Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.11.2012, 22:44   #1
shopgirl86
 
JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb  und noch mehr - Standard

JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr



Hallo,

hatte Anfang der Woche den TR/Spy.ZBot.dynb drauf und mit Malwarebytes entfernt. Das Programm fand danach nichts mehr. Heute habe ich noch mal über alles Avira drüberlaufen lassen und da gab es 27 Infektionsmeldungen und 22 Warnungen. Die meisten der Infektionen sind aber im Spamfilter (Spamihilator) oder im Papierkorb im Mailprogramm (ungeöffnet, auch keine Vorschau!), die öffne ich nicht und beschäftigen mich daher auch nicht. Der TR/Spy.ZBot.dynb wurde nochmal gefunden, aber in einem _OTL\MovedFiles-Ordner, ich vermute daher, dass das der Überrest von einer früheren Infektion war, die ich mit Hilfe von hier (danke :-) in den Griff bekommen hatte. Allerdings gibt es da ein paar Java-Viren, die ich nicht interpretieren kann.

Hier mal der Avira-Scan von eben:
Code:
ATTFilter

Avira Free Antivirus
Report file date: Mittwoch, 21. November 2012  18:01

Scanning for 4536279 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee        : Avira Free Antivirus
Serial number   : 0000149996-ADJIE-0000001
Platform        : Windows 7 Home Premium
Windows version : (plain)  [6.1.7600]
Boot mode       : Normally booted
Username        : HP Berlin
Computer name   : HPBERLIN-PC

Version information:
BUILD.DAT       : 12.0.0.1125          Bytes  02.05.2012 17:40:00
AVSCAN.EXE      : 12.3.0.15     466896 Bytes  01.05.2012 22:48:51
AVSCAN.DLL      : 12.3.0.15      54736 Bytes  02.05.2012 13:31:39
LUKE.DLL        : 12.3.0.15      68304 Bytes  01.05.2012 23:31:47
AVSCPLR.DLL     : 12.3.0.14      97032 Bytes  01.05.2012 22:13:36
AVREG.DLL       : 12.3.0.17     232200 Bytes  20.06.2012 11:28:33
VBASE000.VDF    : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF    : 7.11.0.0    13342208 Bytes  14.12.2010 23:23:21
VBASE002.VDF    : 7.11.19.170 14374912 Bytes  20.12.2011 23:32:24
VBASE003.VDF    : 7.11.21.238  4472832 Bytes  01.02.2012 09:58:50
VBASE004.VDF    : 7.11.26.44   4329472 Bytes  28.03.2012 10:43:53
VBASE005.VDF    : 7.11.34.116  4034048 Bytes  29.06.2012 17:36:28
VBASE006.VDF    : 7.11.41.250  4902400 Bytes  06.09.2012 17:54:49
VBASE007.VDF    : 7.11.45.207  2363904 Bytes  11.10.2012 20:02:59
VBASE008.VDF    : 7.11.45.208     2048 Bytes  11.10.2012 20:02:59
VBASE009.VDF    : 7.11.45.209     2048 Bytes  11.10.2012 20:02:59
VBASE010.VDF    : 7.11.45.210     2048 Bytes  11.10.2012 20:02:59
VBASE011.VDF    : 7.11.45.211     2048 Bytes  11.10.2012 20:03:00
VBASE012.VDF    : 7.11.45.212     2048 Bytes  11.10.2012 20:03:00
VBASE013.VDF    : 7.11.45.213     2048 Bytes  11.10.2012 20:03:00
VBASE014.VDF    : 7.11.46.65    220160 Bytes  16.10.2012 20:02:55
VBASE015.VDF    : 7.11.46.153   173568 Bytes  18.10.2012 20:02:56
VBASE016.VDF    : 7.11.46.223   162304 Bytes  19.10.2012 20:02:57
VBASE017.VDF    : 7.11.47.35    126464 Bytes  22.10.2012 20:03:06
VBASE018.VDF    : 7.11.47.95    175616 Bytes  24.10.2012 20:03:05
VBASE019.VDF    : 7.11.47.177   164352 Bytes  26.10.2012 08:24:07
VBASE020.VDF    : 7.11.47.229   143360 Bytes  28.10.2012 09:24:14
VBASE021.VDF    : 7.11.48.47    138240 Bytes  30.10.2012 17:01:07
VBASE022.VDF    : 7.11.48.135   122880 Bytes  01.11.2012 17:21:31
VBASE023.VDF    : 7.11.48.209   142848 Bytes  05.11.2012 18:14:15
VBASE024.VDF    : 7.11.48.243   119296 Bytes  05.11.2012 18:14:10
VBASE025.VDF    : 7.11.49.47    136704 Bytes  07.11.2012 18:14:32
VBASE026.VDF    : 7.11.49.135   194560 Bytes  09.11.2012 13:11:09
VBASE027.VDF    : 7.11.49.209   188416 Bytes  12.11.2012 13:11:11
VBASE028.VDF    : 7.11.50.27    212992 Bytes  14.11.2012 16:38:23
VBASE029.VDF    : 7.11.50.105   200704 Bytes  18.11.2012 18:22:53
VBASE030.VDF    : 7.11.50.164   340992 Bytes  20.11.2012 18:22:52
VBASE031.VDF    : 7.11.50.174    43008 Bytes  20.11.2012 18:22:52
Engine version  : 8.2.10.202
AEVDF.DLL       : 8.1.2.10      102772 Bytes  11.07.2012 14:40:48
AESCRIPT.DLL    : 8.1.4.66      463227 Bytes  12.11.2012 13:11:45
AESCN.DLL       : 8.1.9.4       131445 Bytes  19.11.2012 18:22:55
AESBX.DLL       : 8.2.5.12      606578 Bytes  20.06.2012 11:28:32
AERDL.DLL       : 8.2.0.74      643445 Bytes  07.11.2012 18:14:36
AEPACK.DLL      : 8.3.0.40      815479 Bytes  12.11.2012 13:11:44
AEOFFICE.DLL    : 8.1.2.50      201084 Bytes  05.11.2012 18:14:21
AEHEUR.DLL      : 8.1.4.138    5542265 Bytes  19.11.2012 18:22:55
AEHELP.DLL      : 8.1.25.2      258423 Bytes  14.10.2012 20:03:03
AEGEN.DLL       : 8.1.6.10      438646 Bytes  19.11.2012 18:22:53
AEEXP.DLL       : 8.2.0.10      119158 Bytes  05.11.2012 18:14:22
AEEMU.DLL       : 8.1.3.2       393587 Bytes  11.07.2012 14:40:41
AECORE.DLL      : 8.1.29.2      201079 Bytes  07.11.2012 18:14:33
AEBB.DLL        : 8.1.1.4        53619 Bytes  05.11.2012 18:14:17
AVWINLL.DLL     : 12.3.0.15      27344 Bytes  01.05.2012 22:59:21
AVPREF.DLL      : 12.3.0.15      51920 Bytes  01.05.2012 22:44:31
AVREP.DLL       : 12.3.0.15     179208 Bytes  01.05.2012 22:13:35
AVARKT.DLL      : 12.3.0.15     211408 Bytes  01.05.2012 22:21:32
AVEVTLOG.DLL    : 12.3.0.15     169168 Bytes  01.05.2012 22:28:49
SQLITE3.DLL     : 3.7.0.1       398288 Bytes  16.04.2012 21:11:02
AVSMTP.DLL      : 12.3.0.15      63440 Bytes  01.05.2012 22:51:35
NETNT.DLL       : 12.3.0.15      17104 Bytes  01.05.2012 23:33:29
RCIMAGE.DLL     : 12.3.0.15    4450000 Bytes  02.05.2012 00:03:52
RCTEXT.DLL      : 12.3.0.15      96720 Bytes  02.05.2012 13:40:44

Configuration settings for the scan:
Jobname.............................: Manual Selection
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\folder.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, 
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete
Deviating risk categories...........: +PCK,+PFS,+SPR,

Start of the scan: Mittwoch, 21. November 2012  18:01

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!
    [INFO]      Please restart the search with Administrator rights
Master boot sector HD1
    [INFO]      No virus was found!
    [INFO]      Please restart the search with Administrator rights
Master boot sector HD2
    [INFO]      No virus was found!
    [INFO]      Please restart the search with Administrator rights
Master boot sector HD3
    [INFO]      No virus was found!
Master boot sector HD4
    [INFO]      No virus was found!
Master boot sector HD5
    [INFO]      No virus was found!
Master boot sector HD6
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!
    [INFO]      Please restart the search with Administrator rights
C:\Program Files (x86)\Handbrake\uninst.exe
  [WARNING]   Invalid end of file

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'SyncServer.exe' - '1' Module(s) have been scanned
Scan process 'ATH.exe' - '1' Module(s) have been scanned
Scan process 'ATH.exe' - '1' Module(s) have been scanned
Scan process 'APSDaemon.exe' - '1' Module(s) have been scanned
Scan process 'distnoted.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceHelper.exe' - '1' Module(s) have been scanned
Scan process 'iTunes.exe' - '1' Module(s) have been scanned
Scan process 'CLMLSvc.exe' - '1' Module(s) have been scanned
Scan process 'DVDAgent.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'wlmail.exe' - '1' Module(s) have been scanned
Scan process 'Dropbox.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'tvtip.exe' - '1' Module(s) have been scanned
  Module is OK -> <C:\Programme\TV Movie ClickFinder\tvtip.exe>
  [WARNING]   The file could not be opened!
  [NOTE]      The file does not exist!
  [NOTE]      Process 'tvtip.exe' was terminated
Scan process 'PBN.exe' - '1' Module(s) have been scanned
Scan process 'WNA3100.exe' - '1' Module(s) have been scanned
Scan process 'MSOSYNC.EXE' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\' <HP>
C:\Program Files (x86)\Handbrake\uninst.exe
  [WARNING]   Invalid end of file
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIWNGUX7\tvbilder-009-20120716[1].cftv
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\helmut whatz-up\Deleted Items\69080407-000004FB.eml
  [0] Archive type: MIME
  --> DCIM.htm
      [DETECTION] Contains recognition pattern of the JS/iFrame.NV Java script virus
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\helmut whatz-up\Deleted Items\70F578F5-000004FC.eml
  [0] Archive type: MIME
  --> DCIM.htm
      [DETECTION] Contains recognition pattern of the JS/iFrame.NV Java script virus
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Deleted Items\40572C6E-000026B0.eml
  [0] Archive type: MIME
  --> Contract_Scan_DS8220.htm
      [DETECTION] Contains recognition pattern of the HTML/Redirect.FQ HTML script virus
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Deleted Items\4359467D-000025D4.eml
  [0] Archive type: MIME
  --> Persönliches Profil - PayPal.htm
      [DETECTION] Contains recognition pattern of the PHISH/PayPal.AX phishing file/email
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Deleted Items\481A1C9C-000026EA.eml
  [0] Archive type: MIME
  --> Invoice_T756916.htm
      [DETECTION] Contains recognition pattern of the JS/Redirector.QW Java script virus
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Deleted Items\7F9776EE-000026FE.eml
  [0] Archive type: MIME
  --> Invoices-02-2012.htm
      [DETECTION] Contains recognition pattern of the JS/Column.EB.3 Java script virus
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Sent Items\125228EB-000006CE.eml
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Sent Items\16DB4C5D-0000070F.eml
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Sent Items\79F22B86-0000070D.eml
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\tate\Deleted Items\1A1B17E6-00000279.eml
  [0] Archive type: MIME
  --> Persönliches Profil - PayPal.htm
      [DETECTION] Contains recognition pattern of the PHISH/PayPal.AX phishing file/email
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\tate\Deleted Items\3BE02A2C-0000027C.eml
  [0] Archive type: MIME
  --> Persönliches Profil - PayPal.htm
      [DETECTION] Contains recognition pattern of the PHISH/PayPal.AX phishing file/email
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\tate\Deleted Items\7498193E-00000280.eml
  [0] Archive type: MIME
  --> Persönliches Profil - PayPal.htm
      [DETECTION] Contains recognition pattern of the PHISH/PayPal.AX phishing file/email
C:\Users\HP Berlin\AppData\Local\Temp\GLZHZD
  [0] Archive type: ZIP
  --> testesta.class
      [DETECTION] Contains recognition pattern of the JAVA/Dermit.EM Java virus
  --> testestb.class
      [DETECTION] Contains recognition pattern of the JAVA/Dermit.EN Java virus
  --> NewClass1.class
      [DETECTION] Contains recognition pattern of the JAVA/Pesur.AY Java virus
  --> testestd.class
      [DETECTION] Contains recognition pattern of the JAVA/Karamel.AO.3 Java virus
  --> testestc.class
      [DETECTION] Contains recognition pattern of the JAVA/Karamel.AP.3 Java virus
C:\Users\HP Berlin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\5e06165d-3a143d3b
  [0] Archive type: ZIP
  --> trphpgdtafbtttmvy/mltdmagswwqvsafpq.class
      [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.FW Java virus
  --> trphpgdtafbtttmvy/qysfflnsla.class
      [DETECTION] Contains recognition pattern of the JAVA/Dldr.Themo.F.2 Java virus
  --> trphpgdtafbtttmvy/vnvvqw.class
      [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.GA Java virus
C:\Users\HP Berlin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\6b5cda3f-36b61bfb
  [0] Archive type: ZIP
  --> testesta.class
      [DETECTION] Contains recognition pattern of the JAVA/Dermit.EM Java virus
  --> testestb.class
      [DETECTION] Contains recognition pattern of the JAVA/Dermit.EN Java virus
  --> NewClass1.class
      [DETECTION] Contains recognition pattern of the JAVA/Pesur.AY Java virus
  --> testestd.class
      [DETECTION] Contains recognition pattern of the JAVA/Karamel.AO.3 Java virus
  --> testestc.class
      [DETECTION] Contains recognition pattern of the JAVA/Karamel.AP.3 Java virus
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20110907-220740\0a9ce9b42efcbc7aa54ffebe58bb82cd080a1696
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20110907-220740\85cc27fbce264aadfdab8fc9e618d3429ee24940
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20111113-171954\0a9ce9b42efcbc7aa54ffebe58bb82cd080a1696
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20111113-171954\85cc27fbce264aadfdab8fc9e618d3429ee24940
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20111113-175130\0a9ce9b42efcbc7aa54ffebe58bb82cd080a1696
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20111113-175130\85cc27fbce264aadfdab8fc9e618d3429ee24940
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20111113-181205\0a9ce9b42efcbc7aa54ffebe58bb82cd080a1696
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20111113-181205\85cc27fbce264aadfdab8fc9e618d3429ee24940
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\dc11c0ccf27644db194fc798c077d27af5b38f49\0a9ce9b42efcbc7aa54ffebe58bb82cd080a1696
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\dc11c0ccf27644db194fc798c077d27af5b38f49\85cc27fbce264aadfdab8fc9e618d3429ee24940
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Spamihilator\messages\0000010676.msg
  [0] Archive type: MIME
  --> Document_N47683.htm
      [DETECTION] Contains recognition pattern of the HTML/Redir.K HTML script virus
C:\Users\HP Berlin\AppData\Roaming\Spamihilator\messages\0000010685.msg
  [0] Archive type: MIME
  --> HP-Document-26506.htm
      [DETECTION] Contains recognition pattern of the JS/Blacole.CV Java script virus
C:\Users\HP Berlin\AppData\Roaming\Spamihilator\messages\0000010692.msg
  [0] Archive type: MIME
  --> HP-Scan-67990.htm
      [DETECTION] Contains recognition pattern of the JS/Redir.BE.1 Java script virus
C:\Users\HP Berlin\AppData\Roaming\Spamihilator\messages\0000010731.msg
  [0] Archive type: MIME
  --> Invoices-02-2012.htm
      [DETECTION] Contains recognition pattern of the JS/Column.EB.3 Java script virus
C:\Users\HP Berlin\Downloads\avira_free_antivirus_en.exe
  [WARNING]   The file is password protected
C:\Users\HP Berlin\Downloads\avira_free_antivirus_en2012.exe
  [WARNING]   The file is password protected
C:\Users\HP Berlin\Downloads\iPhone2,1_4.0_8A293_Restore.zip
  [WARNING]   Invalid compressed data
C:\Users\HP Berlin\Music\iTunes\iTunes Media\Mobile Applications\CubeMaze 1.0.ipa
  [WARNING]   The file is password protected
C:\Users\HP Berlin\Music\iTunes\iTunes Media\Mobile Applications\Graz Touch 1.0 1.ipa
  [WARNING]   Possible archive bomb: the maximum unpack size has been reached.
C:\_OTL\MovedFiles\06142012_181231\C_Users\HP Berlin\AppData\Roaming\Biyva\myasi.exe
  [DETECTION] Is the TR/Spy.ZBot.dynb Trojan

