 4
20:31:55.0399 4804 Page size: 0x1000
20:31:55.0399 4804 Boot type: Normal boot
20:31:55.0399 4804 ============================================================
20:31:56.0059 4804 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:31:56.0079 4804 Drive \Device\Harddisk1\DR1 - Size: 0x75E00000 (1.84 Gb), SectorSize: 0x200, Cylinders: 0xF0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:31:56.0079 4804 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:31:56.0089 4804 ============================================================
20:31:56.0089 4804 \Device\Harddisk0\DR0:
20:31:56.0089 4804 MBR partitions:
20:31:56.0089 4804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1749C000
20:31:56.0109 4804 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A69D000, BlocksNum 0x1FCE8800
20:31:56.0109 4804 \Device\Harddisk1\DR1:
20:31:56.0109 4804 MBR partitions:
20:31:56.0109 4804 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x87, BlocksNum 0x3AEF79
20:31:56.0109 4804 \Device\Harddisk2\DR2:
20:31:56.0109 4804 MBR partitions:
20:31:56.0109 4804 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
20:31:56.0109 4804 ============================================================
20:31:56.0139 4804 C: <-> \Device\Harddisk0\DR0\Partition1
20:31:56.0169 4804 D: <-> \Device\Harddisk0\DR0\Partition2
20:31:56.0489 4804 F: <-> \Device\Harddisk2\DR2\Partition1
20:31:56.0489 4804 ============================================================
20:31:56.0489 4804 Initialize success
20:31:56.0489 4804 ============================================================
20:32:04.0391 5328 ============================================================
20:32:04.0391 5328 Scan started
20:32:04.0391 5328 Mode: Manual;
20:32:04.0391 5328 ============================================================
20:32:05.0296 5328 ================ Scan system memory ========================
20:32:05.0296 5328 System memory - ok
20:32:05.0296 5328 ================ Scan services =============================
20:32:05.0514 5328 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:32:05.0530 5328 1394ohci - ok
20:32:05.0561 5328 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:32:05.0561 5328 ACPI - ok
20:32:05.0592 5328 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:32:05.0592 5328 AcpiPmi - ok
20:32:05.0701 5328 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:32:05.0701 5328 AdobeARMservice - ok
20:32:05.0748 5328 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:32:05.0764 5328 adp94xx - ok
20:32:05.0779 5328 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:32:05.0795 5328 adpahci - ok
20:32:05.0811 5328 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:32:05.0842 5328 adpu320 - ok
20:32:05.0873 5328 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:32:05.0873 5328 AeLookupSvc - ok
20:32:05.0920 5328 [ 079CBA3C5C9AB11B2B4E6BD729A860F2 ] AFBAgent C:\Windows\system32\FBAgent.exe
20:32:05.0935 5328 AFBAgent - ok
20:32:05.0998 5328 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:32:06.0013 5328 AFD - ok
20:32:06.0045 5328 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:32:06.0045 5328 agp440 - ok
20:32:06.0076 5328 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:32:06.0076 5328 ALG - ok
20:32:06.0091 5328 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:32:06.0091 5328 aliide - ok
20:32:06.0123 5328 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:32:06.0123 5328 amdide - ok
20:32:06.0138 5328 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:32:06.0138 5328 AmdK8 - ok
20:32:06.0154 5328 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
20:32:06.0154 5328 AmdPPM - ok
20:32:06.0215 5328 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:32:06.0215 5328 amdsata - ok
20:32:06.0245 5328 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
20:32:06.0245 5328 amdsbs - ok
20:32:06.0265 5328 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:32:06.0275 5328 amdxata - ok
20:32:06.0375 5328 [ 18F64623E76FF58009D6F9CB9DEA5D0A ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
20:32:06.0385 5328 Amsp - ok
20:32:06.0455 5328 [ 9C7F164B49CADC658D1B3C575782F346 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
20:32:06.0455 5328 AmUStor - ok
20:32:06.0485 5328 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:32:06.0485 5328 AppID - ok
20:32:06.0515 5328 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:32:06.0515 5328 AppIDSvc - ok
20:32:06.0555 5328 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:32:06.0565 5328 Appinfo - ok
20:32:06.0585 5328 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
20:32:06.0595 5328 arc - ok
20:32:06.0615 5328 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:32:06.0625 5328 arcsas - ok
20:32:06.0685 5328 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
20:32:06.0695 5328 ASLDRService - ok
20:32:06.0735 5328 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
20:32:06.0735 5328 ASMMAP64 - ok
20:32:06.0765 5328 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:32:06.0775 5328 AsyncMac - ok
20:32:06.0815 5328 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:32:06.0815 5328 atapi - ok
20:32:06.0855 5328 [ CBE61B4494165F458BD87E37181EE934 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
20:32:06.0855 5328 AthBTPort - ok
20:32:06.0945 5328 [ 4C4A576818EA028257C624AE36FF7A03 ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
20:32:06.0955 5328 Atheros Bt&Wlan Coex Agent - ok
20:32:06.0985 5328 [ 21753130331188C4B474E1D3B396E629 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
20:32:06.0995 5328 AtherosSvc - ok
20:32:07.0115 5328 [ DE8B9C3E0E09D918B394207F34AC16DD ] athr C:\Windows\system32\DRIVERS\athrx.sys
20:32:07.0185 5328 athr - ok
20:32:07.0215 5328 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
20:32:07.0215 5328 ATKGFNEXSrv - ok
20:32:07.0235 5328 [ 1F7238A37389ED92E9D8EEE975CABD54 ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
20:32:07.0235 5328 ATKWMIACPIIO - ok
20:32:07.0295 5328 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:32:07.0315 5328 AudioEndpointBuilder - ok
20:32:07.0345 5328 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:32:07.0355 5328 AudioSrv - ok
20:32:07.0405 5328 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:32:07.0415 5328 AxInstSV - ok
20:32:07.0455 5328 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
20:32:07.0465 5328 b06bdrv - ok
20:32:07.0505 5328 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:32:07.0505 5328 b57nd60a - ok
20:32:07.0535 5328 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:32:07.0545 5328 BDESVC - ok
20:32:07.0555 5328 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:32:07.0555 5328 Beep - ok
20:32:07.0605 5328 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:32:07.0625 5328 BFE - ok
20:32:07.0675 5328 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
20:32:07.0705 5328 BITS - ok
20:32:07.0745 5328 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:32:07.0745 5328 blbdrive - ok
20:32:07.0785 5328 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:32:07.0785 5328 bowser - ok
20:32:07.0805 5328 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
20:32:07.0805 5328 BrFiltLo - ok
20:32:07.0815 5328 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
20:32:07.0815 5328 BrFiltUp - ok
20:32:07.0855 5328 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:32:07.0855 5328 Browser - ok
20:32:07.0886 5328 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:32:07.0886 5328 Brserid - ok
20:32:07.0917 5328 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:32:07.0917 5328 BrSerWdm - ok
20:32:07.0917 5328 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:32:07.0933 5328 BrUsbMdm - ok
20:32:07.0933 5328 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:32:07.0933 5328 BrUsbSer - ok
20:32:07.0995 5328 [ FE70889A85C57A9268101B2DB0474509 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
20:32:08.0011 5328 BTATH_A2DP - ok
20:32:08.0058 5328 [ A83A91D07D1FE6BBE7A9DB46CA00434B ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
20:32:08.0058 5328 BTATH_BUS - ok
20:32:08.0089 5328 [ C864FF85EE16D61C2BDD5EF76824625F ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
20:32:08.0089 5328 BTATH_HCRP - ok
20:32:08.0105 5328 [ 0DEA505EFB5D771826D177EF8B8A208F ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
20:32:08.0105 5328 BTATH_LWFLT - ok
20:32:08.0120 5328 [ 724C8088C96EFE7A3E63FEC21D4681C0 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
20:32:08.0136 5328 BTATH_RCP - ok
20:32:08.0198 5328 [ AA0F5AFCF077C5246589B32ECEEAE566 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
20:32:08.0198 5328 BtFilter - ok
20:32:08.0245 5328 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
20:32:08.0245 5328 BthEnum - ok
20:32:08.0261 5328 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:32:08.0276 5328 BTHMODEM - ok
20:32:08.0292 5328 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:32:08.0307 5328 BthPan - ok
20:32:08.0339 5328 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
20:32:08.0354 5328 BTHPORT - ok
20:32:08.0401 5328 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:32:08.0401 5328 bthserv - ok
20:32:08.0432 5328 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
20:32:08.0432 5328 BTHUSB - ok
20:32:08.0463 5328 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:32:08.0463 5328 cdfs - ok
20:32:08.0495 5328 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:32:08.0510 5328 cdrom - ok
20:32:08.0541 5328 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:32:08.0541 5328 CertPropSvc - ok
20:32:08.0557 5328 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
20:32:08.0573 5328 circlass - ok
20:32:08.0588 5328 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:32:08.0604 5328 CLFS - ok
20:32:08.0697 5328 [ 524DC3807CB1746225F9D26ADD19C319 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
20:32:08.0713 5328 CLKMSVC10_38F51D56 - ok
20:32:08.0807 5328 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:32:08.0807 5328 clr_optimization_v2.0.50727_32 - ok
20:32:08.0869 5328 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:32:08.0869 5328 clr_optimization_v2.0.50727_64 - ok
20:32:08.0963 5328 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:32:08.0963 5328 clr_optimization_v4.0.30319_32 - ok
20:32:08.0994 5328 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:32:09.0009 5328 clr_optimization_v4.0.30319_64 - ok
20:32:09.0056 5328 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:32:09.0056 5328 CmBatt - ok
20:32:09.0072 5328 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:32:09.0087 5328 cmdide - ok
20:32:09.0119 5328 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:32:09.0134 5328 CNG - ok
20:32:09.0165 5328 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
20:32:09.0165 5328 Compbatt - ok
20:32:09.0181 5328 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:32:09.0181 5328 CompositeBus - ok
20:32:09.0197 5328 COMSysApp - ok
20:32:09.0212 5328 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:32:09.0212 5328 crcdisk - ok
20:32:09.0259 5328 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:32:09.0259 5328 CryptSvc - ok
20:32:09.0306 5328 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:32:09.0337 5328 DcomLaunch - ok
20:32:09.0368 5328 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:32:09.0384 5328 defragsvc - ok
20:32:09.0399 5328 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:32:09.0399 5328 DfsC - ok
20:32:09.0431 5328 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:32:09.0446 5328 Dhcp - ok
20:32:09.0462 5328 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:32:09.0462 5328 discache - ok
20:32:09.0524 5328 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
20:32:09.0524 5328 Disk - ok
20:32:09.0571 5328 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:32:09.0571 5328 Dnscache - ok
20:32:09.0618 5328 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:32:09.0618 5328 dot3svc - ok
20:32:09.0633 5328 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:32:09.0649 5328 DPS - ok
20:32:09.0680 5328 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:32:09.0680 5328 drmkaud - ok
20:32:09.0743 5328 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:32:09.0774 5328 DXGKrnl - ok
20:32:09.0805 5328 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:32:09.0805 5328 EapHost - ok
20:32:09.0930 5328 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
20:32:10.0039 5328 ebdrv - ok
20:32:10.0070 5328 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:32:10.0070 5328 EFS - ok
20:32:10.0148 5328 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:32:10.0179 5328 ehRecvr - ok
20:32:10.0211 5328 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:32:10.0211 5328 ehSched - ok
20:32:10.0273 5328 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:32:10.0289 5328 elxstor - ok
20:32:10.0304 5328 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:32:10.0304 5328 ErrDev - ok
20:32:10.0351 5328 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:32:10.0367 5328 EventSystem - ok
20:32:10.0398 5328 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:32:10.0398 5328 exfat - ok
20:32:10.0429 5328 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:32:10.0429 5328 fastfat - ok
20:32:10.0476 5328 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:32:10.0507 5328 Fax - ok
20:32:10.0523 5328 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
20:32:10.0538 5328 fdc - ok
20:32:10.0569 5328 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:32:10.0569 5328 fdPHost - ok
20:32:10.0585 5328 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:32:10.0585 5328 FDResPub - ok
20:32:10.0616 5328 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:32:10.0632 5328 FileInfo - ok
20:32:10.0647 5328 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:32:10.0647 5328 Filetrace - ok
20:32:10.0647 5328 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
20:32:10.0647 5328 flpydisk - ok
20:32:10.0679 5328 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:32:10.0679 5328 FltMgr - ok
20:32:10.0741 5328 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
20:32:10.0788 5328 FontCache - ok
20:32:10.0850 5328 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:32:10.0850 5328 FontCache3.0.0.0 - ok
20:32:10.0866 5328 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:32:10.0881 5328 FsDepends - ok
20:32:10.0897 5328 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:32:10.0897 5328 Fs_Rec - ok
20:32:10.0944 5328 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:32:10.0944 5328 fvevol - ok
20:32:10.0975 5328 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:32:10.0975 5328 gagp30kx - ok
20:32:11.0037 5328 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:32:11.0069 5328 gpsvc - ok
20:32:11.0100 5328 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:32:11.0100 5328 hcw85cir - ok
20:32:11.0147 5328 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:32:11.0162 5328 HdAudAddService - ok
20:32:11.0193 5328 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:32:11.0193 5328 HDAudBus - ok
20:32:11.0225 5328 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
20:32:11.0225 5328 HidBatt - ok
20:32:11.0225 5328 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:32:11.0225 5328 HidBth - ok
20:32:11.0256 5328 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
20:32:11.0256 5328 HidIr - ok
20:32:11.0271 5328 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:32:11.0271 5328 hidserv - ok
20:32:11.0318 5328 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:32:11.0318 5328 HidUsb - ok
20:32:11.0349 5328 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:32:11.0349 5328 hkmsvc - ok
20:32:11.0381 5328 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:32:11.0381 5328 HomeGroupListener - ok
20:32:11.0412 5328 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:32:11.0412 5328 HomeGroupProvider - ok
20:32:11.0427 5328 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:32:11.0443 5328 HpSAMD - ok
20:32:11.0474 5328 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:32:11.0505 5328 HTTP - ok
20:32:11.0537 5328 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:32:11.0537 5328 hwpolicy - ok
