Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows Firewall wird immer wieder unbemerkt deaktiviert

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.11.2012, 17:26   #1
Densi
 
Windows Firewall wird immer wieder unbemerkt deaktiviert - Standard

Windows Firewall wird immer wieder unbemerkt deaktiviert



Hallo liebes Helferteam,
mein Problem ist, dass meine Windows Firewall sich immer wieder deaktiviert. Anschließend sind dann immer Netzwerkkennung und Freigabe von Dateien aktiviert.
Mein AVG Internet Security 2012 hat nichts gefunden und der Windows Defender auch nicht.
Nun hat Malwarebytes bereits ein infiziertes Objekt gefunden (PUP.BundleInstaller.OL). Die beiden log-Dateien von OTL habe ich nun.

Nun schonmal vielen Dank, für die Mühe, sich überhaupt mit meinem Problem zu beschäftigen.

Viele Grüße
Densi
Angehängte Dateien
Dateityp: txt Extras.Txt OTL121127.txt (55,9 KB, 190x aufgerufen)

Alt 28.11.2012, 13:13   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Firewall wird immer wieder unbemerkt deaktiviert - Standard

Windows Firewall wird immer wieder unbemerkt deaktiviert



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Zitat:
Nun hat Malwarebytes bereits ein infiziertes Objekt gefunden (PUP.BundleInstaller.OL).
Die Logs bitte immer vollständig posten!
Bitte beachten => http://www.trojaner-board.de/125889-...tml#post941520
__________________

__________________

Alt 28.11.2012, 20:10   #3
Densi
 
Windows Firewall wird immer wieder unbemerkt deaktiviert - Standard

Windows Firewall wird immer wieder unbemerkt deaktiviert



Hallo, ich versuchs mal... das mit dem "code-tags" habe ich glaub ich nicht verstanden. Ich würde jetzt vermuten, vorher und nachher das Wort: code in den Klammern zu setzen. Ist das korrekt?
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.27.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Denise :: DENISE-JÜRGENPC [Administrator]

Schutz: Aktiviert

27.11.2012 14:57:43
mbam-log-2012-11-27 (14-57-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 502102
Laufzeit: 2 Stunde(n), 24 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Denise\Downloads\Miro_setup.exe (PUP.BundleInstaller.OI) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
2012/11/27 14:56:55 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	Executing scheduled update:  Daily
2012/11/27 14:57:01 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	Starting protection
2012/11/27 14:57:01 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	Protection started successfully
2012/11/27 14:57:01 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	Starting IP protection
2012/11/27 14:57:08 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.09.29.05 to version v2012.11.27.04
2012/11/27 14:57:15 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	IP Protection started successfully
2012/11/27 14:57:15 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	Starting database refresh
2012/11/27 14:57:15 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	Stopping IP protection
2012/11/27 14:57:16 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	IP Protection stopped successfully
2012/11/27 14:57:20 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	Database refreshed successfully
2012/11/27 14:57:20 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	Starting IP protection
2012/11/27 14:57:28 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	IP Protection started successfully
2012/11/27 17:36:24 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	Starting protection
2012/11/27 17:36:24 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	Protection started successfully
2012/11/27 17:36:24 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	Starting IP protection
2012/11/27 17:36:31 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	IP Protection started successfully
2012/11/27 19:21:22 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	Starting protection
2012/11/27 19:21:23 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	Protection started successfully
2012/11/27 19:21:23 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	Starting IP protection
2012/11/27 19:21:32 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	IP Protection started successfully
2012/11/28 08:05:17 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	Starting protection
2012/11/28 08:05:17 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	Protection started successfully
2012/11/28 08:05:17 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	Starting IP protection
2012/11/28 08:05:29 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	IP Protection started successfully
2012/11/28 14:25:31 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	Executing scheduled update:  Daily
2012/11/28 14:25:37 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	Starting protection
2012/11/28 14:25:37 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	Protection started successfully
2012/11/28 14:25:37 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	Starting IP protection
2012/11/28 14:25:57 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	IP Protection started successfully
2012/11/28 14:26:15 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	Starting database refresh
2012/11/28 14:26:15 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.11.27.04 to version v2012.11.28.05
2012/11/28 14:26:15 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	Stopping IP protection
2012/11/28 14:26:15 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	IP Protection stopped successfully
2012/11/28 14:26:19 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	Database refreshed successfully
2012/11/28 14:26:19 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	Starting IP protection
2012/11/28 14:26:26 +0100	DENISE-JÜRGENPC	Denise	MESSAGE	IP Protection started successfully
         
nun von OTL die logdaten:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.11.2012 15:09:42 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Denise\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,51 Gb Available Physical Memory | 25,69% Memory free
4,21 Gb Paging File | 2,52 Gb Available in Paging File | 59,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,00 Gb Total Space | 30,59 Gb Free Space | 25,70% Space Free | Partition Type: NTFS
Drive D: | 30,04 Gb Total Space | 4,12 Gb Free Space | 13,70% Space Free | Partition Type: FAT32
Drive F: | 7,45 Gb Total Space | 7,10 Gb Free Space | 95,25% Space Free | Partition Type: FAT32
 