Beginning disinfection:
C:\_OTL\MovedFiles\06142012_181231\C_Users\HP Berlin\AppData\Roaming\Biyva\myasi.exe
  [DETECTION] Is the TR/Spy.ZBot.dynb Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '5788faa5.qua'.
C:\Users\HP Berlin\AppData\Roaming\Spamihilator\messages\0000010731.msg
  [DETECTION] Contains recognition pattern of the JS/Column.EB.3 Java script virus
  [NOTE]      The file was moved to the quarantine directory under the name '4eccd579.qua'.
C:\Users\HP Berlin\AppData\Roaming\Spamihilator\messages\0000010692.msg
  [DETECTION] Contains recognition pattern of the JS/Redir.BE.1 Java script virus
  [NOTE]      The file was moved to the quarantine directory under the name '1c938f91.qua'.
C:\Users\HP Berlin\AppData\Roaming\Spamihilator\messages\0000010685.msg
  [DETECTION] Contains recognition pattern of the JS/Blacole.CV Java script virus
  [NOTE]      The file was moved to the quarantine directory under the name '7aa4c053.qua'.
C:\Users\HP Berlin\AppData\Roaming\Spamihilator\messages\0000010676.msg
  [DETECTION] Contains recognition pattern of the HTML/Redir.K HTML script virus
  [NOTE]      The file was moved to the quarantine directory under the name '3f20ed6d.qua'.
C:\Users\HP Berlin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\6b5cda3f-36b61bfb
  [DETECTION] Contains recognition pattern of the JAVA/Karamel.AP.3 Java virus
  [NOTE]      The file was moved to the quarantine directory under the name '4004df5e.qua'.
C:\Users\HP Berlin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\5e06165d-3a143d3b
  [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.GA Java virus
  [NOTE]      The file was moved to the quarantine directory under the name '0c83f309.qua'.
C:\Users\HP Berlin\AppData\Local\Temp\GLZHZD
  [DETECTION] Contains recognition pattern of the JAVA/Karamel.AP.3 Java virus
  [NOTE]      The file was moved to the quarantine directory under the name '7141b332.qua'.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\tate\Deleted Items\7498193E-00000280.eml
  [DETECTION] Contains recognition pattern of the PHISH/PayPal.AX phishing file/email
  [NOTE]      The file was moved to the quarantine directory under the name '5dfa9c67.qua'.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\tate\Deleted Items\3BE02A2C-0000027C.eml
  [DETECTION] Contains recognition pattern of the PHISH/PayPal.AX phishing file/email
  [NOTE]      The file was moved to the quarantine directory under the name '4486a7f3.qua'.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\tate\Deleted Items\1A1B17E6-00000279.eml
  [DETECTION] Contains recognition pattern of the PHISH/PayPal.AX phishing file/email
  [NOTE]      The file was moved to the quarantine directory under the name '28f68bc2.qua'.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Deleted Items\7F9776EE-000026FE.eml
  [DETECTION] Contains recognition pattern of the JS/Column.EB.3 Java script virus
  [NOTE]      The file was moved to the quarantine directory under the name '5977b24a.qua'.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Deleted Items\481A1C9C-000026EA.eml
  [DETECTION] Contains recognition pattern of the JS/Redirector.QW Java script virus
  [NOTE]      The file was moved to the quarantine directory under the name '5755829b.qua'.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Deleted Items\4359467D-000025D4.eml
  [DETECTION] Contains recognition pattern of the PHISH/PayPal.AX phishing file/email
  [NOTE]      The file was moved to the quarantine directory under the name '1240fbdc.qua'.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Deleted Items\40572C6E-000026B0.eml
  [DETECTION] Contains recognition pattern of the HTML/Redirect.FQ HTML script virus
  [NOTE]      The file was moved to the quarantine directory under the name '1b4bff4a.qua'.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\helmut whatz-up\Deleted Items\70F578F5-000004FC.eml
  [DETECTION] Contains recognition pattern of the JS/iFrame.NV Java script virus
  [NOTE]      The file was moved to the quarantine directory under the name '431be623.qua'.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\helmut whatz-up\Deleted Items\69080407-000004FB.eml
  [DETECTION] Contains recognition pattern of the JS/iFrame.NV Java script virus
  [NOTE]      The file was moved to the quarantine directory under the name '6fc19fd4.qua'.


End of the scan: Mittwoch, 21. November 2012  23:30
Used time:  5:26:37 Hour(s)

The scan has been done completely.

  50331 Scanned directories
 2963804 Files were scanned
     27 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
     17 Files were moved to quarantine
      0 Files were renamed
      1 Files cannot be scanned
 2963776 Files not concerned
 183475 Archives were scanned
     22 Warnings
     18 Notes
         
und das Malwarebytes-Protokoll von heute Nachmittag:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.19.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
HP Berlin :: HPBERLIN-PC [Administrator]

21.11.2012 17:03:52
mbam-log-2012-11-21 (17-03-52).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 250303
Laufzeit: 6 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Und OTL hat das hier gemeint:

Code:
ATTFilter
OTL logfile created on: 21.11.2012 17:10:26 - Run 5
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\HP Berlin\Desktop\AntiSpyware
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,99 Gb Total Physical Memory | 6,15 Gb Available Physical Memory | 77,00% Memory free
11,90 Gb Paging File | 8,60 Gb Available in Paging File | 72,29% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684,15 Gb Total Space | 472,08 Gb Free Space | 69,00% Space Free | Partition Type: NTFS
Drive D: | 14,39 Gb Total Space | 2,53 Gb Free Space | 17,55% Space Free | Partition Type: NTFS
Drive E: | 698,64 Gb Total Space | 470,04 Gb Free Space | 67,28% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive O: | 1396,92 Gb Total Space | 833,84 Gb Free Space | 59,69% Space Free | Partition Type: FAT32
 
Computer Name: HPBERLIN-PC | User Name: HP Berlin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.25 03:08:10 | 026,909,544 | ---- | M] (Dropbox, Inc.) -- C:\Users\HP Berlin\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.06.13 21:45:51 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\HP Berlin\Desktop\AntiSpyware\OTL.exe
PRC - [2012.05.02 00:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.01 23:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.01 23:31:38 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.02.26 23:15:32 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
PRC - [2012.02.20 20:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012.02.15 09:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011.09.14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010.07.29 19:02:53 | 000,651,264 | ---- | M] (E.W.E.-Software) -- C:\Programme\TV Movie\TV Movie ClickFinder\tvtip.exe
PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.01.20 16:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
PRC - [2009.11.25 17:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe
PRC - [2009.08.05 12:45:22 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009.07.23 19:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009.06.04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.12 13:02:33 | 000,839,608 | ---- | M] () -- C:\Windows\assembly\GAC_32\SwissAcademic.Citavi.IEPicker\3.1.0.0__f59eabe05cc67589\SwissAcademic.Citavi.IEPicker.dll
MOD - [2012.04.14 11:30:02 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll
MOD - [2012.02.11 23:56:21 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010.08.14 08:13:35 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\149c74602e3720d5e12fd34691793f45\CustomMarshalers.ni.dll
MOD - [2010.08.14 07:46:56 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f92c882fd4e7005c005e208daa04c28d\System.Windows.Forms.ni.dll
MOD - [2010.08.14 07:46:50 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll
MOD - [2010.08.14 07:46:48 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\b2e6d33df15f6ca262db09558982e0f2\Accessibility.ni.dll
MOD - [2010.08.14 07:46:34 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll
MOD - [2010.08.14 07:46:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4be2653d1c9804d2ff6e6b66d22764e1\System.Configuration.ni.dll
MOD - [2010.08.14 07:46:30 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll
MOD - [2010.08.14 07:46:24 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll
MOD - [2010.01.20 16:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
MOD - [2009.11.25 17:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe
MOD - [2009.09.15 18:17:20 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\BelkinwcuiDLL.dll
MOD - [2009.08.28 15:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
MOD - [2009.08.05 12:45:22 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009.06.10 22:41:46 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.06.10 22:22:50 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012.05.02 00:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.01 23:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.09.14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2010.04.16 08:18:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.12 10:11:24 | 000,278,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2010.01.04 19:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.12.28 16:25:40 | 000,036,864 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe -- (WLANBelkinService)
SRV - [2009.12.17 16:36:24 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) @C:\Program Files (x86)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2009.02.22 11:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)
SRV - [2006.09.14 07:56:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2005.09.30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe -- (CCALib8)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.02 14:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 09:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.24 23:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.02.15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.01.07 15:02:28 | 000,045,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.01.06 18:37:02 | 000,051,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2010.03.23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.03.19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.03.11 10:17:14 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.11.06 07:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 15:31:42 | 000,233,472 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007.01.19 17:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2009.07.23 19:45:28 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/09/24 16:32:44] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D56565BD-FD80-481B-8232-1AAE0340DB2B}
IE:64bit: - HKLM\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE:64bit: - HKLM\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at
IE:64bit: - HKLM\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKLM\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at
IE - HKLM\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/calendar/render?hl=de&tab=wc&gsessionid=ZkAmWI3R7rSgxWfTFbMw3Q
IE - HKCU\..\SearchScopes,DefaultScope = {C79569B9-0771-4C65-B14E-845F99A6BCD9}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKCU\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\..\SearchScopes\{C79569B9-0771-4C65-B14E-845F99A6BCD9}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at
IE - HKCU\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://www.google.com/calendar/render?hl=de&tab=wc&gsessionid=ZkAmWI3R7rSgxWfTFbMw3Q|hxxp://www.babyzimmer.de/forumdisplay.php/4-Das-BZ-Forum|hxxp://www.facebook.com/|hxxp://dailydeal.de/gutscheine/berlin/?geo=on"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\HP Berlin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.05.19 21:41:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.23 11:52:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2010.01.04 22:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP Berlin\AppData\Roaming\mozilla\Extensions
[2010.01.04 22:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP Berlin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.01 18:00:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP Berlin\AppData\Roaming\mozilla\Firefox\Profiles\13la5nka.default\extensions
[2012.09.23 11:52:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.06 02:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.06.16 10:44:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKCU..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [TVTip] C:\Programme\TV Movie\TV Movie ClickFinder\tvstart.exe (E.W.E.-Software)
O4 - Startup: C:\Users\HP Berlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012.07.12 11:34:25 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\HP Berlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\HP Berlin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\HP Berlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\HP Berlin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\HP Berlin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4010814-8B20-43BB-A662-6A72EBA2F08C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.21 14:07:08 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{8EEC5C5C-0CEE-4EED-8F31-A4710E426A73}
[2012.11.20 18:46:51 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{1EC5ED30-FDE7-4764-9BB4-CD93974CBF88}
[2012.11.19 21:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2012.11.19 12:28:55 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{0929D70E-88D2-4007-8E58-F048718ED315}
[2012.11.19 11:13:53 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012.11.19 10:34:44 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{DCC784B6-79A5-4781-8178-B47432DE31E0}
[2012.11.18 22:34:19 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{AC1AED9A-E2B9-4466-9F05-8ABCE3EF831E}
[2012.11.18 10:34:12 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9784BF28-E68A-4859-8C53-419F4A757915}
[2012.11.17 22:33:53 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{45AD049F-F939-4FF3-A811-ADF9C1AA641C}
[2012.11.17 10:33:33 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{ED3FE1C2-99F9-42CA-BA7B-9C8FE5436AE9}
[2012.11.16 20:49:22 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{5770DFB3-F22F-4351-A809-D82E49541AF8}
[2012.11.16 08:49:03 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9D2456A1-BE43-49CB-A60B-9BE57BA45706}
[2012.11.15 17:39:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{506EB94F-341B-4A95-8658-B285A5E4F246}
[2012.11.14 20:58:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{EA0EFF52-D535-4762-86C0-9EAC96195613}
[2012.11.14 08:58:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{F525D118-91B5-40D6-890A-CB5F88CAEE5E}
[2012.11.13 09:38:18 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B500A58B-4191-42DC-B40B-43068B3E5BC1}
[2012.11.12 22:13:23 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C48C946B-FA5B-4E08-BF8C-E79D22DADB95}
[2012.11.12 10:13:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{F7FBDB8E-A5FF-43C6-84A9-E993E30B0459}
[2012.11.11 22:12:44 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{F6BDAD0C-3A9D-4BE8-AC6C-67A34E968BD5}
[2012.11.09 09:09:20 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C8EEAD40-2204-4E57-AB76-B574C6CFFCF0}
[2012.11.08 11:40:54 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{519CC909-217D-4629-925D-28BDAE42F89D}
[2012.11.07 10:22:21 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{742F2C70-138B-40E9-96CB-B9F99F5C94F0}
[2012.11.06 14:24:41 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{AF300890-1F02-4816-8326-B04AD23AF5A7}
[2012.11.05 21:19:51 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{0343BF73-538B-4084-A9E8-5E49DFA03A24}
[2012.11.05 09:19:29 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{F6FFADC1-DB24-41BD-A24C-BFA06BD4F6C2}
[2012.11.04 11:37:24 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{CFB3CF4D-38EB-4AB4-AC72-8C4D9B1FF81B}
[2012.11.03 23:37:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{EC9D1CFF-407F-4FFA-ACBE-0E8634590C58}
[2012.11.03 09:43:23 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9CF69E3E-F113-4407-B496-227F9645FD61}
[2012.11.02 13:21:47 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{103326DD-19C2-4FCE-B21D-CD0889AA76F4}
[2012.10.31 19:24:26 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{905AB02E-EECD-4696-BFD5-4314616E6B62}
[2012.10.31 07:24:05 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A68CB485-DA37-46BA-B0F6-9F821DCF3BCA}
[2012.10.30 18:11:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{EA491B2B-FBC0-4B4F-A5C4-13009FA0C30F}
[2012.10.29 22:40:23 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{3CC5A4E5-C261-432E-B9F4-7D031947E234}
[2012.10.29 10:40:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9ED5F4FC-DB7C-41F2-BB02-25B7BC8BEDA0}
[2012.10.28 22:39:41 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{6F078ECC-6355-4741-A8AD-0CA4D5B4CC48}
[2012.10.28 10:39:35 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C724B98A-6D08-4996-9429-2B306B08F134}
[2012.10.27 21:23:32 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{69F66856-B145-4173-A636-8A15BC7052C6}
[2012.10.27 09:23:13 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A47A1C98-17C8-4D5E-A26D-B9502166F094}
[2012.10.26 21:22:48 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{3EA5563F-52B9-417D-87B3-6E9FA44E6F66}
[2012.10.26 11:58:52 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\Desktop\Xmas 2012
[2012.10.26 09:22:40 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{1C45F286-CAE4-46F6-842C-4699518246EE}
[2012.10.25 15:06:17 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A8D11CC9-8FF8-4AF9-A0E0-B32DBEB93704}
[2012.10.24 21:39:22 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{5F3170CF-E661-40AD-B654-7E95D5D2B2B3}
[2012.10.24 09:39:15 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{D6750719-E796-40F0-B3A2-A0D0D5F96522}
[2012.10.23 21:38:56 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E155E258-CC90-4A70-B57C-4DB83E3E8A24}
[2012.10.23 09:38:49 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{0AC5E2E9-007D-468D-9B39-13A5807BFC19}
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.21 17:17:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.21 13:39:17 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.21 13:39:17 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.21 13:36:53 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.21 13:36:53 | 000,696,132 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.21 13:36:53 | 000,651,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.21 13:36:53 | 000,147,428 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.21 13:36:53 | 000,120,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.21 13:31:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.21 13:31:29 | 2140,467,199 | -HS- | M] () -- C:\hiberfil.sys
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.30 21:31:01 | 001,588,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.16 10:30:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.06.16 10:30:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.06.16 10:30:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.06.16 10:30:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.06.16 10:30:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.08.23 20:25:53 | 000,074,240 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2011.06.08 15:51:36 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011.06.08 15:51:36 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011.06.08 15:51:36 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011.06.08 15:51:36 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011.06.08 15:51:36 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011.06.08 15:51:36 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011.06.08 15:51:36 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011.06.08 15:51:36 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011.06.08 15:51:36 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011.06.08 15:51:36 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2011.06.08 15:51:36 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011.06.08 15:51:36 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011.06.08 15:51:36 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011.06.08 15:51:36 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011.06.08 15:51:36 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011.06.08 15:51:36 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2011.06.08 15:51:36 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2011.06.08 15:51:36 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011.06.08 15:51:36 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
 
