Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.10.2012, 06:59   #1
bambi317
 
Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista - Standard

Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista



Hallo Forum,

seit ein paar tagen merke ich, dass in zwei meiner benutzerkonten auf meinem rechner die CPU last auf 100% geht und bleibt. In beiden fälle schien die sidebar der auslöser zu sein und nachdem ich in verschiedenen foren gelesen hatte, dass dies durchaus passiert, habe ich mich erstmal darum gekümmert. In dem einen konto hat das reine deaktivieren erfolg gehabt. Im anderen nicht, und da wurde ich dann nachdenklich ...

Mein Avira hat bis letzte woche nichts gemeldet und seit letzter woche habe die neueste version eingespielt.

Ich habe nun mit desinfec't von CD gestartet und dies hat mir die beiden trojaner

Trojan.TDss-7762
und
Trojan.Generic.FakeAV.WKA

gemeldet.
Soll ich nun mit der von euch beschriebenen standardprozedur beginnen oder was schlagt ihr vor?

Danke.

Gruss,
bambi

Alt 24.10.2012, 13:35   #2
Psychotic
/// Malwareteam
 
Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista - Standard

Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista





Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.



Schritt 1: defogger


Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
  • Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Sollte Defogger eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.



Schritt 2: OTL



Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.



Schritt 3: aswMBR


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.




Schritt 4: Scan mit TDSS-Killer



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________

__________________

Alt 26.10.2012, 09:06   #3
Psychotic
/// Malwareteam
 
Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista - Standard

Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista



Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________
__________________

Alt 28.10.2012, 10:24   #4
bambi317
 
Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista - Standard

Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista



Hallo Marius,
danke, dass du mir helfen willst. Ich war leider die letzten drei tage völlig ohne systemzugang und konnte daher nicht antworten. Ich hoffe, du siehst die antwort noch.

1.) Defogger habe ich ausgeführt.
2.) OLT ebenfalls. Hier sind die zwei dateien
3.) aswMBR kommt jetzt dran, oder soll ich vorher auf deine antowrt warten?

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 24.10.2012 21:15:14 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\bambi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 40,65% Memory free
4,23 Gb Paging File | 2,55 Gb Available in Paging File | 60,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 44,33 Gb Free Space | 9,94% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,68 Gb Free Space | 53,40% Space Free | Partition Type: FAT32
 
Computer Name: BAMBI2 | User Name: b2admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\bambi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Serviio\bin\ServiioService.exe ()
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
PRC - C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
PRC - C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (de_serv) -- C:\Program Files\Common Files\AVM\de_serv.exe File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Serviio) -- C:\Programme\Serviio\bin\ServiioService.exe ()
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (UMVPFSrv) -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (PMBDeviceInfoProvider) -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (srvcPVR) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PID_PEPI) -- system32\DRIVERS\LV302V32.SYS File not found
DRV - (pepifilter) -- system32\DRIVERS\lv302af.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (NETFRITZ) -- system32\DRIVERS\NETFRITZ.SYS File not found
DRV - (LVUSBSta) -- system32\drivers\LVUSBSta.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (NXP Semiconductors Germany GmbH)
DRV - (prodrv04) -- C:\Windows\System32\drivers\prodrv04.sys (Protection Technology Co.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (Haspnt) -- C:\Windows\System32\drivers\Haspnt.sys (Aladdin Knowledge Systems)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (s0016unic) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH)
DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (Hardlock) -- C:\Windows\System32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (aksusb) -- C:\Windows\System32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.)
DRV - (akshasp) -- C:\Windows\System32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (FUS2BASE) -- C:\Windows\System32\drivers\fus2base.sys (AVM Berlin)
DRV - (AVMCOWAN) -- C:\Windows\System32\drivers\avmcowan.sys (AVM GmbH)
DRV - (Pei16Wdm) -- C:\Windows\System32\drivers\Pei16Wdm.sys (EIBA s.c.)
DRV - (Pei10Wdm) -- C:\Windows\System32\drivers\Pei10Wdm.sys (EIBA s.c.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\OpenOffice.org 3\program [2012.09.08 21:20:03 | 000,000,000 | ---D | M]
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.18 15:27:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.18 15:27:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.09.08 00:01:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.09.08 00:01:56 | 000,000,000 | ---D | M]
 
[2010.02.22 00:00:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\b2admin\AppData\Roaming\mozilla\Extensions
[2009.12.22 21:42:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\b2admin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.02.22 00:00:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\b2admin\AppData\Roaming\mozilla\Extensions\mockeryApp@getMockery.com
[2012.01.22 01:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\b2admin\AppData\Roaming\mozilla\Firefox\Profiles\9koaqaso.default\extensions
[2012.01.22 01:01:03 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\b2admin\AppData\Roaming\mozilla\firefox\profiles\9koaqaso.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2011.11.13 23:24:56 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\b2admin\AppData\Roaming\mozilla\firefox\profiles\9koaqaso.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012.10.18 15:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.18 15:27:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.18 15:27:43 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.01 15:37:40 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.02 19:47:28 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.01 15:37:40 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.01 15:37:40 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.01 15:37:40 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.01 15:37:40 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.10.31 11:49:51 | 000,424,508 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 14632 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_15_silver\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\b2admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk.disabled ()
O4 - Startup: C:\Users\b2admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk = C:\Programme\Serviio\bin\ServiioConsole.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\b2admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range37 ([*] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.42.43.62 82.212.62.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F023196-7CB2-4746-A741-2FC424B4BED4}: DhcpNameServer = 78.42.43.62 82.212.62.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{fb72b470-d73c-11dc-b58b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fb72b470-d73c-11dc-b58b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.18 15:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.10 20:36:32 | 000,000,000 | ---D | C] -- C:\Users\b2admin\AppData\Roaming\Avira
[2012.10.10 20:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.10 20:29:04 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.10.10 20:29:02 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.10.10 20:29:02 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.10.10 20:29:02 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.10.10 20:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.10.10 19:54:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.10 19:52:50 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.10 19:52:50 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.09.30 17:18:09 | 000,000,000 | ---D | C] -- C:\Users\b2admin\AppData\Roaming\TeamViewer
[2012.09.30 16:33:07 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.30 16:33:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.30 16:33:05 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.30 16:33:04 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.30 16:33:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.30 16:33:03 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.30 16:33:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.30 16:33:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.24 21:11:47 | 000,000,000 | ---- | M] () -- C:\Users\b2admin\defogger_reenable
[2012.10.24 20:31:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.24 19:42:52 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.24 19:42:52 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.24 18:31:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.24 07:43:27 | 000,302,609 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.10.24 07:43:26 | 000,302,671 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.10.24 07:42:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.24 07:42:36 | 2146,656,256 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.24 07:42:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012.10.20 17:27:27 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.20 17:27:27 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.16 00:31:47 | 000,638,510 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.16 00:31:47 | 000,604,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.16 00:31:47 | 000,130,462 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.16 00:31:47 | 000,107,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.10 20:11:08 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.10.10 20:11:08 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.10.10 20:11:08 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.10.10 20:11:07 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.24 21:11:47 | 000,000,000 | ---- | C] () -- C:\Users\b2admin\defogger_reenable
[2012.07.07 18:35:15 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.08.12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.07.26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.02.04 21:29:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.25 02:04:20 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.05.23 10:40:55 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Digital Mono
[2010.05.23 10:40:55 | 000,000,268 | RH-- | C] () -- C:\Users\b2admin\AppData\Roaming\Dialogs
[2010.05.23 10:40:55 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2010.05.23 10:40:53 | 000,000,268 | RH-- | C] () -- C:\ProgramData\DirectoryService
[2010.05.23 10:40:53 | 000,000,268 | RH-- | C] () -- C:\Users\b2admin\AppData\Roaming\Dictionaries
[2010.05.23 10:22:45 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010.05.23 10:17:13 | 000,000,268 | RH-- | C] () -- C:\Users\b2admin\AppData\Roaming\manual
[2010.05.23 10:17:13 | 000,000,268 | RH-- | C] () -- C:\ProgramData\AccountTypes
[2010.05.23 10:17:13 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010.05.23 10:13:34 | 000,000,268 | RH-- | C] () -- C:\ProgramData\vhosts
[2010.05.23 10:13:34 | 000,000,268 | RH-- | C] () -- C:\Users\b2admin\AppData\Roaming\laserjet
[2010.05.23 10:13:34 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010.04.24 21:47:31 | 000,302,671 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.04.24 21:45:23 | 000,302,609 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.01.05 16:39:20 | 000,000,680 | ---- | C] () -- C:\Users\b2admin\AppData\Local\d3d9caps.dat
[2008.10.19 18:54:41 | 000,000,000 | ---- | C] () -- C:\Users\b2admin\AppData\Roaming\Default.PLS
[2008.07.26 09:47:39 | 000,014,848 | ---- | C] () -- C:\Users\b2admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.02.09 22:11:27 | 000,000,680 | RHS- | C] () -- C:\Users\b2admin\ntuser.pol
[2008.02.09 21:08:21 | 000,000,095 | ---- | C] () -- C:\Users\b2admin\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---

[/CODE]


und

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 24.10.2012 21:15:14 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\bambi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 40,65% Memory free
4,23 Gb Paging File | 2,55 Gb Available in Paging File | 60,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 44,33 Gb Free Space | 9,94% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,68 Gb Free Space | 53,40% Space Free | Partition Type: FAT32
 