Computer Name: DENISE-JÜRGENPC | User Name: Denise | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19080638-8C48-47BD-87C1-9EF02369AD25}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{704EFA8B-BE03-4760-904B-6D4A4714D187}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{C058F94E-17F9-4522-B98C-8AB43C6E36C9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{C8CD4EF4-DC0A-4BBE-95FD-9F3A1A244D80}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CE7EE7DF-391D-4DC8-B23B-12C642359BF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{E14A8239-3D3F-49AF-8AA9-2040F13E3B93}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{E8A1D415-5B49-4DE7-9C9C-C912CD263B1C}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BEAB8D-9F8D-4FFD-841B-E479554CC438}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | 
"{075016DB-4E8F-4F4F-B0DB-F69F0FC6E047}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{1CD78567-1F75-495D-B99B-140E7BC26801}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{2CB38845-212D-40F7-A8A3-997011EEB275}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | 
"{31AAA460-ED14-485B-B7AB-1CAA18F52040}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | 
"{3D19BC9F-2CAF-4FA7-8C31-0C259062218E}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{3D74EECD-B8D7-4AAE-B6CC-B3A4C3C3B102}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{4736BDE5-5862-4725-996B-E47F86BA5C04}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{4B3999FA-24F8-4EE8-A054-9867D9D1A8F9}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe | 
"{4E836FA6-7802-499B-ACEC-57F9E67B07E3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{52C89931-E481-4AF1-A8FA-F9D3D0383088}" = protocol=6 | dir=out | app=system | 
"{5EEAF428-8CBE-4515-AC6F-182F58FBB2B1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{6226A2A8-D83C-45B6-9EED-AE2CD4F16D21}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{67CFF8B0-3C97-48E9-8D36-CDFE9E0E938C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{7201CBB8-9E1B-4EF9-B5AF-4CAA67628D7D}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe | 
"{8F9C88B3-A655-48C0-8564-70D16DA28252}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | 
"{91FDC911-DF89-40FD-B98B-C4206C85E909}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{972FF6A0-34A5-43DF-929B-80F4329E0642}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\radiorecorder.exe | 
"{A28800CC-3053-4DF3-BB82-728B763B2AAE}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{AF0472B4-163F-4B10-8FFF-D9DEEF0377FB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AFFB9506-5687-4E51-A3FC-90D37251245D}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe | 
"{BED0DD59-F9FC-4179-97AC-CBE1FD6905DB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{C5DDC2B1-7689-4CCA-9DD7-958E7651ACE6}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{CC11E569-E948-4540-83EE-093ADACAF20F}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{E2848AEB-4345-405C-A167-A7F8B3A0585D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | 
"{E33B09A0-E877-481B-B835-0F30F07F1D53}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{E3B843D3-A2B2-4801-A0EE-F2CC1BE5EC84}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{E563006E-D037-467F-B771-F1DCF3FE07D1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{EE40C132-9B48-4C2A-B8F1-E128FF8F2ED7}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\radiorecorder.exe | 
"{F467C94C-1E10-4587-BD96-9ED418DF3BCF}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe | 
"{F5A94E66-E3DE-4DFE-B3DC-5E4E556B0DDB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | 
"TCP Query User{0721EEA2-0D77-4969-82B1-B5E02BBD6494}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{C472579B-CEB4-434A-8259-2248988F2CF0}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{DA227161-D47A-46BB-AAC4-E5C3B5C6D47E}C:\program files\concept design\onlinetv 5\onlinetv.exe" = protocol=6 | dir=in | app=c:\program files\concept design\onlinetv 5\onlinetv.exe | 
"TCP Query User{E87C4FFF-BAF6-448F-BC7F-765F24EFDCE4}C:\windows\ehome\ehexthost.exe" = protocol=6 | dir=in | app=c:\windows\ehome\ehexthost.exe | 
"TCP Query User{FC585045-91B0-4175-8FF4-2391E32B2EB2}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{65002842-FC7E-4CBE-9755-E432834A7319}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{70B41F12-C46A-457E-86F5-05C798B066CE}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{7799B9E6-A47A-4001-B64B-05F4F03B34A7}C:\program files\concept design\onlinetv 5\onlinetv.exe" = protocol=17 | dir=in | app=c:\program files\concept design\onlinetv 5\onlinetv.exe | 
"UDP Query User{A6D0F184-A149-4C1D-B83A-885E3F452796}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{D0D8F64F-5A38-4E25-91EB-AA40D629F4ED}C:\windows\ehome\ehexthost.exe" = protocol=17 | dir=in | app=c:\windows\ehome\ehexthost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{14897D5B-E7A5-43C6-AFC4-95C24A0194FF}_is1" = concept/design Hit-Recorder 3
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F0D55F-C386-4195-9A5B-961D3F6ACD46}" = InterVideo MediaOne Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Suyin Live Camera
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43002AE2-4093-49E0-A03D-990EE184C568}" = Lyrics Plugin for Windows Media Player
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61727820-9C0B-42A3-BF08-831A62E466A4}" = Schreiben und Tippen lernen mit der Anlauttabelle 
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D9B4C6B-7879-477A-B5EE-7DF068B91F34}" = PdfGrabber 5.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110261550}" = Shape Solitaire
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A261769-9640-4DB4-B877-3E00C61967F3}_is1" = concept/design onlineTV 5
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = SUYIN webcam
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABEC4C47-2E98-49BF-AF8E-06316B6B2BB9}" = AVG 2012
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3579F43-021F-43D2-A392-C0CAAE2A89DA}" = WinLernen Körpernetze
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 6.2
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCC8E84E-AB61-4EC0-890D-8B553915B3AD}" = TVsweeper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.3.9
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF67AE1A-6B31-4C98-91A9-F195D8702150}" = Google Drive
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1031}" = Nero 7 Essentials
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ALDI Foto Service D" = ALDI Foto Service
"ALDI Nord Foto Manager Free D" = ALDI Nord Foto Manager Free
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice
"ALDI Nord Online Druck Service" = ALDI Nord Online Druck Service 4.6
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"AVG" = AVG 2012
"AVG Secure Search" = AVG Security Toolbar
"AVS Media Player_is1" = AVS Media Player 3.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"BFG-Vergessene Laender - Erste Siedler" = Vergessene L&auml;nder: Erste Siedler ™
"CCleaner" = CCleaner
"Chronicles of Mystery/DE-German_is1" = Das Vermächtnis: Testament of Sin
"ClearProg" = ClearProg 1.5.0 Final
"Committed – Das Geheimnis von Shady Pines_is1" = Committed – Das Geheimnis von Shady Pines
"DWG TrueView 2010" = DWG TrueView 2010
"FileZilla Client" = FileZilla Client 3.3.5
"FormatFactory" = FormatFactory 2.90
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"IrfanView" = IrfanView (remove only)
"LetsTrade" = LetsTrade Komponenten
"LHTTSGED" = L&H TTS3000 Deutsch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MEDION Fotos auf CD Nord D" = MEDION Fotos auf CD Nord 6.0.2.0 (D)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0 (x86 de)" = Mozilla Firefox 17.0 (x86 de)
"NSM" = Norton Family
"RealPlayer 15.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 7" = TeamViewer 7
"Tobit ClipInc Server" = WDR RadioRecorder
"Totalcmd" = Total Commander (Remove or Repair)
"TuneUp Utilities" = TuneUp Utilities
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.7
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"Yahoo! Messenger" = Yahoo! Messenger
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.11.2012 18:14:13 | Computer Name = Denise-JürgenPC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 18.11.2012 18:14:13 | Computer Name = Denise-JürgenPC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 18.11.2012 18:14:13 | Computer Name = Denise-JürgenPC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 18.11.2012 18:14:13 | Computer Name = Denise-JürgenPC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 18.11.2012 18:14:13 | Computer Name = Denise-JürgenPC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 18.11.2012 18:14:13 | Computer Name = Denise-JürgenPC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 18.11.2012 18:14:13 | Computer Name = Denise-JürgenPC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 18.11.2012 18:14:13 | Computer Name = Denise-JürgenPC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 18.11.2012 18:14:13 | Computer Name = Denise-JürgenPC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 18.11.2012 18:14:14 | Computer Name = Denise-JürgenPC | Source = Windows Search Service | ID = 3013
Description = 
 
[ Media Center Events ]
Error - 17.04.2008 17:49:12 | Computer Name = Denise-JürgenPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
 gescheitert.
 