========== LOP Check ==========
 
[2010.08.31 09:00:39 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012.08.21 13:30:22 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Ich biete dann noch Hijackthis:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:24:00, on 04.01.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Spamihilator\spamihilator.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.babyzimmer.de/forum/script/forum1.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Spamihilator.lnk = C:\Program Files (x86)\Spamihilator\spamihilator.exe
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-AT\local\search.html
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix: 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9386 bytes
         
Hab ich was vergessen?

Sind die Biester aktiv - und wie krieg ich sie wieder los?

Danke!
shopgirl

Alt 22.11.2012, 20:04   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb  und noch mehr - Standard

JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Zitat:
hatte Anfang der Woche den TR/Spy.ZBot.dynb drauf und mit Malwarebytes entfernt.
Schön und wo sind die Logs dazu?

Solche Angaben reichen nicht, du hast nur ein MBAM-Log ohne Funde gepostet - bitte poste die vollständigen Angaben/Logs der Virenscanner bz. Malwarebytes siehe http://www.trojaner-board.de/125889-...tml#post941520


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 23.11.2012, 12:11   #3
shopgirl86
 
JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb  und noch mehr - Standard

JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr



Hallo,

hier das "alte" Malwarebytes-Protokoll:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.19.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
HP Berlin :: HPBERLIN-PC [Administrator]

19.11.2012 11:09:50
mbam-log-2012-11-19 (11-09-50).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 250355
Laufzeit: 4 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\HP Berlin\AppData\Roaming\Wyhy\hymo.exe (Trojan.Zbot.SXGen) -> 3436 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{BF7DB920-E954-AD7E-DCEE-1423D01E373E} (Trojan.Zbot.SXGen) -> Daten: "C:\Users\HP Berlin\AppData\Roaming\Wyhy\hymo.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\HP Berlin\AppData\Roaming\Wyhy\hymo.exe (Trojan.Zbot.SXGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\HP Berlin\AppData\Roaming\Yflibi\funyit.exe (Trojan.Zbot.SXGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
ich habe gestern abend alle temporären dateien, gelöschte mails usw. gelöscht/entfernt und danach fanden weder antivir noch Malwarebytes noch irgendwas. könnte trotzdem noch was von den alten viren "laufen"?

danke,
shopgirl
__________________

Alt 23.11.2012, 13:24   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb  und noch mehr - Standard

JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.11.2012, 14:23   #5
shopgirl86
 
JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb  und noch mehr - Standard

JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr



hallo,

danke für die rasche antwort.

avast ist mir leider mehrfach abgestürzt ("appcrash"), obwohl ich avira komplett gekillt und avast als admin ausgeführt habe.

hier das andere protokoll:

Code:
ATTFilter
15:19:47.0636 5456  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:19:47.0823 5456  ============================================================
15:19:47.0823 5456  Current date / time: 2012/11/23 15:19:47.0823
15:19:47.0823 5456  SystemInfo:
15:19:47.0823 5456  
15:19:47.0823 5456  OS Version: 6.1.7600 ServicePack: 0.0
15:19:47.0823 5456  Product type: Workstation
15:19:47.0823 5456  ComputerName: HPBERLIN-PC
15:19:47.0823 5456  UserName: HP Berlin
15:19:47.0823 5456  Windows directory: C:\Windows
15:19:47.0823 5456  System windows directory: C:\Windows
15:19:47.0823 5456  Running under WOW64
15:19:47.0823 5456  Processor architecture: Intel x64
15:19:47.0823 5456  Number of processors: 8
15:19:47.0823 5456  Page size: 0x1000
15:19:47.0823 5456  Boot type: Normal boot
15:19:47.0823 5456  ============================================================
15:19:48.0228 5456  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:19:48.0244 5456  Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:19:48.0244 5456  Drive \Device\Harddisk2\DR2 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:19:48.0260 5456  ============================================================
15:19:48.0260 5456  \Device\Harddisk0\DR0:
15:19:48.0260 5456  MBR partitions:
15:19:48.0260 5456  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:19:48.0260 5456  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x5584C800
15:19:48.0260 5456  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x5587F000, BlocksNum 0x1CC6800
15:19:48.0260 5456  \Device\Harddisk1\DR1:
15:19:48.0260 5456  MBR partitions:
15:19:48.0260 5456  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x575452C2
15:19:48.0260 5456  \Device\Harddisk2\DR2:
15:19:48.0260 5456  MBR partitions:
15:19:48.0260 5456  \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xAEA86702
15:19:48.0260 5456  ============================================================
15:19:48.0275 5456  C: <-> \Device\Harddisk0\DR0\Partition2
15:19:48.0291 5456  E: <-> \Device\Harddisk1\DR1\Partition1
15:19:48.0338 5456  D: <-> \Device\Harddisk0\DR0\Partition3
15:19:48.0338 5456  O: <-> \Device\Harddisk2\DR2\Partition1
15:19:48.0338 5456  ============================================================
15:19:48.0338 5456  Initialize success
15:19:48.0338 5456  ============================================================
15:19:53.0564 0488  ============================================================
15:19:53.0564 0488  Scan started
15:19:53.0564 0488  Mode: Manual; SigCheck; TDLFS; 
15:19:53.0564 0488  ============================================================
15:19:54.0437 0488  ================ Scan system memory ========================
15:19:54.0437 0488  System memory - ok
15:19:54.0437 0488  ================ Scan services =============================
15:19:54.0593 0488  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
15:19:54.0718 0488  1394ohci - ok
15:19:54.0734 0488  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
15:19:54.0749 0488  ACPI - ok
15:19:54.0749 0488  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
15:19:54.0843 0488  AcpiPmi - ok
15:19:54.0983 0488  [ 047BD1EB681453A7FE492A71802AC9F3 ] AdobeActiveFileMonitor10.0 C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
15:19:54.0999 0488  AdobeActiveFileMonitor10.0 - ok
15:19:55.0092 0488  [ 177FF6608B48638D4066726F3A3F8444 ] AdobeActiveFileMonitor5.0 C:\Program Files (x86)\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
15:19:55.0139 0488  AdobeActiveFileMonitor5.0 ( UnsignedFile.Multi.Generic ) - warning
15:19:55.0139 0488  AdobeActiveFileMonitor5.0 - detected UnsignedFile.Multi.Generic (1)
15:19:55.0186 0488  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:19:55.0217 0488  adp94xx - ok
15:19:55.0264 0488  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:19:55.0295 0488  adpahci - ok
15:19:55.0311 0488  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:19:55.0326 0488  adpu320 - ok
15:19:55.0358 0488  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:19:55.0498 0488  AeLookupSvc - ok
15:19:55.0529 0488  [ B9384E03479D2506BC924C16A3DB87BC ] AFD             C:\Windows\system32\drivers\afd.sys
15:19:55.0607 0488  AFD - ok
15:19:55.0654 0488  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
15:19:55.0670 0488  agp440 - ok
15:19:55.0716 0488  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:19:55.0779 0488  ALG - ok
15:19:55.0794 0488  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
15:19:55.0810 0488  aliide - ok
15:19:55.0826 0488  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
15:19:55.0841 0488  amdide - ok
15:19:55.0872 0488  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:19:55.0904 0488  AmdK8 - ok
15:19:55.0935 0488  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:19:55.0966 0488  AmdPPM - ok
15:19:55.0982 0488  [ 7A4B413614C055935567CF88A9734D38 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
15:19:55.0997 0488  amdsata - ok
15:19:56.0044 0488  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:19:56.0075 0488  amdsbs - ok
15:19:56.0106 0488  [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
15:19:56.0122 0488  amdxata - ok
15:19:56.0200 0488  [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:19:56.0231 0488  AntiVirSchedulerService - ok
15:19:56.0262 0488  [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:19:56.0309 0488  AntiVirService - ok
15:19:56.0325 0488  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
15:19:56.0434 0488  AppID - ok
15:19:56.0450 0488  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:19:56.0496 0488  AppIDSvc - ok
15:19:56.0528 0488  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
15:19:56.0590 0488  Appinfo - ok
15:19:56.0668 0488  [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:19:56.0699 0488  Apple Mobile Device - ok
15:19:56.0762 0488  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:19:56.0777 0488  arc - ok
15:19:56.0808 0488  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:19:56.0808 0488  arcsas - ok
15:19:56.0918 0488  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:19:56.0964 0488  aspnet_state - ok
15:19:56.0996 0488  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:19:57.0089 0488  AsyncMac - ok
15:19:57.0120 0488  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
15:19:57.0136 0488  atapi - ok
15:19:57.0167 0488  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:19:57.0214 0488  AudioEndpointBuilder - ok
15:19:57.0230 0488  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:19:57.0261 0488  AudioSrv - ok
15:19:57.0323 0488  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
15:19:57.0386 0488  avgntflt - ok
15:19:57.0417 0488  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
15:19:57.0448 0488  avipbb - ok
15:19:57.0479 0488  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
15:19:57.0495 0488  avkmgr - ok
15:19:57.0510 0488  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:19:57.0604 0488  AxInstSV - ok
15:19:57.0620 0488  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
15:19:57.0698 0488  b06bdrv - ok
15:19:57.0713 0488  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:19:57.0760 0488  b57nd60a - ok
15:19:57.0822 0488  [ E49110A58A32E9450356686A95DD7763 ] BCMH43XX        C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
15:19:57.0869 0488  BCMH43XX - ok
15:19:57.0885 0488  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:19:57.0947 0488  BDESVC - ok
15:19:57.0963 0488  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:19:58.0025 0488  Beep - ok
15:19:58.0056 0488  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
15:19:58.0103 0488  BFE - ok
15:19:58.0212 0488  [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen        C:\Windows\SysWOW64\bgsvcgen.exe
15:19:58.0244 0488  bgsvcgen - ok
15:19:58.0290 0488  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\system32\qmgr.dll
15:19:58.0368 0488  BITS - ok
15:19:58.0400 0488  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:19:58.0431 0488  blbdrive - ok
15:19:58.0509 0488  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:19:58.0540 0488  Bonjour Service - ok
15:19:58.0571 0488  [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:19:58.0618 0488  bowser - ok
15:19:58.0649 0488  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:19:58.0696 0488  BrFiltLo - ok
15:19:58.0712 0488  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:19:58.0743 0488  BrFiltUp - ok
15:19:58.0758 0488  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
15:19:58.0852 0488  BridgeMP - ok
15:19:58.0899 0488  [ 94FBC06F294D58D02361918418F996E3 ] Browser         C:\Windows\System32\browser.dll
15:19:58.0930 0488  Browser - ok
15:19:58.0946 0488  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:19:58.0977 0488  Brserid - ok
15:19:58.0992 0488  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:19:59.0024 0488  BrSerWdm - ok
15:19:59.0039 0488  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:19:59.0055 0488  BrUsbMdm - ok
15:19:59.0086 0488  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:19:59.0133 0488  BrUsbSer - ok
15:19:59.0148 0488  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:19:59.0211 0488  BTHMODEM - ok
15:19:59.0242 0488  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:19:59.0320 0488  bthserv - ok
15:19:59.0382 0488  catchme - ok
15:19:59.0445 0488  [ 5753532C476B83119D85AA43B1B10AB3 ] CCALib8         C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
15:19:59.0507 0488  CCALib8 ( UnsignedFile.Multi.Generic ) - warning
15:19:59.0507 0488  CCALib8 - detected UnsignedFile.Multi.Generic (1)
15:19:59.0538 0488  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:19:59.0585 0488  cdfs - ok
15:19:59.0601 0488  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:19:59.0632 0488  cdrom - ok
15:19:59.0679 0488  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:19:59.0741 0488  CertPropSvc - ok
15:19:59.0757 0488  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:19:59.0788 0488  circlass - ok
15:19:59.0819 0488  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:19:59.0850 0488  CLFS - ok
15:19:59.0897 0488  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:19:59.0928 0488  clr_optimization_v2.0.50727_32 - ok
15:19:59.0960 0488  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:19:59.0991 0488  clr_optimization_v2.0.50727_64 - ok
15:20:00.0053 0488  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:20:00.0084 0488  clr_optimization_v4.0.30319_32 - ok
15:20:00.0131 0488  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:20:00.0178 0488  clr_optimization_v4.0.30319_64 - ok
15:20:00.0194 0488  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:20:00.0225 0488  CmBatt - ok
15:20:00.0256 0488  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
15:20:00.0272 0488  cmdide - ok
15:20:00.0287 0488  [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG             C:\Windows\system32\Drivers\cng.sys
15:20:00.0318 0488  CNG - ok
15:20:00.0350 0488  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:20:00.0365 0488  Compbatt - ok
15:20:00.0381 0488  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
15:20:00.0412 0488  CompositeBus - ok
15:20:00.0428 0488  COMSysApp - ok
15:20:00.0443 0488  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:20:00.0459 0488  crcdisk - ok
15:20:00.0490 0488  [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:20:00.0537 0488  CryptSvc - ok
15:20:00.0584 0488  [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA64.sys
15:20:00.0599 0488  CVirtA - ok
15:20:00.0677 0488  [ 66257CB4E4FB69887CDDC71663741435 ] CVPND           C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
15:20:00.0708 0488  CVPND - ok
15:20:00.0771 0488  [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
15:20:00.0771 0488  CVPNDRVA - ok
15:20:00.0833 0488  [ 23D4B856725F5FC3C4F410C150AB107B ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
15:20:00.0849 0488  dc3d - ok
15:20:00.0896 0488  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:20:00.0942 0488  DcomLaunch - ok
15:20:00.0974 0488  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:20:01.0020 0488  defragsvc - ok
15:20:01.0036 0488  [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:20:01.0083 0488  DfsC - ok
15:20:01.0114 0488  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:20:01.0208 0488  Dhcp - ok
15:20:01.0239 0488  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:20:01.0286 0488  discache - ok
15:20:01.0317 0488  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:20:01.0348 0488  Disk - ok
15:20:01.0395 0488  [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE             C:\Windows\system32\DRIVERS\dne64x.sys
15:20:01.0410 0488  DNE - ok
15:20:01.0426 0488  [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:20:01.0488 0488  Dnscache - ok
15:20:01.0520 0488  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
15:20:01.0535 0488  dot3svc - ok
15:20:01.0551 0488  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
15:20:01.0566 0488  DPS - ok
15:20:01.0613 0488  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:20:01.0629 0488  drmkaud - ok
15:20:01.0644 0488  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:20:01.0676 0488  DXGKrnl - ok
15:20:01.0691 0488  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:20:01.0722 0488  EapHost - ok
15:20:01.0800 0488  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
15:20:01.0910 0488  ebdrv - ok
15:20:01.0941 0488  [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS             C:\Windows\System32\lsass.exe
15:20:01.0988 0488  EFS - ok
15:20:02.0066 0488  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:20:02.0144 0488  ehRecvr - ok
15:20:02.0175 0488  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:20:02.0253 0488  ehSched - ok
15:20:02.0284 0488  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:20:02.0315 0488  elxstor - ok
15:20:02.0315 0488  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
15:20:02.0346 0488  ErrDev - ok
15:20:02.0378 0488  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:20:02.0409 0488  EventSystem - ok
15:20:02.0440 0488  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:20:02.0487 0488  exfat - ok
15:20:02.0534 0488  ezSharedSvc - ok
15:20:02.0534 0488  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:20:02.0580 0488  fastfat - ok
15:20:02.0643 0488  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
15:20:02.0705 0488  Fax - ok
15:20:02.0721 0488  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:20:02.0768 0488  fdc - ok
15:20:02.0799 0488  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:20:02.0877 0488  fdPHost - ok
15:20:02.0892 0488  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:20:02.0924 0488  FDResPub - ok
15:20:02.0924 0488  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:20:02.0939 0488  FileInfo - ok
15:20:02.0955 0488  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:20:03.0002 0488  Filetrace - ok
15:20:03.0017 0488  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:20:03.0033 0488  flpydisk - ok
15:20:03.0048 0488  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:20:03.0064 0488  FltMgr - ok
15:20:03.0080 0488  [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache       C:\Windows\system32\FntCache.dll
15:20:03.0158 0488  FontCache - ok
15:20:03.0204 0488  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:20:03.0236 0488  FontCache3.0.0.0 - ok
15:20:03.0251 0488  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:20:03.0282 0488  FsDepends - ok
15:20:03.0314 0488  [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
15:20:03.0329 0488  fssfltr - ok
15:20:03.0392 0488  [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:20:03.0454 0488  fsssvc - ok
15:20:03.0470 0488  [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:20:03.0485 0488  Fs_Rec - ok
15:20:03.0532 0488  [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:20:03.0579 0488  fvevol - ok
15:20:03.0594 0488  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:20:03.0610 0488  gagp30kx - ok
15:20:03.0657 0488  [ E53EE18A21C025DEABCFE0F72FC481BB ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
15:20:03.0672 0488  GameConsoleService - ok
15:20:03.0704 0488  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:20:03.0719 0488  GEARAspiWDM - ok
15:20:03.0766 0488  [ 9599A713E1776B8F69300FC9008F33C1 ] getPlusHelper   C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll
15:20:03.0828 0488  getPlusHelper - ok
15:20:03.0844 0488  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
15:20:03.0891 0488  gpsvc - ok
15:20:03.0938 0488  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:20:03.0969 0488  gupdate - ok
15:20:03.0984 0488  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:20:04.0000 0488  gupdatem - ok
15:20:04.0031 0488  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:20:04.0094 0488  hcw85cir - ok
15:20:04.0094 0488  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:20:04.0140 0488  HDAudBus - ok
15:20:04.0140 0488  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:20:04.0172 0488  HidBatt - ok
15:20:04.0172 0488  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:20:04.0203 0488  HidBth - ok
15:20:04.0218 0488  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:20:04.0250 0488  HidIr - ok
15:20:04.0281 0488  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
15:20:04.0343 0488  hidserv - ok
15:20:04.0359 0488  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:20:04.0406 0488  HidUsb - ok
15:20:04.0421 0488  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:20:04.0468 0488  hkmsvc - ok
15:20:04.0499 0488  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:20:04.0530 0488  HomeGroupListener - ok
15:20:04.0562 0488  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:20:04.0577 0488  HomeGroupProvider - ok
15:20:04.0624 0488  [ 0141816A095A3F5A83FFA5B4A47B8023 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
15:20:04.0655 0488  HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
15:20:04.0655 0488  HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
15:20:04.0686 0488  [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
15:20:04.0718 0488  hpqwmiex - ok
15:20:04.0733 0488  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
15:20:04.0749 0488  HpSAMD - ok
15:20:04.0780 0488  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:20:04.0827 0488  HTTP - ok
15:20:04.0827 0488  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:20:04.0842 0488  hwpolicy - ok
15:20:04.0858 0488  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:20:04.0874 0488  i8042prt - ok
15:20:04.0936 0488  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:20:04.0967 0488  IAANTMON - ok
15:20:04.0998 0488  [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
15:20:05.0030 0488  iaStor - ok
15:20:05.0045 0488  [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
15:20:05.0092 0488  iaStorV - ok
15:20:05.0139 0488  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:20:05.0201 0488  idsvc - ok
15:20:05.0217 0488  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:20:05.0232 0488  iirsp - ok
15:20:05.0264 0488  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
15:20:05.0326 0488  IKEEXT - ok
15:20:05.0404 0488  [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:20:05.0451 0488  IntcAzAudAddService - ok
15:20:05.0466 0488  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
15:20:05.0482 0488  intelide - ok
15:20:05.0513 0488  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:20:05.0544 0488  intelppm - ok
15:20:05.0560 0488  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:20:05.0607 0488  IPBusEnum - ok
15:20:05.0638 0488  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:20:05.0654 0488  IpFilterDriver - ok
15:20:05.0685 0488  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:20:05.0732 0488  iphlpsvc - ok
15:20:05.0763 0488  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:20:05.0794 0488  IPMIDRV - ok
15:20:05.0825 0488  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:20:05.0856 0488  IPNAT - ok
15:20:05.0919 0488  [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:20:05.0966 0488  iPod Service - ok
15:20:05.0966 0488  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:20:05.0981 0488  IRENUM - ok
15:20:05.0997 0488  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
15:20:05.0997 0488  isapnp - ok
15:20:06.0028 0488  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
15:20:06.0044 0488  iScsiPrt - ok
15:20:06.0059 0488  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:20:06.0075 0488  kbdclass - ok
15:20:06.0090 0488  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:20:06.0106 0488  kbdhid - ok
15:20:06.0137 0488  [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso          C:\Windows\system32\lsass.exe
15:20:06.0168 0488  KeyIso - ok
15:20:06.0184 0488  [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:20:06.0200 0488  KSecDD - ok
15:20:06.0215 0488  [ A8C63880EF6F4D3FEC7B616B9C060215 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:20:06.0231 0488  KSecPkg - ok
15:20:06.0231 0488  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:20:06.0278 0488  ksthunk - ok
15:20:06.0309 0488  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:20:06.0387 0488  KtmRm - ok
15:20:06.0418 0488  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\System32\srvsvc.dll
15:20:06.0465 0488  LanmanServer - ok
15:20:06.0496 0488  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:20:06.0543 0488  LanmanWorkstation - ok
15:20:06.0590 0488  [ 108333981C841EB0FF198AA5DFCF3D3B ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:20:06.0636 0488  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
15:20:06.0636 0488  LightScribeService - detected UnsignedFile.Multi.Generic (1)
15:20:06.0668 0488  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:20:06.0730 0488  lltdio - ok
15:20:06.0746 0488  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:20:06.0808 0488  lltdsvc - ok
15:20:06.0824 0488  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:20:06.0855 0488  lmhosts - ok
15:20:06.0870 0488  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:20:06.0886 0488  LSI_FC - ok
15:20:06.0886 0488  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:20:06.0902 0488  LSI_SAS - ok
15:20:06.0902 0488  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:20:06.0917 0488  LSI_SAS2 - ok
15:20:06.0933 0488  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:20:06.0948 0488  LSI_SCSI - ok
15:20:06.0964 0488  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:20:07.0011 0488  luafv - ok
15:20:07.0042 0488  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:20:07.0073 0488  Mcx2Svc - ok
15:20:07.0104 0488  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:20:07.0120 0488  megasas - ok
15:20:07.0136 0488  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:20:07.0151 0488  MegaSR - ok
15:20:07.0214 0488  Microsoft SharePoint Workspace Audit Service - ok
15:20:07.0229 0488  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:20:07.0323 0488  MMCSS - ok
15:20:07.0338 0488  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:20:07.0385 0488  Modem - ok
15:20:07.0401 0488  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:20:07.0432 0488  monitor - ok
15:20:07.0463 0488  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:20:07.0479 0488  mouclass - ok
15:20:07.0479 0488  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:20:07.0510 0488  mouhid - ok
15:20:07.0541 0488  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:20:07.0557 0488  mountmgr - ok
15:20:07.0572 0488  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
15:20:07.0588 0488  mpio - ok
15:20:07.0604 0488  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:20:07.0650 0488  mpsdrv - ok
15:20:07.0666 0488  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:20:07.0713 0488  MpsSvc - ok
15:20:07.0728 0488  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:20:07.0760 0488  MRxDAV - ok
15:20:07.0775 0488  [ 767A4C3BCF9410C286CED15A2DB17108 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:20:07.0838 0488  mrxsmb - ok
15:20:07.0853 0488  [ 920EE0FF995FCFDEB08C41605A959E1C ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:20:07.0884 0488  mrxsmb10 - ok
15:20:07.0884 0488  [ 740D7EA9D72C981510A5292CF6ADC941 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:20:07.0900 0488  mrxsmb20 - ok
15:20:07.0916 0488  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
15:20:07.0931 0488  msahci - ok
15:20:07.0947 0488  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
15:20:07.0962 0488  msdsm - ok
15:20:07.0978 0488  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:20:07.0978 0488  MSDTC - ok
15:20:07.0994 0488  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:20:08.0025 0488  Msfs - ok
15:20:08.0040 0488  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:20:08.0072 0488  mshidkmdf - ok
15:20:08.0103 0488  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
15:20:08.0118 0488  msisadrv - ok
15:20:08.0150 0488  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:20:08.0181 0488  MSiSCSI - ok
15:20:08.0181 0488  msiserver - ok
15:20:08.0196 0488  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:20:08.0228 0488  MSKSSRV - ok
15:20:08.0243 0488  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:20:08.0290 0488  MSPCLOCK - ok
15:20:08.0306 0488  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:20:08.0337 0488  MSPQM - ok
15:20:08.0368 0488  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:20:08.0384 0488  MsRPC - ok
15:20:08.0384 0488  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:20:08.0399 0488  mssmbios - ok
15:20:08.0399 0488  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:20:08.0446 0488  MSTEE - ok
15:20:08.0462 0488  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:20:08.0508 0488  MTConfig - ok
15:20:08.0540 0488  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:20:08.0540 0488  Mup - ok
15:20:08.0586 0488  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
15:20:08.0633 0488  napagent - ok
15:20:08.0664 0488  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:20:08.0696 0488  NativeWifiP - ok