Computer Name: BAMBI2 | User Name: b2admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{42DB682B-3DF6-4734-A575-6B03E379B141}" = lport=23423 | protocol=6 | dir=in | name=serviio | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{047A9882-1388-41FF-A193-D939D6FFCB87}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe | 
"{0BE04582-A3D0-4724-B1D1-18F701998C19}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 
"{0E1D021A-3466-4364-A857-01DDE522CEEC}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | 
"{114CF6C7-675E-4B88-958B-963BEACAC4F7}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{11D4F8DE-F824-4CEE-BB3B-D9ABC2CC7416}" = protocol=17 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe | 
"{12F4890E-A717-4B4D-9649-319F8D85D7D7}" = protocol=17 | dir=in | app=c:\program files\origin games\fifa 12\game\fifa.exe | 
"{21B4A522-0A4E-4465-8EC6-914DE29B6C02}" = protocol=6 | dir=in | app=c:\users\b2admin\appdata\local\temp\7zs2b4c\hpdiagnosticcoreui.exe | 
"{260DECA3-DB21-4F58-BA65-51D7F5672E7F}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe | 
"{2A9A595A-DC01-4674-9861-8B060A93CBE5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{31440723-4F2D-4361-8F68-081A6D320C55}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3D495EC1-6F5A-41A1-A1F5-9DABB1EF436B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3FC1B51D-CB1A-4969-9477-C84531842261}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | 
"{42C4C4AB-ED99-4011-B9A9-0F6C60630F1C}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{47F96CD6-FD1A-4907-9AAF-C4388C29FDAA}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioconsole.exe | 
"{51093349-6AB9-4279-AFC1-D7F8F28C7DB8}" = protocol=17 | dir=in | app=c:\users\b2admin\appdata\local\temp\7zs2b4c\hpdiagnosticcoreui.exe | 
"{561390E9-1F84-4E34-A574-B1FFDEC1A3A3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{570430ED-EC51-4D4B-9654-410E036CF2F4}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioconsole.exe | 
"{5F12CC92-57AC-4A30-ACD9-B28F4EC1E61B}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe | 
"{5F521539-4E8A-43EF-9DC5-A99A3736B933}" = protocol=6 | dir=in | app=c:\program files\origin games\fifa 12\game\fifa.exe | 
"{6A9D8DA1-CC97-4D5F-8FE5-40BCA4FF4EFE}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | 
"{6E38C1D5-806E-4ED8-91E1-A5C3D9C927E2}" = protocol=17 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe | 
"{7E67C98F-958E-4661-859C-92BC78B220FB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{80404A6C-96BC-4285-A3DF-884D8DC1B7E7}" = protocol=17 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe | 
"{82D35C5C-9543-4255-88F7-9D4459630A25}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{885D5E84-7456-444E-A03E-A709D11B9886}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | 
"{8BB139D3-6ADE-4F11-8C44-E144DE76DB81}" = protocol=17 | dir=in | app=c:\program files\serviio\bin\serviioconsole.exe | 
"{9258E54B-143B-4A4A-90A7-E082D62A85C1}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe | 
"{9354CCE0-1995-405B-A196-545C47DF5252}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | 
"{AC520ADB-3875-4B96-8D0C-C969941BF9FF}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | 
"{AFDED337-1320-48EA-BDDA-FCBD820EC56B}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{C3B53B3A-09E8-4174-814A-B823D9F7A9BA}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{E6AE856C-2F51-4A8D-9B1F-1699A090D30E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F1101A87-0E34-472D-8164-19D1ADF188E2}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 
"{F6A06169-E943-43EA-8388-855070729CFB}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioconsole.exe | 
"{F87FAEF2-66C1-4E77-8A3A-1B96B59A7D60}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe | 
"{FA519EA2-DD47-40E4-BF06-288D5D1B0F94}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"TCP Query User{27864A3D-1974-4AFC-8690-490A964D7E86}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{3ACDD6F6-7974-4803-ACFC-E19A485DA3EB}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe | 
"TCP Query User{4ED4077B-A83B-4F78-A54B-F8DAFFA9BFCE}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{63E0C814-5A4E-4585-B230-A24205EF1AA3}C:\program files\linksys\logviewer\logviewer.exe" = protocol=6 | dir=in | app=c:\program files\linksys\logviewer\logviewer.exe | 
"TCP Query User{933A2097-8A9A-48F4-9C96-1EAA1A408508}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"TCP Query User{B4DAE503-D6DC-4CF3-B962-3189C978E0C2}C:\program files\smartwizard discovery\smartwizard discovery.exe" = protocol=6 | dir=in | app=c:\program files\smartwizard discovery\smartwizard discovery.exe | 
"TCP Query User{B6C395C8-48F1-4C66-B721-26D9CBF4072A}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{D755169E-31E9-4A86-B304-48D51398C488}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{1C8D6E86-0E22-47A5-9558-F2A8DF40ED01}C:\program files\linksys\logviewer\logviewer.exe" = protocol=17 | dir=in | app=c:\program files\linksys\logviewer\logviewer.exe | 
"UDP Query User{20A211DE-27F9-43AA-B5B3-BDDE2D774892}C:\program files\smartwizard discovery\smartwizard discovery.exe" = protocol=17 | dir=in | app=c:\program files\smartwizard discovery\smartwizard discovery.exe | 
"UDP Query User{3E9F8621-82F6-4CED-A834-FEF8656BE0AD}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{817B5410-8069-4A2E-920B-19D32448B959}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{888448FA-4B32-41CE-A1A2-7814EB3C52FE}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{CB750FF1-07DA-4018-ACA1-DCBA74F054D8}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{F6A5A656-4F95-45D3-8F48-4102AC1C0E7C}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{F79335DE-9ACF-47FE-A802-833A69E2D7DD}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{34A86A48-1225-419B-94B2-3A0548786ECD}" = ActiveState Komodo Edit 5.2.4
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{572880F8-A845-48E1-97B8-3800E9155B18}" = ETS3 Professional
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{5FCCD531-1B38-4A94-924C-127F722F1031}" = Nero 8 Essentials
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DA5B859-8EFF-43FA-9CC4-B723D83E8A97}" = Fritz 8 SE
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}" = Thrustmaster Force Feedback Driver
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{98D64F70-1BE2-4E06-A58E-50FF642B3F24}" = HP Officejet Pro 8600 - Grundlegende Software für das Gerät
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}" = HP Officejet Pro 8600 Hilfe
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E5090856-6E87-4AE1-B6FE-DD4149CB097A}" = LogViewer
"{E9459BCF-0982-498B-ABA7-26C34323493F}" = Citrix Presentation Server Client - Nur Web
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Antivirus Premium
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"ct004ETS3_is1" = ETS3 - Facility Colour Touch Panel Jung 1v03
"Digital Editions" = Adobe Digital Editions
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ETS3 Professional" = ETS3 Professional
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722
"GUT 1" = GUT 1
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.15
"LetsTrade" = LetsTrade Komponenten
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"MAGIX Video deluxe silver D" = MAGIX Video deluxe silver 8.0.2.8 (D)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MiKTeX 2.7" = MiKTeX 2.7
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird 15.0 (x86 de)" = Mozilla Thunderbird 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Origin" = Origin
"phase-6" = phase-6 2.1.2.4a
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"Serviio" = Serviio
"Smartwizard Discovery_is1" = 2.05.05
"SystemRequirementsLab" = System Requirements Lab
"Teachmaster 4.3" = Teachmaster 4.3 (nur Entfernen)
"TeamViewer 7" = TeamViewer 7
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TIPP10_is1" = TIPP10 Version 2.1.0
"VLC media player" = VLC media player 2.0.1
"X10Hardware" = X10 Hardware(TM)
"XUL Explorer_is1" = XUL Explorer 1.0a1pre
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.10.2012 08:01:24 | Computer Name = Bambi2 | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung avguard.exe, Version 13.4.0.184, Zeitstempel
 0x50616a94, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5,
 Ausnahmecode 0xc0000374, Fehleroffset 0x000b06b7,  Prozess-ID 0x208, Anwendungsstartzeit
 01cdad1f21a6e632.
 
Error - 18.10.2012 10:50:54 | Computer Name = Bambi2 | Source = EventSystem | ID = 4609
Description = 
 
Error - 18.10.2012 11:05:34 | Computer Name = Bambi2 | Source = EventSystem | ID = 4621
Description = 
 
Error - 18.10.2012 11:05:36 | Computer Name = Bambi2 | Source = EventSystem | ID = 4609
Description = 
 
Error - 19.10.2012 07:30:27 | Computer Name = Bambi2 | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 16.0.1.4666, Zeitstempel
 0x5076192e, fehlerhaftes Modul xul.dll, Version 16.0.1.4666, Zeitstempel 0x50761893,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000be717,  Prozess-ID 0xe6c, Anwendungsstartzeit
 01cdadece3b41750.
 
Error - 20.10.2012 13:44:02 | Computer Name = Bambi2 | Source = VSS | ID = 8193
Description = 
 
Error - 21.10.2012 04:28:22 | Computer Name = Bambi2 | Source = VSS | ID = 8193
Description = 
 
Error - 22.10.2012 08:25:54 | Computer Name = Bambi2 | Source = EventSystem | ID = 4609
Description = 
 
Error - 22.10.2012 08:28:14 | Computer Name = Bambi2 | Source = EventSystem | ID = 4609
Description = 
 
Error - 24.10.2012 05:27:44 | Computer Name = Bambi2 | Source = VSS | ID = 8193
Description = 
 
[ Media Center Events ]
Error - 20.03.2010 08:51:03 | Computer Name = Bambi2 | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 03/20/2010 13:51:03
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 13.07.2010 08:01:24 | Computer Name = Bambi2 | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 07/13/2010 14:01:24
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
[ System Events ]
Error - 23.10.2012 07:39:32 | Computer Name = Bambi2 | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 23.10.2012 07:40:43 | Computer Name = Bambi2 | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 23.10.2012 15:48:43 | Computer Name = Bambi2 | Source = DCOM | ID = 10010
Description = 
 
Error - 24.10.2012 01:44:12 | Computer Name = Bambi2 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.10.2012 01:44:12 | Computer Name = Bambi2 | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 24.10.2012 01:44:12 | Computer Name = Bambi2 | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 24.10.2012 01:44:12 | Computer Name = Bambi2 | Source = DCOM | ID = 10005
Description = 
 
Error - 24.10.2012 01:44:13 | Computer Name = Bambi2 | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 24.10.2012 01:44:13 | Computer Name = Bambi2 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.10.2012 01:45:33 | Computer Name = Bambi2 | Source = Service Control Manager | ID = 7024
Description = 
 
 
< End of report >
         
--- --- ---

Vielen dank,
- bambi
[/CODE]

Hallo Marius,
bei der anleitung von aswMBR steht, ich sollte den virenscanner abschalten. Avira lässt sich aber nicht deaktivieren. Zumindest nicht, wenn ich nicht im administrator-account bin. Und den will ich nicht benutzen, solange ich nicht etwas mehr klarheit über meinen systemzustand habe.
Leider habe ich in den AVIRA hilfen nichts zum beenden gefunden. Ich suche weiter...
Gruss,
- bambi

Alt 29.10.2012, 10:18   #5
Psychotic
/// Malwareteam
 
Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista - Standard

Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista



Du musst unsere tools als Administrator starten, sonst gehts nicht weiter!

Melde dich also als Administrator an und erstelle die logfiles. Antivir muss bei aswMBR deaktiviert werden!

__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 29.10.2012, 19:17   #6
bambi317
 
Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista - Standard

Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista



Ich habe die tools mit rechts-klick "als administrator" gestartet. Reicht das nicht?
Dann ziehe ich die logs nochmal?
- bambi

Ok.

Nun hier die OLT log-files nochmal aus dem adminstrator account und als administrator gestartet.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.10.2012 22:28:37 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\b2admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 41,18% Memory free
4,23 Gb Paging File | 2,72 Gb Available in Paging File | 64,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 126,29 Gb Free Space | 28,33% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,68 Gb Free Space | 53,40% Space Free | Partition Type: FAT32
 
Computer Name: BAMBI2 | User Name: b2admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\b2admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Programme\Serviio\bin\ServiioConsole.exe ()
PRC - C:\Programme\Serviio\bin\ServiioService.exe ()
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Programme\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
PRC - C:\Programme\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Co.)
PRC - C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
PRC - C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
PRC - C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Programme\Serviio\bin\ServiioConsole.exe ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (de_serv) -- C:\Program Files\Common Files\AVM\de_serv.exe File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Serviio) -- C:\Programme\Serviio\bin\ServiioService.exe ()
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (UMVPFSrv) -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (PMBDeviceInfoProvider) -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (srvcPVR) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PID_PEPI) -- system32\DRIVERS\LV302V32.SYS File not found
DRV - (pepifilter) -- system32\DRIVERS\lv302af.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (NETFRITZ) -- system32\DRIVERS\NETFRITZ.SYS File not found
DRV - (LVUSBSta) -- system32\drivers\LVUSBSta.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (NXP Semiconductors Germany GmbH)
DRV - (prodrv04) -- C:\Windows\System32\drivers\prodrv04.sys (Protection Technology Co.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (Haspnt) -- C:\Windows\System32\drivers\Haspnt.sys (Aladdin Knowledge Systems)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (s0016unic) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH)
DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (Hardlock) -- C:\Windows\System32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (aksusb) -- C:\Windows\System32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.)
DRV - (akshasp) -- C:\Windows\System32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (FUS2BASE) -- C:\Windows\System32\drivers\fus2base.sys (AVM Berlin)
DRV - (AVMCOWAN) -- C:\Windows\System32\drivers\avmcowan.sys (AVM GmbH)
DRV - (Pei16Wdm) -- C:\Windows\System32\drivers\Pei16Wdm.sys (EIBA s.c.)
DRV - (Pei10Wdm) -- C:\Windows\System32\drivers\Pei10Wdm.sys (EIBA s.c.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\OpenOffice.org 3\program [2012.09.08 20:20:03 | 000,000,000 | ---D | M]
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.18 14:27:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.18 14:27:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.09.07 23:01:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.09.07 23:01:56 | 000,000,000 | ---D | M]
 