20:32:11.0568 5328 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:32:11.0583 5328 i8042prt - ok
20:32:11.0630 5328 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:32:11.0646 5328 iaStor - ok
20:32:11.0693 5328 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:32:11.0708 5328 iaStorV - ok
20:32:11.0786 5328 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:32:11.0817 5328 idsvc - ok
20:32:12.0176 5328 [ EFE5A0AF39A8E179624117C521F1E012 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:32:12.0473 5328 igfx - ok
20:32:12.0504 5328 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:32:12.0504 5328 iirsp - ok
20:32:12.0551 5328 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:32:12.0582 5328 IKEEXT - ok
20:32:12.0707 5328 [ C15A21B1E2291952424F361093734F95 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:32:12.0800 5328 IntcAzAudAddService - ok
20:32:12.0878 5328 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
20:32:12.0878 5328 IntcDAud - ok
20:32:12.0894 5328 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:32:12.0909 5328 intelide - ok
20:32:12.0925 5328 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:32:12.0925 5328 intelppm - ok
20:32:12.0972 5328 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:32:12.0972 5328 IPBusEnum - ok
20:32:12.0987 5328 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:32:13.0003 5328 IpFilterDriver - ok
20:32:13.0050 5328 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:32:13.0081 5328 iphlpsvc - ok
20:32:13.0097 5328 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:32:13.0112 5328 IPMIDRV - ok
20:32:13.0128 5328 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:32:13.0143 5328 IPNAT - ok
20:32:13.0175 5328 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:32:13.0175 5328 IRENUM - ok
20:32:13.0206 5328 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:32:13.0206 5328 isapnp - ok
20:32:13.0221 5328 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:32:13.0237 5328 iScsiPrt - ok
20:32:13.0268 5328 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:32:13.0268 5328 kbdclass - ok
20:32:13.0284 5328 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:32:13.0284 5328 kbdhid - ok
20:32:13.0331 5328 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
20:32:13.0331 5328 kbfiltr - ok
20:32:13.0351 5328 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:32:13.0361 5328 KeyIso - ok
20:32:13.0391 5328 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:32:13.0391 5328 KSecDD - ok
20:32:13.0421 5328 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:32:13.0431 5328 KSecPkg - ok
20:32:13.0461 5328 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:32:13.0461 5328 ksthunk - ok
20:32:13.0531 5328 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:32:13.0551 5328 KtmRm - ok
20:32:13.0611 5328 [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
20:32:13.0611 5328 L1C - ok
20:32:13.0651 5328 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:32:13.0661 5328 LanmanServer - ok
20:32:13.0691 5328 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:32:13.0701 5328 LanmanWorkstation - ok
20:32:13.0751 5328 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:32:13.0761 5328 lltdio - ok
20:32:13.0801 5328 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:32:13.0811 5328 lltdsvc - ok
20:32:13.0831 5328 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:32:13.0831 5328 lmhosts - ok
20:32:13.0911 5328 [ 0803906D607A9B83184447B75B60ECC2 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:32:13.0921 5328 LMS - ok
20:32:13.0971 5328 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:32:13.0971 5328 LSI_FC - ok
20:32:13.0991 5328 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:32:13.0991 5328 LSI_SAS - ok
20:32:14.0011 5328 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
20:32:14.0011 5328 LSI_SAS2 - ok
20:32:14.0031 5328 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:32:14.0031 5328 LSI_SCSI - ok
20:32:14.0041 5328 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:32:14.0051 5328 luafv - ok
20:32:14.0091 5328 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:32:14.0091 5328 MBAMProtector - ok
20:32:14.0141 5328 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:32:14.0161 5328 MBAMScheduler - ok
20:32:14.0191 5328 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:32:14.0221 5328 MBAMService - ok
20:32:14.0251 5328 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:32:14.0261 5328 Mcx2Svc - ok
20:32:14.0271 5328 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
20:32:14.0281 5328 megasas - ok
20:32:14.0311 5328 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
20:32:14.0321 5328 MegaSR - ok
20:32:14.0361 5328 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
20:32:14.0361 5328 MEIx64 - ok
20:32:14.0411 5328 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:32:14.0411 5328 MMCSS - ok
20:32:14.0441 5328 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:32:14.0441 5328 Modem - ok
20:32:14.0471 5328 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:32:14.0471 5328 monitor - ok
20:32:14.0501 5328 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:32:14.0511 5328 mouclass - ok
20:32:14.0521 5328 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:32:14.0521 5328 mouhid - ok
20:32:14.0551 5328 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:32:14.0551 5328 mountmgr - ok
20:32:14.0621 5328 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:32:14.0621 5328 MozillaMaintenance - ok
20:32:14.0651 5328 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:32:14.0651 5328 mpio - ok
20:32:14.0671 5328 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:32:14.0681 5328 mpsdrv - ok
20:32:14.0731 5328 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:32:14.0761 5328 MpsSvc - ok
20:32:14.0791 5328 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:32:14.0801 5328 MRxDAV - ok
20:32:14.0841 5328 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:32:14.0851 5328 mrxsmb - ok
20:32:14.0881 5328 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:32:14.0891 5328 mrxsmb10 - ok
20:32:14.0901 5328 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:32:14.0911 5328 mrxsmb20 - ok
20:32:14.0931 5328 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:32:14.0931 5328 msahci - ok
20:32:14.0961 5328 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:32:14.0961 5328 msdsm - ok
20:32:14.0991 5328 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:32:14.0991 5328 MSDTC - ok
20:32:15.0021 5328 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:32:15.0021 5328 Msfs - ok
20:32:15.0051 5328 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:32:15.0051 5328 mshidkmdf - ok
20:32:15.0071 5328 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:32:15.0071 5328 msisadrv - ok
20:32:15.0111 5328 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:32:15.0111 5328 MSiSCSI - ok
20:32:15.0121 5328 msiserver - ok
20:32:15.0161 5328 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:32:15.0161 5328 MSKSSRV - ok
20:32:15.0181 5328 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:32:15.0181 5328 MSPCLOCK - ok
20:32:15.0191 5328 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:32:15.0191 5328 MSPQM - ok
20:32:15.0221 5328 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:32:15.0231 5328 MsRPC - ok
20:32:15.0261 5328 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:32:15.0261 5328 mssmbios - ok
20:32:15.0271 5328 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:32:15.0271 5328 MSTEE - ok
20:32:15.0281 5328 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
20:32:15.0281 5328 MTConfig - ok
20:32:15.0301 5328 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:32:15.0311 5328 Mup - ok
20:32:15.0351 5328 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:32:15.0371 5328 napagent - ok
20:32:15.0411 5328 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:32:15.0421 5328 NativeWifiP - ok
20:32:15.0481 5328 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:32:15.0521 5328 NDIS - ok
20:32:15.0541 5328 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:32:15.0551 5328 NdisCap - ok
20:32:15.0571 5328 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:32:15.0571 5328 NdisTapi - ok
20:32:15.0601 5328 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:32:15.0601 5328 Ndisuio - ok
20:32:15.0631 5328 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:32:15.0631 5328 NdisWan - ok
20:32:15.0661 5328 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:32:15.0661 5328 NDProxy - ok
20:32:15.0691 5328 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:32:15.0691 5328 NetBIOS - ok
20:32:15.0711 5328 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:32:15.0721 5328 NetBT - ok
20:32:15.0731 5328 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:32:15.0731 5328 Netlogon - ok
20:32:15.0781 5328 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:32:15.0791 5328 Netman - ok
20:32:15.0821 5328 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:32:15.0841 5328 netprofm - ok
20:32:15.0871 5328 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:32:15.0881 5328 NetTcpPortSharing - ok
20:32:15.0921 5328 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:32:15.0921 5328 nfrd960 - ok
20:32:15.0981 5328 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:32:15.0991 5328 NlaSvc - ok
20:32:16.0021 5328 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:32:16.0021 5328 Npfs - ok
20:32:16.0041 5328 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:32:16.0051 5328 nsi - ok
20:32:16.0081 5328 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:32:16.0081 5328 nsiproxy - ok
20:32:16.0161 5328 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:32:16.0221 5328 Ntfs - ok
20:32:16.0241 5328 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:32:16.0241 5328 Null - ok
20:32:16.0661 5328 [ 41A7C6ED2BAB4C304633B785C884A912 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:32:17.0001 5328 nvlddmkm - ok
20:32:17.0021 5328 [ D542153CB23459B8AAD88CF17E36B670 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
20:32:17.0021 5328 nvpciflt - ok
20:32:17.0071 5328 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:32:17.0071 5328 nvraid - ok
20:32:17.0091 5328 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:32:17.0101 5328 nvstor - ok
20:32:17.0181 5328 [ 558490B65557A15193E56C44DCF67B64 ] NVSvc C:\Windows\system32\nvvsvc.exe
20:32:17.0211 5328 NVSvc - ok
20:32:17.0311 5328 [ FC968EF459601BB3D18A40BB85EC5193 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
20:32:17.0401 5328 nvUpdatusService - ok
20:32:17.0451 5328 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:32:17.0451 5328 nv_agp - ok
20:32:17.0461 5328 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:32:17.0471 5328 ohci1394 - ok
20:32:17.0501 5328 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:32:17.0531 5328 p2pimsvc - ok
20:32:17.0571 5328 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:32:17.0591 5328 p2psvc - ok
20:32:17.0621 5328 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
20:32:17.0621 5328 Parport - ok
20:32:17.0651 5328 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:32:17.0651 5328 partmgr - ok
20:32:17.0681 5328 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:32:17.0691 5328 PcaSvc - ok
20:32:17.0711 5328 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:32:17.0711 5328 pci - ok
20:32:17.0721 5328 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:32:17.0731 5328 pciide - ok
20:32:17.0751 5328 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:32:17.0761 5328 pcmcia - ok
20:32:17.0781 5328 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:32:17.0781 5328 pcw - ok
20:32:17.0821 5328 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:32:17.0851 5328 PEAUTH - ok
20:32:17.0961 5328 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:32:17.0961 5328 PerfHost - ok
20:32:18.0061 5328 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:32:18.0131 5328 pla - ok
20:32:18.0181 5328 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:32:18.0211 5328 PlugPlay - ok
20:32:18.0231 5328 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:32:18.0231 5328 PNRPAutoReg - ok
20:32:18.0261 5328 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:32:18.0271 5328 PNRPsvc - ok
20:32:18.0311 5328 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:32:18.0341 5328 PolicyAgent - ok
20:32:18.0381 5328 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:32:18.0391 5328 Power - ok
20:32:18.0431 5328 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:32:18.0431 5328 PptpMiniport - ok
20:32:18.0451 5328 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
20:32:18.0451 5328 Processor - ok
20:32:18.0491 5328 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:32:18.0501 5328 ProfSvc - ok
20:32:18.0521 5328 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:32:18.0521 5328 ProtectedStorage - ok
20:32:18.0551 5328 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:32:18.0551 5328 Psched - ok
20:32:18.0631 5328 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:32:18.0721 5328 ql2300 - ok
20:32:18.0731 5328 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:32:18.0741 5328 ql40xx - ok
20:32:18.0761 5328 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:32:18.0771 5328 QWAVE - ok
20:32:18.0781 5328 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:32:18.0781 5328 QWAVEdrv - ok
20:32:18.0841 5328 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
20:32:18.0851 5328 RapiMgr - ok
20:32:18.0871 5328 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:32:18.0871 5328 RasAcd - ok
20:32:18.0911 5328 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:32:18.0911 5328 RasAgileVpn - ok
20:32:18.0961 5328 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:32:18.0971 5328 RasAuto - ok
20:32:18.0981 5328 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:32:18.0981 5328 Rasl2tp - ok
20:32:19.0011 5328 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:32:19.0021 5328 RasMan - ok
20:32:19.0041 5328 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:32:19.0041 5328 RasPppoe - ok
20:32:19.0061 5328 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:32:19.0061 5328 RasSstp - ok
20:32:19.0091 5328 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:32:19.0101 5328 rdbss - ok
20:32:19.0131 5328 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
20:32:19.0131 5328 rdpbus - ok
20:32:19.0161 5328 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:32:19.0161 5328 RDPCDD - ok
20:32:19.0181 5328 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:32:19.0181 5328 RDPENCDD - ok
20:32:19.0211 5328 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:32:19.0211 5328 RDPREFMP - ok
20:32:19.0231 5328 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:32:19.0241 5328 RDPWD - ok
20:32:19.0271 5328 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:32:19.0281 5328 rdyboost - ok
20:32:19.0321 5328 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:32:19.0321 5328 RemoteAccess - ok
20:32:19.0361 5328 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:32:19.0361 5328 RemoteRegistry - ok
20:32:19.0401 5328 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:32:19.0411 5328 RFCOMM - ok
20:32:19.0441 5328 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:32:19.0451 5328 RpcEptMapper - ok
20:32:19.0471 5328 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:32:19.0481 5328 RpcLocator - ok
20:32:19.0511 5328 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:32:19.0521 5328 RpcSs - ok
20:32:19.0541 5328 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:32:19.0541 5328 rspndr - ok
20:32:19.0591 5328 [ B49951A2C8FD81307707443D01936E37 ] s217bus C:\Windows\system32\DRIVERS\s217bus.sys
20:32:19.0591 5328 s217bus - ok
20:32:19.0631 5328 [ 58204EC551D1A94D60CAC130440F0FEB ] s217mdfl C:\Windows\system32\DRIVERS\s217mdfl.sys
20:32:19.0631 5328 s217mdfl - ok
20:32:19.0681 5328 [ E2B3DE89339A7A807520C6063CD146D3 ] s217mdm C:\Windows\system32\DRIVERS\s217mdm.sys
20:32:19.0691 5328 s217mdm - ok
20:32:19.0701 5328 [ 7BC7D18351B846F4544B54DB38FB4208 ] s217nd5 C:\Windows\system32\DRIVERS\s217nd5.sys