15:20:08.0742 0488  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:20:08.0758 0488  NDIS - ok
15:20:08.0774 0488  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:20:08.0805 0488  NdisCap - ok
15:20:08.0820 0488  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:20:08.0852 0488  NdisTapi - ok
15:20:08.0852 0488  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:20:08.0914 0488  Ndisuio - ok
15:20:08.0945 0488  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:20:08.0976 0488  NdisWan - ok
15:20:08.0992 0488  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:20:09.0054 0488  NDProxy - ok
15:20:09.0086 0488  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:20:09.0117 0488  NetBIOS - ok
15:20:09.0117 0488  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:20:09.0164 0488  NetBT - ok
15:20:09.0179 0488  [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon        C:\Windows\system32\lsass.exe
15:20:09.0179 0488  Netlogon - ok
15:20:09.0210 0488  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:20:09.0242 0488  Netman - ok
15:20:09.0273 0488  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:20:09.0288 0488  NetMsmqActivator - ok
15:20:09.0304 0488  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:20:09.0304 0488  NetPipeActivator - ok
15:20:09.0335 0488  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:20:09.0382 0488  netprofm - ok
15:20:09.0398 0488  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:20:09.0398 0488  NetTcpActivator - ok
15:20:09.0398 0488  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:20:09.0413 0488  NetTcpPortSharing - ok
15:20:09.0444 0488  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:20:09.0460 0488  nfrd960 - ok
15:20:09.0507 0488  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:20:09.0569 0488  NlaSvc - ok
15:20:09.0585 0488  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:20:09.0600 0488  Npfs - ok
15:20:09.0616 0488  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:20:09.0647 0488  nsi - ok
15:20:09.0663 0488  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:20:09.0725 0488  nsiproxy - ok
15:20:09.0756 0488  [ 356698A13C4630D5B31C37378D469196 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:20:09.0803 0488  Ntfs - ok
15:20:09.0803 0488  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:20:09.0850 0488  Null - ok
15:20:10.0068 0488  [ F0FBFE1E29FF233B0E000054C1FB968A ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:20:10.0178 0488  nvlddmkm - ok
15:20:10.0209 0488  [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
15:20:10.0224 0488  nvraid - ok
15:20:10.0256 0488  [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
15:20:10.0271 0488  nvstor - ok
15:20:10.0302 0488  [ 4E70B5247914426722621180B8764514 ] nvsvc           C:\Windows\system32\nvvsvc.exe
15:20:10.0318 0488  nvsvc - ok
15:20:10.0349 0488  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
15:20:10.0365 0488  nv_agp - ok
15:20:10.0365 0488  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
15:20:10.0396 0488  ohci1394 - ok
15:20:10.0458 0488  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:20:10.0474 0488  ose - ok
15:20:10.0614 0488  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:20:10.0708 0488  osppsvc - ok
15:20:10.0724 0488  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:20:10.0786 0488  p2pimsvc - ok
15:20:10.0802 0488  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:20:10.0817 0488  p2psvc - ok
15:20:10.0848 0488  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:20:10.0848 0488  Parport - ok
15:20:10.0864 0488  [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:20:10.0880 0488  partmgr - ok
15:20:10.0895 0488  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:20:10.0926 0488  PcaSvc - ok
15:20:10.0958 0488  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
15:20:10.0973 0488  pci - ok
15:20:10.0989 0488  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
15:20:10.0989 0488  pciide - ok
15:20:11.0004 0488  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:20:11.0020 0488  pcmcia - ok
15:20:11.0036 0488  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:20:11.0036 0488  pcw - ok
15:20:11.0067 0488  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:20:11.0129 0488  PEAUTH - ok
15:20:11.0207 0488  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:20:11.0238 0488  PerfHost - ok
15:20:11.0301 0488  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
15:20:11.0394 0488  pla - ok
15:20:11.0457 0488  [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:20:11.0504 0488  PlugPlay - ok
15:20:11.0519 0488  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:20:11.0535 0488  PNRPAutoReg - ok
15:20:11.0550 0488  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:20:11.0566 0488  PNRPsvc - ok
15:20:11.0597 0488  [ B23F79E41E30ED500586151A9EF27D8F ] Point64         C:\Windows\system32\DRIVERS\point64.sys
15:20:11.0597 0488  Point64 - ok
15:20:11.0628 0488  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:20:11.0691 0488  PolicyAgent - ok
15:20:11.0722 0488  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:20:11.0753 0488  Power - ok
15:20:11.0784 0488  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:20:11.0831 0488  PptpMiniport - ok
15:20:11.0847 0488  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:20:11.0878 0488  Processor - ok
15:20:11.0909 0488  [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc         C:\Windows\system32\profsvc.dll
15:20:11.0972 0488  ProfSvc - ok
15:20:12.0003 0488  [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
15:20:12.0003 0488  ProtectedStorage - ok
15:20:12.0018 0488  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:20:12.0050 0488  Psched - ok
15:20:12.0081 0488  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
15:20:12.0096 0488  PxHlpa64 - ok
15:20:12.0143 0488  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:20:12.0206 0488  ql2300 - ok
15:20:12.0221 0488  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:20:12.0221 0488  ql40xx - ok
15:20:12.0252 0488  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:20:12.0268 0488  QWAVE - ok
15:20:12.0284 0488  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:20:12.0284 0488  QWAVEdrv - ok
15:20:12.0315 0488  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:20:12.0330 0488  RasAcd - ok
15:20:12.0362 0488  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:20:12.0393 0488  RasAgileVpn - ok
15:20:12.0393 0488  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:20:12.0455 0488  RasAuto - ok
15:20:12.0486 0488  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:20:12.0549 0488  Rasl2tp - ok
15:20:12.0564 0488  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
15:20:12.0611 0488  RasMan - ok
15:20:12.0642 0488  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:20:12.0689 0488  RasPppoe - ok
15:20:12.0705 0488  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:20:12.0736 0488  RasSstp - ok
15:20:12.0767 0488  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:20:12.0845 0488  rdbss - ok
15:20:12.0876 0488  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:20:12.0876 0488  rdpbus - ok
15:20:12.0892 0488  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:20:12.0923 0488  RDPCDD - ok
15:20:12.0923 0488  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:20:12.0970 0488  RDPENCDD - ok
15:20:12.0986 0488  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:20:13.0017 0488  RDPREFMP - ok
15:20:13.0017 0488  [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:20:13.0079 0488  RDPWD - ok
15:20:13.0095 0488  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:20:13.0110 0488  rdyboost - ok
15:20:13.0126 0488  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:20:13.0157 0488  RemoteAccess - ok
15:20:13.0188 0488  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:20:13.0235 0488  RemoteRegistry - ok
15:20:13.0251 0488  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:20:13.0282 0488  RpcEptMapper - ok
15:20:13.0298 0488  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:20:13.0329 0488  RpcLocator - ok
15:20:13.0360 0488  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
15:20:13.0407 0488  RpcSs - ok
15:20:13.0422 0488  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:20:13.0469 0488  rspndr - ok
15:20:13.0516 0488  [ 91296F0B2653281B2F11E0FCE56AA427 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:20:13.0532 0488  RTL8167 - ok
15:20:13.0547 0488  [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs           C:\Windows\system32\lsass.exe
15:20:13.0563 0488  SamSs - ok
15:20:13.0578 0488  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
15:20:13.0594 0488  sbp2port - ok
15:20:13.0625 0488  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:20:13.0656 0488  SCardSvr - ok
15:20:13.0672 0488  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:20:13.0734 0488  scfilter - ok
15:20:13.0766 0488  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
15:20:13.0812 0488  Schedule - ok
15:20:13.0875 0488  [ 6011CDF54BB6F4C69F38FACCDAD73D7E ] SCMNdisP        C:\Windows\system32\DRIVERS\scmndisp.sys
15:20:13.0890 0488  SCMNdisP - ok
15:20:13.0937 0488  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:20:13.0968 0488  SCPolicySvc - ok
15:20:13.0984 0488  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:20:14.0046 0488  SDRSVC - ok
15:20:14.0062 0488  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:20:14.0109 0488  secdrv - ok
15:20:14.0109 0488  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
15:20:14.0140 0488  seclogon - ok
15:20:14.0171 0488  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
15:20:14.0234 0488  SENS - ok
15:20:14.0265 0488  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:20:14.0312 0488  SensrSvc - ok
15:20:14.0327 0488  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:20:14.0343 0488  Serenum - ok
15:20:14.0358 0488  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:20:14.0405 0488  Serial - ok
15:20:14.0421 0488  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:20:14.0468 0488  sermouse - ok
15:20:14.0483 0488  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
15:20:14.0546 0488  SessionEnv - ok
15:20:14.0561 0488  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
15:20:14.0608 0488  sffdisk - ok
15:20:14.0624 0488  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:20:14.0655 0488  sffp_mmc - ok
15:20:14.0670 0488  [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
15:20:14.0702 0488  sffp_sd - ok
15:20:14.0733 0488  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:20:14.0764 0488  sfloppy - ok
15:20:14.0811 0488  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:20:14.0858 0488  SharedAccess - ok
15:20:14.0873 0488  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:20:14.0904 0488  ShellHWDetection - ok
15:20:14.0936 0488  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:20:14.0951 0488  SiSRaid2 - ok
15:20:14.0982 0488  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:20:14.0998 0488  SiSRaid4 - ok
15:20:15.0014 0488  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:20:15.0060 0488  Smb - ok
15:20:15.0092 0488  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:20:15.0138 0488  SNMPTRAP - ok
15:20:15.0154 0488  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:20:15.0170 0488  spldr - ok
15:20:15.0185 0488  [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler         C:\Windows\System32\spoolsv.exe
15:20:15.0248 0488  Spooler - ok
15:20:15.0310 0488  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
15:20:15.0419 0488  sppsvc - ok
15:20:15.0435 0488  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:20:15.0482 0488  sppuinotify - ok
15:20:15.0497 0488  [ DE6F5658DA951C4BC8E498570B5B0D5F ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:20:15.0528 0488  srv - ok
15:20:15.0575 0488  [ 4D33D59C0B930C523D29F9BD40CDA9D2 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:20:15.0606 0488  srv2 - ok
15:20:15.0638 0488  [ 5A663FD67049267BC5C3F3279E631FFB ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:20:15.0653 0488  srvnet - ok
15:20:15.0669 0488  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:20:15.0716 0488  SSDPSRV - ok
15:20:15.0731 0488  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:20:15.0762 0488  SstpSvc - ok
15:20:15.0778 0488  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:20:15.0778 0488  stexstor - ok
15:20:15.0794 0488  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
15:20:15.0809 0488  stisvc - ok
15:20:15.0825 0488  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:20:15.0825 0488  swenum - ok
15:20:15.0840 0488  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:20:15.0872 0488  swprv - ok
15:20:15.0918 0488  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
15:20:15.0981 0488  SysMain - ok
15:20:15.0996 0488  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:20:16.0012 0488  TabletInputService - ok
15:20:16.0043 0488  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:20:16.0090 0488  TapiSrv - ok
15:20:16.0090 0488  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:20:16.0137 0488  TBS - ok
15:20:16.0184 0488  [ 90A2D722CF64D911879D6C4A4F802A4D ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:20:16.0230 0488  Tcpip - ok
15:20:16.0277 0488  [ 90A2D722CF64D911879D6C4A4F802A4D ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:20:16.0324 0488  TCPIP6 - ok
15:20:16.0340 0488  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:20:16.0371 0488  tcpipreg - ok
15:20:16.0386 0488  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:20:16.0433 0488  TDPIPE - ok
15:20:16.0449 0488  [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:20:16.0464 0488  TDTCP - ok
15:20:16.0480 0488  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:20:16.0511 0488  tdx - ok
15:20:16.0605 0488  [ 5624ACD0B7900BEABBD329443A4F4454 ] TeamViewer5     C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
15:20:16.0636 0488  TeamViewer5 - ok
15:20:16.0667 0488  [ F5520DBB47C60EE83024B38720ABDA24 ] teamviewervpn   C:\Windows\system32\DRIVERS\teamviewervpn.sys
15:20:16.0667 0488  teamviewervpn - ok
15:20:16.0683 0488  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:20:16.0698 0488  TermDD - ok
15:20:16.0730 0488  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
15:20:16.0792 0488  TermService - ok
15:20:16.0823 0488  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:20:16.0839 0488  Themes - ok
15:20:16.0870 0488  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:20:16.0917 0488  THREADORDER - ok
15:20:16.0932 0488  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:20:16.0964 0488  TrkWks - ok
15:20:17.0026 0488  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:20:17.0057 0488  TrustedInstaller - ok
15:20:17.0088 0488  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:20:17.0151 0488  tssecsrv - ok
15:20:17.0166 0488  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:20:17.0213 0488  tunnel - ok
15:20:17.0244 0488  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:20:17.0260 0488  uagp35 - ok
15:20:17.0276 0488  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:20:17.0307 0488  udfs - ok
15:20:17.0322 0488  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:20:17.0338 0488  UI0Detect - ok
15:20:17.0354 0488  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
15:20:17.0354 0488  uliagpkx - ok
15:20:17.0369 0488  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:20:17.0385 0488  umbus - ok
15:20:17.0416 0488  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:20:17.0432 0488  UmPass - ok
15:20:17.0447 0488  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:20:17.0463 0488  upnphost - ok
15:20:17.0494 0488  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
15:20:17.0510 0488  USBAAPL64 - ok
15:20:17.0541 0488  [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:20:17.0556 0488  usbaudio - ok
15:20:17.0588 0488  [ B26AFB54A534D634523C4FB66765B026 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:20:17.0619 0488  usbccgp - ok
15:20:17.0634 0488  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
15:20:17.0681 0488  usbcir - ok
15:20:17.0697 0488  [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:20:17.0728 0488  usbehci - ok
15:20:17.0759 0488  [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:20:17.0806 0488  usbhub - ok
15:20:17.0822 0488  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
15:20:17.0853 0488  usbohci - ok
15:20:17.0868 0488  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:20:17.0900 0488  usbprint - ok
15:20:17.0931 0488  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:20:17.0946 0488  usbscan - ok
15:20:17.0962 0488  [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:20:17.0993 0488  USBSTOR - ok
15:20:18.0009 0488  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
15:20:18.0024 0488  usbuhci - ok
15:20:18.0040 0488  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:20:18.0087 0488  UxSms - ok
15:20:18.0102 0488  [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc        C:\Windows\system32\lsass.exe
15:20:18.0102 0488  VaultSvc - ok
15:20:18.0134 0488  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
15:20:18.0134 0488  vdrvroot - ok
15:20:18.0165 0488  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
15:20:18.0212 0488  vds - ok
15:20:18.0243 0488  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:20:18.0258 0488  vga - ok
15:20:18.0274 0488  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:20:18.0321 0488  VgaSave - ok
15:20:18.0352 0488  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
15:20:18.0352 0488  vhdmp - ok
15:20:18.0368 0488  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
15:20:18.0368 0488  viaide - ok
15:20:18.0383 0488  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
15:20:18.0399 0488  volmgr - ok
15:20:18.0414 0488  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:20:18.0430 0488  volmgrx - ok
15:20:18.0446 0488  [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
15:20:18.0461 0488  volsnap - ok
15:20:18.0477 0488  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:20:18.0492 0488  vsmraid - ok
15:20:18.0539 0488  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
15:20:18.0617 0488  VSS - ok
15:20:18.0633 0488  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:20:18.0648 0488  vwifibus - ok
15:20:18.0695 0488  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:20:18.0711 0488  vwififlt - ok
15:20:18.0742 0488  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
15:20:18.0758 0488  vwifimp - ok
15:20:18.0773 0488  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:20:18.0804 0488  W32Time - ok
15:20:18.0820 0488  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:20:18.0851 0488  WacomPen - ok
15:20:18.0882 0488  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:20:18.0960 0488  WANARP - ok
15:20:18.0960 0488  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:20:18.0976 0488  Wanarpv6 - ok
15:20:19.0023 0488  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
15:20:19.0101 0488  wbengine - ok
15:20:19.0116 0488  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:20:19.0148 0488  WbioSrvc - ok
15:20:19.0163 0488  [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:20:19.0194 0488  wcncsvc - ok
15:20:19.0194 0488  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:20:19.0226 0488  WcsPlugInService - ok
15:20:19.0241 0488  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:20:19.0257 0488  Wd - ok
15:20:19.0288 0488  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:20:19.0304 0488  Wdf01000 - ok
15:20:19.0319 0488  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:20:19.0350 0488  WdiServiceHost - ok
15:20:19.0366 0488  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:20:19.0397 0488  WdiSystemHost - ok
15:20:19.0413 0488  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient       C:\Windows\System32\webclnt.dll
15:20:19.0460 0488  WebClient - ok
15:20:19.0475 0488  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:20:19.0506 0488  Wecsvc - ok
15:20:19.0522 0488  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:20:19.0584 0488  wercplsupport - ok
15:20:19.0600 0488  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:20:19.0647 0488  WerSvc - ok
15:20:19.0662 0488  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:20:19.0678 0488  WfpLwf - ok
15:20:19.0694 0488  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:20:19.0694 0488  WIMMount - ok
15:20:19.0709 0488  WinDefend - ok
15:20:19.0709 0488  WinHttpAutoProxySvc - ok
15:20:19.0756 0488  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:20:19.0772 0488  Winmgmt - ok
15:20:19.0818 0488  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:20:19.0912 0488  WinRM - ok
15:20:19.0959 0488  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:20:19.0990 0488  WinUsb - ok
15:20:20.0052 0488  [ 0F695800783C3F9E577B94BF1E71D95A ] WLANBelkinService C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe
15:20:20.0068 0488  WLANBelkinService ( UnsignedFile.Multi.Generic ) - warning
15:20:20.0068 0488  WLANBelkinService - detected UnsignedFile.Multi.Generic (1)
15:20:20.0084 0488  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:20:20.0146 0488  Wlansvc - ok
15:20:20.0255 0488  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:20:20.0318 0488  wlidsvc - ok
15:20:20.0333 0488  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
15:20:20.0364 0488  WmiAcpi - ok
15:20:20.0380 0488  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:20:20.0427 0488  wmiApSrv - ok
15:20:20.0427 0488  WMPNetworkSvc - ok
15:20:20.0458 0488  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:20:20.0489 0488  WPCSvc - ok
15:20:20.0520 0488  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:20:20.0536 0488  WPDBusEnum - ok
15:20:20.0567 0488  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:20:20.0614 0488  ws2ifsl - ok
15:20:20.0630 0488  [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc          C:\Windows\system32\wscsvc.dll
15:20:20.0676 0488  wscsvc - ok
15:20:20.0676 0488  WSearch - ok
15:20:20.0723 0488  [ 76FBEFAB6677AF9C498116F1AAEA8BDB ] WSWNA3100       C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
15:20:20.0770 0488  WSWNA3100 ( UnsignedFile.Multi.Generic ) - warning
15:20:20.0770 0488  WSWNA3100 - detected UnsignedFile.Multi.Generic (1)
15:20:20.0832 0488  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:20:20.0910 0488  wuauserv - ok
15:20:20.0926 0488  [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:20:20.0957 0488  WudfPf - ok
15:20:20.0988 0488  [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:20:21.0051 0488  WUDFRd - ok
15:20:21.0066 0488  [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:20:21.0144 0488  wudfsvc - ok
15:20:21.0160 0488  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:20:21.0207 0488  WwanSvc - ok
15:20:21.0300 0488  [ 74983ADDCA2D9618512C088D856D6615 ] {55662437-DA8C-40c0-AADA-2C816A897A49} c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
15:20:21.0300 0488  {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
15:20:21.0332 0488  ================ Scan global ===============================
15:20:21.0347 0488  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:20:21.0363 0488  [ B200DECA2186858595A97FBE63E896CC ] C:\Windows\system32\winsrv.dll
15:20:21.0363 0488  [ B200DECA2186858595A97FBE63E896CC ] C:\Windows\system32\winsrv.dll
15:20:21.0394 0488  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:20:21.0410 0488  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:20:21.0425 0488  [Global] - ok
15:20:21.0425 0488  ================ Scan MBR ==================================
15:20:21.0425 0488  [ 353F71FFD05627A1E79698548889C581 ] \Device\Harddisk0\DR0
15:20:21.0628 0488  \Device\Harddisk0\DR0 - ok
15:20:21.0628 0488  [ 4606A12AED5E4CE105136C6C9C8EA568 ] \Device\Harddisk1\DR1
15:20:21.0706 0488  \Device\Harddisk1\DR1 - ok
15:20:21.0722 0488  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
15:20:22.0689 0488  \Device\Harddisk2\DR2 - ok
15:20:22.0689 0488  ================ Scan VBR ==================================
15:20:22.0704 0488  [ CD4044DC58EE61929C177AF7FA813318 ] \Device\Harddisk0\DR0\Partition1
15:20:22.0704 0488  \Device\Harddisk0\DR0\Partition1 - ok
15:20:22.0720 0488  [ 5FA5CDF5485FB8FD38C82997B94A4E67 ] \Device\Harddisk0\DR0\Partition2
15:20:22.0720 0488  \Device\Harddisk0\DR0\Partition2 - ok
15:20:22.0736 0488  [ CF22E3603587FC318B0C0F172036F534 ] \Device\Harddisk0\DR0\Partition3
15:20:22.0751 0488  \Device\Harddisk0\DR0\Partition3 - ok
15:20:22.0751 0488  [ D2081CB93FE1B3D64A5AAAF7417E4E7A ] \Device\Harddisk1\DR1\Partition1
15:20:22.0751 0488  \Device\Harddisk1\DR1\Partition1 - ok
15:20:22.0751 0488  [ 24C33367AF2B127B146B79558F096340 ] \Device\Harddisk2\DR2\Partition1
15:20:22.0751 0488  \Device\Harddisk2\DR2\Partition1 - ok
15:20:22.0751 0488  ============================================================
15:20:22.0751 0488  Scan finished
15:20:22.0751 0488  ============================================================
15:20:22.0767 5972  Detected object count: 6
15:20:22.0767 5972  Actual detected object count: 6
15:20:32.0439 5972  AdobeActiveFileMonitor5.0 ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:32.0439 5972  AdobeActiveFileMonitor5.0 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:20:32.0439 5972  CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:32.0439 5972  CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:20:32.0439 5972  HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:32.0439 5972  HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:20:32.0439 5972  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:32.0439 5972  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:20:32.0439 5972  WLANBelkinService ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:32.0439 5972  WLANBelkinService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:20:32.0439 5972  WSWNA3100 ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:32.0439 5972  WSWNA3100 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
danke,
shopgirl