[ System Events ]
Error - 15.11.2012 01:59:23 | Computer Name = Denise-JürgenPC | Source = DCOM | ID = 10016
Description = 
 
Error - 15.11.2012 01:59:31 | Computer Name = Denise-JürgenPC | Source = DCOM | ID = 10016
Description = 
 
Error - 15.11.2012 02:00:32 | Computer Name = Denise-JürgenPC | Source = DCOM | ID = 10016
Description = 
 
Error - 15.11.2012 02:00:40 | Computer Name = Denise-JürgenPC | Source = DCOM | ID = 10016
Description = 
 
Error - 17.11.2012 06:24:10 | Computer Name = Denise-JürgenPC | Source = DCOM | ID = 10005
Description = 
 
Error - 17.11.2012 06:28:38 | Computer Name = Denise-JürgenPC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 17.11.2012 06:28:39 | Computer Name = Denise-JürgenPC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 17.11.2012 06:28:39 | Computer Name = Denise-JürgenPC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 17.11.2012 06:35:55 | Computer Name = Denise-JürgenPC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 20.11.2012 15:13:23 | Computer Name = Denise-JürgenPC | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.11.2012 15:09:42 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Denise\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,51 Gb Available Physical Memory | 25,69% Memory free
4,21 Gb Paging File | 2,52 Gb Available in Paging File | 59,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,00 Gb Total Space | 30,59 Gb Free Space | 25,70% Space Free | Partition Type: NTFS
Drive D: | 30,04 Gb Total Space | 4,12 Gb Free Space | 13,70% Space Free | Partition Type: FAT32
Drive F: | 7,45 Gb Total Space | 7,10 Gb Free Space | 95,25% Space Free | Partition Type: FAT32
 
Computer Name: DENISE-JÜRGENPC | User Name: Denise | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Denise\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\AVG Secure Search\vprot.exe ()
PRC - C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Norton Family\Engine\2.6.0.52\ccsvchst.exe (Symantec Corporation)
PRC - C:\Programme\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
PRC - C:\Programme\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation)
PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH)
PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\AVG Secure Search\vprot.exe ()
MOD - C:\Programme\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll ()
MOD - C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (vToolbarUpdater13.2.0) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (NSM) -- C:\Program Files\Norton Family\Engine\2.6.0.52\ccSvcHst.exe (Symantec Corporation)
SRV - (AVGIDSAgent) -- C:\Programme\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avgfws) -- C:\Programme\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (avgwd) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (ClipInc001) -- C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (WisLMSvc) -- C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (mailKmd) --  File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (ccSet_NSM) -- C:\Windows\System32\drivers\NSM\0206000.034\ccsetx86.sys (Symantec Corporation)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}) -- C:\Windows\System32\drivers\NSM\0206000.034\symrdr.sys (Symantec Corporation)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation                           )
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.windowslive.de/startseite.aspx
IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.msn.de/ [binary data]
IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de/
IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 7B 82 CA 63 D4 CB 01  [binary data]
IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLJ_de
IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={42DBA148-8D55-4D91-A7C5-A4F49F5CF8C2}&mid=1ba64ddc0bec47d1b6c5d15f9567fafc-91b532326ad25d70d2501b7f6309cd58319b5e48&lang=en&ds=or011&pr=fr&d=2012-09-07 22:58:59&v=12.2.0.5&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\SearchScopes\{E3FCDD0E-5495-4FB5-B232-A90628C3FEA9}: "URL" = https://ixquick.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=deutsch
IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\SearchScopes\Live Search: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&mkt=de-DE&FORM=MICGEP
IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.9
FF - prefs.js..extensions.enabledAddons: %7Bd10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d%7D:2.0.3
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B0153E448-190B-4987-BDE1-F256CADA672F%7D:15.0.6
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7B6D5C8FC4-DE46-41bf-9092-93F0F78E9115%7D:2.6.0.52
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.09.11 18:23:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.09.24 15:22:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.43\coFFFw\ [2012.11.27 14:27:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.22 23:21:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.22 23:21:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter
 