20:32:19.0711 5328 s217nd5 - ok
20:32:19.0731 5328 [ D498B2082F51858F121D4584A7787CD5 ] s217obex C:\Windows\system32\DRIVERS\s217obex.sys
20:32:19.0731 5328 s217obex - ok
20:32:19.0751 5328 [ 43512D0C3A59EB20FDA06CE4265A1549 ] s217unic C:\Windows\system32\DRIVERS\s217unic.sys
20:32:19.0761 5328 s217unic - ok
20:32:19.0781 5328 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:32:19.0781 5328 SamSs - ok
20:32:19.0811 5328 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:32:19.0811 5328 sbp2port - ok
20:32:19.0841 5328 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:32:19.0851 5328 SCardSvr - ok
20:32:19.0861 5328 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:32:19.0871 5328 scfilter - ok
20:32:19.0921 5328 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:32:19.0971 5328 Schedule - ok
20:32:20.0001 5328 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:32:20.0001 5328 SCPolicySvc - ok
20:32:20.0021 5328 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:32:20.0031 5328 SDRSVC - ok
20:32:20.0071 5328 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:32:20.0071 5328 secdrv - ok
20:32:20.0101 5328 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:32:20.0101 5328 seclogon - ok
20:32:20.0131 5328 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:32:20.0141 5328 SENS - ok
20:32:20.0151 5328 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:32:20.0161 5328 SensrSvc - ok
20:32:20.0191 5328 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
20:32:20.0191 5328 Serenum - ok
20:32:20.0211 5328 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
20:32:20.0211 5328 Serial - ok
20:32:20.0221 5328 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:32:20.0231 5328 sermouse - ok
20:32:20.0271 5328 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:32:20.0281 5328 SessionEnv - ok
20:32:20.0281 5328 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:32:20.0291 5328 sffdisk - ok
20:32:20.0291 5328 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:32:20.0291 5328 sffp_mmc - ok
20:32:20.0301 5328 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:32:20.0301 5328 sffp_sd - ok
20:32:20.0301 5328 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:32:20.0301 5328 sfloppy - ok
20:32:20.0341 5328 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:32:20.0341 5328 SharedAccess - ok
20:32:20.0371 5328 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:32:20.0381 5328 ShellHWDetection - ok
20:32:20.0391 5328 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
20:32:20.0391 5328 SiSGbeLH - ok
20:32:20.0411 5328 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
20:32:20.0421 5328 SiSRaid2 - ok
20:32:20.0421 5328 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:32:20.0421 5328 SiSRaid4 - ok
20:32:20.0521 5328 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:32:20.0521 5328 SkypeUpdate - ok
20:32:20.0551 5328 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:32:20.0551 5328 Smb - ok
20:32:20.0601 5328 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:32:20.0611 5328 SNMPTRAP - ok
20:32:20.0621 5328 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:32:20.0621 5328 spldr - ok
20:32:20.0651 5328 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:32:20.0681 5328 Spooler - ok
20:32:20.0801 5328 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:32:20.0941 5328 sppsvc - ok
20:32:20.0951 5328 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:32:20.0961 5328 sppuinotify - ok
20:32:21.0001 5328 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:32:21.0001 5328 srv - ok
20:32:21.0031 5328 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:32:21.0041 5328 srv2 - ok
20:32:21.0061 5328 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:32:21.0071 5328 srvnet - ok
20:32:21.0121 5328 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:32:21.0121 5328 SSDPSRV - ok
20:32:21.0141 5328 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:32:21.0141 5328 SstpSvc - ok
20:32:21.0171 5328 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
20:32:21.0171 5328 stexstor - ok
20:32:21.0211 5328 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:32:21.0241 5328 stisvc - ok
20:32:21.0251 5328 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:32:21.0251 5328 swenum - ok
20:32:21.0291 5328 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:32:21.0311 5328 swprv - ok
20:32:21.0401 5328 [ F0D7C68CDA9784689CAA72C17AF393B2 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:32:21.0461 5328 SynTP - ok
20:32:21.0531 5328 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:32:21.0611 5328 SysMain - ok
20:32:21.0631 5328 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:32:21.0641 5328 TabletInputService - ok
20:32:21.0661 5328 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:32:21.0671 5328 TapiSrv - ok
20:32:21.0681 5328 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:32:21.0691 5328 TBS - ok
20:32:21.0771 5328 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:32:21.0861 5328 Tcpip - ok
20:32:21.0951 5328 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:32:21.0981 5328 TCPIP6 - ok
20:32:22.0001 5328 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:32:22.0001 5328 tcpipreg - ok
20:32:22.0031 5328 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:32:22.0031 5328 TDPIPE - ok
20:32:22.0061 5328 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:32:22.0061 5328 TDTCP - ok
20:32:22.0081 5328 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:32:22.0081 5328 tdx - ok
20:32:22.0101 5328 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:32:22.0101 5328 TermDD - ok
20:32:22.0151 5328 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:32:22.0171 5328 TermService - ok
20:32:22.0181 5328 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:32:22.0191 5328 Themes - ok
20:32:22.0201 5328 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:32:22.0201 5328 THREADORDER - ok
20:32:22.0231 5328 [ 73AAFFDD2AC3C8814B26C440E5DD9DD4 ] tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys
20:32:22.0231 5328 tmactmon - ok
20:32:22.0251 5328 [ 360E61217D4E1E333583D0C721057F70 ] tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys
20:32:22.0251 5328 tmcomm - ok
20:32:22.0271 5328 [ 699D34EB7C670139CA23A65372BD5743 ] tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys
20:32:22.0271 5328 tmevtmgr - ok
20:32:22.0291 5328 [ 262198EFB734012BFCD17E7479AE4A09 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
20:32:22.0291 5328 tmtdi - ok
20:32:22.0321 5328 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:32:22.0331 5328 TrkWks - ok
20:32:22.0391 5328 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:32:22.0401 5328 TrustedInstaller - ok
20:32:22.0431 5328 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:32:22.0431 5328 tssecsrv - ok
20:32:22.0461 5328 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:32:22.0461 5328 TsUsbFlt - ok
20:32:22.0481 5328 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
20:32:22.0481 5328 TsUsbGD - ok
20:32:22.0511 5328 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:32:22.0511 5328 tunnel - ok
20:32:22.0561 5328 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
20:32:22.0561 5328 TurboB - ok
20:32:22.0631 5328 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
20:32:22.0641 5328 TurboBoost - ok
20:32:22.0661 5328 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:32:22.0661 5328 uagp35 - ok
20:32:22.0691 5328 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:32:22.0701 5328 udfs - ok
20:32:22.0741 5328 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:32:22.0751 5328 UI0Detect - ok
20:32:22.0761 5328 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:32:22.0761 5328 uliagpkx - ok
20:32:22.0791 5328 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:32:22.0791 5328 umbus - ok
20:32:22.0801 5328 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
20:32:22.0801 5328 UmPass - ok
20:32:22.0951 5328 [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:32:23.0031 5328 UNS - ok
20:32:23.0061 5328 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:32:23.0071 5328 upnphost - ok
20:32:23.0111 5328 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:32:23.0111 5328 usbccgp - ok
20:32:23.0151 5328 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:32:23.0151 5328 usbcir - ok
20:32:23.0191 5328 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
20:32:23.0201 5328 usbehci - ok
20:32:23.0221 5328 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:32:23.0231 5328 usbhub - ok
20:32:23.0281 5328 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:32:23.0281 5328 usbohci - ok
20:32:23.0321 5328 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:32:23.0321 5328 usbprint - ok
20:32:23.0351 5328 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:32:23.0351 5328 USBSTOR - ok
20:32:23.0391 5328 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:32:23.0391 5328 usbuhci - ok
20:32:23.0441 5328 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:32:23.0451 5328 usbvideo - ok
20:32:23.0471 5328 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:32:23.0481 5328 UxSms - ok
20:32:23.0491 5328 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:32:23.0491 5328 VaultSvc - ok
20:32:23.0531 5328 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:32:23.0531 5328 vdrvroot - ok
20:32:23.0561 5328 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:32:23.0591 5328 vds - ok
20:32:23.0611 5328 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:32:23.0611 5328 vga - ok
20:32:23.0641 5328 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:32:23.0641 5328 VgaSave - ok
20:32:23.0671 5328 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:32:23.0681 5328 vhdmp - ok
20:32:23.0691 5328 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:32:23.0691 5328 viaide - ok
20:32:23.0711 5328 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:32:23.0711 5328 volmgr - ok
20:32:23.0741 5328 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:32:23.0751 5328 volmgrx - ok
20:32:23.0791 5328 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:32:23.0801 5328 volsnap - ok
20:32:23.0831 5328 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:32:23.0841 5328 vsmraid - ok
20:32:23.0921 5328 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:32:23.0991 5328 VSS - ok
20:32:24.0001 5328 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:32:24.0001 5328 vwifibus - ok
20:32:24.0021 5328 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:32:24.0021 5328 vwififlt - ok
20:32:24.0051 5328 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:32:24.0071 5328 W32Time - ok
20:32:24.0101 5328 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:32:24.0101 5328 WacomPen - ok
20:32:24.0141 5328 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:32:24.0141 5328 WANARP - ok
20:32:24.0151 5328 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:32:24.0151 5328 Wanarpv6 - ok
20:32:24.0221 5328 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:32:24.0291 5328 wbengine - ok
20:32:24.0321 5328 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:32:24.0331 5328 WbioSrvc - ok
20:32:24.0401 5328 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
20:32:24.0431 5328 WcesComm - ok
20:32:24.0471 5328 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:32:24.0491 5328 wcncsvc - ok
20:32:24.0511 5328 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:32:24.0521 5328 WcsPlugInService - ok
20:32:24.0551 5328 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
20:32:24.0551 5328 Wd - ok
20:32:24.0601 5328 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:32:24.0641 5328 Wdf01000 - ok
20:32:24.0661 5328 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:32:24.0671 5328 WdiServiceHost - ok
20:32:24.0681 5328 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:32:24.0691 5328 WdiSystemHost - ok
20:32:24.0721 5328 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:32:24.0731 5328 WebClient - ok
20:32:24.0751 5328 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:32:24.0761 5328 Wecsvc - ok
20:32:24.0781 5328 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:32:24.0791 5328 wercplsupport - ok
20:32:24.0821 5328 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:32:24.0831 5328 WerSvc - ok
20:32:24.0861 5328 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:32:24.0861 5328 WfpLwf - ok
20:32:24.0901 5328 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
20:32:24.0901 5328 WimFltr - ok
20:32:24.0941 5328 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:32:24.0941 5328 WIMMount - ok
20:32:24.0971 5328 WinDefend - ok
20:32:24.0981 5328 WinHttpAutoProxySvc - ok
20:32:25.0041 5328 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:32:25.0051 5328 Winmgmt - ok
20:32:25.0141 5328 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:32:25.0221 5328 WinRM - ok
20:32:25.0271 5328 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:32:25.0271 5328 WinUsb - ok
20:32:25.0311 5328 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:32:25.0351 5328 Wlansvc - ok
20:32:25.0491 5328 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:32:25.0571 5328 wlidsvc - ok
20:32:25.0591 5328 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:32:25.0591 5328 WmiAcpi - ok
20:32:25.0641 5328 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:32:25.0641 5328 wmiApSrv - ok
20:32:25.0671 5328 WMPNetworkSvc - ok
20:32:25.0711 5328 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:32:25.0711 5328 WPCSvc - ok
20:32:25.0731 5328 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:32:25.0741 5328 WPDBusEnum - ok
20:32:25.0771 5328 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:32:25.0771 5328 ws2ifsl - ok
20:32:25.0791 5328 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
20:32:25.0801 5328 wscsvc - ok
20:32:25.0811 5328 WSearch - ok
20:32:25.0921 5328 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:32:26.0001 5328 wuauserv - ok
20:32:26.0031 5328 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:32:26.0031 5328 WudfPf - ok
20:32:26.0061 5328 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:32:26.0061 5328 WUDFRd - ok
20:32:26.0081 5328 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:32:26.0091 5328 wudfsvc - ok
20:32:26.0121 5328 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:32:26.0131 5328 WwanSvc - ok
20:32:26.0161 5328 ================ Scan global ===============================
20:32:26.0201 5328 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:32:26.0241 5328 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
20:32:26.0261 5328 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
20:32:26.0291 5328 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:32:26.0321 5328 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:32:26.0331 5328 [Global] - ok
20:32:26.0331 5328 ================ Scan MBR ==================================
20:32:26.0351 5328 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:32:26.0611 5328 \Device\Harddisk0\DR0 - ok
20:32:26.0621 5328 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
20:32:26.0691 5328 \Device\Harddisk1\DR1 - ok
20:32:27.0091 5328 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
20:32:27.0101 5328 \Device\Harddisk2\DR2 - ok
20:32:27.0101 5328 ================ Scan VBR ==================================
20:32:27.0111 5328 [ 1AC1A0DF5506C185B97E5E631AF78847 ] \Device\Harddisk0\DR0\Partition1
20:32:27.0111 5328 \Device\Harddisk0\DR0\Partition1 - ok
20:32:27.0181 5328 [ 14B36B4FBC4EDE35E6DA9BE5481E2670 ] \Device\Harddisk0\DR0\Partition2
20:32:27.0181 5328 \Device\Harddisk0\DR0\Partition2 - ok
20:32:27.0191 5328 [ D7417EFBDD8851DD1156F741552AD745 ] \Device\Harddisk1\DR1\Partition1
20:32:27.0191 5328 \Device\Harddisk1\DR1\Partition1 - ok
20:32:27.0201 5328 [ 4054D328C50F7D1A684E39B5B6390626 ] \Device\Harddisk2\DR2\Partition1
20:32:27.0211 5328 \Device\Harddisk2\DR2\Partition1 - ok
20:32:27.0211 5328 ============================================================
20:32:27.0211 5328 Scan finished
20:32:27.0211 5328 ============================================================
20:32:27.0231 2132 Detected object count: 0
20:32:27.0231 2132 Actual detected object count: 0