Alt 23.11.2012, 15:23   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb  und noch mehr - Standard

JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr



Zitat:
avast ist mir leider mehrfach abgestürzt ("appcrash"), obwohl ich avira komplett gekillt und avast als admin ausgeführt habe.
Deswegen gab es unter aswMBR extra noch einen Hinweis
__________________
--> JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr

Alt 23.11.2012, 15:25   #7
shopgirl86
 
JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb  und noch mehr - Standard

JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr



sorry. da hab ich schlampig gelesen :-(

hier isses:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-23 16:27:01
-----------------------------
16:27:01.130    OS Version: Windows x64 6.1.7600 
16:27:01.130    Number of processors: 8 586 0x1E05
16:27:01.130    ComputerName: HPBERLIN-PC  UserName: HP Berlin
16:27:10.084    Initialize success
16:27:14.562    AVAST engine defs: 12112300
16:27:17.978    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:27:17.994    Disk 0 Vendor: ST375052 HP34 Size: 715404MB BusType: 8
16:27:17.994    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
16:27:17.994    Disk 1 Vendor: ST375052 HP34 Size: 715404MB BusType: 8
16:27:18.009    Disk 0 MBR read successfully
16:27:18.025    Disk 0 MBR scan
16:27:18.025    Disk 0 unknown MBR code
16:27:18.040    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
16:27:18.056    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       700569 MB offset 206848
16:27:18.087    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        14733 MB offset 1434972160
16:27:18.150    Disk 0 scanning C:\Windows\system32\drivers
16:27:30.286    Service scanning
16:27:50.754    Modules scanning
16:27:50.754    Disk 0 trace - called modules:
16:27:50.785    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
16:27:50.785    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007dc5060]
16:27:50.800    3 CLASSPNP.SYS[fffff880015cd43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b45050]
16:27:50.800    Scan finished successfully
16:30:03.557    Disk 0 MBR has been saved successfully to "C:\Users\HP Berlin\Desktop\MBR.dat"
16:30:03.557    The log file has been saved successfully to "C:\Users\HP Berlin\Desktop\aswMBR.txt"
         
danke, shopgirl

Alt 23.11.2012, 16:09   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb  und noch mehr - Standard

JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.11.2012, 17:52   #9
shopgirl86
 
JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb  und noch mehr - Standard

JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr



hallo,

hier das combofix-protokoll:

[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-11-23.02 - HP Berlin 23.11.2012  18:06:11.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.43.1031.18.8183.6101 [GMT 1:00]
ausgeführt von:: c:\users\HP Berlin\Desktop\AntiSpyware\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\HP Berlin\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-23 bis 2012-11-23  ))))))))))))))))))))))))))))))
.
.
2012-11-23 17:14 . 2012-11-23 17:14	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-11-23 17:14 . 2012-11-23 17:14	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-23 17:14 . 2012-11-23 17:14	--------	d-----w-	c:\users\AppData\AppData\Local\temp
2012-11-23 17:14 . 2012-11-23 17:14	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2012-11-19 20:18 . 2012-11-19 20:18	--------	d-----w-	c:\programdata\Recovery
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 15:04 . 2012-06-13 20:40	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"TVTip"="c:\programme\TV Movie\TV Movie ClickFinder\tvstart.exe" [2010-07-29 102400]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-12-20 718720]
"CAHeadless"="c:\program files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2011-09-14 835224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2010-07-01 6951680]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2010-07-01 56064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\HP Berlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Spamihilator.lnk - c:\program files\Spamihilator\spamihilator.exe [2012-2-11 2430464]
.
c:\users\HP Berlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Dropbox.lnk - c:\users\HP Berlin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-25 26909544]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA3100 Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2010-10-14 4562944]
phase-6 Reminder.lnk - c:\program files (x86)\phase-6\phase-6\reminder\reminder.exe [2012-9-4 724992]
Play Wireless USB Adapter Utility.lnk - c:\program files (x86)\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592]
Spamihilator.lnk - c:\program files (x86)\Spamihilator\spamihilator.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 WLANBelkinService;Belkin WLAN service;c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe [2009-12-28 36864]
R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-01-12 278528]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-13 233472]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R4 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-04-16 173352]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/09/24 16:32];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-07-23 18:45 146928]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-14 169624]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S3 BCMH43XX;Treiber für Broadcom 802.11-USB-Netzwerkadapter;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2009-11-06 838136]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-01-06 51584]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-01-07 45408]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2010-03-11 35112]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 29133671
*Deregistered* - 29133671
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-05 10:23]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-05 10:23]
.
2010-08-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.com/calendar/render?hl=de&tab=wc&gsessionid=ZkAmWI3R7rSgxWfTFbMw3Q
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube to Mp3 Converter - c:\users\HP Berlin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
FF - ProfilePath - c:\users\HP Berlin\AppData\Roaming\Mozilla\Firefox\Profiles\13la5nka.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/calendar/render?hl=de&tab=wc&gsessionid=ZkAmWI3R7rSgxWfTFbMw3Q|hxxp://www.babyzimmer.de/forumdisplay.php/4-Das-BZ-Forum|hxxp://www.facebook.com/|hxxp://dailydeal.de/gutscheine/berlin/?geo=on
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-23  18:19:11
ComboFix-quarantined-files.txt  2012-11-23 17:19
ComboFix2.txt  2012-06-16 09:50
.
Vor Suchlauf: 12 Verzeichnis(se), 529.509.892.096 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 530.142.203.904 Bytes frei
.
- - End Of File - - 2DDB708623ADEBC0ECEAD27F1D94EBC4
         
--- --- ---


danke,
shopgirl

Alt 23.11.2012, 19:53   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb  und noch mehr - Standard

JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.11.2012, 21:14   #11
shopgirl86
 
JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb  und noch mehr - Standard

JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr



hier ist das log:

Code:
ATTFilter
# AdwCleaner v2.008 - Datei am 23/11/2012 um 22:07:43 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : HP Berlin - HPBERLIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\HP Berlin\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Users\HP Berlin\AppData\LocalLow\Conduit

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKU\S-1-5-21-165768795-3393855570-1586056821-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default 
Datei : C:\Users\HP Berlin\AppData\Roaming\Mozilla\Firefox\Profiles\13la5nka.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1493 octets] - [23/11/2012 22:07:43]

########## EOF - C:\AdwCleaner[R1].txt - [1553 octets] ##########
         
danke,
shopgirl

Alt 26.11.2012, 09:05   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb  und noch mehr - Standard

JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.11.2012, 09:25   #13
shopgirl86
 
JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb  und noch mehr - Standard

JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr



hier erst mal die log-datei vom adwcleaner:

Code:
ATTFilter
# AdwCleaner v2.009 - Datei am 26/11/2012 um 10:11:31 erstellt
# Aktualisiert am 24/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : HP Berlin - HPBERLIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\HP Berlin\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\HP Berlin\AppData\LocalLow\Conduit

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2613550

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default 
Datei : C:\Users\HP Berlin\AppData\Roaming\Mozilla\Firefox\Profiles\13la5nka.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1620 octets] - [23/11/2012 22:07:43]
AdwCleaner[S1].txt - [1043 octets] - [26/11/2012 10:11:31]