[2011.07.04 16:59:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denise\AppData\Roaming\mozilla\Extensions
[2012.05.17 11:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denise\AppData\Roaming\mozilla\Firefox\Profiles\xmour6lv.default\extensions
[2012.05.17 11:44:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Denise\AppData\Roaming\mozilla\Firefox\Profiles\xmour6lv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.04.30 14:19:55 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\Denise\AppData\Roaming\mozilla\firefox\profiles\xmour6lv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.25 12:43:18 | 000,001,610 | ---- | M] () -- C:\Users\Denise\AppData\Roaming\mozilla\firefox\profiles\xmour6lv.default\searchplugins\ixquick-https---deutsch.xml
[2012.02.15 18:03:18 | 000,002,422 | ---- | M] () -- C:\Users\Denise\AppData\Roaming\mozilla\firefox\profiles\xmour6lv.default\searchplugins\s-amazon-byskipity-de.xml
[2012.01.19 13:38:59 | 000,002,135 | ---- | M] () -- C:\Users\Denise\AppData\Roaming\mozilla\firefox\profiles\xmour6lv.default\searchplugins\s-amazon-de.xml
[2012.11.23 15:58:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.30 13:32:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.11.23 15:58:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.11.23 15:58:43 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.11.27 14:27:17 | 000,000,000 | ---D | M] (Norton Family) -- C:\PROGRAMDATA\NORTON\{78CA3BF0-9C3B-40E1-B46D-38C877EF059A}\NSM_2.6.0.43\COFFFW
[2012.09.24 15:22:19 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2009.09.01 16:10:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.11.20 22:55:20 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.24 15:21:42 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012.06.27 06:22:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.08 14:03:01 | 000,003,573 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.09.23 19:52:54 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.27 06:22:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.27 06:22:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.27 06:22:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.27 06:22:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
CHR - Extension: AVG Secure Search = C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgpjclefcppbhifgmbncakhhphkggdb\12.2.0.5_0\
CHR - Extension: YouTube = C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Safe Search = C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: AVG Do Not Track = C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Google Mail = C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.02.17 13:21:52 | 000,292,116 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 10059 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Norton Family BHO) - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Programme\Norton Family\Engine\2.6.0.52\coieplg.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0
O7 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{310825A3-322D-4107-AFC5-1E187FC18390}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Denise\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Denise\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5bdb9506-3e7a-11e0-be0a-0016d383130f}\Shell - "" = AutoRun
O33 - MountPoints2\{5bdb9506-3e7a-11e0-be0a-0016d383130f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{eff206c9-7c52-11de-9825-806e6f6e6963}\Shell\AutoRun\command - "" = F:\VLCPortable.bat
O33 - MountPoints2\{fe469e65-5fb5-11dc-8a00-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fe469e65-5fb5-11dc-8a00-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.27 14:56:45 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.11.27 14:56:45 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Roaming\Malwarebytes
[2012.11.27 14:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.27 14:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.27 14:55:50 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.27 14:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.26 22:04:27 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{6A526607-F3B6-402D-AA23-26134FF18592}
[2012.11.25 23:23:10 | 000,202,144 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NSM\0206000.034\symrdr.sys
[2012.11.25 23:23:09 | 000,134,304 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NSM\0206000.034\ccsetx86.sys
[2012.11.25 23:23:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSM\0206000.034
[2012.11.25 23:10:55 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{99EE0528-90C8-4427-8AA5-2E71AF03D139}
[2012.11.25 10:43:02 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{3CAE899F-CF32-475D-A283-A46948E11563}
[2012.11.24 10:56:07 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.11.24 10:56:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.11.23 17:50:28 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.11.23 17:49:43 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.11.23 17:49:43 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.11.23 17:49:43 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.11.23 17:14:09 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{1BA53757-F880-4557-88B6-489BF1116B34}
[2012.11.22 23:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012.11.22 23:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.11.22 22:19:26 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{5201D3EE-30A2-4463-82D6-8D0A951F1B9E}
[2012.11.21 16:05:09 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{374F8F64-6E2B-4DEF-8480-3983EAA63A36}
[2012.11.20 17:52:07 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2012.11.20 17:52:07 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012.11.20 17:49:20 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2012.11.20 17:49:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities
[2012.11.20 17:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010
[2012.11.20 16:43:28 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{41E519CC-5C45-4CBE-A95D-686DA58A944C}
[2012.11.19 18:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugazo
[2012.11.19 18:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Committed – Das Geheimnis von Shady Pines
[2012.11.19 18:32:20 | 000,000,000 | ---D | C] -- C:\Program Files\astragon
[2012.11.18 16:00:35 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{F09D83D0-748C-4A4A-A2E6-1744C5FCD45A}
[2012.11.17 15:20:51 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{DD27ABA4-FBF3-452A-8AD4-950DAB954601}
[2012.11.17 11:26:14 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.11.17 11:26:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.11.17 11:26:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.11.17 11:26:11 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.11.17 11:26:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.11.17 11:26:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.11.16 14:35:17 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.11.16 14:26:39 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.16 14:13:31 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{8868A5E0-F1D7-42F1-98B6-24F8073FF108}
[2012.11.15 16:08:14 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{C2624663-A705-4982-AFBB-25BE6585FFBB}
[2012.11.14 15:00:04 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{67AF8C00-A5E3-4D9D-A9FE-B9D64C7C3CAC}
[2012.11.13 13:28:10 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{0D11F6CB-A810-4813-B972-BA8E3A341BE4}
[2012.11.12 18:23:29 | 000,142,496 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012.11.12 18:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012.11.12 18:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012.11.12 18:23:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSM
[2012.11.12 18:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Family
[2012.11.12 18:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Family
[2012.11.12 18:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012.11.12 17:53:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012.11.12 17:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012.11.12 14:06:53 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{0A39610F-F3CA-4880-97C3-3B5D07A96B5E}
[2012.11.11 23:00:16 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{3DD1B218-94BD-4116-B1D9-48D8F30853EF}
[2012.11.10 14:16:10 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{8DFBE69C-3E0C-48CF-909C-25BCF0765882}
[2012.11.09 17:08:45 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{B98A27C4-3D17-4346-84A3-D478BF5CA972}
[2012.11.08 17:06:03 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{C3ED5C37-F433-492A-97B7-91A8177F646E}
[2012.11.07 18:49:51 | 000,000,000 | ---D | C] -- C:\Users\Denise\Documents\FormatFactory
[2012.11.07 15:41:27 | 000,000,000 | ---D | C] -- C:\Users\Denise\Filme
[2012.11.07 15:37:51 | 000,000,000 | ---D | C] -- C:\Users\Denise\Documents\FFOutput
[2012.11.07 15:16:38 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{F7E49BEA-E4C9-4D3B-8DD3-225546950404}
[2012.11.06 22:47:16 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{E5458238-46C6-4FE5-9D04-E424257F91BA}
[2012.10.31 18:02:48 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{142169DB-546F-4F6D-92A6-9477E7469F3A}
[2012.10.30 18:47:30 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{CE7596DD-85E8-43B3-B9D9-775F52F07731}
[2012.10.29 19:43:24 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{42BE08CF-83D5-4E01-93A4-1C702B4B0744}
[2012.10.29 01:57:20 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{86E3BECD-7468-4BC4-83EB-2AF672A45926}