M-K-D-B · 11.12.2012, 21:19

Servus,

ich sehe da jede Menge Adware auf deinem Rechner. Daher möchte ich, dass du die Datei AdwCleaner.exe von deinem Rechner deinstallierst (sofern noch vorhanden) und eine aktuelle Version startest. Anschließend lassen wir noch zwei Programme laufen.

Schritt 1

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Deinstallation.
Bestätige mit Ja.

Schritt 2
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.

Bitte lade Junkware Removal Tool auf Deinen Desktop.

Starte das Tool mit Doppelklick. Vista und 7 Nutzer bitte mit Rechtsklick "als Administrator ausführen" starten.
Das Tool wird sich öffnen. Drücke eine beliebige Taste, um den Suchlauf zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von JRT,
die Logdatei von ComboFix.

LisaCharly · 13.12.2012, 15:37

Hallo Matthias,
hier jetzt die erforderlichen log Dateien:

# AdwCleaner v2.100 - Datei am 13/12/2012 um 12:08:08 erstellt
# Aktualisiert am 09/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Rita - RITA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Rita\Downloads\adwcleaner.exe
# Option [Suche]

**** [Dienste] ****

***** [Dateien / Ordner] *****

***** [Registrierungsdatenbank] *****

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Profilname : default
Datei : C:\Users\Rita\AppData\Roaming\Mozilla\Firefox\Profiles\h2n1xlg0.default\prefs.js

Gefunden : user_pref("aol_toolbar.default.homepage.check", false);
Gefunden : user_pref("aol_toolbar.default.search.check", false);
Gefunden : user_pref("extensions.50adfe8e2ea2b.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Gefunden : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Gefunden : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Gefunden : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Gefunden : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Gefunden : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Gefunden : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Gefunden : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Gefunden : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Gefunden : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Gefunden : user_pref("sweetim.toolbar.searchguard.enable", "");

Profilname : default
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\slfibi3g.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1855 octets] - [13/12/2012 12:08:08]

########## EOF - C:\AdwCleaner[R1].txt - [1915 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.1.0 (12.12.2012:3)
OS: Windows 7 Home Premium x64
Ran by Rita on 13.12.2012 at 12:11:41,34
Blog: hxxp://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3306867040-4245769040-2452352677-1002\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_local_machine\software\systweak"

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\saveas"
Failed to delete: [Folder] "C:\Program Files (x86)\mocaflix"
Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\saveas"

~~~ FireFox

Successfully deleted: [Folder] C:\Users\Rita\AppData\Roaming\mozilla\firefox\profiles\h2n1xlg0.default\extensions\50adfe8e2e97e@50adfe8e2e9b8.com
Successfully deleted the following from C:\Users\Rita\AppData\Roaming\mozilla\firefox\profiles\h2n1xlg0.default\prefs.js

user_pref("aol_toolbar.default.homepage.check", false);
user_pref("aol_toolbar.default.search.check", false);
user_pref("browser.search.defaultenginename", "WebSearch");
user_pref("browser.search.defaultenginename,S", "WebSearch");
user_pref("browser.search.defaulturl", "hxxp://websearch.mocaflix.com/?l=1&q=");
user_pref("browser.search.order.1", "WebSearch");
user_pref("browser.search.order.1,S", "WebSearch");
user_pref("browser.search.selectedEngine", "WebSearch");
user_pref("browser.search.selectedEngine,S", "WebSearch");
user_pref("extensions.50adfe8e2ea2b.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,sear
user_pref("extensions.BabylonToolbar.prtkDS", 0);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
user_pref("extensions.crossrider.bic", "13a182dd4955916ffc7aa6c538a9e98e");
user_pref("keyword.URL", "hxxp://websearch.mocaflix.com/?l=1&q=");
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
user_pref("sweetim.toolbar.searchguard.enable", "");

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.12.2012 at 12:21:20,01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-12-12.01 - Rita 13.12.2012  15:14:46.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8104.5950 [GMT 1:00]
ausgeführt von:: c:\users\Rita\Downloads\ComboFix.exe
AV: Trend Micro Titanium Internet Security *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Rita\Documents\~WRL0647.tmp
c:\users\Rita\Documents\~WRL1753.tmp
c:\users\Rita\Documents\~WRL1786.tmp
c:\users\Rita\Documents\~WRL1849.tmp
c:\users\Rita\Documents\~WRL1888.tmp
c:\users\Rita\Documents\~WRL1986.tmp
c:\users\Rita\Documents\~WRL2432.tmp
c:\users\Rita\Documents\~WRL2598.tmp
c:\users\Rita\Documents\~WRL3293.tmp
c:\users\Rita\Documents\~WRL3614.tmp
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-13 bis 2012-12-13  ))))))))))))))))))))))))))))))
.
.
2012-12-13 14:23 . 2012-12-13 14:23	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-12-13 14:23 . 2012-12-13 14:23	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-13 11:25 . 2012-12-13 11:25	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D60E1DF4-8545-4197-93A5-CB8CBFDF57F0}\offreg.dll
2012-12-13 11:11 . 2012-12-13 11:11	--------	d-----w-	c:\windows\ERUNT
2012-12-13 11:11 . 2012-12-13 11:11	--------	d-----w-	C:\JRT
2012-12-12 11:13 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-11 16:23 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D60E1DF4-8545-4197-93A5-CB8CBFDF57F0}\mpengine.dll
2012-12-07 20:10 . 2012-12-07 20:10	--------	d-----w-	c:\users\Rita\AppData\Roaming\ParetoLogic
2012-12-07 20:10 . 2012-12-07 20:10	--------	d-----w-	c:\users\Rita\AppData\Roaming\DriverCure
2012-12-07 20:10 . 2012-12-07 20:43	--------	d-----w-	c:\programdata\ParetoLogic
2012-12-06 15:52 . 2012-12-06 15:52	--------	d-----w-	c:\windows\de
2012-12-06 15:51 . 2012-12-06 15:51	--------	d-----w-	c:\windows\en
2012-12-06 15:51 . 2012-12-06 15:51	--------	d-----w-	c:\windows\el
2012-12-06 15:51 . 2012-12-06 15:51	--------	d-----w-	c:\windows\es
2012-12-06 15:51 . 2012-12-06 15:51	--------	d-----w-	c:\windows\fr
2012-12-06 15:51 . 2012-12-06 15:51	--------	d-----w-	c:\windows\he
2012-12-06 15:51 . 2012-12-06 15:51	--------	d-----w-	c:\windows\it
2012-12-06 15:51 . 2012-12-06 15:51	--------	d-----w-	c:\windows\nl
2012-12-06 15:51 . 2012-12-06 15:51	--------	d-----w-	c:\windows\ru
2012-12-06 15:51 . 2012-12-06 15:51	--------	d-----w-	c:\windows\ar
2012-12-06 15:48 . 2012-12-06 15:48	--------	d-----w-	c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-12-06 15:39 . 2012-12-06 15:39	--------	d-----w-	c:\program files\Windows Live
2012-12-06 15:38 . 2010-06-02 03:55	77656	----a-w-	c:\windows\system32\XAPOFX1_5.dll
2012-12-06 15:38 . 2010-06-02 03:55	74072	----a-w-	c:\windows\SysWow64\XAPOFX1_5.dll
2012-12-06 15:38 . 2010-06-02 03:55	527192	----a-w-	c:\windows\SysWow64\XAudio2_7.dll
2012-12-06 15:38 . 2010-06-02 03:55	518488	----a-w-	c:\windows\system32\XAudio2_7.dll
2012-12-06 15:38 . 2010-05-26 10:41	276832	----a-w-	c:\windows\system32\d3dx11_43.dll
2012-12-06 15:38 . 2010-05-26 10:41	2526056	----a-w-	c:\windows\system32\D3DCompiler_43.dll
2012-12-06 15:38 . 2010-05-26 10:41	248672	----a-w-	c:\windows\SysWow64\d3dx11_43.dll
2012-12-06 15:38 . 2010-05-26 10:41	2106216	----a-w-	c:\windows\SysWow64\D3DCompiler_43.dll
2012-12-06 15:37 . 2012-12-06 15:37	89944	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\a0d784621cdd3c708\DSETUP.dll
2012-12-06 15:37 . 2012-12-06 15:37	537432	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\a0d784621cdd3c708\DXSETUP.exe
2012-12-06 15:37 . 2012-12-06 15:37	1801048	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\a0d784621cdd3c708\dsetup32.dll
2012-12-06 15:37 . 2012-12-06 15:37	94040	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\92dba32a1cdd3c704\DSETUP.dll
2012-12-06 15:37 . 2012-12-06 15:37	525656	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\92dba32a1cdd3c704\DXSETUP.exe
2012-12-06 15:37 . 2012-12-06 15:37	1691480	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\92dba32a1cdd3c704\dsetup32.dll
2012-12-06 15:37 . 2012-12-06 15:37	89944	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\8c04d20b1cdd3c702\DSETUP.dll
2012-12-06 15:37 . 2012-12-06 15:37	537432	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\8c04d20b1cdd3c702\DXSETUP.exe
2012-12-06 15:37 . 2012-12-06 15:37	1801048	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\8c04d20b1cdd3c702\dsetup32.dll
2012-12-06 13:53 . 2012-12-06 13:53	--------	d-----w-	c:\users\Rita\AppData\Roaming\Malwarebytes
2012-12-06 13:53 . 2012-12-06 13:53	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-06 13:53 . 2012-12-06 13:53	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-06 13:53 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-06 13:32 . 2012-12-06 13:32	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-11-22 10:17 . 2012-12-13 11:12	--------	d-----w-	c:\program files (x86)\MocaFlix
2012-11-18 15:57 . 2012-12-03 14:26	--------	d-----w-	c:\users\Gast
2012-11-14 15:58 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-11-14 15:58 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 15:58 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 15:58 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-11-14 15:52 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 15:52 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 15:52 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-11-14 15:52 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-11-14 15:52 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2012-11-14 15:52 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2012-11-14 15:52 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 09:03 . 2012-01-07 15:46	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-11-14 09:49 . 2012-04-25 07:38	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-14 09:49 . 2012-03-11 16:55	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-16 08:38 . 2012-11-28 11:44	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 11:44	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 11:44	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-04 16:40 . 2012-12-12 11:13	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-09-28 20:03 . 2012-09-28 20:04	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-28 20:03 . 2012-07-05 16:21	821736	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-09-28 20:03 . 2012-02-15 15:09	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-09-21 07:08 . 2011-12-27 19:02	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-09-21 07:07 . 2011-12-27 19:02	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-12-09 08:51 . 2012-02-14 18:13	1456640	----a-w-	c:\program files (x86)\Common Files\Falk Navi-Manager.msi
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-12 75048]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-05-23 1466760]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
c:\users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Rita\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 548528]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Ulead Kalendar Checker 4.0 SE.lnk - c:\program files (x86)\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2011-12-18 69632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/10/22 09:22;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-02-08 25960]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-11-30 379520]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-08-11 44032]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Inhalt des "geplante Tasks" Ordners
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-01 2189416]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild in &Microsoft PhotoDraw öffnen - c:\progra~2\MICROS~1\Office\1031\phdintl.dll/phdContext.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Rita\AppData\Roaming\Mozilla\Firefox\Profiles\h2n1xlg0.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{34DF74E8-7D43-1CEE-BA74-7225F6205EB4} - c:\programdata\SaveAs\50adfe8e2eae4.ocx
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-SP_8e4eb48d - c:\program files (x86)\MocaFlix\uninstall.exe
AddRemove-{16726771-C380-4280-BAF9-1223B3838786} - c:\programdata\SaveAs\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-13  15:31:09
ComboFix-quarantined-files.txt  2012-12-13 14:31
.
Vor Suchlauf: 12 Verzeichnis(se), 112.362.164.224 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 116.279.549.952 Bytes frei
.
- - End Of File - - 710F27B1264DBB2BC664CAA23145717D

--- --- ---

Gruß
LisaCharly

M-K-D-B · 13.12.2012, 18:27

Servus,

Schritt 1
Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.

Schritt 2
Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror # 1

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code:
ATTFilter
```
:folderfind
*mocaflix*
*SaveAs*