########## EOF - C:\AdwCleaner[S1].txt - [1103 octets] ##########
         
die anderen beiden kommen auch gleich.
danke,
shopgirl

hier die otl.txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.11.2012 10:26:48 - Run 6
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\HP Berlin\Desktop\AntiSpyware
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,99 Gb Total Physical Memory | 5,75 Gb Available Physical Memory | 71,93% Memory free
11,90 Gb Paging File | 9,57 Gb Available in Paging File | 80,43% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684,15 Gb Total Space | 491,97 Gb Free Space | 71,91% Space Free | Partition Type: NTFS
Drive D: | 14,39 Gb Total Space | 2,53 Gb Free Space | 17,55% Space Free | Partition Type: NTFS
Drive E: | 698,64 Gb Total Space | 504,82 Gb Free Space | 72,26% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive O: | 1396,92 Gb Total Space | 839,31 Gb Free Space | 60,08% Space Free | Partition Type: FAT32
 
Computer Name: HPBERLIN-PC | User Name: HP Berlin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6)
PRC - C:\Users\HP Berlin\Desktop\AntiSpyware\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Programme\TV Movie\TV Movie ClickFinder\tvtip.exe (E.W.E.-Software)
PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
PRC - C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe ()
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\GAC_32\SwissAcademic.Citavi.IEPicker\3.1.0.0__f59eabe05cc67589\SwissAcademic.Citavi.IEPicker.dll ()
MOD - C:\Windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll ()
MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f92c882fd4e7005c005e208daa04c28d\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
MOD - C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe ()
MOD - C:\Program Files (x86)\Belkin\F7D4101\V1\BelkinwcuiDLL.dll ()
MOD - C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeActiveFileMonitor10.0) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WSWNA3100) -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe ()
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WLANBelkinService) -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe ()
SRV - (getPlusHelper) @C:\Program Files (x86) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (bgsvcgen) -- C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files (x86)\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
SRV - (CCALib8) -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (Canon Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys (Broadcom Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (SCMNdisP) -- C:\Windows\SysNative\drivers\SCMNdisP.sys (Windows (R) Codename Longhorn DDK provider)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE:64bit: - HKLM\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at
IE:64bit: - HKLM\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKLM\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at
IE - HKLM\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-165768795-3393855570-1586056821-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-165768795-3393855570-1586056821-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/calendar/render?hl=de&tab=wc&gsessionid=ZkAmWI3R7rSgxWfTFbMw3Q
IE - HKU\S-1-5-21-165768795-3393855570-1586056821-1000\..\SearchScopes,DefaultScope = {C79569B9-0771-4C65-B14E-845F99A6BCD9}
IE - HKU\S-1-5-21-165768795-3393855570-1586056821-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKU\S-1-5-21-165768795-3393855570-1586056821-1000\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKU\S-1-5-21-165768795-3393855570-1586056821-1000\..\SearchScopes\{C79569B9-0771-4C65-B14E-845F99A6BCD9}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-165768795-3393855570-1586056821-1000\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at
IE - HKU\S-1-5-21-165768795-3393855570-1586056821-1000\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-165768795-3393855570-1586056821-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-165768795-3393855570-1586056821-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://www.google.com/calendar/render?hl=de&tab=wc&gsessionid=ZkAmWI3R7rSgxWfTFbMw3Q|hxxp://www.babyzimmer.de/forumdisplay.php/4-Das-BZ-Forum|hxxp://www.facebook.com/|hxxp://dailydeal.de/gutscheine/berlin/?geo=on"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\HP Berlin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.05.19 21:41:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.23 11:52:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2010.01.04 22:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP Berlin\AppData\Roaming\mozilla\Extensions
[2010.01.04 22:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP Berlin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.01 18:00:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP Berlin\AppData\Roaming\mozilla\Firefox\Profiles\13la5nka.default\extensions
[2012.09.23 11:52:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.06 02:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.06.16 10:44:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKU\S-1-5-21-165768795-3393855570-1586056821-1000..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-165768795-3393855570-1586056821-1000..\Run: [TVTip] C:\Programme\TV Movie\TV Movie ClickFinder\tvstart.exe (E.W.E.-Software)
O4 - Startup: C:\Users\HP Berlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012.11.22 20:43:59 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\HP Berlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-165768795-3393855570-1586056821-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-165768795-3393855570-1586056821-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-165768795-3393855570-1586056821-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-165768795-3393855570-1586056821-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\HP Berlin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\HP Berlin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4010814-8B20-43BB-A662-6A72EBA2F08C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.26 09:58:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{89B5D7DE-1F64-419D-935D-2763420127ED}
[2012.11.25 10:52:49 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{23C60C99-1094-49EE-8B2A-143438135121}
[2012.11.24 21:33:06 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{CC3EB116-9C70-4A98-A736-E2F0847E66DD}
[2012.11.24 09:32:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{CA91F4A8-2686-4EF0-B7DF-64957BEEEB3E}
[2012.11.24 09:28:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.23 18:19:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.23 14:36:37 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\HP Berlin\Desktop\tdsskiller.exe
[2012.11.23 14:36:28 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\HP Berlin\Desktop\aswMBR.exe
[2012.11.23 12:45:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{2CE22140-05D6-4794-B35C-2B68AF69642D}
[2012.11.22 18:24:28 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A2D5D96D-29E5-4E6F-ABE4-7ACBE0F0FCEB}
[2012.11.21 14:07:08 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{8EEC5C5C-0CEE-4EED-8F31-A4710E426A73}
[2012.11.20 18:46:51 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{1EC5ED30-FDE7-4764-9BB4-CD93974CBF88}
[2012.11.19 21:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2012.11.19 12:28:55 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{0929D70E-88D2-4007-8E58-F048718ED315}
[2012.11.19 10:34:44 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{DCC784B6-79A5-4781-8178-B47432DE31E0}
[2012.11.18 22:34:19 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{AC1AED9A-E2B9-4466-9F05-8ABCE3EF831E}
[2012.11.18 10:34:12 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9784BF28-E68A-4859-8C53-419F4A757915}
[2012.11.17 22:33:53 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{45AD049F-F939-4FF3-A811-ADF9C1AA641C}
[2012.11.17 10:33:33 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{ED3FE1C2-99F9-42CA-BA7B-9C8FE5436AE9}
[2012.11.16 20:49:22 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{5770DFB3-F22F-4351-A809-D82E49541AF8}
[2012.11.16 08:49:03 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9D2456A1-BE43-49CB-A60B-9BE57BA45706}
[2012.11.15 17:39:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{506EB94F-341B-4A95-8658-B285A5E4F246}
[2012.11.14 20:58:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{EA0EFF52-D535-4762-86C0-9EAC96195613}
[2012.11.14 08:58:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{F525D118-91B5-40D6-890A-CB5F88CAEE5E}
[2012.11.13 09:38:18 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B500A58B-4191-42DC-B40B-43068B3E5BC1}
[2012.11.12 22:13:23 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C48C946B-FA5B-4E08-BF8C-E79D22DADB95}
[2012.11.12 10:13:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{F7FBDB8E-A5FF-43C6-84A9-E993E30B0459}
[2012.11.11 22:12:44 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{F6BDAD0C-3A9D-4BE8-AC6C-67A34E968BD5}
[2012.11.09 09:09:20 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C8EEAD40-2204-4E57-AB76-B574C6CFFCF0}
[2012.11.08 11:40:54 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{519CC909-217D-4629-925D-28BDAE42F89D}
[2012.11.07 10:22:21 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{742F2C70-138B-40E9-96CB-B9F99F5C94F0}
[2012.11.06 14:24:41 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{AF300890-1F02-4816-8326-B04AD23AF5A7}
[2012.11.05 21:19:51 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{0343BF73-538B-4084-A9E8-5E49DFA03A24}
[2012.11.05 09:19:29 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{F6FFADC1-DB24-41BD-A24C-BFA06BD4F6C2}
[2012.11.04 11:37:24 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{CFB3CF4D-38EB-4AB4-AC72-8C4D9B1FF81B}
[2012.11.03 23:37:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{EC9D1CFF-407F-4FFA-ACBE-0E8634590C58}
[2012.11.03 09:43:23 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9CF69E3E-F113-4407-B496-227F9645FD61}
[2012.11.02 13:21:47 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{103326DD-19C2-4FCE-B21D-CD0889AA76F4}
[2012.10.31 19:24:26 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{905AB02E-EECD-4696-BFD5-4314616E6B62}
[2012.10.31 07:24:05 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A68CB485-DA37-46BA-B0F6-9F821DCF3BCA}
[2012.10.30 18:11:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{EA491B2B-FBC0-4B4F-A5C4-13009FA0C30F}
[2012.10.29 22:40:23 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{3CC5A4E5-C261-432E-B9F4-7D031947E234}
[2012.10.29 10:40:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9ED5F4FC-DB7C-41F2-BB02-25B7BC8BEDA0}
[2012.10.28 22:39:41 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{6F078ECC-6355-4741-A8AD-0CA4D5B4CC48}
[2012.10.28 10:39:35 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C724B98A-6D08-4996-9429-2B306B08F134}
[2012.10.27 21:23:32 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{69F66856-B145-4173-A636-8A15BC7052C6}
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.26 10:29:22 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.26 10:29:22 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.26 10:26:08 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.26 10:26:08 | 000,696,132 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.26 10:26:08 | 000,651,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.26 10:26:08 | 000,147,428 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.26 10:26:08 | 000,120,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.26 10:21:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.26 10:20:59 | 2140,467,199 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.26 10:17:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.26 10:11:07 | 000,480,125 | ---- | M] () -- C:\Users\HP Berlin\Desktop\adwcleaner.exe
[2012.11.23 18:02:20 | 000,001,112 | ---- | M] () -- C:\Users\HP Berlin\Desktop\ComboFix.exe - Verknüpfung.lnk
[2012.11.23 14:36:44 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\HP Berlin\Desktop\tdsskiller.exe
[2012.11.23 14:36:28 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\HP Berlin\Desktop\aswMBR.exe
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.26 10:11:07 | 000,480,125 | ---- | C] () -- C:\Users\HP Berlin\Desktop\adwcleaner.exe
[2012.11.23 18:02:20 | 000,001,112 | ---- | C] () -- C:\Users\HP Berlin\Desktop\ComboFix.exe - Verknüpfung.lnk
[2012.06.30 21:31:01 | 001,588,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.16 10:30:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.06.16 10:30:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.06.16 10:30:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.06.16 10:30:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.06.16 10:30:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.08.23 20:25:53 | 000,074,240 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2011.06.08 15:51:36 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011.06.08 15:51:36 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011.06.08 15:51:36 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011.06.08 15:51:36 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011.06.08 15:51:36 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011.06.08 15:51:36 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011.06.08 15:51:36 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011.06.08 15:51:36 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011.06.08 15:51:36 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011.06.08 15:51:36 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2011.06.08 15:51:36 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011.06.08 15:51:36 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011.06.08 15:51:36 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011.06.08 15:51:36 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011.06.08 15:51:36 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011.06.08 15:51:36 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2011.06.08 15:51:36 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2011.06.08 15:51:36 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011.06.08 15:51:36 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini

< End of report >
         
--- --- ---


und extras.txt:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.11.2012 10:26:48 - Run 6
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\HP Berlin\Desktop\AntiSpyware
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,99 Gb Total Physical Memory | 5,75 Gb Available Physical Memory | 71,93% Memory free
11,90 Gb Paging File | 9,57 Gb Available in Paging File | 80,43% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684,15 Gb Total Space | 491,97 Gb Free Space | 71,91% Space Free | Partition Type: NTFS
Drive D: | 14,39 Gb Total Space | 2,53 Gb Free Space | 17,55% Space Free | Partition Type: NTFS
Drive E: | 698,64 Gb Total Space | 504,82 Gb Free Space | 72,26% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive O: | 1396,92 Gb Total Space | 839,31 Gb Free Space | 60,08% Space Free | Partition Type: FAT32
 