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.27 14:57:17 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.11.27 14:55:53 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.27 14:33:39 | 000,000,680 | RHS- | M] () -- C:\Users\Denise\ntuser.pol
[2012.11.27 14:31:15 | 000,641,942 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.27 14:31:15 | 000,607,500 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.27 14:31:15 | 000,132,646 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.27 14:31:15 | 000,109,534 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.27 14:26:56 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.27 14:26:55 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.27 14:26:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.27 09:28:48 | 101,384,767 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.11.26 19:07:20 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.11.25 12:34:22 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NSM\0206000.034\isolate.ini
[2012.11.23 17:49:30 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.11.23 17:49:13 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.11.23 17:49:13 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.11.23 17:49:09 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.11.23 17:49:01 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.11.23 16:40:15 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.11.20 17:52:02 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.11.20 17:52:02 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2012.11.19 21:21:12 | 000,658,291 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012.11.19 18:33:09 | 000,001,206 | ---- | M] () -- C:\Users\Denise\Desktop\Committed – Das Geheimnis von Shady Pines.lnk
[2012.11.17 12:04:43 | 000,501,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.12 18:23:29 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012.11.12 18:23:29 | 000,007,446 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012.11.12 18:23:29 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012.11.08 14:02:57 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012.11.07 15:37:39 | 000,078,336 | ---- | M] () -- C:\Users\Denise\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.07 09:23:33 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.07 06:51:56 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.11.07 06:51:56 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.11.03 10:40:20 | 000,629,730 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.27 14:55:53 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.25 23:23:10 | 000,007,601 | R--- | C] () -- C:\Windows\System32\drivers\NSM\0206000.034\symrdr.cat
[2012.11.25 23:23:10 | 000,001,455 | R--- | C] () -- C:\Windows\System32\drivers\NSM\0206000.034\symrdr.inf
[2012.11.25 23:23:09 | 000,007,611 | R--- | C] () -- C:\Windows\System32\drivers\NSM\0206000.034\ccsetx86.cat
[2012.11.25 23:23:09 | 000,000,828 | R--- | C] () -- C:\Windows\System32\drivers\NSM\0206000.034\ccsetx86.inf
[2012.11.25 23:23:03 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSM\0206000.034\isolate.ini
[2012.11.20 17:49:08 | 000,001,871 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.11.20 17:49:08 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2012.11.20 17:49:06 | 000,001,869 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities.lnk
[2012.11.19 18:33:09 | 000,001,206 | ---- | C] () -- C:\Users\Denise\Desktop\Committed – Das Geheimnis von Shady Pines.lnk
[2012.11.12 18:23:29 | 000,007,446 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012.11.12 18:23:29 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.11.06 09:18:40 | 000,000,000 | ---- | C] () -- C:\Users\Denise\AppData\Local\{71897A78-F9E8-4B86-8741-8A13688EB115}
[2011.02.16 15:56:19 | 000,042,747 | ---- | C] () -- C:\Users\Denise\Scannen0001.jpg
[2010.12.11 14:04:17 | 000,004,096 | -H-- | C] () -- C:\Users\Denise\AppData\Local\keyfile3.drm
[2010.11.17 21:39:16 | 001,734,144 | ---- | C] () -- C:\Users\Denise\SK_Fasching.pps
[2010.10.19 18:13:22 | 000,000,552 | ---- | C] () -- C:\Users\Denise\AppData\Local\d3d8caps.dat
[2010.09.12 14:19:57 | 124,354,560 | ---- | C] () -- C:\Users\Denise\Die Känguruh-Chroniken Teil 2.mp3
[2010.09.12 14:19:47 | 104,674,560 | ---- | C] () -- C:\Users\Denise\Die Känguruh-Chroniken Teil 1.mp3
[2010.09.12 14:19:45 | 023,226,240 | ---- | C] () -- C:\Users\Denise\Die Känguruh-Chroniken Zugabe.mp3
[2010.08.05 16:32:49 | 000,145,697 | -H-- | C] () -- C:\Users\Denise\Cache.mxc3
[2009.12.12 23:38:48 | 000,024,375 | ---- | C] () -- C:\Users\Denise\AppData\Roaming\mdbu.bin
[2009.09.30 16:27:31 | 001,290,240 | ---- | C] () -- C:\Users\Denise\Zuma.exe
[2009.09.03 23:26:31 | 000,000,051 | ---- | C] () -- C:\Users\Denise\AppData\Roaming\AVSMediaPlayer.m3u
[2009.01.13 16:09:50 | 000,000,680 | ---- | C] () -- C:\Users\Denise\AppData\Local\d3d9caps.dat
[2009.01.06 15:15:34 | 000,693,765 | ---- | C] () -- C:\Users\Denise\AppData\Roaming\unins000.exe
[2009.01.06 15:15:34 | 000,013,615 | ---- | C] () -- C:\Users\Denise\AppData\Roaming\unins000.dat
[2008.03.03 20:11:18 | 000,000,094 | ---- | C] () -- C:\Users\Denise\AppData\Local\fusioncache.dat
[2008.01.11 22:47:39 | 000,000,680 | RHS- | C] () -- C:\Users\Denise\ntuser.pol
[2007.11.14 11:41:24 | 000,256,000 | ---- | C] () -- C:\Users\Denise\DieFrau.pps
[2007.11.03 18:51:55 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.10.04 10:23:12 | 000,078,336 | ---- | C] () -- C:\Users\Denise\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.09.12 08:33:49 | 000,007,458 | ---- | C] () -- C:\Users\Denise\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.12.02 18:24:34 | 000,000,000 | ---D | M] -- C:\Users\Celine\AppData\Roaming\AVG2012
[2011.02.25 15:49:00 | 000,000,000 | ---D | M] -- C:\Users\Celine\AppData\Roaming\FirstColony
[2011.11.16 12:58:33 | 000,000,000 | ---D | M] -- C:\Users\Celine\AppData\Roaming\Mp3tag
[2012.03.22 19:49:10 | 000,000,000 | ---D | M] -- C:\Users\Celine\AppData\Roaming\TuneUp Software
[2010.03.12 22:55:58 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Autodesk
[2011.11.24 20:02:14 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\AVG
[2011.11.23 14:27:48 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\AVG2012
[2009.10.15 20:09:09 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\bhv-Edu
[2008.12.30 12:34:20 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\bhv4Kids
[2010.08.03 10:00:13 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\CheckPoint
[2009.01.01 20:31:01 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Chromeflower
[2010.05.16 11:08:48 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\CocoonSoftware
[2010.02.12 14:57:13 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\concept design
[2009.01.01 20:30:45 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\CrystalSpace
[2011.11.19 15:24:38 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\DVDVideoSoft
[2011.11.23 17:00:02 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.05.16 13:38:44 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Engelmann Media
[2010.11.03 21:13:43 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\ERS G-Studio
[2011.10.09 11:31:41 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\FileZilla
[2010.12.25 21:12:12 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\FirstColony
[2010.11.04 14:07:42 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Flood Light Games
[2009.11.17 16:41:06 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\gbrainy
[2007.10.26 19:47:24 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\GHISLER
[2007.11.16 13:02:00 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\InterVideo
[2010.10.25 18:05:17 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\KIDDINX
[2009.12.12 23:19:41 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\MAGIX
[2012.06.05 20:02:24 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\OpenOffice.org
[2012.09.07 22:00:41 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Participatory Culture Foundation
[2008.11.26 15:52:03 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\PixelPlanet
[2009.08.26 09:24:20 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Schreibwerkstatt
[2007.09.12 14:38:19 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Sonavis
[2012.05.15 15:41:54 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\TeamViewer
[2009.02.16 13:29:19 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Template
[2011.11.19 13:01:30 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Tobit
[2012.11.20 17:48:44 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\TuneUp Software
[2012.11.19 00:10:34 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\TVcentral-Core
[2007.09.10 19:15:35 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Ulead Systems
[2012.05.19 00:26:30 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Windows Live Writer
[2008.09.10 16:04:11 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Windows-Optimierer
[2011.06.04 21:54:04 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\xVideoServiceThief
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 889 bytes -> C:\Users\Denise\Documents\AW_ Ersatzteilbestellung Kundennr_ 13820973.eml:OECustomProperty
@Alternate Data Stream - 526 bytes -> C:\Users\Denise\Documents\Robert mail wkw.eml:OECustomProperty
@Alternate Data Stream - 526 bytes -> C:\Users\Denise\Documents\Email von Robert.eml:OECustomProperty
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:2A8A3140
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:4F8BECB9
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:6BF0805F
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:25249477
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:B268A25C
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:E32966C0