:regfind
mocaflix
SaveAs
         
```
Klicke nun auf den Button Look, um den Scan zu starten. Der Suchlauf kann etwas dauern.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Bitte poste mit deiner nächsten Antwort

die Logdatei von OTL,
die Logdatei von SystemLook.

LisaCharly · 14.12.2012, 19:01

Hallo Matthias,

soll ich beim OTL Scann die gleichen Einstellungen vornehmen wie anfangs beschrieben oder mit den Standard-Einstellungen starten?

Gruß
LisaCharly

M-K-D-B · 14.12.2012, 19:57

Servus,

OTL "nur" so ausführen, wie in meiner letzten Antwort beschrieben. Das genügt.

LisaCharly · 16.12.2012, 18:58

Hallo Matthias,

hier die erforderlichen Dateien:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 16.12.2012 18:50:53 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rita\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 5,55 Gb Available Physical Memory | 70,11% Memory free
15,83 Gb Paging File | 13,36 Gb Available in Paging File | 84,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,30 Gb Total Space | 107,24 Gb Free Space | 57,56% Space Free | Partition Type: NTFS
Drive D: | 254,45 Gb Total Space | 254,25 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 142,91 Gb Free Space | 30,68% Space Free | Partition Type: NTFS
Drive G: | 1,84 Gb Total Space | 1,59 Gb Free Space | 86,17% Space Free | Partition Type: FAT
 
Computer Name: RITA-PC | User Name: Rita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.14 18:42:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rita\Downloads\OTL(1).exe
PRC - [2012.12.11 22:05:24 | 029,425,864 | ---- | M] (Dropbox, Inc.) -- C:\Users\Rita\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.11.29 09:26:08 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.23 12:32:38 | 001,466,760 | ---- | M] (Garmin) -- C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2011.10.22 17:19:04 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011.03.13 18:59:18 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011.02.08 03:55:14 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010.11.12 08:24:12 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010.10.07 22:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010.10.06 05:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.10.06 05:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.09.24 00:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010.08.17 22:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010.02.03 08:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.11.02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.06.19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2002.05.03 10:47:46 | 000,069,632 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.29 09:26:21 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.11.15 15:33:37 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5e3ccfdf88ccd6a9ff4e6ddae7e3fec6\System.Xaml.ni.dll
MOD - [2012.11.15 15:33:37 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\d6dc54d6b4aadbc921d00c3b76647e61\System.Xml.Linq.ni.dll
MOD - [2012.11.14 17:20:25 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012.11.14 17:20:20 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012.11.14 17:20:19 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll
MOD - [2012.11.14 17:20:07 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012.11.14 17:20:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012.11.14 17:20:03 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012.11.14 17:19:56 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012.11.14 17:00:19 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c881e2d2ec912499834feb85c4c2e483\PresentationFramework.ni.dll
MOD - [2012.11.14 17:00:08 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\58f50a891bafb8fd7149e6eebc2b7b52\PresentationCore.ni.dll
MOD - [2012.11.14 17:00:01 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\05ebffcb5aac31412fea8c38cbac8df8\WindowsBase.ni.dll
MOD - [2012.11.14 16:59:59 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\cbb227c0a77a5b15a1255220984239f2\PresentationFramework.Aero.ni.dll
MOD - [2012.11.14 16:57:52 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll
MOD - [2012.11.14 16:57:45 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll
MOD - [2012.11.14 16:57:41 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll
MOD - [2012.11.14 16:57:41 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\e450f586600c27379b52c1058292cfd9\System.Security.ni.dll
MOD - [2012.11.14 16:57:39 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll
MOD - [2012.11.14 16:57:36 | 009,093,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll
MOD - [2012.11.14 16:57:31 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2012.09.12 15:57:52 | 000,282,112 | ---- | M] () -- C:\Program Files (x86)\Windows Live\Writer\de\WindowsLive.Writer.Localization.resources.dll
MOD - [2010.09.24 00:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009.11.02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2010.11.30 21:19:52 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010.11.29 23:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.11.29 09:26:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.03.13 18:59:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011.03.13 18:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2011.02.08 03:55:14 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.11.12 23:24:12 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2010.10.06 05:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.10.06 05:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.13 18:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011.03.13 18:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011.03.13 18:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011.03.13 18:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011.03.13 18:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011.03.13 18:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011.03.13 18:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 04:42:20 | 001,413,168 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.02.08 03:55:06 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.01.27 01:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.11.29 23:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.21 17:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.17 09:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2010.09.17 09:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010.09.17 09:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2010.09.17 09:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2010.08.24 10:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.08.11 07:11:26 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010.07.08 10:03:48 | 002,228,736 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.05.24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007.11.02 13:22:30 | 000,145,448 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217mdm.sys -- (s217mdm)
DRV:64bit: - [2007.11.02 13:22:30 | 000,138,792 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217unic.sys -- (s217unic)
DRV:64bit: - [2007.11.02 13:22:30 | 000,124,968 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217obex.sys -- (s217obex)
DRV:64bit: - [2007.11.02 13:22:30 | 000,033,832 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217nd5.sys -- (s217nd5)
DRV:64bit: - [2007.11.02 13:22:28 | 000,108,072 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217bus.sys -- (s217bus)
DRV:64bit: - [2007.11.02 13:22:28 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217mdfl.sys -- (s217mdfl)
DRV - [2010.07.26 21:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 01:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.7
FF - prefs.js..extensions.enabledAddons: %7Bada4b710-8346-4b82-8199-5de2b400a6ae%7D:2.0.2
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.3.1
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.0.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\firefoxextension\ [2012.04.22 18:52:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 14:32:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.02 11:47:19 | 000,000,000 | ---D | M]
 
[2011.12.16 11:52:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\Extensions
[2012.12.13 12:20:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\Firefox\Profiles\h2n1xlg0.default\extensions
[2012.12.01 11:26:47 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Rita\AppData\Roaming\mozilla\Firefox\Profiles\h2n1xlg0.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.11.15 15:38:33 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Rita\AppData\Roaming\mozilla\Firefox\Profiles\h2n1xlg0.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012.09.20 08:18:12 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\firefox\profiles\h2n1xlg0.default\extensions\amznUWL2@amazon.com.xpi
[2012.12.06 16:00:54 | 000,109,804 | ---- | M] () (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\firefox\profiles\h2n1xlg0.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2012.08.24 09:20:22 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\firefox\profiles\h2n1xlg0.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012.11.25 13:13:14 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\firefox\profiles\h2n1xlg0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.01 11:26:47 | 000,710,866 | ---- | M] () (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\firefox\profiles\h2n1xlg0.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.11.22 11:17:19 | 000,000,544 | ---- | M] () -- C:\Users\Rita\AppData\Roaming\mozilla\firefox\profiles\h2n1xlg0.default\searchplugins\WebSearch.xml
[2012.12.06 14:32:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.02 11:47:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.12.13 15:27:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (SaveAs Class) - {34DF74E8-7D43-1CEE-BA74-7225F6205EB4} - C:\ProgramData\SaveAs\50adfe8e2eae4.ocx File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rita\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - res://C:\PROGRA~2\MICROS~1\Office\1031\phdintl.dll/phdContext.htm File not found
O8 - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - res://C:\PROGRA~2\MICROS~1\Office\1031\phdintl.dll/phdContext.htm File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED3976E2-EE94-4416-8503-DFC2E9B6A97E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.16 17:11:10 | 000,000,000 | R--D | C] -- C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012.12.13 17:37:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.13 15:31:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.13 15:13:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.13 15:13:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.13 15:13:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.13 15:13:26 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.12.13 15:13:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.13 15:13:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.13 12:11:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012.12.13 12:11:29 | 000,000,000 | ---D | C] -- C:\JRT
[2012.12.07 21:10:51 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Roaming\ParetoLogic
[2012.12.07 21:10:51 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Roaming\DriverCure
[2012.12.07 21:10:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2012.12.06 16:52:19 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.12.06 16:51:35 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012.12.06 16:51:33 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012.12.06 16:51:29 | 000,000,000 | ---D | C] -- C:\Windows\el
[2012.12.06 16:51:27 | 000,000,000 | ---D | C] -- C:\Windows\es
[2012.12.06 16:51:25 | 000,000,000 | ---D | C] -- C:\Windows\fr
[2012.12.06 16:51:23 | 000,000,000 | ---D | C] -- C:\Windows\he
[2012.12.06 16:51:21 | 000,000,000 | ---D | C] -- C:\Windows\it
[2012.12.06 16:51:19 | 000,000,000 | ---D | C] -- C:\Windows\nl
[2012.12.06 16:51:16 | 000,000,000 | ---D | C] -- C:\Windows\ru
[2012.12.06 16:51:13 | 000,000,000 | ---D | C] -- C:\Windows\ar
[2012.12.06 16:48:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012.12.06 16:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012.12.06 15:13:57 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{66E2F6A7-298E-4EF0-A61F-747A46BFCF85}
[2012.12.06 14:53:46 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Roaming\Malwarebytes
[2012.12.06 14:53:42 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.06 14:53:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.06 14:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.06 14:32:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.12.05 17:20:23 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{D501D416-841F-4D21-9F3F-6CDB3C0B0922}
[2012.12.02 19:40:29 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{C2057799-37A2-4DF5-A56B-BAE7C9403A3D}
[2012.12.02 11:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.01 18:26:48 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{BEFC6E3E-06F7-4375-9426-D4BC01AC11F0}
[2012.11.30 10:31:03 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{1C634F90-39BF-4295-9062-1D3813CEFAD9}
[2012.11.29 13:13:31 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{FF70CEBB-A9A2-41AF-8BC5-CF26966D4B2D}
[2012.11.28 12:39:02 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{5BFC3B52-551D-4958-98EE-B52CE182B879}
[2012.11.27 15:36:57 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{34B58A2C-72E8-4260-8A2B-E7266FBD3F93}
[2012.11.26 14:43:36 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{2A7AC3A5-D422-4996-915B-B1A061D3F8BF}
[2012.11.23 14:58:36 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{5237B8CC-24E1-4538-8EE3-9BF0CD73EC8B}
[2012.11.22 11:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MocaFlix
[2012.11.22 10:41:04 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{392E0CC6-0D82-4E60-A31E-56BEF369D4E1}
[2012.11.21 10:20:18 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{6372F3BA-E0A9-43C3-B8D8-79B3A9C5BEDC}
[2012.11.20 11:22:35 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{EE97A51C-4538-4B31-B285-DDA8CE76EE6F}
[2012.11.19 10:54:22 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{50A63D65-AC51-4539-ADA0-90A09F29E657}
[2012.11.18 10:06:52 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{C4658DFD-34F5-43C2-A432-7BC7E05E7E86}
[2012.11.17 12:00:05 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{64DDDB26-258D-4140-9E6F-96D5BB30D367}
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.16 17:17:20 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.16 17:17:20 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.16 17:09:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.16 17:09:38 | 2078,388,223 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.15 15:11:12 | 000,001,051 | ---- | M] () -- C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.15 15:11:01 | 000,001,017 | ---- | M] () -- C:\Users\Rita\Desktop\Dropbox.lnk
[2012.12.13 15:27:53 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.12.13 10:18:27 | 000,423,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.06 16:56:44 | 000,001,362 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012.12.06 16:48:27 | 000,000,020 | ---- | M] () -- C:\Windows\4úY
[2012.12.06 15:46:22 | 000,000,000 | ---- | M] () -- C:\Users\Rita\defogger_reenable
[2012.12.06 14:53:43 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.06 14:32:58 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.22 22:15:33 | 000,002,324 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012.11.21 17:51:16 | 000,000,020 | ---- | M] () -- C:\Windows\v
 
========== Files Created - No Company Name ==========
 
[2012.12.13 15:13:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.13 15:13:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.13 15:13:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.13 15:13:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.13 15:13:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.06 16:51:12 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012.12.06 16:51:05 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2012.12.06 16:48:26 | 000,000,020 | ---- | C] () -- C:\Windows\4úY
[2012.12.06 16:40:25 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.12.06 15:46:22 | 000,000,000 | ---- | C] () -- C:\Users\Rita\defogger_reenable
[2012.12.06 14:53:43 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.06 14:32:58 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.21 17:51:16 | 000,000,020 | ---- | C] () -- C:\Windows\v
[2012.09.30 18:25:10 | 000,004,433 | ---- | C] () -- C:\Windows\jwwp_x.ini
[2012.07.15 10:48:24 | 000,004,934 | ---- | C] () -- C:\ProgramData\innbfrij.xis