[2010.02.21 23:00:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\b2admin\AppData\Roaming\mozilla\Extensions
[2009.12.22 20:42:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\b2admin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.02.21 23:00:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\b2admin\AppData\Roaming\mozilla\Extensions\mockeryApp@getMockery.com
[2012.01.22 00:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\b2admin\AppData\Roaming\mozilla\Firefox\Profiles\9koaqaso.default\extensions
[2012.01.22 00:01:03 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\b2admin\AppData\Roaming\mozilla\firefox\profiles\9koaqaso.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2011.11.13 22:24:56 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\b2admin\AppData\Roaming\mozilla\firefox\profiles\9koaqaso.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012.10.18 14:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.18 14:27:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.18 14:27:43 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.01 14:37:40 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.02 18:47:28 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.01 14:37:40 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.01 14:37:40 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.01 14:37:40 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.01 14:37:40 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.10.31 10:49:51 | 000,424,508 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 14632 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_15_silver\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\b2admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk.disabled ()
O4 - Startup: C:\Users\b2admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk = C:\Programme\Serviio\bin\ServiioConsole.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\b2admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range37 ([*] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.42.43.62 82.212.62.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F023196-7CB2-4746-A741-2FC424B4BED4}: DhcpNameServer = 78.42.43.62 82.212.62.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{fb72b470-d73c-11dc-b58b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fb72b470-d73c-11dc-b58b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.29 22:25:41 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\b2admin\Desktop\aswMBR.exe
[2012.10.29 22:24:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\b2admin\Desktop\OTL.exe
[2012.10.18 14:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.10 19:36:32 | 000,000,000 | ---D | C] -- C:\Users\b2admin\AppData\Roaming\Avira
[2012.10.10 19:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.10 19:29:04 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.10.10 19:29:02 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.10.10 19:29:02 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.10.10 19:29:02 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.10.10 19:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.10.10 18:54:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.10 18:52:50 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.10 18:52:50 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.09.30 16:18:09 | 000,000,000 | ---D | C] -- C:\Users\b2admin\AppData\Roaming\TeamViewer
[2012.09.30 15:33:07 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.30 15:33:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.30 15:33:05 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.30 15:33:04 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.30 15:33:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.30 15:33:03 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.30 15:33:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.30 15:33:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.29 22:31:14 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.29 22:25:46 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\b2admin\Desktop\aswMBR.exe
[2012.10.29 22:24:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\b2admin\Desktop\OTL.exe
[2012.10.29 22:16:42 | 000,638,510 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.29 22:16:42 | 000,604,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.29 22:16:42 | 000,130,462 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.29 22:16:42 | 000,107,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.29 22:13:07 | 000,302,671 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.10.29 22:13:06 | 000,302,609 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.10.29 22:12:40 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.29 22:10:35 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.29 22:10:34 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.29 22:10:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.29 22:10:25 | 2146,672,640 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.29 22:10:20 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012.10.24 20:11:47 | 000,000,000 | ---- | M] () -- C:\Users\b2admin\defogger_reenable
[2012.10.20 16:27:27 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.20 16:27:27 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.10 19:11:08 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.10.10 19:11:08 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.10.10 19:11:08 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.10.10 19:11:07 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.24 20:11:47 | 000,000,000 | ---- | C] () -- C:\Users\b2admin\defogger_reenable
[2012.07.07 17:35:15 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.07.26 06:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.02.04 20:29:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.25 01:04:20 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.05.23 09:40:55 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Digital Mono
[2010.05.23 09:40:55 | 000,000,268 | RH-- | C] () -- C:\Users\b2admin\AppData\Roaming\Dialogs
[2010.05.23 09:40:55 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2010.05.23 09:40:53 | 000,000,268 | RH-- | C] () -- C:\ProgramData\DirectoryService
[2010.05.23 09:40:53 | 000,000,268 | RH-- | C] () -- C:\Users\b2admin\AppData\Roaming\Dictionaries
[2010.05.23 09:22:45 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010.05.23 09:17:13 | 000,000,268 | RH-- | C] () -- C:\Users\b2admin\AppData\Roaming\manual
[2010.05.23 09:17:13 | 000,000,268 | RH-- | C] () -- C:\ProgramData\AccountTypes
[2010.05.23 09:17:13 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010.05.23 09:13:34 | 000,000,268 | RH-- | C] () -- C:\ProgramData\vhosts
[2010.05.23 09:13:34 | 000,000,268 | RH-- | C] () -- C:\Users\b2admin\AppData\Roaming\laserjet
[2010.05.23 09:13:34 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010.04.24 20:47:31 | 000,302,609 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.04.24 20:45:23 | 000,302,671 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.01.05 15:39:20 | 000,000,680 | ---- | C] () -- C:\Users\b2admin\AppData\Local\d3d9caps.dat
[2008.10.19 17:54:41 | 000,000,000 | ---- | C] () -- C:\Users\b2admin\AppData\Roaming\Default.PLS
[2008.07.26 08:47:39 | 000,014,848 | ---- | C] () -- C:\Users\b2admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.02.09 21:11:27 | 000,000,680 | RHS- | C] () -- C:\Users\b2admin\ntuser.pol
[2008.02.09 20:08:21 | 000,000,095 | ---- | C] () -- C:\Users\b2admin\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---

[/CODE]

und

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 29.10.2012 22:28:37 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\b2admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 41,18% Memory free
4,23 Gb Paging File | 2,72 Gb Available in Paging File | 64,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 126,29 Gb Free Space | 28,33% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,68 Gb Free Space | 53,40% Space Free | Partition Type: FAT32
 
Computer Name: BAMBI2 | User Name: b2admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{42DB682B-3DF6-4734-A575-6B03E379B141}" = lport=23423 | protocol=6 | dir=in | name=serviio | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{047A9882-1388-41FF-A193-D939D6FFCB87}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe | 
"{0BE04582-A3D0-4724-B1D1-18F701998C19}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 
"{0E1D021A-3466-4364-A857-01DDE522CEEC}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | 
"{114CF6C7-675E-4B88-958B-963BEACAC4F7}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{11D4F8DE-F824-4CEE-BB3B-D9ABC2CC7416}" = protocol=17 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe | 
"{12F4890E-A717-4B4D-9649-319F8D85D7D7}" = protocol=17 | dir=in | app=c:\program files\origin games\fifa 12\game\fifa.exe | 
"{21B4A522-0A4E-4465-8EC6-914DE29B6C02}" = protocol=6 | dir=in | app=c:\users\b2admin\appdata\local\temp\7zs2b4c\hpdiagnosticcoreui.exe | 
"{260DECA3-DB21-4F58-BA65-51D7F5672E7F}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe | 
"{2A9A595A-DC01-4674-9861-8B060A93CBE5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{31440723-4F2D-4361-8F68-081A6D320C55}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3D495EC1-6F5A-41A1-A1F5-9DABB1EF436B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3FC1B51D-CB1A-4969-9477-C84531842261}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | 
"{42C4C4AB-ED99-4011-B9A9-0F6C60630F1C}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{47F96CD6-FD1A-4907-9AAF-C4388C29FDAA}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioconsole.exe | 
"{51093349-6AB9-4279-AFC1-D7F8F28C7DB8}" = protocol=17 | dir=in | app=c:\users\b2admin\appdata\local\temp\7zs2b4c\hpdiagnosticcoreui.exe | 
"{561390E9-1F84-4E34-A574-B1FFDEC1A3A3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{570430ED-EC51-4D4B-9654-410E036CF2F4}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioconsole.exe | 
"{5F12CC92-57AC-4A30-ACD9-B28F4EC1E61B}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe | 
"{5F521539-4E8A-43EF-9DC5-A99A3736B933}" = protocol=6 | dir=in | app=c:\program files\origin games\fifa 12\game\fifa.exe | 
"{6A9D8DA1-CC97-4D5F-8FE5-40BCA4FF4EFE}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | 
"{6E38C1D5-806E-4ED8-91E1-A5C3D9C927E2}" = protocol=17 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe | 
"{7E67C98F-958E-4661-859C-92BC78B220FB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{80404A6C-96BC-4285-A3DF-884D8DC1B7E7}" = protocol=17 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe | 
"{82D35C5C-9543-4255-88F7-9D4459630A25}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{885D5E84-7456-444E-A03E-A709D11B9886}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | 
"{8BB139D3-6ADE-4F11-8C44-E144DE76DB81}" = protocol=17 | dir=in | app=c:\program files\serviio\bin\serviioconsole.exe | 
"{9258E54B-143B-4A4A-90A7-E082D62A85C1}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe | 
"{9354CCE0-1995-405B-A196-545C47DF5252}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | 
"{AC520ADB-3875-4B96-8D0C-C969941BF9FF}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | 
"{AFDED337-1320-48EA-BDDA-FCBD820EC56B}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{C3B53B3A-09E8-4174-814A-B823D9F7A9BA}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{E6AE856C-2F51-4A8D-9B1F-1699A090D30E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F1101A87-0E34-472D-8164-19D1ADF188E2}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 
"{F6A06169-E943-43EA-8388-855070729CFB}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioconsole.exe | 
"{F87FAEF2-66C1-4E77-8A3A-1B96B59A7D60}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe | 
"{FA519EA2-DD47-40E4-BF06-288D5D1B0F94}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"TCP Query User{27864A3D-1974-4AFC-8690-490A964D7E86}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{3ACDD6F6-7974-4803-ACFC-E19A485DA3EB}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe | 
"TCP Query User{4ED4077B-A83B-4F78-A54B-F8DAFFA9BFCE}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{63E0C814-5A4E-4585-B230-A24205EF1AA3}C:\program files\linksys\logviewer\logviewer.exe" = protocol=6 | dir=in | app=c:\program files\linksys\logviewer\logviewer.exe | 
"TCP Query User{933A2097-8A9A-48F4-9C96-1EAA1A408508}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"TCP Query User{B4DAE503-D6DC-4CF3-B962-3189C978E0C2}C:\program files\smartwizard discovery\smartwizard discovery.exe" = protocol=6 | dir=in | app=c:\program files\smartwizard discovery\smartwizard discovery.exe | 
"TCP Query User{B6C395C8-48F1-4C66-B721-26D9CBF4072A}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{D755169E-31E9-4A86-B304-48D51398C488}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{1C8D6E86-0E22-47A5-9558-F2A8DF40ED01}C:\program files\linksys\logviewer\logviewer.exe" = protocol=17 | dir=in | app=c:\program files\linksys\logviewer\logviewer.exe | 
"UDP Query User{20A211DE-27F9-43AA-B5B3-BDDE2D774892}C:\program files\smartwizard discovery\smartwizard discovery.exe" = protocol=17 | dir=in | app=c:\program files\smartwizard discovery\smartwizard discovery.exe | 
"UDP Query User{3E9F8621-82F6-4CED-A834-FEF8656BE0AD}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{817B5410-8069-4A2E-920B-19D32448B959}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{888448FA-4B32-41CE-A1A2-7814EB3C52FE}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{CB750FF1-07DA-4018-ACA1-DCBA74F054D8}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{F6A5A656-4F95-45D3-8F48-4102AC1C0E7C}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{F79335DE-9ACF-47FE-A802-833A69E2D7DD}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{34A86A48-1225-419B-94B2-3A0548786ECD}" = ActiveState Komodo Edit 5.2.4
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{572880F8-A845-48E1-97B8-3800E9155B18}" = ETS3 Professional
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{5FCCD531-1B38-4A94-924C-127F722F1031}" = Nero 8 Essentials
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DA5B859-8EFF-43FA-9CC4-B723D83E8A97}" = Fritz 8 SE
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}" = Thrustmaster Force Feedback Driver
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{98D64F70-1BE2-4E06-A58E-50FF642B3F24}" = HP Officejet Pro 8600 - Grundlegende Software für das Gerät
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}" = HP Officejet Pro 8600 Hilfe
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E5090856-6E87-4AE1-B6FE-DD4149CB097A}" = LogViewer
"{E9459BCF-0982-498B-ABA7-26C34323493F}" = Citrix Presentation Server Client - Nur Web
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Antivirus Premium
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"ct004ETS3_is1" = ETS3 - Facility Colour Touch Panel Jung 1v03
"Digital Editions" = Adobe Digital Editions
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ETS3 Professional" = ETS3 Professional
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722
"GUT 1" = GUT 1
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.15
"LetsTrade" = LetsTrade Komponenten
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"MAGIX Video deluxe silver D" = MAGIX Video deluxe silver 8.0.2.8 (D)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MiKTeX 2.7" = MiKTeX 2.7
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird 15.0 (x86 de)" = Mozilla Thunderbird 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Origin" = Origin
"phase-6" = phase-6 2.1.2.4a
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"Serviio" = Serviio
"Smartwizard Discovery_is1" = 2.05.05
"SystemRequirementsLab" = System Requirements Lab
"Teachmaster 4.3" = Teachmaster 4.3 (nur Entfernen)
"TeamViewer 7" = TeamViewer 7
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TIPP10_is1" = TIPP10 Version 2.1.0
"VLC media player" = VLC media player 2.0.1
"X10Hardware" = X10 Hardware(TM)
"XUL Explorer_is1" = XUL Explorer 1.0a1pre
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.10.2012 10:50:54 | Computer Name = Bambi2 | Source = EventSystem | ID = 4609
Description = 
 