Computer Name: HPBERLIN-PC | User Name: HP Berlin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\fotobuch\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch\Designer 2.0\Designer.exe:*:Designer.exe -- ()
"C:\Program Files (x86)\fotobuch\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch\Designer 2.0\Designer.exe:*:Designer.exe -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A6723F1-3AA5-4178-A134-378DFD45C9DD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{2F5FB749-1B56-4F53-8ADB-1AE77AC19E15}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{30F7E1EA-4ACC-4B21-90F4-3266647E4E0B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{37982EEA-E668-4804-983F-16B4ECADA90A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3FE195CA-DACC-45C3-A17B-B519D76A3FA6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{445CAABC-9528-4371-BE02-38A95611AD55}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{46198814-B7C6-442B-84A0-9915B1F345AF}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4F7C2CFA-DF80-45BF-A619-7FD42A20FF3C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{57C75115-701B-4DDB-A8D3-C6C2FC0E73F2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5C139211-916A-4472-B674-4F9588905141}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{66C05EB8-41FA-432B-978B-F81DD97BD24C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{73AB7051-BCB8-4F39-8850-013CBE62F07E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7B127F56-E23A-40B6-A3E1-0BFBE18201C4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7B8EB3BD-48B0-410B-BB7B-729068BF66AD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7B915E9C-D0BD-497E-96FC-7D73C7A094F5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7EAF5E7C-22AA-425E-9236-D9AE254B7768}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{893E1496-5BAF-4611-B4F3-35F6958A15AF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A11796D3-B610-4572-B96B-B5733AD49081}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A789C1F8-BDA6-4E11-AB15-94B64B29EAEC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B99B63A6-6704-4806-A31A-CBD27FF86385}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C46FD838-F370-4FB8-9BBD-BFE2BB3D21AE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D570279A-C23E-45E3-98B9-6293B8109E35}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D83548CD-891C-4AF8-A147-227D4CEEBE80}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F3DCE4C2-A6BA-40DF-A559-C756A07A84E2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FC62FB21-724A-4002-8F9B-45D678464F21}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FF93FBAD-D33D-44A0-8823-5E1F2B265085}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00426580-9ED5-4086-84F4-BCD2D955E7D3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{04157473-AD19-427C-A1EC-E2E2B8A5B405}" = protocol=6 | dir=in | app=c:\program files\spamihilator\cdcc.exe | 
"{06011756-9F1E-488C-8488-0BEFA68DB070}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{0E644D02-DA0A-4740-97A5-1DFC549EBB46}" = protocol=17 | dir=in | app=c:\program files\spamihilator\dccproc.exe | 
"{1038B6B3-8008-4289-91FA-BB024639C61F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1246896F-3FB6-4B4A-AE7E-76A6D712B4BD}" = protocol=6 | dir=in | app=c:\program files\spamihilator\dccproc.exe | 
"{49D25E51-A077-455D-BBFD-EFDDE6F92F4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4A6B2281-4B33-4A87-B3D4-C1FC43DEAEA8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5D9632EA-5BF4-47E5-BA2E-A24ADBA0F1EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{62C37E21-43C8-45B1-9CCF-948FC7DC5C14}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{6FD5C595-8E48-45E4-ABD5-E063803224B1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{73E77AE3-AB57-48D1-A9EC-557C04A8C3F3}" = protocol=17 | dir=in | app=c:\program files\spamihilator\spamihilator.exe | 
"{75E23F31-B9E5-4DB8-AFFF-79297D1D67F2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{7AC716B8-197A-465E-A9B9-04815AC0B2C8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{88EE2069-9573-4CF0-9FA2-B178C3A5849E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{89F109EA-945C-48CA-8C36-1810DD70A418}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8BB68255-F14C-48C0-A050-AA89F03C896A}" = protocol=6 | dir=in | app=c:\program files\spamihilator\spamihilator.exe | 
"{9ACDEE99-9124-4EFE-B3AA-AF8F9D5BE477}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{9D04A4BE-A3FB-40C5-B433-60432A99EA17}" = protocol=17 | dir=in | app=c:\program files\spamihilator\cdcc.exe | 
"{9E39D92A-B621-4941-AE43-902B9C4FBEE1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9F5CD7B7-9201-45E5-942F-F93CAA8E8ECF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9FFDAA89-1AB4-46DC-B94C-8FFE4C74FB54}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{AD814EF6-5D1A-427D-8497-13D08AA46E31}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ADAAE05A-71EB-4674-A1C2-72D8370ED6EE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{C5F1BEA8-0071-44F1-AA8A-E83DBF173EED}" = protocol=6 | dir=out | app=system | 
"{CA37F01F-C9E8-4534-BE0C-5819A8AB164F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CBFBAAD6-7115-40EE-94B9-9CE0054EF007}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{CD11C58A-E577-48D9-B13F-31E458643A14}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D112E899-0A10-4EDF-8B84-7032A3705F11}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{DD37C8FA-FBA3-4D7C-BEEC-AED4EB6E5D57}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EEA85D8E-D5B6-489E-A41B-6642922D4302}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F8AC9631-8608-4EEB-A96B-B424083CC915}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{102458A7-93BA-4D2D-B502-45DF3BB2900A}C:\users\hp berlin\appdata\roaming\biyva\myasi.exe" = protocol=6 | dir=in | app=c:\users\hp berlin\appdata\roaming\biyva\myasi.exe | 
"TCP Query User{84C1C32E-56CB-4A32-B885-A62A7503272E}C:\program files (x86)\macromedia\dreamweaver 4\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\macromedia\dreamweaver 4\dreamweaver.exe | 
"TCP Query User{A5A45BC6-9DCF-4B5B-A37A-EA078AEC33B8}C:\users\hp berlin\appdata\roaming\biyva\myasi.exe" = protocol=6 | dir=in | app=c:\users\hp berlin\appdata\roaming\biyva\myasi.exe | 
"TCP Query User{E52E0D2E-1531-4222-BDA3-D944DD821488}C:\program files (x86)\ws_ftp pro\wsftppro.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ws_ftp pro\wsftppro.exe | 
"UDP Query User{541FCEAC-C572-4E00-962C-F65FB624CE20}C:\program files (x86)\macromedia\dreamweaver 4\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\macromedia\dreamweaver 4\dreamweaver.exe | 
"UDP Query User{7DC7B10E-DB97-4F83-88FD-6ECF7E8525C0}C:\program files (x86)\ws_ftp pro\wsftppro.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ws_ftp pro\wsftppro.exe | 
"UDP Query User{E869A862-D593-4352-B36B-50FBC58E2511}C:\users\hp berlin\appdata\roaming\biyva\myasi.exe" = protocol=17 | dir=in | app=c:\users\hp berlin\appdata\roaming\biyva\myasi.exe | 
"UDP Query User{FA483786-E7FA-404E-9D26-E6AC6A497359}C:\users\hp berlin\appdata\roaming\biyva\myasi.exe" = protocol=17 | dir=in | app=c:\users\hp berlin\appdata\roaming\biyva\myasi.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
"{26F481C6-8DBE-4F8B-9D8D-715081C23ADE}" = Adobe Premiere Elements 10
"{2BF35D84-6377-4F70-9F39-97CF67E67FFF}" = Microsoft IntelliPoint 8.0
"{3BBD5B14-D5E1-4863-946F-BE91A2B0C3AE}" = Spamihilator 1.0.0 (64-Bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}" = SmartSound Premiere Elements 10 x64 Plugin
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{48F04AD2-77E9-45F3-8A4F-F5D38E519F02}" = BOINC
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GPL Ghostscript 9.05" = GPL Ghostscript
"GSview 5.0" = GSview 5.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Testversion von Microsoft Office Home and Student 2007
"PC-Doctor for Windows" = Hardwarediagnosetools
"PremElem100" = Adobe Premiere Elements 10
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{13702021-43FB-480C-912F-D9B74A538288}" = OpenProj
"{15F02176-0D12-4FAF-B2CD-2767C7781427}" = Google SketchUp 8
"{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E9A9E08-0366-45EE-9B66-51852F8D9812}" = Open Workbench
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only)
"{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0 HD Edition
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F06F464-479A-403E-AF92-70CBB8D674A1}" = PRE10STI64Installer
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A1A2ACDC-0C22-4EB1-B958-1898A93DAF28}" = TV Movie ClickFinder
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AD708DF0-9F04-4CB3-821A-85804A833B4D}" = ArcSoft Camera Suite
"{ADFB7C0D-854E-4FDA-8861-9447F182AEF9}" = Dynamic Draw 5.4
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0194539-8118-4FD7-8ABA-912B2D479B48}" = Ulead Photo Explorer 6.0
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECE80888-45E5-46FD-8E0C-FEF3648847BB}" = Sibelius Scorch (all browsers)
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8781-9705-0578-2960" = Medienmanager 1.3.0
"8BF2152B-6835-4FF3-A2EC-5BDAB46DCDFF_is1" = Accord CD Ripper Free 6.3.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Astrorix Gold" = Astrorix Gold
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"Aura Video Converter_is1" = Aura Video Converter 1.2.3
"Aura4You Software Manager_is1" = Aura4You Software Manager 1.0.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Carlton Books Demo" = Carlton Books Demo
"CassetteMate" = CassetteMate
"Cell_Biology_Interactive" = Cell Biology Interactive
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"CSCLIB" = Canon Camera Support Core Library
"Cuber Extreme" = Cuber Extreme
"Designer 2.0_is1" = Designer 2.0
"EasyBits Magic Desktop" = Magic Desktop
"EOS Utility" = Canon Utilities EOS Utility
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"FFsim" = Feuerwehr-Simulator 2010
"FileZilla Client" = FileZilla Client 3.5.3
"Free 3D Video Maker_is1" = Free 3D Video Maker version 1.0.1.426
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.7.26.602
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free Audio Converter_is1" = Free Audio Converter version 2.2.9
"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.602
"Free DVD Video Converter_is1" = Free DVD Video Converter version 2.0.11.1005
"Free Video Dub_is1" = Free Video Dub version 1.8.12.602
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8.12.602
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.7.25.602
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"HandBrake" = HandBrake 0.9.6
"HijackThis" = HijackThis 2.0.2
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"IrfanView" = IrfanView (remove only)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MultitrackStudio_is1" = MultitrackStudio Lite 6.0
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PDF reDirect" = PDF reDirect (remove only)
"phase-6" = phase-6 2.3.1a
"PhotoStitch" = Canon Utilities PhotoStitch
"PixelNet Foto Client" = PixelNet Foto Client 4.8
"Rainlendar2" = Rainlendar2 (remove only)
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"Scratch" = Scratch
"StarBall_is1" = Star Ball
"TeamViewer 5" = TeamViewer 5
"TFA_Nexus" = TFA_Nexus
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.10
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent-Spiele
"WinFuture xp-Iso-Builder 3_is1" = WinFuture xp-Iso-Builder 3.0.8
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite" = Windows Live Essentials
"Winsyntax" = Winsyntax 2.0
"WMBackup-BackupfürWindowsMail" = WMBackup - Windows Mail Backup
"WS_FTP Pro" = Ipswitch WS_FTP Pro
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-165768795-3393855570-1586056821-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{EE20E438-B675-4421-AB07-928F0EC9FB22}_is1" = Albelli Fotobücher
"Dropbox" = Dropbox
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.11.2012 13:21:03 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 25.11.2012 13:21:03 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 25.11.2012 13:21:03 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 25.11.2012 13:23:02 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 25.11.2012 13:23:02 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 25.11.2012 13:23:02 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 25.11.2012 13:23:02 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 25.11.2012 13:23:02 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 25.11.2012 13:23:02 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 25.11.2012 13:23:02 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 25.11.2012 13:23:02 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ System Events ]
Error - 24.11.2012 19:30:06 | Computer Name = HPBerlin-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 24.11.2012 19:30:06 | Computer Name = HPBerlin-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 24.11.2012 19:30:06 | Computer Name = HPBerlin-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 24.11.2012 19:30:06 | Computer Name = HPBerlin-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 25.11.2012 05:37:10 | Computer Name = HPBerlin-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Belkin WLAN service erreicht.
 
Error - 25.11.2012 05:37:10 | Computer Name = HPBerlin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Belkin WLAN service" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 26.11.2012 04:54:21 | Computer Name = HPBerlin-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Belkin WLAN service erreicht.
 
Error - 26.11.2012 04:54:21 | Computer Name = HPBerlin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Belkin WLAN service" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 26.11.2012 05:21:11 | Computer Name = HPBerlin-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Belkin WLAN service erreicht.
 
Error - 26.11.2012 05:21:11 | Computer Name = HPBerlin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Belkin WLAN service" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
 
< End of report >
         
--- --- ---


danke,
shopgirl

Alt 26.11.2012, 10:38   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb  und noch mehr - Standard

JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.11.2012, 10:50   #15
shopgirl86
 
JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb  und noch mehr - Standard

JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr



hier der malware-scan:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.26.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
HP Berlin :: HPBERLIN-PC [Administrator]

26.11.2012 11:42:46
mbam-log-2012-11-26 (11-42-46).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 249199
Laufzeit: 3 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
eset mache ich gleich noch.

also, der eset scannt seit fast 4 stunden und ist bei 21 %. bis jetzt hat er 1 fund, eine variante der win32/SoftonicDownloader Application. ich melde mich dann wieder in vielen, vielen stunden, wenn er fertig ist ;-)

Antwort

Themen zu JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr
adobe, antivir guard, avg, avira, bho, bonjour, converter, defender, desktop, firefox, hijack, hijackthis, home, iexplore.exe, internet, logfile, mp3, netgear, nodrives, object, phish/paypal.ax, phishing, programm, realtek, system, windows



Ähnliche Themen: JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr


  1. Avira meldet TR/Dldr.Agent.2343.1 [trojan] und java/Lamar.sgf.27 [virus]
    Log-Analyse und Auswertung - 30.06.2015 (13)
  2. TR/Wysotot.Gen + Java/Dldr.lamar.OJ + adware/Installcore-gen
    Plagegeister aller Art und deren Bekämpfung - 03.03.2014 (13)
  3. AntiVir findet u.a.: TR/Dldr.Dofoil.R.266, JAVA/Dldr.Obfshlp.MA, EXP/CVE-2013-2423.DV, TR/Spy.ZBot.lntt.12, JAVA/Lamar.gta.27
    Log-Analyse und Auswertung - 24.07.2013 (13)
  4. Java-Virus (JAVA/Lamar.RI ; JAVA/Jogek.WK usw.)
    Log-Analyse und Auswertung - 18.06.2013 (12)
  5. Java-Virus JAVA/Dldr.Themod.IE + EXP/CVE-2013-0431.BK mit Avira entdeckt
    Log-Analyse und Auswertung - 06.06.2013 (15)
  6. Nach Verschlüsselungstrojaner viele Virenfunde (JAVA/Jogek.CT; rus JAVA/Agent.MH; JAVA/Dldr.Pesur.BH; W32/Idele.2219; VBS/Fluenza.B; u.a...
    Log-Analyse und Auswertung - 28.01.2013 (1)
  7. TR/Spy.Zbot.iehc und JAVA/Dldr.Pesur.AY und JAVA/Lamar.RY gefunden
    Plagegeister aller Art und deren Bekämpfung - 26.01.2013 (36)
  8. JAVA/Dldr.Lamar.OJ durch Avira Antivirus gefunden
    Log-Analyse und Auswertung - 19.12.2012 (11)
  9. Anhaltendes Virenproblem: JAVA/Agent.MN, TR/Spy.ZBot.gfbr.1, EXP/Dldr.Java.D-G, JAVA/Dldr.Rilly.A
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (25)
  10. Java-Virus JAVA/Dldr.Dermit.C, JAVA/Dldr.Kara.AB.1, JAVA/Dldr.Karame.AI
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (1)
  11. Fund JAVA/Dldr.Lamar.GA
    Log-Analyse und Auswertung - 21.10.2012 (28)
  12. Mehrere Funde! EXP/JAVA.Ternub.Gen - JAVA/Dldr.Small.CI - JAVA/Dldr.OpenC.A - EXP/08-5353.AI.5.A
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (29)
  13. TR/Dldr.Phdet.E.41/ EXP/2008-5353.CP/JAVA/Dldr.Lamar.BD/TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (29)
  14. Virenalarm - Gataka.D.57 & JAVA/Dldr.Lamar.BD
    Plagegeister aller Art und deren Bekämpfung - 09.07.2012 (2)
  15. ATRAPS.GEN & GEN2, Dldr.Phdet.E.38, Kazy.79779, JAVA.Ternub.Gen, Dldr.Lamar.BD in C:\Users\.\AppData
    Plagegeister aller Art und deren Bekämpfung - 05.07.2012 (3)
  16. #Java/Dldr.OpenS.P # Js/Dldr.Expack.N.2 --- Viren oder doch nur Java Dateien ?
    Log-Analyse und Auswertung - 25.04.2012 (9)
  17. Rechner langsam TR/FraudPack.apqc + EXP/Java.WebStart JAVA/Dldr.Agent.CI + CG
    Plagegeister aller Art und deren Bekämpfung - 12.05.2010 (7)

Zum Thema JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr - Hallo, hatte Anfang der Woche den TR/Spy.ZBot.dynb drauf und mit Malwarebytes entfernt. Das Programm fand danach nichts mehr. Heute habe ich noch mal über alles Avira drüberlaufen lassen und da - JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr...
Archiv
Du betrachtest: JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.