[2012.02.14 19:13:54 | 001,456,640 | ---- | C] () -- C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi
[2012.01.01 21:11:39 | 001,557,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.30 17:37:38 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011.12.18 20:32:44 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.12.16 18:57:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.12.16 12:17:20 | 000,000,017 | ---- | C] () -- C:\Users\Rita\AppData\Local\resmon.resmoncfg
[2011.10.22 17:05:52 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.05.31 04:24:17 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.05.31 04:23:33 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.05.31 04:23:31 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.05.31 04:23:30 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
 
========== ZeroAccess Check ==========
 
[2012.11.09 23:09:20 | 000,000,596 | ---- | M] () -- C:\Users\Rita\AppData\Roaming\Mozilla\Firefox\Profiles\h2n1xlg0.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.12.16 11:53:59 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\ASUS WebStorage
[2012.12.07 21:10:51 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\DriverCure
[2012.12.16 17:11:27 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\Dropbox
[2012.06.03 19:23:11 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\Garmin
[2012.07.27 11:15:36 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\Imaxel
[2012.11.11 13:10:41 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\jpg-Illuminator
[2012.07.15 14:23:34 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\MOVAVI
[2011.12.18 18:00:49 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\Nuance
[2012.12.07 21:10:51 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\ParetoLogic
[2012.09.04 16:36:44 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\SoftGrid Client
[2012.01.01 21:12:26 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\TP
[2011.12.20 18:43:32 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\Windows Live Writer
[2011.12.16 18:17:08 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

SystemLook 30.07.11 by jpshortstuff
Log created at 18:46 on 14/12/2012 by Rita
Administrator - Elevation successful

========== folderfind ==========

Searching for "*mocaflix*"
C:\Program Files (x86)\MocaFlix d------ [10:17 22/11/2012]

Searching for "*SaveAs*"
No folders found.

========== regfind ==========

Searching for "mocaflix"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SP_8e4eb48d]
"DisplayName"="Search Assistant MocaFlix 1.66"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SP_8e4eb48d]
"UninstallString"=""C:\Program Files (x86)\MocaFlix\uninstall.exe" /FULLPATH="C:\Program Files (x86)\MocaFlix""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SP_8e4eb48d]
"QuietUninstallString"=""C:\Program Files (x86)\MocaFlix\uninstall.exe" /S /FULLPATH="C:\Program Files (x86)\MocaFlix""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SP_8e4eb48d]
"CategoryName"="MocaFlix"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SP Global]
"0e20a748"="c:\progra~2\mocaflix\sprote~1.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SProtector\_8e4eb48d]
"Install_Dir"="C:\Program Files (x86)\MocaFlix"

Searching for "SaveAs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\50adfe8e2eae4.ocx.50adfe8e2eae4.ocx]
@="SaveAs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\50adfe8e2eae4.ocx.50adfe8e2eae4.ocx.2]
@="SaveAs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32]
@="C:\ProgramData\SaveAs\50adfe8e2eae4.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR]
@="C:\ProgramData\SaveAs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{34DF74E8-7D43-1CEE-BA74-7225F6205EB4}]
@="SaveAs Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{34DF74E8-7D43-1CEE-BA74-7225F6205EB4}\InprocServer32]
@="C:\ProgramData\SaveAs\50adfe8e2eae4.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32]
@="C:\ProgramData\SaveAs\50adfe8e2eae4.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR]
@="C:\ProgramData\SaveAs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown\cDefaultExecMenuItems]
"tWhiteList"="Close|GeneralInfo|Quit|FirstPage|PrevPage|NextPage|LastPage|ActualSize|FitPage|FitWidth|FitHeight|SinglePage|OneColumn|TwoPages|TwoColum ns|ZoomViewIn|ZoomViewOut|ShowHideBookmarks|ShowHideThumbnails|Print|GoToPage|ZoomTo|GeneralPrefs|SaveAs|FullScreenMode|OpenOrganizer|Scan|Web2PDF:Opn URL|AcroSendMail:SendMail|Spelling:Check Spelling|PageSetup|Find|FindSearch|GoBack|GoForward|FitVisible|ShowHideArticles|ShowHideFileAttachment|ShowHideAnnotManager|ShowHideFields|ShowHideOpt Cont|ShowHideModelTree|ShowHideSignatures|InsertPages|ExtractPages|ReplacePages|DeletePages|CropPages|RotatePages|AddFileAttachment|FindCurrentBookmar k|BookmarkShowLocation|GoBackDoc|GoForwardDoc|DocHelpUserGuide|HelpReader|rolReadPage|HandMenuItem|ZoomDragMenuItem|CollectionPreview|CollectionHome|C ollectionDetails|CollectionShowRoot|&Pages|Co&ntent|&Forms|Action &Wizard|Recognize &Text|P&rotection|&Sign && Certify|Doc&ument
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\penghahcpmngdidaebkhadhnhilegjif]
"path"="C:\ProgramData\SaveAs\penghahcpmngdidaebkhadhnhilegjif.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{34DF74E8-7D43-1CEE-BA74-7225F6205EB4}]
@="SaveAs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{16726771-C380-4280-BAF9-1223B3838786}]
"DisplayName"="SaveAs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{16726771-C380-4280-BAF9-1223B3838786}]
"Publisher"="SaveAs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{16726771-C380-4280-BAF9-1223B3838786}]
"URLInfoAbout"="hxxp://saveasapp.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{16726771-C380-4280-BAF9-1223B3838786}]
"DisplayIcon"="C:\ProgramData\SaveAs\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{16726771-C380-4280-BAF9-1223B3838786}]
"UninstallString"=""C:\ProgramData\SaveAs\uninstall.exe" /path=C:\ProgramData\SaveAs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{16726771-C380-4280-BAF9-1223B3838786}]
"CategoryName"="SaveAs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Ulead Systems\Ulead Photo Express SE\4.0\Preference]
"SaveAsFile"="BMP"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{34DF74E8-7D43-1CEE-BA74-7225F6205EB4}]
@="SaveAs Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{34DF74E8-7D43-1CEE-BA74-7225F6205EB4}\InprocServer32]
@="C:\ProgramData\SaveAs\50adfe8e2eae4.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32]
@="C:\ProgramData\SaveAs\50adfe8e2eae4.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR]
@="C:\ProgramData\SaveAs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown\cDefaultExecMenuItems]
"tWhiteList"="Close|GeneralInfo|Quit|FirstPage|PrevPage|NextPage|LastPage|ActualSize|FitPage|FitWidth|FitHeight|SinglePage|OneColumn|TwoPages|TwoColum ns|ZoomViewIn|ZoomViewOut|ShowHideBookmarks|ShowHideThumbnails|Print|GoToPage|ZoomTo|GeneralPrefs|SaveAs|FullScreenMode|OpenOrganizer|Scan|Web2PDF:Opn URL|AcroSendMail:SendMail|Spelling:Check Spelling|PageSetup|Find|FindSearch|GoBack|GoForward|FitVisible|ShowHideArticles|ShowHideFileAttachment|ShowHideAnnotManager|ShowHideFields|ShowHideOpt Cont|ShowHideModelTree|ShowHideSignatures|InsertPages|ExtractPages|ReplacePages|DeletePages|CropPages|RotatePages|AddFileAttachment|FindCurrentBookmar k|BookmarkShowLocation|GoBackDoc|GoForwardDoc|DocHelpUserGuide|HelpReader|rolReadPage|HandMenuItem|ZoomDragMenuItem|CollectionPreview|CollectionHome|C ollectionDetails|CollectionShowRoot|&Pages|Co&ntent|&Forms|Action &Wizard|Recognize &Text|P&rotection|&Sign && Certif

Searching for " "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource> </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>

-= EOF =-
Gruß
LisaCharly

M-K-D-B · 16.12.2012, 19:33

Servus,

Schritt 1

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
[2012.11.22 11:17:19 | 000,000,544 | ---- | M] () -- C:\Users\Rita\AppData\Roaming\mozilla\firefox\profiles\h2n1xlg0.default\searchplugins\WebSearch.xml
O2 - BHO: (SaveAs Class) - {34DF74E8-7D43-1CEE-BA74-7225F6205EB4} - C:\ProgramData\SaveAs\50adfe8e2eae4.ocx File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SP_8e4eb48d]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SP Global]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SProtector]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\50adfe8e2eae4.ocx.50adfe8e2eae4.ocx]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\50adfe8e2eae4.ocx.50adfe8e2eae4.ocx.2]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{34DF74E8-7D43-1CEE-BA74-7225F6205EB4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\penghahcpmngdidaebkhadhnhilegjif]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{34DF74E8-7D43-1CEE-BA74-7225F6205EB4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{16726771-C380-4280-BAF9-1223B3838786}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{34DF74E8-7D43-1CEE-BA74-7225F6205EB4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}]

:files
C:\Program Files (x86)\MocaFlix

:commands
[Emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2
Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Wie läuft dein Rechner derzeit? Gibt es noch Probleme? Wenn ja, welche? In welchem Browser treten die Probleme auf?

Bitte poste mit deiner nächsten Antwort

die Logdatei des OTL-Fix,
die beiden Logdateien des neuen OTL-Scans,
die Beantwortung der gestellten Fragen.

LisaCharly · 17.12.2012, 17:00

Hallo Matthias,
im Firefox Browser erscheint beim Öffnen eines neuen Tabs "Chatzum Serch" nicht mehr. Allerdings ist unter c: die Datei: "chatzum_nt", Typ Anwendung, Größe 3694 KB, immer noch vorhanden. Was ist das?

Der Windows Explorern stürzt nach dem Öffnen ab, Meldung "Explorer funktioniert nicht mehr" und wird neu gestartet. In der Ereignisanzeige wird folgendes angezeigt:

- <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-12-17T15:12:28.000000000Z" />
<EventRecordID>32353</EventRecordID>
<Channel>Application</Channel>
<Computer>Rita-PC</Computer>
<Security />
</System>
- <EventData>
<Data>explorer.exe</Data>
<Data>6.1.7601.17567</Data>
<Data>4d672ee4</Data>
<Data>ntdll.dll</Data>
<Data>6.1.7601.17725</Data>
<Data>4ec4aa8e</Data>
<Data>c0000374</Data>
<Data>00000000000c40f2</Data>
<Data>12cc</Data>
<Data>01cddc681cf336b6</Data>
<Data>C:\Windows\explorer.exe</Data>
<Data>C:\Windows\SYSTEM32\ntdll.dll</Data>
<Data>2b84e469-485c-11e2-bcc3-742f68b55eec</Data>
</EventData>
</Event>

Hier die gewünschten Dateien:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
C:\Users\Rita\AppData\Roaming\mozilla\firefox\profiles\h2n1xlg0.default\searchplugins\WebSearch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34DF74E8-7D43-1CEE-BA74-7225F6205EB4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34DF74E8-7D43-1CEE-BA74-7225F6205EB4}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SP_8e4eb48d\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SP Global\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SProtector\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\50adfe8e2eae4.ocx.50adfe8e2eae4.ocx\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\50adfe8e2eae4.ocx.50adfe8e2eae4.ocx.2\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{34DF74E8-7D43-1CEE-BA74-7225F6205EB4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34DF74E8-7D43-1CEE-BA74-7225F6205EB4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\penghahcpmngdidaebkhadhnhilegjif\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{34DF74E8-7D43-1CEE-BA74-7225F6205EB4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34DF74E8-7D43-1CEE-BA74-7225F6205EB4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{16726771-C380-4280-BAF9-1223B3838786}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16726771-C380-4280-BAF9-1223B3838786}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{34DF74E8-7D43-1CEE-BA74-7225F6205EB4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34DF74E8-7D43-1CEE-BA74-7225F6205EB4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\ not found.
========== FILES ==========
C:\Program Files (x86)\MocaFlix folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 6376087 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Rita
->Temp folder emptied: 546044 bytes
->Temporary Internet Files folder emptied: 62290589 bytes
->Java cache emptied: 6490281 bytes
->FireFox cache emptied: 186723097 bytes
->Flash cache emptied: 8173753 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25312 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 258,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 12172012_154315

Files\Folders moved on Reboot...
C:\Users\Rita\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 17.12.2012 15:55:03 - Run 7
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rita\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 5,97 Gb Available Physical Memory | 75,45% Memory free
15,83 Gb Paging File | 13,75 Gb Available in Paging File | 86,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,30 Gb Total Space | 107,44 Gb Free Space | 57,67% Space Free | Partition Type: NTFS
Drive D: | 254,45 Gb Total Space | 254,25 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 142,91 Gb Free Space | 30,68% Space Free | Partition Type: NTFS
Drive G: | 1,84 Gb Total Space | 1,59 Gb Free Space | 86,17% Space Free | Partition Type: FAT
 
Computer Name: RITA-PC | User Name: Rita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.14 18:42:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rita\Downloads\OTL(1).exe
PRC - [2012.12.11 22:05:24 | 029,425,864 | ---- | M] (Dropbox, Inc.) -- C:\Users\Rita\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.11.29 09:26:08 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.23 12:32:38 | 001,466,760 | ---- | M] (Garmin) -- C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2011.10.22 17:19:04 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011.03.13 18:59:18 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011.02.08 03:55:14 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010.11.12 08:24:12 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010.10.07 22:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010.10.06 05:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.10.06 05:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.09.24 00:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010.08.17 22:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010.02.03 08:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.11.02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.06.19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2002.05.03 10:47:46 | 000,069,632 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.29 09:26:21 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.11.15 15:33:37 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5e3ccfdf88ccd6a9ff4e6ddae7e3fec6\System.Xaml.ni.dll
MOD - [2012.11.15 15:33:37 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\d6dc54d6b4aadbc921d00c3b76647e61\System.Xml.Linq.ni.dll
MOD - [2012.11.14 17:00:19 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c881e2d2ec912499834feb85c4c2e483\PresentationFramework.ni.dll
MOD - [2012.11.14 17:00:08 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\58f50a891bafb8fd7149e6eebc2b7b52\PresentationCore.ni.dll
MOD - [2012.11.14 17:00:01 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\05ebffcb5aac31412fea8c38cbac8df8\WindowsBase.ni.dll
MOD - [2012.11.14 16:59:59 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\cbb227c0a77a5b15a1255220984239f2\PresentationFramework.Aero.ni.dll
MOD - [2012.11.14 16:57:52 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll
MOD - [2012.11.14 16:57:45 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll
MOD - [2012.11.14 16:57:41 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll
MOD - [2012.11.14 16:57:41 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\e450f586600c27379b52c1058292cfd9\System.Security.ni.dll
MOD - [2012.11.14 16:57:39 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll
MOD - [2012.11.14 16:57:36 | 009,093,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll
MOD - [2012.11.14 16:57:31 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2010.09.24 00:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009.11.02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2010.11.30 21:19:52 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010.11.29 23:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.11.29 09:26:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.03.13 18:59:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011.03.13 18:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2011.02.08 03:55:14 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.11.12 23:24:12 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2010.10.06 05:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.10.06 05:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.13 18:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011.03.13 18:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011.03.13 18:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011.03.13 18:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011.03.13 18:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011.03.13 18:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011.03.13 18:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 04:42:20 | 001,413,168 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.02.08 03:55:06 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.01.27 01:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.11.29 23:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.21 17:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.17 09:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2010.09.17 09:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010.09.17 09:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2010.09.17 09:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2010.08.24 10:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.08.11 07:11:26 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010.07.08 10:03:48 | 002,228,736 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.05.24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007.11.02 13:22:30 | 000,145,448 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217mdm.sys -- (s217mdm)
DRV:64bit: - [2007.11.02 13:22:30 | 000,138,792 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217unic.sys -- (s217unic)
DRV:64bit: - [2007.11.02 13:22:30 | 000,124,968 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217obex.sys -- (s217obex)
DRV:64bit: - [2007.11.02 13:22:30 | 000,033,832 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217nd5.sys -- (s217nd5)
DRV:64bit: - [2007.11.02 13:22:28 | 000,108,072 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217bus.sys -- (s217bus)
DRV:64bit: - [2007.11.02 13:22:28 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217mdfl.sys -- (s217mdfl)
DRV - [2010.07.26 21:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 01:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.7
FF - prefs.js..extensions.enabledAddons: %7Bada4b710-8346-4b82-8199-5de2b400a6ae%7D:2.0.2
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.3.1
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.0.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\firefoxextension\ [2012.04.22 18:52:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 14:32:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.02 11:47:19 | 000,000,000 | ---D | M]
 
[2011.12.16 11:52:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\Extensions
[2012.12.13 12:20:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\Firefox\Profiles\h2n1xlg0.default\extensions
[2012.12.01 11:26:47 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Rita\AppData\Roaming\mozilla\Firefox\Profiles\h2n1xlg0.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.11.15 15:38:33 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Rita\AppData\Roaming\mozilla\Firefox\Profiles\h2n1xlg0.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012.09.20 08:18:12 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\firefox\profiles\h2n1xlg0.default\extensions\amznUWL2@amazon.com.xpi
[2012.12.06 16:00:54 | 000,109,804 | ---- | M] () (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\firefox\profiles\h2n1xlg0.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2012.08.24 09:20:22 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\firefox\profiles\h2n1xlg0.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012.11.25 13:13:14 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\firefox\profiles\h2n1xlg0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.01 11:26:47 | 000,710,866 | ---- | M] () (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\firefox\profiles\h2n1xlg0.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.12.06 14:32:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.02 11:47:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.12.13 15:27:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rita\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - res://C:\PROGRA~2\MICROS~1\Office\1031\phdintl.dll/phdContext.htm File not found
O8 - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - res://C:\PROGRA~2\MICROS~1\Office\1031\phdintl.dll/phdContext.htm File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED3976E2-EE94-4416-8503-DFC2E9B6A97E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.17 15:47:24 | 000,000,000 | R--D | C] -- C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012.12.17 15:43:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.12.13 17:37:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.13 15:31:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.13 15:13:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.13 15:13:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.13 15:13:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.13 15:13:26 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.12.13 15:13:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.13 15:13:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.13 12:11:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012.12.13 12:11:29 | 000,000,000 | ---D | C] -- C:\JRT
[2012.12.13 10:01:19 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.13 10:01:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.13 10:01:18 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.13 10:01:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.13 10:01:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.13 10:01:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.13 10:01:18 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.13 10:01:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.13 10:01:17 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.13 10:01:17 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.13 10:01:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.13 10:01:17 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.13 10:01:16 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.13 10:01:16 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.13 10:01:16 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.12 12:13:30 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.12 12:13:29 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.12 12:13:29 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.12 12:13:29 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.12 12:13:19 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.12 12:13:19 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.12 12:13:19 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.12 12:13:19 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.12 12:13:15 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.12 12:13:15 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.12 12:13:15 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.12 12:13:15 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.12 12:13:15 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.12 12:13:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.12 12:13:15 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.12 12:13:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 12:13:15 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 12:13:15 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 12:13:15 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.12 12:13:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 12:13:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 12:13:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 12:13:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 12:13:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 12:13:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 12:13:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 12:13:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 12:13:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 12:13:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 12:13:14 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 12:13:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 12:13:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 12:13:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 12:13:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 12:13:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 12:13:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 12:13:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 12:13:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 12:13:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 12:13:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 12:13:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 12:13:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.12 12:13:03 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.12 12:13:03 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.07 21:10:51 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Roaming\ParetoLogic
[2012.12.07 21:10:51 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Roaming\DriverCure
[2012.12.07 21:10:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2012.12.06 16:52:19 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.12.06 16:51:35 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012.12.06 16:51:33 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012.12.06 16:51:29 | 000,000,000 | ---D | C] -- C:\Windows\el
[2012.12.06 16:51:27 | 000,000,000 | ---D | C] -- C:\Windows\es
[2012.12.06 16:51:25 | 000,000,000 | ---D | C] -- C:\Windows\fr
[2012.12.06 16:51:23 | 000,000,000 | ---D | C] -- C:\Windows\he
[2012.12.06 16:51:21 | 000,000,000 | ---D | C] -- C:\Windows\it
[2012.12.06 16:51:19 | 000,000,000 | ---D | C] -- C:\Windows\nl
[2012.12.06 16:51:16 | 000,000,000 | ---D | C] -- C:\Windows\ru
[2012.12.06 16:51:13 | 000,000,000 | ---D | C] -- C:\Windows\ar
[2012.12.06 16:48:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012.12.06 16:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012.12.06 16:38:11 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012.12.06 16:38:11 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012.12.06 16:38:11 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012.12.06 16:38:11 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012.12.06 16:38:11 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012.12.06 16:38:11 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012.12.06 16:38:11 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012.12.06 16:38:11 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012.12.06 15:13:57 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{66E2F6A7-298E-4EF0-A61F-747A46BFCF85}
[2012.12.06 14:53:46 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Roaming\Malwarebytes
[2012.12.06 14:53:42 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.06 14:53:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.06 14:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.06 14:32:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.12.05 17:20:23 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{D501D416-841F-4D21-9F3F-6CDB3C0B0922}
[2012.12.02 19:40:29 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{C2057799-37A2-4DF5-A56B-BAE7C9403A3D}
[2012.12.02 11:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.01 18:26:48 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{BEFC6E3E-06F7-4375-9426-D4BC01AC11F0}
[2012.11.30 10:31:03 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{1C634F90-39BF-4295-9062-1D3813CEFAD9}
[2012.11.29 13:13:31 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{FF70CEBB-A9A2-41AF-8BC5-CF26966D4B2D}
[2012.11.28 12:39:02 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{5BFC3B52-551D-4958-98EE-B52CE182B879}
[2012.11.27 15:36:57 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{34B58A2C-72E8-4260-8A2B-E7266FBD3F93}
[2012.11.26 14:43:36 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{2A7AC3A5-D422-4996-915B-B1A061D3F8BF}
[2012.11.23 14:58:36 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{5237B8CC-24E1-4538-8EE3-9BF0CD73EC8B}
[2012.11.22 10:41:04 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{392E0CC6-0D82-4E60-A31E-56BEF369D4E1}
[2012.11.21 10:20:18 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{6372F3BA-E0A9-43C3-B8D8-79B3A9C5BEDC}
[2012.11.20 11:22:35 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{EE97A51C-4538-4B31-B285-DDA8CE76EE6F}
[2012.11.19 10:54:22 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{50A63D65-AC51-4539-ADA0-90A09F29E657}
[2012.11.18 10:06:52 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{C4658DFD-34F5-43C2-A432-7BC7E05E7E86}
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.17 15:53:27 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.17 15:53:27 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.17 15:45:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.17 15:45:38 | 2078,388,223 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.15 15:11:12 | 000,001,051 | ---- | M] () -- C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.15 15:11:01 | 000,001,017 | ---- | M] () -- C:\Users\Rita\Desktop\Dropbox.lnk
[2012.12.13 15:27:53 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.12.13 10:18:27 | 000,423,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.06 16:56:44 | 000,001,362 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012.12.06 16:48:27 | 000,000,020 | ---- | M] () -- C:\Windows\4úY
[2012.12.06 15:46:22 | 000,000,000 | ---- | M] () -- C:\Users\Rita\defogger_reenable
[2012.12.06 14:53:43 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.06 14:32:58 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.22 22:15:33 | 000,002,324 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012.11.21 17:51:16 | 000,000,020 | ---- | M] () -- C:\Windows\v
 
========== Files Created - No Company Name ==========
 
[2012.12.13 15:13:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.13 15:13:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.13 15:13:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.13 15:13:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.13 15:13:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.06 16:51:12 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012.12.06 16:51:05 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2012.12.06 16:48:26 | 000,000,020 | ---- | C] () -- C:\Windows\4úY
[2012.12.06 16:40:25 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.12.06 15:46:22 | 000,000,000 | ---- | C] () -- C:\Users\Rita\defogger_reenable
[2012.12.06 14:53:43 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.06 14:32:58 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.21 17:51:16 | 000,000,020 | ---- | C] () -- C:\Windows\v
[2012.09.30 18:25:10 | 000,004,433 | ---- | C] () -- C:\Windows\jwwp_x.ini
[2012.07.15 10:48:24 | 000,004,934 | ---- | C] () -- C:\ProgramData\innbfrij.xis
[2012.02.14 19:13:54 | 001,456,640 | ---- | C] () -- C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi
[2012.01.01 21:11:39 | 001,557,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.30 17:37:38 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011.12.18 20:32:44 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.12.16 18:57:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.12.16 12:17:20 | 000,000,017 | ---- | C] () -- C:\Users\Rita\AppData\Local\resmon.resmoncfg
[2011.10.22 17:05:52 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.05.31 04:24:17 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.05.31 04:23:33 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.05.31 04:23:31 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.05.31 04:23:30 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
 
========== ZeroAccess Check ==========
 
[2012.11.09 23:09:20 | 000,000,596 | ---- | M] () -- C:\Users\Rita\AppData\Roaming\Mozilla\Firefox\Profiles\h2n1xlg0.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 17.12.2012 15:55:04 - Run 7
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rita\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 5,97 Gb Available Physical Memory | 75,45% Memory free
15,83 Gb Paging File | 13,75 Gb Available in Paging File | 86,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,30 Gb Total Space | 107,44 Gb Free Space | 57,67% Space Free | Partition Type: NTFS
Drive D: | 254,45 Gb Total Space | 254,25 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 142,91 Gb Free Space | 30,68% Space Free | Partition Type: NTFS
Drive G: | 1,84 Gb Total Space | 1,59 Gb Free Space | 86,17% Space Free | Partition Type: FAT
 