Error - 18.10.2012 11:05:34 | Computer Name = Bambi2 | Source = EventSystem | ID = 4621
Description = 
 
Error - 18.10.2012 11:05:36 | Computer Name = Bambi2 | Source = EventSystem | ID = 4609
Description = 
 
Error - 19.10.2012 07:30:27 | Computer Name = Bambi2 | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 16.0.1.4666, Zeitstempel
 0x5076192e, fehlerhaftes Modul xul.dll, Version 16.0.1.4666, Zeitstempel 0x50761893,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000be717,  Prozess-ID 0xe6c, Anwendungsstartzeit
 01cdadece3b41750.
 
Error - 20.10.2012 13:44:02 | Computer Name = Bambi2 | Source = VSS | ID = 8193
Description = 
 
Error - 21.10.2012 04:28:22 | Computer Name = Bambi2 | Source = VSS | ID = 8193
Description = 
 
Error - 22.10.2012 08:25:54 | Computer Name = Bambi2 | Source = EventSystem | ID = 4609
Description = 
 
Error - 22.10.2012 08:28:14 | Computer Name = Bambi2 | Source = EventSystem | ID = 4609
Description = 
 
Error - 24.10.2012 05:27:44 | Computer Name = Bambi2 | Source = VSS | ID = 8193
Description = 
 
Error - 28.10.2012 07:08:38 | Computer Name = Bambi2 | Source = VSS | ID = 8193
Description = 
 
[ Media Center Events ]
Error - 20.03.2010 08:51:03 | Computer Name = Bambi2 | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 03/20/2010 13:51:03
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 13.07.2010 08:01:24 | Computer Name = Bambi2 | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 07/13/2010 14:01:24
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
[ System Events ]
Error - 25.10.2012 03:46:06 | Computer Name = Bambi2 | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 25.10.2012 03:47:05 | Computer Name = Bambi2 | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 28.10.2012 05:12:09 | Computer Name = Bambi2 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 28.10.2012 05:12:09 | Computer Name = Bambi2 | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 28.10.2012 05:12:09 | Computer Name = Bambi2 | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 28.10.2012 05:13:16 | Computer Name = Bambi2 | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 29.10.2012 17:12:05 | Computer Name = Bambi2 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 29.10.2012 17:12:05 | Computer Name = Bambi2 | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 29.10.2012 17:12:05 | Computer Name = Bambi2 | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 29.10.2012 17:13:28 | Computer Name = Bambi2 | Source = Service Control Manager | ID = 7024
Description = 
 
 
< End of report >
         
--- --- ---

[/CODE]

Danke.
- bambi

Und hier die aswMBR datei
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-29 23:05:16
-----------------------------
23:05:16.569    OS Version: Windows 6.0.6002 Service Pack 2
23:05:16.569    Number of processors: 2 586 0xF0B
23:05:16.570    ComputerName: BAMBI2  UserName: 
23:05:19.696    Initialize success
23:10:40.740    AVAST engine defs: 12102901
23:11:09.751    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006a
23:11:09.766    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
23:11:09.798    Disk 0 MBR read successfully
23:11:09.798    Disk 0 MBR scan
23:11:09.798    Disk 0 Windows VISTA default MBR code
23:11:09.813    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       456456 MB offset 63
23:11:09.829    Disk 0 Partition - 00     0F Extended LBA             20481 MB offset 934822350
23:11:09.844    Disk 0 Partition 2 00     0B        FAT32 MSDOS5.0    20481 MB offset 934822413
23:11:09.844    Disk 0 scanning sectors +976768065
23:11:09.907    Disk 0 scanning C:\Windows\system32\drivers
23:11:22.042    Service scanning
23:11:46.225    Modules scanning
23:11:53.560    Disk 0 trace - called modules:
23:11:53.579    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys 
23:11:53.583    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d93ac8]
23:11:53.588    3 CLASSPNP.SYS[885b38b3] -> nt!IofCallDriver -> [0x84880998]
23:11:53.592    5 acpi.sys[806976bc] -> nt!IofCallDriver -> \Device\0000006a[0x85241720]
23:11:55.046    AVAST engine scan C:\Windows
23:11:59.128    AVAST engine scan C:\Windows\system32
23:15:17.466    AVAST engine scan C:\Windows\system32\drivers
23:15:32.674    AVAST engine scan C:\Users\b2admin
23:18:22.128    AVAST engine scan C:\ProgramData
23:21:39.523    Scan finished successfully
23:22:00.659    Disk 0 MBR has been saved successfully to "C:\Users\b2admin\Desktop\MBR.dat"
23:22:00.663    The log file has been saved successfully to "C:\Users\b2admin\Desktop\aswMBR.txt"
         
Gruß,
- bambi

Alt 30.10.2012, 07:12   #7
Psychotic
/// Malwareteam
 
Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista - Standard

Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista



prima, fehlt nur noch das Log vom TDSS-Killer!
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 30.10.2012, 23:53   #8
bambi317
 
Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista - Standard

Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista



Und hier ist der TDSS-Killer log

Code:
ATTFilter
23:47:26.0316 3600  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
23:47:26.0410 3600  ============================================================
23:47:26.0410 3600  Current date / time: 2012/10/30 23:47:26.0410
23:47:26.0410 3600  SystemInfo:
23:47:26.0410 3600  
23:47:26.0410 3600  OS Version: 6.0.6002 ServicePack: 2.0
23:47:26.0410 3600  Product type: Workstation
23:47:26.0410 3600  ComputerName: BAMBI2
23:47:26.0410 3600  UserName: b2admin
23:47:26.0410 3600  Windows directory: C:\Windows
23:47:26.0410 3600  System windows directory: C:\Windows
23:47:26.0410 3600  Processor architecture: Intel x86
23:47:26.0410 3600  Number of processors: 2
23:47:26.0410 3600  Page size: 0x1000
23:47:26.0410 3600  Boot type: Normal boot
23:47:26.0410 3600  ============================================================
23:47:27.0206 3600  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:47:27.0237 3600  ============================================================
23:47:27.0237 3600  \Device\Harddisk0\DR0:
23:47:27.0237 3600  MBR partitions:
23:47:27.0237 3600  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x37B8418F
23:47:27.0252 3600  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x37B8420D, BlocksNum 0x2800A34
23:47:27.0252 3600  ============================================================
23:47:27.0315 3600  C: <-> \Device\Harddisk0\DR0\Partition1
23:47:27.0330 3600  D: <-> \Device\Harddisk0\DR0\Partition2
23:47:27.0330 3600  ============================================================
23:47:27.0330 3600  Initialize success
23:47:27.0330 3600  ============================================================
23:48:25.0098 3264  ============================================================
23:48:25.0098 3264  Scan started
23:48:25.0098 3264  Mode: Manual; 
23:48:25.0098 3264  ============================================================
23:48:26.0471 3264  ================ Scan system memory ========================
23:48:26.0471 3264  System memory - ok
23:48:26.0471 3264  ================ Scan services =============================
23:48:28.0187 3264  [ 55E1ACBA424E14AF3523DF741D86F60A ] 3xHybrid        C:\Windows\system32\DRIVERS\3xHybrid.sys
23:48:28.0218 3264  3xHybrid - ok
23:48:28.0499 3264  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
23:48:28.0499 3264  ACDaemon - ok
23:48:28.0608 3264  [ 0059FF74927A27395C5E190F9AA392DF ] acedrv10        C:\Windows\system32\drivers\acedrv10.sys
23:48:28.0671 3264  acedrv10 - ok
23:48:28.0702 3264  [ 6625A32AD17A3FA6C7F405AEAC945AA7 ] acehlp10        C:\Windows\system32\drivers\acehlp10.sys
23:48:28.0733 3264  acehlp10 - ok
23:48:28.0795 3264  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
23:48:28.0811 3264  ACPI - ok
23:48:28.0889 3264  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:48:28.0889 3264  AdobeARMservice - ok
23:48:29.0014 3264  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
23:48:29.0029 3264  adp94xx - ok
23:48:29.0154 3264  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
23:48:29.0185 3264  adpahci - ok
23:48:29.0217 3264  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
23:48:29.0217 3264  adpu160m - ok
23:48:29.0279 3264  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
23:48:29.0295 3264  adpu320 - ok
23:48:29.0341 3264  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:48:29.0357 3264  AeLookupSvc - ok
23:48:29.0513 3264  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
23:48:29.0513 3264  AFD - ok
23:48:29.0653 3264  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
23:48:29.0669 3264  agp440 - ok
23:48:29.0716 3264  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
23:48:29.0731 3264  aic78xx - ok
23:48:29.0794 3264  [ 3F9F42085AB5B6A55498A539C54575AB ] akshasp         C:\Windows\system32\DRIVERS\akshasp.sys
23:48:29.0809 3264  akshasp - ok
23:48:29.0856 3264  [ D2B95315CC47F9230006FDBCBA394D8D ] aksusb          C:\Windows\system32\DRIVERS\aksusb.sys
23:48:29.0872 3264  aksusb - ok
23:48:29.0919 3264  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
23:48:29.0934 3264  ALG - ok
23:48:29.0981 3264  [ 496EDA16A127AC9A38BB285BEF17DBB5 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:48:29.0981 3264  aliide - ok
23:48:29.0997 3264  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
23:48:29.0997 3264  amdagp - ok
23:48:30.0012 3264  [ 6F65F4147C54398D7280B18CEBBED215 ] amdide          C:\Windows\system32\drivers\amdide.sys
23:48:30.0028 3264  amdide - ok
23:48:30.0059 3264  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
23:48:30.0059 3264  AmdK7 - ok
23:48:30.0075 3264  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
23:48:30.0075 3264  AmdK8 - ok
23:48:30.0153 3264  [ 3BCAC0D02139BD3B4A04DFF0CCD85452 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
23:48:30.0168 3264  AntiVirMailService - ok
23:48:30.0215 3264  [ 7B0CB3B7AA7638A3057CF5A2E86BD565 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
23:48:30.0231 3264  AntiVirSchedulerService - ok
23:48:30.0246 3264  [ DE7C88712F961E828BEF15FCBB840F9F ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
23:48:30.0246 3264  AntiVirService - ok
23:48:30.0293 3264  [ D77DF1FAEBDC438ED5A50FF69CC1E53B ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
23:48:30.0324 3264  AntiVirWebService - ok
23:48:30.0402 3264  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
23:48:30.0402 3264  Appinfo - ok
23:48:30.0496 3264  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:48:30.0511 3264  Apple Mobile Device - ok
23:48:30.0543 3264  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
23:48:30.0543 3264  arc - ok
23:48:30.0589 3264  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:48:30.0589 3264  arcsas - ok
23:48:30.0636 3264  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:48:30.0636 3264  AsyncMac - ok
23:48:30.0683 3264  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
23:48:30.0683 3264  atapi - ok
23:48:30.0730 3264  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:48:30.0761 3264  AudioEndpointBuilder - ok
23:48:30.0792 3264  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
23:48:30.0792 3264  Audiosrv - ok
23:48:30.0839 3264  [ 583B68234A159BA64090F3CAE7360F03 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
23:48:30.0855 3264  avgntflt - ok
23:48:30.0886 3264  [ C499333D8915597FE415F0058EFFD7D2 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
23:48:30.0886 3264  avipbb - ok
23:48:30.0901 3264  [ 52EC5F852B42136C513B9009A3C27891 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
23:48:30.0901 3264  avkmgr - ok
23:48:30.0933 3264  [ D730AA8494EC4C8C6C976F5EB04D3AC2 ] AVMCOWAN        C:\Windows\system32\DRIVERS\AVMCOWAN.sys
23:48:30.0948 3264  AVMCOWAN - ok
23:48:31.0042 3264  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:48:31.0042 3264  Beep - ok
23:48:31.0151 3264  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
23:48:31.0182 3264  BFE - ok
23:48:31.0323 3264  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
23:48:31.0369 3264  BITS - ok
23:48:31.0369 3264  blbdrive - ok
23:48:31.0494 3264  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:48:31.0494 3264  Bonjour Service - ok
23:48:31.0525 3264  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:48:31.0525 3264  bowser - ok
23:48:31.0572 3264  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
23:48:31.0572 3264  BrFiltLo - ok
23:48:31.0603 3264  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
23:48:31.0603 3264  BrFiltUp - ok
23:48:31.0635 3264  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
23:48:31.0635 3264  Browser - ok
23:48:31.0681 3264  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
23:48:31.0681 3264  Brserid - ok
23:48:31.0697 3264  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
23:48:31.0713 3264  BrSerWdm - ok
23:48:31.0713 3264  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
23:48:31.0728 3264  BrUsbMdm - ok
23:48:31.0744 3264  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
23:48:31.0744 3264  BrUsbSer - ok
23:48:31.0759 3264  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
23:48:31.0759 3264  BTHMODEM - ok
23:48:31.0822 3264  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:48:31.0822 3264  cdfs - ok
23:48:31.0869 3264  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:48:31.0869 3264  cdrom - ok
23:48:31.0978 3264  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
23:48:31.0978 3264  CertPropSvc - ok
23:48:32.0009 3264  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
23:48:32.0009 3264  circlass - ok
23:48:32.0040 3264  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
23:48:32.0071 3264  CLFS - ok
23:48:32.0165 3264  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:48:32.0165 3264  clr_optimization_v2.0.50727_32 - ok
23:48:32.0290 3264  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:48:32.0321 3264  clr_optimization_v4.0.30319_32 - ok
23:48:32.0352 3264  [ 59172A0724F2AB769F31D61B0571D75B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:48:32.0352 3264  cmdide - ok
23:48:32.0368 3264  [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
23:48:32.0383 3264  Compbatt - ok
23:48:32.0383 3264  COMSysApp - ok
23:48:32.0415 3264  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
23:48:32.0415 3264  crcdisk - ok
23:48:32.0446 3264  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
23:48:32.0446 3264  Crusoe - ok
23:48:32.0508 3264  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:48:32.0508 3264  CryptSvc - ok
23:48:32.0571 3264  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:48:32.0571 3264  DcomLaunch - ok
23:48:32.0633 3264  de_serv - ok
23:48:32.0664 3264  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:48:32.0680 3264  DfsC - ok
23:48:33.0429 3264  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
23:48:33.0491 3264  DFSR - ok
23:48:33.0600 3264  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
23:48:33.0616 3264  Dhcp - ok
23:48:33.0678 3264  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
23:48:33.0694 3264  disk - ok
23:48:33.0741 3264  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:48:33.0756 3264  Dnscache - ok
23:48:33.0803 3264  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:48:33.0803 3264  dot3svc - ok
23:48:33.0975 3264  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
23:48:33.0990 3264  DPS - ok
23:48:34.0021 3264  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:48:34.0037 3264  drmkaud - ok
23:48:34.0084 3264  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:48:34.0115 3264  DXGKrnl - ok
23:48:34.0255 3264  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
23:48:34.0271 3264  E1G60 - ok
23:48:34.0380 3264  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
23:48:34.0396 3264  EapHost - ok
23:48:34.0443 3264  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
23:48:34.0458 3264  Ecache - ok
23:48:34.0630 3264  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:48:34.0645 3264  ehRecvr - ok
23:48:34.0723 3264  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
23:48:34.0739 3264  ehSched - ok
23:48:34.0817 3264  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
23:48:34.0833 3264  ehstart - ok
23:48:35.0269 3264  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
23:48:35.0285 3264  elxstor - ok
23:48:35.0347 3264  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
23:48:35.0379 3264  EMDMgmt - ok
23:48:35.0441 3264  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
23:48:35.0441 3264  EventSystem - ok
23:48:35.0488 3264  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
23:48:35.0503 3264  exfat - ok
23:48:35.0535 3264  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:48:35.0550 3264  fastfat - ok
23:48:35.0581 3264  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:48:35.0581 3264  fdc - ok
23:48:35.0628 3264  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
23:48:35.0644 3264  fdPHost - ok
23:48:35.0675 3264  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:48:35.0675 3264  FDResPub - ok
23:48:35.0722 3264  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:48:35.0722 3264  FileInfo - ok
23:48:35.0753 3264  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:48:35.0769 3264  Filetrace - ok
23:48:36.0439 3264  [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe
23:48:36.0549 3264  FirebirdServerMAGIXInstance - ok
23:48:36.0580 3264  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:48:36.0580 3264  flpydisk - ok
23:48:36.0673 3264  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:48:36.0673 3264  FltMgr - ok
23:48:36.0829 3264  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
23:48:36.0907 3264  FontCache - ok
23:48:36.0985 3264  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:48:37.0001 3264  FontCache3.0.0.0 - ok
23:48:37.0048 3264  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:48:37.0063 3264  Fs_Rec - ok
23:48:37.0188 3264  [ 4740013A5B5691E31CBE45861E320D73 ] FUS2BASE        C:\Windows\system32\DRIVERS\fus2base.sys
23:48:37.0204 3264  FUS2BASE - ok
23:48:37.0219 3264  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:48:37.0235 3264  gagp30kx - ok
23:48:37.0297 3264  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:48:37.0297 3264  GEARAspiWDM - ok
23:48:37.0391 3264  [ 007AEA2E06E7CEF7372E40C277163959 ] ggflt           C:\Windows\system32\DRIVERS\ggflt.sys
23:48:37.0391 3264  ggflt - ok
23:48:37.0453 3264  [ C73DE35960CA75C5AB4AE636B127C64E ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
23:48:37.0469 3264  ggsemc - ok
23:48:37.0516 3264  [ 51B2D8629E1A0F463682F365D56325CB ] GnabService     c:\program files\common files\gnab\service\servicecontroller.exe
23:48:37.0516 3264  GnabService - ok
23:48:37.0563 3264  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:48:37.0594 3264  gpsvc - ok
23:48:37.0703 3264  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
23:48:37.0719 3264  gupdate - ok
23:48:37.0734 3264  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
23:48:37.0734 3264  gupdatem - ok
23:48:37.0797 3264  [ D95554949082FD29A04D351B58396718 ] Hardlock        C:\Windows\system32\drivers\hardlock.sys
23:48:37.0843 3264  Hardlock - ok
23:48:37.0890 3264  [ 2DD25F060DC9F79B5CDF33D90ED93669 ] Haspnt          C:\Windows\system32\drivers\Haspnt.sys
23:48:37.0890 3264  Haspnt - ok
23:48:37.0984 3264  [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:48:37.0999 3264  HdAudAddService - ok
23:48:38.0280 3264  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:48:38.0296 3264  HDAudBus - ok
23:48:38.0358 3264  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
23:48:38.0358 3264  HidBth - ok
23:48:38.0389 3264  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
23:48:38.0389 3264  HidIr - ok
23:48:38.0452 3264  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
23:48:38.0452 3264  hidserv - ok
23:48:38.0499 3264  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:48:38.0499 3264  HidUsb - ok
23:48:38.0545 3264  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:48:38.0545 3264  hkmsvc - ok
23:48:38.0592 3264  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
23:48:38.0608 3264  HpCISSs - ok
23:48:38.0655 3264  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:48:38.0686 3264  HTTP - ok
23:48:38.0701 3264  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
23:48:38.0717 3264  i2omp - ok
23:48:38.0764 3264  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:48:38.0764 3264  i8042prt - ok
23:48:38.0795 3264  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
23:48:38.0811 3264  iaStorV - ok
23:48:38.0904 3264  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
23:48:39.0091 3264  IDriverT - ok
23:48:39.0466 3264  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:48:39.0497 3264  idsvc - ok
23:48:39.0528 3264  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
23:48:39.0544 3264  iirsp - ok
23:48:39.0715 3264  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
23:48:39.0731 3264  IKEEXT - ok
23:48:39.0840 3264  [ 3D40DD1831ED82A9FF660949506AAD56 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:48:39.0934 3264  IntcAzAudAddService - ok