< End of report >
         
--- --- ---

So, jetzt habe ich hoffentlich alles soweit richtig gemacht.
Übrigens: auch wenn es mal 4 Tage dauern sollte... ich bin froh, geholfen zu bekommen. Das darf dann auch mal etwas Zeit in Anspruch nehmen. Bisher konnte man mir nie helfen. Ich half mir immer selbst
Einen schönen Abend noch
Densi
__________________

Alt 29.11.2012, 10:50   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Firewall wird immer wieder unbemerkt deaktiviert - Standard

Windows Firewall wird immer wieder unbemerkt deaktiviert



Code:
ATTFilter
PRC - C:\Programme\Norton Family\Engine\2.6.0.52\ccsvchst.exe (Symantec Corporation)
PRC - C:\Programme\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
         
Warum übertreibt ihr das mit den Virenscannern?!
Mehr als einer ist kontraproduktiv, verwende entweder AVG oder Norton (oder einen anderen deinerWahl wie zB Avast oder MSE) aber nicht beides oder noch mehr von denen gleichzeitig
Zu einem Virenscanner kannst du noch Malwarebytes Free verwenden
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.11.2012, 13:02   #5
Densi
 
Windows Firewall wird immer wieder unbemerkt deaktiviert - Standard

Windows Firewall wird immer wieder unbemerkt deaktiviert



Hallo
das hängt damit zusammen, dass meine Tochter Norton drauf hat und dieses Norton Family lediglich der Kinderschutz ist. Der läuft nicht als Virenscanner, sondern ist eine reine Kinderschutzsoftware von Norton. Das eigentliche Norton ist nur auf ihrem Rechner installiert.

LG
Densi


Alt 29.11.2012, 13:44   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Firewall wird immer wieder unbemerkt deaktiviert - Standard

Windows Firewall wird immer wieder unbemerkt deaktiviert



OK, ich hab es als weiteren Virenscanner interpretiert

Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus.

aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
--> Windows Firewall wird immer wieder unbemerkt deaktiviert

Alt 29.11.2012, 15:29   #7
Densi
 
Windows Firewall wird immer wieder unbemerkt deaktiviert - Standard

Windows Firewall wird immer wieder unbemerkt deaktiviert



also mit GMR hat sich der Rechner richtig aufgehängt. Erst ist das Programm abgestürzt und beim zweiten Mal hat er sich dann aufgebaumelt und ich musste den Strom kappen, um überhaupt wieder was machenzu können.

hier nun den anderen log:
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-29 15:10:37
-----------------------------
15:10:37.914    OS Version: Windows 6.0.6002 Service Pack 2
15:10:37.914    Number of processors: 2 586 0xE0C
15:10:37.914    ComputerName: DENISE-JÜRGENPC  UserName: Denise
15:10:41.377    Initialize success
15:10:51.589    AVAST engine download error: 0
15:11:02.415    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:11:02.415    Disk 0 Vendor: WDC_WD16 04.0 Size: 152627MB BusType: 3
15:11:02.477    Disk 0 MBR read successfully
15:11:02.477    Disk 0 MBR scan
15:11:02.493    Disk 0 Windows VISTA default MBR code
15:11:02.493    Disk 0 Partition - 00     0F Extended LBA             30772 MB offset 249553710
15:11:02.493    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       121852 MB offset 63
15:11:02.524    Disk 0 Partition 2 00     0B        FAT32 MSWIN4.1    30772 MB offset 249553773
15:11:02.524    Disk 0 scanning sectors +312576705
15:11:02.680    Disk 0 scanning C:\Windows\system32\drivers
15:11:14.723    Service scanning
15:11:36.626    Modules scanning
15:12:04.550    Disk 0 trace - called modules:
15:12:04.581    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 
15:12:04.581    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d1a390]
15:12:04.581    3 CLASSPNP.SYS[88dba8b3] -> nt!IofCallDriver -> [0x859ee7a8]
15:12:04.597    5 acpi.sys[836446bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x859f4030]
15:12:04.597    Scan finished successfully
15:12:57.272    Disk 0 MBR has been saved successfully to "C:\Users\Denise\MBR.dat"
15:12:57.288    The log file has been saved successfully to "C:\Users\Denise\aswMBR.txt"
         
liebe Grüße
Densi

Alt 29.11.2012, 15:40   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Firewall wird immer wieder unbemerkt deaktiviert - Standard