Computer Name: RITA-PC | User Name: Rita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F881F3-65AE-48DA-825A-AED43D901D8B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{08466D8F-FBAC-4D60-8C47-E0252D0569BF}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1502223B-6A64-40B7-9D90-E4C291EA07D9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{155C5FB5-3D23-4346-BFD9-3ED8D9502139}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1BEBDD36-132D-4182-9899-698BC73F13A5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{21E58766-EAF6-46CC-8AEF-DE76EEE59589}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3572F0EB-613C-4D5D-94F9-6C6DD17BBEBE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3F6894B5-7DBA-49BC-89E0-52D0638810FD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{5AC9E851-B583-4BC6-9D9C-F152A5862325}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5E7A33F1-F76B-45E1-8A67-BF003EF74064}" = rport=139 | protocol=6 | dir=out | app=system | 
"{68C2B933-51A8-4A9A-A8BA-E44024FB5D6F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{751E3A73-1BAB-4F51-B661-8A69FE665E47}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{8252D178-72B7-4C8A-AD74-8E31879048C2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{83205428-AE03-4693-B21B-F63692E1DE2E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{8804EF7B-B3B6-40E6-98BE-E37F40BF870A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{9002830C-AAD4-4279-B175-2F629C224184}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{907088A4-90A3-4801-84C3-A6F2973D8BEC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9464C45A-6B64-4753-870B-4921F1644437}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{96C114E9-469A-4997-95BE-38220DE8B103}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{ACEB2468-01BE-4339-9A0E-38D8E50A28B1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B0FDEFD4-C155-4A4C-81E2-F3E5496084FE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B7F0216A-D157-46E4-AF17-BC40BCC59106}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BBCAE95C-B1D9-4560-BBEC-7A762B61A02E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BFE962F4-7ACF-4535-970E-E82E41D82A7E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C7022E60-6522-437E-85E0-9090D4EF44A8}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CAE7E8DF-79CF-4002-B6DA-29AB5A1BFB90}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CD8A375F-F5E8-45AF-92EE-C01D66E5501F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{CE9BAD53-BDA0-475B-BADE-D8028E6AED71}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DF3309E9-F719-4886-8AA5-6142FA1A60B8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E2E1F4C1-17C5-4FC7-8DC3-D672FC1658B7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{F7A569A8-2A26-46BC-8802-B78576AF3A0C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18BD6347-4FF7-47B1-B7B1-D497F01A6D25}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1D9306CF-1BF8-4B55-BB73-690313F630FB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{25E544F8-62B3-426D-A530-B5A39F855AEA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{274D53E1-0CC2-4BEE-A02A-8400D63083F4}" = protocol=17 | dir=in | app=c:\users\rita\appdata\roaming\dropbox\bin\dropbox.exe | 
"{2D41FDF1-1395-47D1-925C-AE00CA5D4051}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{319D5919-C7C1-496E-97A1-F06D222881FD}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3285DC7A-CFA5-4808-A89E-C40F479C9785}" = protocol=6 | dir=out | app=system | 
"{3CA62D83-B2EC-4F35-83EF-8C28CC0A8B88}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{44A602D7-7C18-453A-8F35-5DEAF5983CE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5294AA54-7A8A-4F91-833F-91F2CE58DAB1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5299EA90-DAAE-4E8A-8259-78EBFC8176B1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{66A90C8C-B7BA-4CB1-910A-B46C7402345C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8A218DEC-B500-474C-AADC-4CA962D4031B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{93B67676-038A-4342-8FB2-2C6D23BB691E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9A45C278-3170-449B-8F56-DEDF438CFEA9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A7067C5B-9E4C-4668-BE2A-A6A3519EF84A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AE72AB9F-EE39-4403-87CC-EE312B332D89}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{B4C0B2A3-3CA3-467D-BA12-AC749294CFE5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B8019388-C7E5-4547-9D62-9EC150D13FB2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C5F15E07-B0E2-4B48-B6F6-51A0F464C696}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{DA2FCE0B-AEE8-4A67-B697-8C5C89F4EC25}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{DA9D74F3-9F31-4FF0-BEAA-3C82626392FC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{E5C5A0FD-6B6D-47EB-98F0-64832687CA95}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ED2699C9-528E-4B6A-8FCB-0A57AF9ECDEF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EF213244-ED86-4655-A41E-7A9D8F920711}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F3E4AFC4-07F4-4E8C-99EC-5E3568817100}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F55477E2-EF2C-4361-928B-AB03AD8CAE6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F55FA9A0-63B6-4C5D-B28F-3E61CD5F085C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FD446D4F-411F-4240-AF01-A5F8048F5537}" = protocol=6 | dir=in | app=c:\users\rita\appdata\roaming\dropbox\bin\dropbox.exe | 
"{FD6050C6-11FE-4FA5-8FF4-BEE3542C9F46}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{FF9250BD-E486-4D06-8901-99A1633D28A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{2F497265-79B3-4C56-A2AA-4103DF422B66}C:\users\rita\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\rita\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{C2FA54A9-B2EA-4FD7-8318-739C85D26D53}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{C7076261-9BA9-4687-9BF5-F3C994BF7760}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{3A7750E3-2064-477D-B630-E918827065AB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{88974580-6EDA-4B14-9D96-230125E28FD6}C:\users\rita\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\rita\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{AC01043D-6306-4EDF-A85E-87B6A8E945AC}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series" = Canon iP4800 series Printer Driver
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{000AD938-EEBB-46F5-BD33-23CB34A57C54}" = Movie Maker
"{01944037-D136-45EE-A007-403EAD929FC7}" = Windows Live Writer
"{01ABAEC3-8F96-4D00-9672-E49AAFDC0685}" = Windows Live Writer Resources
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{061FF8F3-5226-4278-8AAB-282C1B024F58}" = Photo Common
"{06EED60F-7FFC-43A7-936E-AA4A8BD948B4}" = Windows Live Writer
"{087D261B-73AE-4B8A-8F18-2EE80DD2ED8B}" = Фотоальбом
"{0AD576A7-EDCE-469E-ADD7-1AC9DB200C6B}" = Windows Live Mail
"{0BC39E89-506A-4ADA-8924-27AEE2C97618}" = Windows Live Writer
"{0BFF2188-2D8E-4BE2-95D0-B3CCD4C6A0C9}" = Photo Common
"{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}" = Movie Maker
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{19AFD9A4-B584-41C8-91EA-38EB2FC1BD50}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1FEE19BC-6F0C-42E4-82FF-FB597F6141DF}" = Windows Live Essentials
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2177152C-83DD-4540-B2F0-970F7303B7BA}" = Windows Live Writer Resources
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2AC4C6D7-512D-4B78-A85B-2C16E748AB8E}" = Movie Maker
"{2B068A64-F867-44E9-8827-A795647C8730}" = Фотографии (общедоступная версия)
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{373EF285-A2DC-44EB-8D79-18918F33CB3A}" = Windows Live Messenger
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3C41298B-A3F5-40C8-8BE3-A9A3F0644B0A}" = Windows Live Writer
"{3C5EA394-1031-11D2-A2CB-00C04F72F31D}" = Microsoft PhotoDraw 2000 V2
"{3C63F944-803E-49A7-B3A2-B8AB3313E883}" = Windows Live UX Platform Language Pack
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{43CCAC37-4E31-495F-9077-471E4E92DCEA}" = Windows Live Messenger
"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos
"{45411273-7307-4F9D-BCAF-7E5ED0A36050}" = Garmin Lifetime Updater
"{476C5E21-9418-4A76-80A3-0C6A470AC637}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack
"{4AF53C99-315D-4536-873F-029D2D274AE2}" = Photo Common
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{5006FD66-7E9B-4F92-BD36-275AD7712348}" = معرض الصور
"{525E7EA7-481F-499D-A7F7-4682AC46A454}" = Movie Maker
"{5681FEA2-1CF8-461E-B611-55D2C50FC4EF}" = بريد Windows Live
"{5917D694-AFC3-46BF-8CAB-0DABAF9D6FCB}" = Windows Live UX Platform Language Pack
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5FE3BC4E-2BD5-4D6B-8BC4-640A42626AAD}" = Почта Windows Live
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62BBCDDC-4979-4E59-9D97-5B8E874C3191}" = Movie Maker
"{631C4E4F-6FDC-4CC0-A067-E9876A9BA7FD}" = 影像中心
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{69FCA957-224F-4623-8BE0-6295CFB2C3E4}" = Windows Live Mail
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{701FE1BC-834A-4857-AF62-6EBA50CFBC78}" = Movie Maker
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73669388-1011-4B57-A90F-8B0415093AB2}" = Windows Live Writer
"{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{794D971F-7EC1-4F71-A51C-773074CAB8DA}" = Windows Live Writer
"{79A1AF43-BD17-4A81-B38A-6D6535D3F377}" = Windows Live Writer
"{7CDBE27D-87EC-434E-AFE4-D0116AE876BB}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{8030AE22-7FA0-4880-A538-8906EDBF49F4}" = Windows Live Writer Resources
"{81CF4226-47C1-418C-8718-1B3ED2C37878}" = Windows Live Essentials
"{83C9377F-5ED1-4AD8-B113-7C876AEAF3AB}" = Windows Live Messenger
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{87425773-10F4-4858-8CBF-465093FA43DE}" = Windows Live Mail
"{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8AAEB5A5-A397-46B6-8AF3-B6DC790C4E48}" = Windows Live Messenger
"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E241C05-52BF-4862-AD1F-AAE465C0075B}" = Windows Live Mail
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8F7FECEC-088F-431D-A5FB-2B59E1E69943}" = Galería de fotos
"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96914829-DF65-40AE-8A31-6F3E96BAEBBD}" = Windows Live Mail
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{989889A7-D13D-4DA4-B059-B250784DFABC}" = Photo Common
"{9B4D3AFE-8679-4704-AA4C-BAB0E41870EF}" = Windows Live Essentials
"{9C60D080-84E7-43A5-8ECA-28253D253BD7}" = Windows Live Essentials
"{A0E4C4A6-1CC7-4442-8CAE-2D825B7BC1C1}" = Windows Live Writer Resources
"{A132CE8A-79EA-4BB5-9A24-4348B4DDD48A}" = Photo Common
"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker
"{A19A8C25-272A-4CD6-8BA8-3772321A021B}" = Συλλογή φωτογραφιών
"{A58FCEF4-3191-466C-8949-0FFFFFB7631D}" = Windows Live Writer Resources
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ADE1F206-1365-4B14-9A24-4B1A7DD58BAC}" = Windows Live UX Platform Language Pack
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker
"{B096A0E4-26A1-4E9F-8548-577964B9434B}" = Windows Live Essentials
"{B27EDD14-869E-4A44-905A-5DE652F7278F}" = Windows Live Messenger
"{B306F739-A414-4698-BFAD-0AB23F73D14F}" = Windows Live Messenger
"{B328282C-DCE9-49B7-8B98-C08D9AA28C46}" = Windows Live Mail
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B67B2671-2981-466B-BA14-25538AA871DC}" = Windows Live Messenger
"{B693A4C3-B708-4F25-978E-56CA2517914C}" = Windows Live UX Platform Language Pack
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B77D2795-23C0-4DBD-B7B5-CFB542D1FA3F}" = Windows Live Writer Resources
"{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}" = Ulead Photo Express 4.0 SE
"{BC5AB595-ABEA-42D3-BD4F-C8014EB20F2B}" = Falk Navi-Manager
"{BFA6D5AD-25EA-475F-AD80-ECD408C674AB}" = Movie Maker
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C40D110E-0718-4E11-A69B-D4EC7BF2EB04}" = Windows Live UX Platform Language Pack
"{C41A3B9E-A238-4E83-AD37-D1EDD1105F5A}" = Windows Live Writer
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack
"{C4E8BC59-BD60-4B73-999B-758890DF4E62}" = Windows Live Writer Resources
"{C595F480-788A-4F8F-8277-1A91F32CA879}" = Windows Live Writer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C8BBA220-8549-462A-B411-1AF44DE098B5}" = Photo Common
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CE542E0D-E056-4426-9F98-084C13E18641}" = Windows Live UX Platform Language Pack
"{D04EBB49-C985-4A38-8695-62000861293A}" = Raccolta foto
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0F03C35-6196-4992-8621-6F390DFA9073}" = Windows Live Messenger
"{D16E0F0C-5D10-45CF-A585-CE3689B5A913}" = Windows Live Writer
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D4EA8070-20E0-4BAF-BC44-D166C292FEBE}" = Windows Live Writer Resources
"{D5082B89-2E86-447E-A02C-922534592FA8}" = Photo Common
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DB169E8F-5332-4DBF-B085-84AA2C373304}" = Windows Live Messenger
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B5FDF0-6940-44B2-8204-CFA746A6B4AF}" = Movie Maker
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E37CD6E8-BC51-4D48-9840-803EC3B418D3}" = גלריית התמונות
"{E570053D-8ABC-4938-9E23-C634E08E7490}" = Windows Live Mail
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E7AE39C6-B669-433F-A351-CA132C611310}" = Windows Live UX Platform Language Pack
"{EA2BE047-FF29-4336-BB70-6AF201085BAF}" = Windows Live 程式集
"{EA348D4B-FB4D-4449-8749-654CA51F56A6}" = Windows Live UX Platform Language Pack
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0 
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common
"{F54A07A9-9716-4094-9E79-F5E929679FFF}" = Windows Live Writer Resources
"{F5E338CE-E1C6-4F7D-8300-44DBD05B9F14}" = Galeria de Fotografias
"{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery
"{F7304CCF-B4A0-49C7-88A8-CD3F28FFBF9A}" = Основные компоненты Windows Live
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA75723A-BF4A-40A2-BFCB-BBC320C27DC9}" = Windows Live Mail
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FEFD91C5-A25D-48D9-89DA-0FB7BB8B3EF7}" = Windows Live Writer Resources
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"AsusScr_K3 Series_ENG_Basic" = AsusScr_K3 Series_ENG_Basic
"Bookworm Deluxe" = Bookworm Deluxe
"Cooking Dash" = Cooking Dash
"Doxillion" = Doxillion Document Converter
"ExpressBurn" = Express Burn CD DVD Blu-Ray Brenner
"ExpressZip" = Express Zip File Compression Software
"Governor of Poker" = Governor of Poker
"Hotel Dash Suite Success" = Hotel Dash Suite Success
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"WinLiveSuite" = Windows Live Essentials
"Works2003Setup" = Microsoft Works 2003-Setup-Start
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.12.2012 10:10:43 | Computer Name = Rita-PC | Source = Application Error | ID = 1000
Error - 14.12.2012 13:42:51 | Computer Name = Rita-PC | Source = Application Error
 | ID = 1000
 
[ System Events ]
Error - 13.12.2012 07:41:52 | Computer Name = Rita-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 13.12.2012 10:19:16 | Computer Name = Rita-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 13.12.2012 10:22:59 | Computer Name = Rita-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 13.12.2012 10:27:58 | Computer Name = Rita-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 17.12.2012 10:37:19 | Computer Name = Rita-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 17.12.2012 10:43:15 | Computer Name = Rita-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "ASLDR Service" wurde unerwartet beendet. Dies ist bereits 
1 Mal passiert.
 
 
< End of report >

--- --- ---

Gruß
LisaCharly

M-K-D-B · 17.12.2012, 17:35

Servus,

Schritt 1
Drücke Start.
Gib in den Suchleiste CMD ein.
Bei den Ergebnisse rechtsklick auf die cmd.exe -> Als Administrator starten
gib folgendes ein: sfc /scannow
Bestätige mit Enter.
Starte deinen Rechner im Abschluss neu auf.

Schritt 2

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code:
ATTFilter
```
:filefind
*chatzum*

:folderfind
*chatzum*

:regfind
chatzum
         
```
Klicke nun auf den Button Look, um den Scan zu starten.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Bitte poste mit deiner nächsten Antwort

die Logdatei von SystemLook.

09.12.2012, 22:19	#4
M-K-D-B /// TB-Ausbilder	erstelltes Thema erscheint nicht Servus, was du tun musst, steht alles in meiner Anleitung. Lies sie dir in Ruhe durch und führe sie genau so aus. Keine Angst, das haben schon Hunderte vor dir geschafft, du schaffst es auch.

14.12.2012, 19:57	#11
M-K-D-B /// TB-Ausbilder	erstelltes Thema erscheint nicht Servus, OTL "nur" so ausführen, wie in meiner letzten Antwort beschrieben. Das genügt.

erstelltes Thema erscheint nicht

Plagegeister aller Art und deren Bekämpfung: erstelltes Thema erscheint nicht