23:48:39.0981 3264  [ E5EA1C17DA5065032E346591FF64F3AF ] intelide        C:\Windows\system32\drivers\intelide.sys
23:48:39.0981 3264  intelide - ok
23:48:40.0012 3264  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:48:40.0027 3264  intelppm - ok
23:48:40.0074 3264  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:48:40.0090 3264  IPBusEnum - ok
23:48:40.0137 3264  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:48:40.0137 3264  IpFilterDriver - ok
23:48:40.0183 3264  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:48:40.0215 3264  iphlpsvc - ok
23:48:40.0215 3264  IpInIp - ok
23:48:40.0230 3264  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
23:48:40.0246 3264  IPMIDRV - ok
23:48:40.0308 3264  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
23:48:40.0308 3264  IPNAT - ok
23:48:40.0402 3264  [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:48:40.0433 3264  iPod Service - ok
23:48:40.0464 3264  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:48:40.0464 3264  IRENUM - ok
23:48:40.0480 3264  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:48:40.0495 3264  isapnp - ok
23:48:40.0605 3264  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
23:48:40.0605 3264  iScsiPrt - ok
23:48:40.0761 3264  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
23:48:40.0761 3264  iteatapi - ok
23:48:40.0792 3264  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
23:48:40.0792 3264  iteraid - ok
23:48:40.0839 3264  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:48:40.0854 3264  kbdclass - ok
23:48:40.0901 3264  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:48:40.0901 3264  kbdhid - ok
23:48:40.0963 3264  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
23:48:40.0963 3264  KeyIso - ok
23:48:40.0995 3264  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:48:41.0010 3264  KSecDD - ok
23:48:41.0135 3264  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:48:41.0151 3264  KtmRm - ok
23:48:41.0182 3264  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:48:41.0182 3264  LanmanServer - ok
23:48:41.0291 3264  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:48:41.0291 3264  LanmanWorkstation - ok
23:48:41.0509 3264  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:48:41.0541 3264  lltdio - ok
23:48:41.0634 3264  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:48:41.0650 3264  lltdsvc - ok
23:48:41.0681 3264  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:48:41.0697 3264  lmhosts - ok
23:48:41.0759 3264  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23:48:41.0775 3264  LSI_FC - ok
23:48:41.0806 3264  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
23:48:41.0806 3264  LSI_SAS - ok
23:48:41.0853 3264  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23:48:41.0868 3264  LSI_SCSI - ok
23:48:41.0899 3264  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
23:48:41.0899 3264  luafv - ok
23:48:41.0962 3264  [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS            C:\Windows\system32\DRIVERS\lvrs.sys
23:48:41.0977 3264  LVRS - ok
23:48:41.0993 3264  LVUSBSta - ok
23:48:42.0555 3264  [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC           C:\Windows\system32\DRIVERS\lvuvc.sys
23:48:42.0679 3264  LVUVC - ok
23:48:42.0726 3264  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:48:42.0726 3264  Mcx2Svc - ok
23:48:42.0789 3264  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
23:48:42.0804 3264  megasas - ok
23:48:42.0835 3264  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
23:48:42.0851 3264  MMCSS - ok
23:48:42.0882 3264  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
23:48:42.0882 3264  Modem - ok
23:48:42.0929 3264  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:48:42.0945 3264  monitor - ok
23:48:42.0991 3264  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:48:42.0991 3264  mouclass - ok
23:48:43.0116 3264  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:48:43.0116 3264  mouhid - ok
23:48:43.0179 3264  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
23:48:43.0179 3264  MountMgr - ok
23:48:43.0288 3264  [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:48:43.0288 3264  MozillaMaintenance - ok
23:48:43.0319 3264  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:48:43.0319 3264  mpio - ok
23:48:43.0350 3264  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:48:43.0366 3264  mpsdrv - ok
23:48:43.0413 3264  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:48:43.0413 3264  MpsSvc - ok
23:48:43.0444 3264  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
23:48:43.0444 3264  Mraid35x - ok
23:48:43.0491 3264  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:48:43.0506 3264  MRxDAV - ok
23:48:43.0569 3264  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:48:43.0569 3264  mrxsmb - ok
23:48:43.0662 3264  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:48:43.0678 3264  mrxsmb10 - ok
23:48:43.0756 3264  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:48:43.0756 3264  mrxsmb20 - ok
23:48:43.0787 3264  [ 86068B8B54A5EB092F51657F00B2222A ] msahci          C:\Windows\system32\drivers\msahci.sys
23:48:43.0787 3264  msahci - ok
23:48:43.0803 3264  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:48:43.0818 3264  msdsm - ok
23:48:43.0881 3264  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
23:48:43.0881 3264  MSDTC - ok
23:48:43.0927 3264  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:48:43.0943 3264  Msfs - ok
23:48:43.0990 3264  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:48:43.0990 3264  msisadrv - ok
23:48:44.0052 3264  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:48:44.0068 3264  MSiSCSI - ok
23:48:44.0068 3264  msiserver - ok
23:48:44.0161 3264  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:48:44.0177 3264  MSKSSRV - ok
23:48:44.0317 3264  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:48:44.0317 3264  MSPCLOCK - ok
23:48:44.0349 3264  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:48:44.0364 3264  MSPQM - ok
23:48:44.0395 3264  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:48:44.0411 3264  MsRPC - ok
23:48:44.0427 3264  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:48:44.0427 3264  mssmbios - ok
23:48:44.0442 3264  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:48:44.0442 3264  MSTEE - ok
23:48:44.0489 3264  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
23:48:44.0489 3264  Mup - ok
23:48:44.0598 3264  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
23:48:44.0598 3264  napagent - ok
23:48:44.0692 3264  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:48:44.0707 3264  NativeWifiP - ok
23:48:44.0739 3264  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:48:44.0770 3264  NDIS - ok
23:48:44.0801 3264  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:48:44.0817 3264  NdisTapi - ok
23:48:44.0848 3264  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:48:44.0848 3264  Ndisuio - ok
23:48:44.0895 3264  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:48:44.0895 3264  NdisWan - ok
23:48:44.0973 3264  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:48:44.0988 3264  NDProxy - ok
23:48:45.0706 3264  [ C5052FB77AA42ED440F9F6B4E37145A9 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
23:48:45.0784 3264  Nero BackItUp Scheduler 3 - ok
23:48:45.0862 3264  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
23:48:45.0862 3264  Net Driver HPZ12 - ok
23:48:45.0909 3264  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:48:45.0909 3264  NetBIOS - ok
23:48:45.0971 3264  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
23:48:45.0971 3264  netbt - ok
23:48:45.0987 3264  NETFRITZ - ok
23:48:46.0002 3264  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
23:48:46.0018 3264  Netlogon - ok
23:48:46.0174 3264  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
23:48:46.0205 3264  Netman - ok
23:48:46.0252 3264  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
23:48:46.0267 3264  netprofm - ok
23:48:46.0314 3264  [ 9BA2F93E4F01EC58E722B36639E0CE5D ] netr28u         C:\Windows\system32\DRIVERS\netr28u.sys
23:48:46.0345 3264  netr28u - ok
23:48:46.0423 3264  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:48:46.0423 3264  NetTcpPortSharing - ok
23:48:46.0470 3264  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
23:48:46.0470 3264  nfrd960 - ok
23:48:46.0548 3264  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:48:46.0548 3264  NlaSvc - ok
23:48:46.0595 3264  [ 74149BCF0307BB76D68C0F8912DF731C ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
23:48:46.0626 3264  NMIndexingService - ok
23:48:46.0673 3264  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:48:46.0673 3264  Npfs - ok
23:48:46.0751 3264  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
23:48:46.0751 3264  nsi - ok
23:48:46.0813 3264  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:48:46.0813 3264  nsiproxy - ok
23:48:47.0047 3264  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:48:47.0079 3264  Ntfs - ok
23:48:47.0110 3264  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
23:48:47.0110 3264  ntrigdigi - ok
23:48:47.0141 3264  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
23:48:47.0157 3264  Null - ok
23:48:47.0640 3264  [ D958A2B5F6AD5C3B8CCDC4D7DA62466C ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx32.sys
23:48:47.0656 3264  NVENETFD - ok
23:48:49.0013 3264  [ 19F5C4949B2E4CBD2E95B8ECDFC84D25 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:48:49.0419 3264  nvlddmkm - ok
23:48:49.0481 3264  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:48:49.0497 3264  nvraid - ok
23:48:49.0590 3264  [ AF1BD777AF00E96C45C77192D7453369 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
23:48:49.0590 3264  nvsmu - ok
23:48:49.0621 3264  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:48:49.0621 3264  nvstor - ok
23:48:49.0653 3264  [ 8EE374B6FB3CB2BB8D70395218B464A5 ] nvstor32        C:\Windows\system32\DRIVERS\nvstor32.sys
23:48:49.0668 3264  nvstor32 - ok
23:48:49.0699 3264  [ 7A68320FA236ED0479EFF93540391568 ] nvsvc           C:\Windows\system32\nvvsvc.exe
23:48:49.0715 3264  nvsvc - ok
23:48:49.0746 3264  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:48:49.0762 3264  nv_agp - ok
23:48:49.0762 3264  NwlnkFlt - ok
23:48:49.0777 3264  NwlnkFwd - ok
23:48:49.0824 3264  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
23:48:49.0840 3264  ohci1394 - ok
23:48:49.0902 3264  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
23:48:49.0918 3264  p2pimsvc - ok
23:48:49.0933 3264  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:48:49.0933 3264  p2psvc - ok
23:48:49.0996 3264  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
23:48:49.0996 3264  Parport - ok
23:48:50.0058 3264  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:48:50.0074 3264  partmgr - ok
23:48:50.0089 3264  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
23:48:50.0089 3264  Parvdm - ok
23:48:50.0152 3264  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:48:50.0167 3264  PcaSvc - ok
23:48:50.0199 3264  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
23:48:50.0214 3264  pci - ok
23:48:50.0245 3264  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys
23:48:50.0245 3264  pciide - ok
23:48:50.0277 3264  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:48:50.0277 3264  pcmcia - ok
23:48:50.0323 3264  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:48:50.0386 3264  PEAUTH - ok
23:48:50.0433 3264  [ 76E1E107355D986842779BDE5FB35D5F ] Pei10Wdm        C:\Windows\system32\Drivers\Pei10Wdm.sys
23:48:50.0433 3264  Pei10Wdm - ok
23:48:50.0448 3264  [ 1035DAA6900F040FA087866421DA0E47 ] Pei16Wdm        C:\Windows\system32\Drivers\Pei16Wdm.sys
23:48:50.0448 3264  Pei16Wdm - ok
23:48:50.0464 3264  pepifilter - ok
23:48:50.0479 3264  PID_PEPI - ok
23:48:50.0635 3264  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
23:48:50.0698 3264  pla - ok
23:48:50.0823 3264  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:48:50.0838 3264  PlugPlay - ok
23:48:50.0947 3264  [ 63694C307273062A2167AE4CE80730EF ] PMBDeviceInfoProvider C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
23:48:50.0963 3264  PMBDeviceInfoProvider - ok
23:48:50.0994 3264  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
23:48:50.0994 3264  Pml Driver HPZ12 - ok
23:48:51.0025 3264  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
23:48:51.0025 3264  PNRPAutoReg - ok
23:48:51.0057 3264  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
23:48:51.0057 3264  PNRPsvc - ok
23:48:51.0322 3264  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:48:51.0337 3264  PolicyAgent - ok
23:48:51.0384 3264  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:48:51.0384 3264  PptpMiniport - ok
23:48:51.0400 3264  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
23:48:51.0415 3264  Processor - ok
23:48:51.0462 3264  [ 4AA86B6F5FDF5ED32ADC723B0E5B052D ] prodrv04        C:\Windows\System32\drivers\prodrv04.sys
23:48:51.0462 3264  prodrv04 - ok
23:48:51.0509 3264  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:48:51.0525 3264  ProfSvc - ok
23:48:51.0540 3264  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
23:48:51.0540 3264  ProtectedStorage - ok
23:48:51.0571 3264  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
23:48:51.0587 3264  PSched - ok
23:48:51.0665 3264  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
23:48:51.0727 3264  ql2300 - ok
23:48:51.0743 3264  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23:48:51.0759 3264  ql40xx - ok
23:48:51.0790 3264  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
23:48:51.0821 3264  QWAVE - ok
23:48:51.0852 3264  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:48:51.0852 3264  QWAVEdrv - ok
23:48:51.0915 3264  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:48:51.0915 3264  RasAcd - ok
23:48:51.0961 3264  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
23:48:51.0977 3264  RasAuto - ok
23:48:52.0039 3264  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:48:52.0055 3264  Rasl2tp - ok
23:48:52.0102 3264  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
23:48:52.0102 3264  RasMan - ok
23:48:52.0149 3264  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:48:52.0149 3264  RasPppoe - ok
23:48:52.0195 3264  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:48:52.0195 3264  RasSstp - ok
23:48:52.0242 3264  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:48:52.0258 3264  rdbss - ok
23:48:52.0305 3264  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:48:52.0305 3264  RDPCDD - ok
23:48:52.0336 3264  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
23:48:52.0351 3264  rdpdr - ok
23:48:52.0367 3264  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:48:52.0383 3264  RDPENCDD - ok
23:48:52.0445 3264  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:48:52.0445 3264  RDPWD - ok
23:48:52.0539 3264  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:48:52.0539 3264  RemoteAccess - ok
23:48:52.0601 3264  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:48:52.0601 3264  RemoteRegistry - ok
23:48:52.0726 3264  [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
23:48:52.0741 3264  RichVideo - ok
23:48:52.0804 3264  [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
23:48:52.0804 3264  ROOTMODEM - ok
23:48:52.0882 3264  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
23:48:52.0882 3264  RpcLocator - ok
23:48:52.0929 3264  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
23:48:52.0944 3264  RpcSs - ok
23:48:53.0022 3264  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:48:53.0022 3264  rspndr - ok
23:48:53.0131 3264  [ 59509AD6CBC28F2C73056268985B3E48 ] s0016bus        C:\Windows\system32\DRIVERS\s0016bus.sys
23:48:53.0147 3264  s0016bus - ok
23:48:53.0225 3264  [ B98C3A6F91F4FBA285AF9606A240C6B4 ] s0016mdfl       C:\Windows\system32\DRIVERS\s0016mdfl.sys
23:48:53.0225 3264  s0016mdfl - ok
23:48:53.0256 3264  [ 8A83426F4FB7B5212825D9DE76368B1A ] s0016mdm        C:\Windows\system32\DRIVERS\s0016mdm.sys
23:48:53.0272 3264  s0016mdm - ok
23:48:53.0319 3264  [ 7A78BBA97FEB5E6D24C49E93A3BF7287 ] s0016mgmt       C:\Windows\system32\DRIVERS\s0016mgmt.sys
23:48:53.0334 3264  s0016mgmt - ok
23:48:53.0365 3264  [ 34EF7B5F611957B73E7219DD5A222AD1 ] s0016nd5        C:\Windows\system32\DRIVERS\s0016nd5.sys
23:48:53.0365 3264  s0016nd5 - ok