Windows Firewall wird immer wieder unbemerkt deaktiviert



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.11.2012, 16:54   #9
Densi
 
Windows Firewall wird immer wieder unbemerkt deaktiviert - Standard

Windows Firewall wird immer wieder unbemerkt deaktiviert



dank dem Tipp, wo ich die log finde:
Code:
ATTFilter
16:46:56.0197 2668  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:46:56.0291 2668  ============================================================
16:46:56.0291 2668  Current date / time: 2012/11/29 16:46:56.0291
16:46:56.0291 2668  SystemInfo:
16:46:56.0291 2668  
16:46:56.0291 2668  OS Version: 6.0.6002 ServicePack: 2.0
16:46:56.0291 2668  Product type: Workstation
16:46:56.0291 2668  ComputerName: DENISE-JÜRGENPC
16:46:56.0291 2668  UserName: Denise
16:46:56.0291 2668  Windows directory: C:\Windows
16:46:56.0291 2668  System windows directory: C:\Windows
16:46:56.0291 2668  Processor architecture: Intel x86
16:46:56.0291 2668  Number of processors: 2
16:46:56.0291 2668  Page size: 0x1000
16:46:56.0291 2668  Boot type: Normal boot
16:46:56.0291 2668  ============================================================
16:46:56.0946 2668  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:46:56.0946 2668  ============================================================
16:46:56.0946 2668  \Device\Harddisk0\DR0:
16:46:56.0946 2668  MBR partitions:
16:46:56.0977 2668  \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0xEDFE36D, BlocksNum 0x3C1A754
16:46:56.0977 2668  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xEDFE2EF
16:46:56.0977 2668  ============================================================
16:46:57.0009 2668  C: <-> \Device\Harddisk0\DR0\Partition2
16:46:57.0024 2668  D: <-> \Device\Harddisk0\DR0\Partition1
16:46:57.0024 2668  ============================================================
16:46:57.0024 2668  Initialize success
16:46:57.0024 2668  ============================================================
16:47:12.0156 1640  ============================================================
16:47:12.0156 1640  Scan started
16:47:12.0156 1640  Mode: Manual; SigCheck; TDLFS; 
16:47:12.0156 1640  ============================================================
16:47:12.0390 1640  ================ Scan system memory ========================
16:47:12.0390 1640  System memory - ok
16:47:12.0390 1640  ================ Scan services =============================
16:47:12.0624 1640  [ 4E5451DD0AEC8504D7F8030DD2D4C416 ] ACEDRV07        C:\Windows\system32\drivers\ACEDRV07.sys
16:47:12.0765 1640  ACEDRV07 ( UnsignedFile.Multi.Generic ) - warning
16:47:12.0765 1640  ACEDRV07 - detected UnsignedFile.Multi.Generic (1)
16:47:12.0827 1640  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
16:47:12.0921 1640  ACPI - ok
16:47:13.0030 1640  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:47:13.0045 1640  AdobeARMservice - ok
16:47:13.0201 1640  [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:47:13.0217 1640  AdobeFlashPlayerUpdateSvc - ok
16:47:13.0311 1640  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:47:13.0357 1640  adp94xx - ok
16:47:13.0389 1640  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:47:13.0420 1640  adpahci - ok
16:47:13.0451 1640  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
16:47:13.0467 1640  adpu160m - ok
16:47:13.0529 1640  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:47:13.0545 1640  adpu320 - ok
16:47:13.0591 1640  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:47:13.0638 1640  AeLookupSvc - ok
16:47:13.0716 1640  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
16:47:13.0779 1640  AFD - ok
16:47:13.0825 1640  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
16:47:13.0841 1640  aic78xx - ok
16:47:13.0903 1640  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
16:47:13.0950 1640  ALG - ok
16:47:14.0013 1640  [ 496EDA16A127AC9A38BB285BEF17DBB5 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:47:14.0028 1640  aliide - ok
16:47:14.0106 1640  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
16:47:14.0122 1640  amdagp - ok
16:47:14.0169 1640  [ 6F65F4147C54398D7280B18CEBBED215 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:47:14.0184 1640  amdide - ok
16:47:14.0231 1640  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
16:47:14.0434 1640  AmdK7 - ok
16:47:14.0449 1640  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
16:47:14.0527 1640  AmdK8 - ok
16:47:14.0590 1640  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
16:47:14.0652 1640  Appinfo - ok
16:47:14.0668 1640  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
16:47:14.0683 1640  arc - ok
16:47:14.0730 1640  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:47:14.0746 1640  arcsas - ok
16:47:14.0808 1640  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:47:14.0855 1640  AsyncMac - ok
16:47:14.0902 1640  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
16:47:14.0917 1640  atapi - ok
16:47:14.0980 1640  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:47:15.0027 1640  AudioEndpointBuilder - ok
16:47:15.0042 1640  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:47:15.0073 1640  Audiosrv - ok
16:47:15.0120 1640  [ C46BA2C177DF0B84F9C0BFC1E4574DC7 ] Avgfwfd         C:\Windows\system32\DRIVERS\avgfwd6x.sys
16:47:15.0136 1640  Avgfwfd - ok
16:47:15.0292 1640  [ BD5D11CEDBCDE4FA97D2387E7069B1FF ] avgfws          C:\Program Files\AVG\AVG2012\avgfws.exe
16:47:15.0463 1640  avgfws - ok
16:47:15.0651 1640  [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent     C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
16:47:16.0009 1640  AVGIDSAgent - ok
16:47:16.0056 1640  [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdriverx.sys
16:47:16.0072 1640  AVGIDSDriver - ok
16:47:16.0103 1640  [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter    C:\Windows\system32\DRIVERS\avgidsfilterx.sys
16:47:16.0119 1640  AVGIDSFilter - ok
16:47:16.0165 1640  [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX        C:\Windows\system32\DRIVERS\avgidshx.sys
16:47:16.0197 1640  AVGIDSHX - ok
16:47:16.0243 1640  [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim      C:\Windows\system32\DRIVERS\avgidsshimx.sys
16:47:16.0259 1640  AVGIDSShim - ok
16:47:16.0306 1640  [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86        C:\Windows\system32\DRIVERS\avgldx86.sys
16:47:16.0337 1640  Avgldx86 - ok
16:47:16.0368 1640  [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86        C:\Windows\system32\DRIVERS\avgmfx86.sys
16:47:16.0384 1640  Avgmfx86 - ok
16:47:16.0415 1640  [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86        C:\Windows\system32\DRIVERS\avgrkx86.sys
16:47:16.0431 1640  Avgrkx86 - ok
16:47:16.0462 1640  [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix         C:\Windows\system32\DRIVERS\avgtdix.sys
16:47:16.0477 1640  Avgtdix - ok
16:47:16.0524 1640  [ 57D83B82117C2DDB9D7E9AEA691CEDFC ] avgtp           C:\Windows\system32\drivers\avgtpx86.sys
16:47:16.0540 1640  avgtp - ok
16:47:16.0571 1640  [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd           C:\Program Files\AVG\AVG2012\avgwdsvc.exe
16:47:16.0602 1640  avgwd - ok
16:47:16.0649 1640  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:47:16.0696 1640  Beep - ok
16:47:16.0774 1640  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
16:47:16.0821 1640  BFE - ok
16:47:16.0899 1640  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
16:47:17.0023 1640  BITS - ok
16:47:17.0039 1640  blbdrive - ok
16:47:17.0117 1640  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:47:17.0133 1640  bowser - ok
16:47:17.0179 1640  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
16:47:17.0226 1640  BrFiltLo - ok
16:47:17.0242 1640  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
16:47:17.0304 1640  BrFiltUp - ok
16:47:17.0335 1640  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
16:47:17.0382 1640  Browser - ok
16:47:17.0413 1640  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
16:47:17.0460 1640  Brserid - ok
16:47:17.0491 1640  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
16:47:17.0569 1640  BrSerWdm - ok
16:47:17.0585 1640  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
16:47:17.0663 1640  BrUsbMdm - ok
16:47:17.0679 1640  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
16:47:17.0741 1640  BrUsbSer - ok
16:47:17.0772 1640  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
16:47:17.0850 1640  BTHMODEM - ok
16:47:17.0959 1640  [ 41CD31307E054F878EA3FD7F7D2C2922 ] ccSet_NSM       C:\Windows\system32\drivers\NSM\0206000.034\ccSetx86.sys