23:48:53.0412 3264  [ 36792935847143E4A3CDA0DC87248487 ] s0016obex       C:\Windows\system32\DRIVERS\s0016obex.sys
23:48:53.0412 3264  s0016obex - ok
23:48:53.0443 3264  [ 927208754FB27FC3E7A659E77500C5D1 ] s0016unic       C:\Windows\system32\DRIVERS\s0016unic.sys
23:48:53.0443 3264  s0016unic - ok
23:48:53.0459 3264  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
23:48:53.0459 3264  SamSs - ok
23:48:53.0490 3264  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:48:53.0506 3264  sbp2port - ok
23:48:53.0599 3264  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:48:53.0599 3264  SCardSvr - ok
23:48:53.0662 3264  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
23:48:53.0677 3264  Schedule - ok
23:48:53.0740 3264  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:48:53.0740 3264  SCPolicySvc - ok
23:48:53.0818 3264  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:48:53.0833 3264  SDRSVC - ok
23:48:53.0911 3264  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:48:53.0911 3264  secdrv - ok
23:48:53.0958 3264  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
23:48:53.0958 3264  seclogon - ok
23:48:54.0021 3264  [ E5B56569A9F79B70314FEDE6C953641E ] seehcri         C:\Windows\system32\DRIVERS\seehcri.sys
23:48:54.0036 3264  seehcri - ok
23:48:54.0067 3264  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
23:48:54.0067 3264  SENS - ok
23:48:54.0145 3264  [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:48:54.0145 3264  Serenum - ok
23:48:54.0255 3264  [ 6D663022DB3E7058907784AE14B69898 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:48:54.0255 3264  Serial - ok
23:48:54.0317 3264  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
23:48:54.0317 3264  sermouse - ok
23:48:54.0426 3264  [ A9AF077DDB5AEB97BCC5C41504E27223 ] Serviio         C:\Program Files\Serviio\bin\ServiioService.exe
23:48:54.0442 3264  Serviio - ok
23:48:54.0489 3264  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:48:54.0489 3264  SessionEnv - ok
23:48:54.0535 3264  [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:48:54.0535 3264  sffdisk - ok
23:48:54.0551 3264  [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:48:54.0551 3264  sffp_mmc - ok
23:48:54.0582 3264  [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:48:54.0582 3264  sffp_sd - ok
23:48:54.0598 3264  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
23:48:54.0598 3264  sfloppy - ok
23:48:54.0629 3264  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:48:54.0645 3264  SharedAccess - ok
23:48:54.0691 3264  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:48:54.0723 3264  ShellHWDetection - ok
23:48:54.0754 3264  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
23:48:54.0769 3264  sisagp - ok
23:48:54.0785 3264  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
23:48:54.0785 3264  SiSRaid2 - ok
23:48:54.0801 3264  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:48:54.0816 3264  SiSRaid4 - ok
23:48:54.0925 3264  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
23:48:54.0972 3264  SkypeUpdate - ok
23:48:55.0721 3264  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
23:48:55.0846 3264  slsvc - ok
23:48:55.0924 3264  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
23:48:55.0939 3264  SLUINotify - ok
23:48:55.0955 3264  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:48:55.0955 3264  Smb - ok
23:48:55.0986 3264  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:48:56.0002 3264  SNMPTRAP - ok
23:48:56.0033 3264  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
23:48:56.0033 3264  spldr - ok
23:48:56.0080 3264  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
23:48:56.0095 3264  Spooler - ok
23:48:56.0111 3264  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:48:56.0142 3264  srv - ok
23:48:56.0173 3264  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:48:56.0189 3264  srv2 - ok
23:48:56.0797 3264  [ BF94A7553EF257D70CB2287BF7A3BCE1 ] srvcPVR         C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
23:48:56.0860 3264  srvcPVR - ok
23:48:56.0907 3264  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:48:56.0922 3264  srvnet - ok
23:48:57.0031 3264  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:48:57.0047 3264  SSDPSRV - ok
23:48:57.0109 3264  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
23:48:57.0125 3264  ssmdrv - ok
23:48:57.0172 3264  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:48:57.0187 3264  SstpSvc - ok
23:48:57.0219 3264  [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
23:48:57.0219 3264  StillCam - ok
23:48:57.0281 3264  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
23:48:57.0328 3264  stisvc - ok
23:48:57.0328 3264  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:48:57.0343 3264  swenum - ok
23:48:57.0468 3264  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
23:48:57.0484 3264  swprv - ok
23:48:57.0640 3264  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
23:48:57.0655 3264  Symc8xx - ok
23:48:57.0718 3264  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
23:48:57.0718 3264  Sym_hi - ok
23:48:57.0733 3264  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
23:48:57.0733 3264  Sym_u3 - ok
23:48:57.0780 3264  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
23:48:57.0796 3264  SysMain - ok
23:48:57.0843 3264  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:48:57.0843 3264  TabletInputService - ok
23:48:57.0889 3264  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:48:57.0921 3264  TapiSrv - ok
23:48:57.0967 3264  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
23:48:57.0967 3264  TBS - ok
23:48:58.0513 3264  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:48:58.0545 3264  Tcpip - ok
23:48:58.0560 3264  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
23:48:58.0560 3264  Tcpip6 - ok
23:48:58.0607 3264  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:48:58.0607 3264  tcpipreg - ok
23:48:58.0669 3264  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:48:58.0669 3264  TDPIPE - ok
23:48:58.0716 3264  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:48:58.0716 3264  TDTCP - ok
23:48:58.0763 3264  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:48:58.0763 3264  tdx - ok
23:48:59.0309 3264  [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7     C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
23:48:59.0496 3264  TeamViewer7 - ok
23:48:59.0527 3264  [ 9101FFFCFCCD1A30E870A5B8A9091B10 ] teamviewervpn   C:\Windows\system32\DRIVERS\teamviewervpn.sys
23:48:59.0527 3264  teamviewervpn - ok
23:48:59.0574 3264  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:48:59.0590 3264  TermDD - ok
23:48:59.0746 3264  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
23:48:59.0777 3264  TermService - ok
23:48:59.0793 3264  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
23:48:59.0793 3264  Themes - ok
23:48:59.0793 3264  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
23:48:59.0808 3264  THREADORDER - ok
23:48:59.0855 3264  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
23:48:59.0871 3264  TrkWks - ok
23:48:59.0949 3264  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:48:59.0964 3264  TrustedInstaller - ok
23:49:00.0027 3264  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:49:00.0027 3264  tssecsrv - ok
23:49:00.0120 3264  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
23:49:00.0120 3264  tunmp - ok
23:49:00.0167 3264  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:49:00.0167 3264  tunnel - ok
23:49:00.0183 3264  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:49:00.0198 3264  uagp35 - ok
23:49:00.0229 3264  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:49:00.0261 3264  udfs - ok
23:49:00.0307 3264  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:49:00.0307 3264  UI0Detect - ok
23:49:00.0339 3264  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:49:00.0339 3264  uliagpkx - ok
23:49:00.0385 3264  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
23:49:00.0401 3264  uliahci - ok
23:49:00.0417 3264  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
23:49:00.0432 3264  UlSata - ok
23:49:00.0448 3264  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
23:49:00.0463 3264  ulsata2 - ok
23:49:00.0495 3264  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:49:00.0510 3264  umbus - ok
23:49:00.0853 3264  [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv        C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
23:49:00.0869 3264  UMVPFSrv - ok
23:49:00.0931 3264  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
23:49:00.0947 3264  upnphost - ok
23:49:01.0009 3264  [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
23:49:01.0025 3264  USBAAPL - ok
23:49:01.0087 3264  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
23:49:01.0087 3264  usbaudio - ok
23:49:01.0134 3264  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:49:01.0134 3264  usbccgp - ok
23:49:01.0165 3264  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:49:01.0181 3264  usbcir - ok
23:49:01.0228 3264  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
23:49:01.0228 3264  usbehci - ok
23:49:01.0321 3264  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:49:01.0337 3264  usbhub - ok
23:49:01.0368 3264  [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
23:49:01.0368 3264  usbohci - ok
23:49:01.0415 3264  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:49:01.0415 3264  usbprint - ok
23:49:01.0446 3264  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
23:49:01.0462 3264  usbscan - ok
23:49:01.0493 3264  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:49:01.0493 3264  USBSTOR - ok
23:49:01.0524 3264  [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
23:49:01.0524 3264  usbuhci - ok
23:49:01.0587 3264  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
23:49:01.0602 3264  usbvideo - ok
23:49:01.0618 3264  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
23:49:01.0618 3264  UxSms - ok
23:49:01.0665 3264  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
23:49:01.0680 3264  vds - ok
23:49:01.0727 3264  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:49:01.0727 3264  vga - ok
23:49:01.0774 3264  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:49:01.0789 3264  VgaSave - ok
23:49:01.0821 3264  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
23:49:01.0821 3264  viaagp - ok
23:49:01.0852 3264  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
23:49:01.0852 3264  ViaC7 - ok
23:49:01.0914 3264  [ 7AA7EC9A08DC2C39649C413B1A26E298 ] viaide          C:\Windows\system32\drivers\viaide.sys
23:49:01.0914 3264  viaide - ok
23:49:01.0945 3264  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:49:01.0961 3264  volmgr - ok
23:49:02.0086 3264  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:49:02.0101 3264  volmgrx - ok
23:49:02.0148 3264  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:49:02.0164 3264  volsnap - ok
23:49:02.0211 3264  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
23:49:02.0226 3264  vsmraid - ok
23:49:02.0289 3264  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
23:49:02.0367 3264  VSS - ok
23:49:02.0382 3264  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
23:49:02.0413 3264  W32Time - ok
23:49:02.0429 3264  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
23:49:02.0429 3264  WacomPen - ok
23:49:02.0460 3264  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
23:49:02.0476 3264  Wanarp - ok
23:49:02.0476 3264  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:49:02.0476 3264  Wanarpv6 - ok
23:49:02.0491 3264  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:49:02.0523 3264  wcncsvc - ok
23:49:02.0538 3264  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:49:02.0554 3264  WcsPlugInService - ok
23:49:02.0585 3264  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
23:49:02.0585 3264  Wd - ok
23:49:02.0647 3264  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:49:02.0663 3264  Wdf01000 - ok
23:49:02.0694 3264  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:49:02.0710 3264  WdiServiceHost - ok
23:49:02.0710 3264  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:49:02.0725 3264  WdiSystemHost - ok
23:49:02.0772 3264  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
23:49:02.0772 3264  WebClient - ok
23:49:02.0850 3264  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:49:02.0897 3264  Wecsvc - ok
23:49:02.0928 3264  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:49:02.0944 3264  wercplsupport - ok
23:49:02.0975 3264  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:49:02.0991 3264  WerSvc - ok
23:49:03.0178 3264  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
23:49:03.0193 3264  WinDefend - ok
23:49:03.0193 3264  WinHttpAutoProxySvc - ok
23:49:03.0318 3264  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:49:03.0334 3264  Winmgmt - ok
23:49:03.0552 3264  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
23:49:03.0630 3264  WinRM - ok
23:49:03.0661 3264  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:49:03.0693 3264  Wlansvc - ok
23:49:03.0724 3264  [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
23:49:03.0739 3264  WmiAcpi - ok
23:49:03.0771 3264  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:49:03.0786 3264  wmiApSrv - ok
23:49:03.0958 3264  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
23:49:03.0973 3264  WMPNetworkSvc - ok
23:49:04.0129 3264  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:49:04.0145 3264  WPCSvc - ok
23:49:04.0301 3264  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:49:04.0317 3264  WPDBusEnum - ok
23:49:04.0504 3264  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
23:49:04.0504 3264  WpdUsb - ok
23:49:06.0220 3264  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:49:06.0235 3264  WPFFontCache_v0400 - ok
23:49:06.0298 3264  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:49:06.0298 3264  ws2ifsl - ok
23:49:06.0345 3264  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
23:49:06.0360 3264  wscsvc - ok
23:49:06.0360 3264  WSearch - ok
23:49:06.0844 3264  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
23:49:06.0953 3264  wuauserv - ok
23:49:06.0984 3264  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:49:07.0000 3264  WUDFRd - ok
23:49:07.0031 3264  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:49:07.0031 3264  wudfsvc - ok
23:49:07.0062 3264  [ AB2D77BF7222B007717ABB61B15F9AE2 ] X10Hid          C:\Windows\system32\Drivers\x10hid.sys
23:49:07.0062 3264  X10Hid - ok
23:49:07.0093 3264  [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets         C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
23:49:07.0093 3264  x10nets - ok
23:49:07.0156 3264  [ 9EEA6D029FEF5F3016D089B1A603837D ] xnacc           C:\Windows\system32\DRIVERS\xnacc.sys
23:49:07.0203 3264  xnacc - ok
23:49:07.0234 3264  [ 6BBF7A3BAB8FFDCCF82057FA2AAE2B7B ] XUIF            C:\Windows\system32\Drivers\x10ufx2.sys
23:49:07.0249 3264  XUIF - ok
23:49:07.0265 3264  ================ Scan global ===============================
23:49:07.0296 3264  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
23:49:07.0343 3264  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:49:07.0374 3264  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:49:07.0499 3264  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
23:49:07.0515 3264  [Global] - ok
23:49:07.0515 3264  ================ Scan MBR ==================================
23:49:07.0561 3264  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
23:49:08.0591 3264  \Device\Harddisk0\DR0 - ok
23:49:08.0591 3264  ================ Scan VBR ==================================
23:49:08.0622 3264  [ 65057D06E751ED002CD26451DB2B72FC ] \Device\Harddisk0\DR0\Partition1
23:49:08.0638 3264  \Device\Harddisk0\DR0\Partition1 - ok
23:49:08.0653 3264  [ EED7FF3733EE198E4535CFEA14D29C9A ] \Device\Harddisk0\DR0\Partition2
23:49:08.0685 3264  \Device\Harddisk0\DR0\Partition2 - ok
23:49:08.0685 3264  ============================================================
23:49:08.0685 3264  Scan finished
23:49:08.0685 3264  ============================================================
23:49:08.0700 6092  Detected object count: 0
23:49:08.0700 6092  Actual detected object count: 0
23:50:53.0037 5560  Deinitialize success
         
Gruß,
- bambi

Alt 31.10.2012, 09:58   #9
Psychotic
/// Malwareteam
 
Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista - Standard

Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista



Zitat:
Spybot - Search & Destroy
Ich sehe, dass diese Software bei dir installiert ist.
Leider ist sie nicht mehr zeitgemäß und kann dich vor heutigen Bedrohungen nicht zuverlässig schützen.
außerdem kann sie die Bereinigung behindern.

Deinstalliere sie bitte und gib mir Bescheid, wenn du fertig bist!
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 31.10.2012, 23:27   #10
bambi317
 
Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista - Standard

Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista



Erledigt.
Gruß,
- bambi

Alt 05.11.2012, 14:10   #11
Psychotic
/// Malwareteam
 
Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista - Standard

Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista



Sieht ganz gut aus - kontrollieren wir alles nochmal!


Schritt 1: MBAM vollständig


Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen. (Hinweis: Alle Festplatten anhaken!)
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.



Schritt 2: ESET


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 06.11.2012, 22:58   #12
bambi317
 
Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista - Standard

Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista



hier ist das ergebnis von MBAM

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.06.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
b2admin :: BAMBI2 [Administrator]

06.11.2012 20:44:02
mbam-log-2012-11-06 (20-44-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 670635
Laufzeit: 1 Stunde(n), 41 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\$RECYCLE.BIN\S-1-5-21-73228698-4061738665-3293803925-1007\$R04T7GS.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\bambi\Downloads\entpackt\Ets3ProSetup.exe (Heuristics.Shuriken) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
- bambi

Und die ESET ergebnisse:

Code:
ATTFilter
C:\$RECYCLE.BIN\S-1-5-21-73228698-4061738665-3293803925-1007\$RG4UCSL.zip	Win32/Somoto application
C:\Users\Public\SoftonicDownloader_fuer_super.exe	Win32/SoftonicDownloader application
D:\TOOLS\Nero Burning ROM 8 Update\Nero-8.2.8.0_deu_update.exe	Win32/Toolbar.AskSBar application
         
Ich werde die nächsten drei tage vermutlich nicht reinschauen können.
Wie geht es jetzt weiter?
Gruß,
- bambi

Alt 07.11.2012, 16:00   #13
Psychotic
/// Malwareteam
 
Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista - Standard

Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista



Zitat:
C:\Users\Public\SoftonicDownloader_fuer_super.exe Win32/SoftonicDownloader application
D:\TOOLS\Nero Burning ROM 8 Update\Nero-8.2.8.0_deu_update.exe Win32/Toolbar.AskSBar application
Bei diesen Dateien handelt es sich nicht um Malware, aber um Sicherheitsrisiken.
Ich empfehle dir, sie ungeöffnet zu löschen!

Gibt es noch Probleme oder können wir nachebreiten?
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 07.11.2012, 18:45   #14
bambi317
 
Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista - Standard

Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista



Was ist mit den zwei, die MBAM gefunden hat?
Durch das löschen bzw. Quarantäne ist auch das problem dabei vollständig beseitigt?
Gruss,
- bambi

Alt 08.11.2012, 08:08   #15
Psychotic
/// Malwareteam
 
Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista - Standard

Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista



Zitat:
-> Erfolgreich gelöscht und in Quarantäne gestellt.
Um die brauchen wir uns keine Sorgen mehr zu machen!
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Antwort

Themen zu Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista
100%, andere, anderen, avira, benutzerkonten, cpu, deaktivieren, erfolg, foren, forum, gemeldet, gestartet, konto, neues, neueste, nichts, rechner, sidebar, tagen, troja, trojan.generic.fakeav.wka, trojan.tdss-7762, verschiedene, verschiedenen, version, vista, windows vista32, woche



Ähnliche Themen: Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista


  1. Trojan.GenericKD.2269178 (B) + Trojan.Generic.13051484 (B) + Trojan.Generic.12905642 (B)
    Log-Analyse und Auswertung - 10.04.2015 (12)
  2. Desinfizierung durch Kaspersky nicht möglich: Trojan.Win32.Bromngr.k, HEUR:Trojan.Win32.Generic, Trojan-Downloader.Win32.MultiDL.I
    Plagegeister aller Art und deren Bekämpfung - 28.11.2013 (1)
  3. Windows7:Kapersky findet HEUR:Trojan.Win32.generic und Trojan.Downloader.Win32MultiDL (Arbeitspc!)
    Log-Analyse und Auswertung - 15.11.2013 (9)
  4. Windows Vista, viel Adware und ein Trojaner Trojan.Win32.Generic
    Plagegeister aller Art und deren Bekämpfung - 30.10.2013 (9)
  5. Vista: Trojan.Ransom.Gen; Trojan.0Access; Trojan.Agent; Firewall inaktiv
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (3)
  6. Trojan.Sirefef.MC und Trojan.Generic.8253580 lassen sich nicht entfernen!
    Log-Analyse und Auswertung - 23.02.2013 (9)
  7. Trojan.FakeAV.LVT
    Plagegeister aller Art und deren Bekämpfung - 14.10.2012 (11)
  8. Virenfund Trojan.Generic.7552386 und Trojan.Sirefef.FY nach GVU-Befall
    Log-Analyse und Auswertung - 03.08.2012 (15)
  9. Trojan.SpyEye.config-251 und Trojan.Generic.KD.227292
    Log-Analyse und Auswertung - 10.06.2011 (5)
  10. Gen: Trojan.Heur.GM.01E0000002 und Trojan.Generic.4033639 von BitDefender Internet Security 2011 gef
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (1)
  11. Trojan.Generic.IS.541395 und Trojan.Script.190190
    Plagegeister aller Art und deren Bekämpfung - 29.03.2010 (17)
  12. Vista lahm, G-Data findet Trojan.Generic ... Nero schuld oder Virus/Malware?
    Log-Analyse und Auswertung - 14.02.2010 (3)
  13. Entfernung Trojan.Heur.Vundo.cu4@d4CKyXk sowie Trojan.Tdss.153
    Plagegeister aller Art und deren Bekämpfung - 17.01.2010 (1)
  14. TR\FakeAV.C[Trojan] ist es weg?
    Log-Analyse und Auswertung - 14.01.2010 (3)
  15. Trojan.TDss!K - Packed.Win32.Tdss!IK - und wer weiß was noch alles!
    Plagegeister aller Art und deren Bekämpfung - 09.12.2009 (1)
  16. Trojan.Agent (evtl. Trojan.Generic)
    Plagegeister aller Art und deren Bekämpfung - 09.12.2009 (1)
  17. Trojan.Win32.Zapchast unter Vista
    Plagegeister aller Art und deren Bekämpfung - 23.11.2007 (9)

Zum Thema Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista - Hallo Forum, seit ein paar tagen merke ich, dass in zwei meiner benutzerkonten auf meinem rechner die CPU last auf 100% geht und bleibt. In beiden fälle schien die sidebar - Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista...
Archiv
Du betrachtest: Trojan.Tdss-7762 und Trojan.Generic.FakeAV.WKA unter Vista auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.