16:47:17.0975 1640  ccSet_NSM - ok
16:47:18.0037 1640  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:47:18.0100 1640  cdfs - ok
16:47:18.0131 1640  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:47:18.0178 1640  cdrom - ok
16:47:18.0256 1640  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:47:18.0303 1640  CertPropSvc - ok
16:47:18.0349 1640  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
16:47:18.0412 1640  circlass - ok
16:47:18.0459 1640  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
16:47:18.0490 1640  CLFS - ok
16:47:18.0552 1640  ClipInc001 - ok
16:47:18.0630 1640  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:47:18.0646 1640  clr_optimization_v2.0.50727_32 - ok
16:47:18.0786 1640  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:47:18.0802 1640  clr_optimization_v4.0.30319_32 - ok
16:47:18.0849 1640  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:47:18.0911 1640  CmBatt - ok
16:47:18.0942 1640  [ 59172A0724F2AB769F31D61B0571D75B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:47:18.0958 1640  cmdide - ok
16:47:18.0989 1640  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:47:19.0005 1640  Compbatt - ok
16:47:19.0005 1640  COMSysApp - ok
16:47:19.0051 1640  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
16:47:19.0067 1640  crcdisk - ok
16:47:19.0098 1640  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
16:47:19.0161 1640  Crusoe - ok
16:47:19.0223 1640  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:47:19.0270 1640  CryptSvc - ok
16:47:19.0332 1640  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:47:19.0395 1640  DcomLaunch - ok
16:47:19.0457 1640  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:47:19.0504 1640  DfsC - ok
16:47:19.0644 1640  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
16:47:19.0847 1640  DFSR - ok
16:47:19.0909 1640  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
16:47:19.0956 1640  Dhcp - ok
16:47:20.0003 1640  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
16:47:20.0019 1640  disk - ok
16:47:20.0081 1640  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:47:20.0143 1640  Dnscache - ok
16:47:20.0190 1640  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:47:20.0237 1640  dot3svc - ok
16:47:20.0284 1640  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
16:47:20.0346 1640  DPS - ok
16:47:20.0409 1640  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:47:20.0440 1640  drmkaud - ok
16:47:20.0518 1640  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:47:20.0611 1640  DXGKrnl - ok
16:47:20.0689 1640  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
16:47:20.0752 1640  E1G60 - ok
16:47:20.0830 1640  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
16:47:20.0877 1640  EapHost - ok
16:47:20.0939 1640  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
16:47:20.0955 1640  Ecache - ok
16:47:21.0079 1640  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:47:21.0111 1640  ehRecvr - ok
16:47:21.0157 1640  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
16:47:21.0204 1640  ehSched - ok
16:47:21.0220 1640  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
16:47:21.0267 1640  ehstart - ok
16:47:21.0329 1640  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
16:47:21.0345 1640  elxstor - ok
16:47:21.0407 1640  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
16:47:21.0516 1640  EMDMgmt - ok
16:47:21.0579 1640  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
16:47:21.0641 1640  EventSystem - ok
16:47:21.0688 1640  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
16:47:21.0735 1640  exfat - ok
16:47:21.0781 1640  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:47:21.0828 1640  fastfat - ok
16:47:21.0844 1640  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:47:21.0922 1640  fdc - ok
16:47:21.0953 1640  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:47:21.0984 1640  fdPHost - ok
16:47:22.0015 1640  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:47:22.0093 1640  FDResPub - ok
16:47:22.0125 1640  [ B2B2C38E916184FF8523C7439DDD417F ] FETNDIS         C:\Windows\system32\DRIVERS\fetnd5.sys
16:47:22.0203 1640  FETNDIS - ok
16:47:22.0234 1640  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:47:22.0249 1640  FileInfo - ok
16:47:22.0296 1640  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:47:22.0343 1640  Filetrace - ok
16:47:22.0359 1640  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:47:22.0421 1640  flpydisk - ok
16:47:22.0468 1640  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:47:22.0483 1640  FltMgr - ok
16:47:22.0593 1640  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
16:47:22.0686 1640  FontCache - ok
16:47:22.0780 1640  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:47:22.0780 1640  FontCache3.0.0.0 - ok
16:47:22.0858 1640  [ B0082808A6856A252F7CDD939892CE50 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
16:47:22.0873 1640  fssfltr - ok
16:47:23.0045 1640  [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
16:47:23.0170 1640  fsssvc - ok
16:47:23.0232 1640  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:47:23.0263 1640  Fs_Rec - ok
16:47:23.0341 1640  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:47:23.0357 1640  gagp30kx - ok
16:47:23.0435 1640  [ 51B2D8629E1A0F463682F365D56325CB ] GnabService     c:\program files\common files\gnab\service\servicecontroller.exe
16:47:23.0435 1640  GnabService ( UnsignedFile.Multi.Generic ) - warning
16:47:23.0435 1640  GnabService - detected UnsignedFile.Multi.Generic (1)
16:47:23.0513 1640  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:47:23.0575 1640  gpsvc - ok
16:47:23.0669 1640  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
16:47:23.0685 1640  gupdate - ok
16:47:23.0716 1640  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
16:47:23.0731 1640  gupdatem - ok
16:47:23.0778 1640  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:47:23.0872 1640  HdAudAddService - ok
16:47:23.0919 1640  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:47:24.0012 1640  HDAudBus - ok
16:47:24.0028 1640  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:47:24.0121 1640  HidBth - ok
16:47:24.0137 1640  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
16:47:24.0215 1640  HidIr - ok
16:47:24.0262 1640  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
16:47:24.0293 1640  hidserv - ok
16:47:24.0340 1640  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:47:24.0371 1640  HidUsb - ok
16:47:24.0402 1640  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:47:24.0449 1640  hkmsvc - ok
16:47:24.0511 1640  [ 8B566EA71D5B76157A9CDB78F25A5731 ] Hotkey          C:\Windows\system32\drivers\Hotkey.sys
16:47:24.0543 1640  Hotkey ( UnsignedFile.Multi.Generic ) - warning
16:47:24.0543 1640  Hotkey - detected UnsignedFile.Multi.Generic (1)
16:47:24.0558 1640  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
16:47:24.0574 1640  HpCISSs - ok
16:47:24.0621 1640  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:47:24.0745 1640  HTTP - ok
16:47:24.0777 1640  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
16:47:24.0792 1640  i2omp - ok
16:47:24.0855 1640  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:47:24.0901 1640  i8042prt - ok
16:47:24.0948 1640  [ D72F2A013ADA9E2DDA417887A8DFD217 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
16:47:24.0948 1640  IAANTMON ( UnsignedFile.Multi.Generic ) - warning
16:47:24.0948 1640  IAANTMON - detected UnsignedFile.Multi.Generic (1)
16:47:25.0089 1640  [ 9378D57E2B96C0A185D844770AD49948 ] ialm            C:\Windows\system32\DRIVERS\igdkmd32.sys
16:47:25.0338 1640  ialm - ok
16:47:25.0369 1640  [ DE01BF14FFB150C779FD561BD0E3C5C5 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
16:47:25.0416 1640  iaStor - ok
16:47:25.0463 1640  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
16:47:25.0479 1640  iaStorV - ok
16:47:25.0572 1640  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:47:25.0666 1640  idsvc - ok
16:47:25.0791 1640  [ 9378D57E2B96C0A185D844770AD49948 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
16:47:25.0884 1640  igfx - ok
16:47:25.0915 1640  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:47:25.0931 1640  iirsp - ok
16:47:25.0993 1640  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
16:47:26.0071 1640  IKEEXT - ok
16:47:26.0165 1640  [ AEF2FA29204056B81BC4CBF30260DEE1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:47:26.0305 1640  IntcAzAudAddService - ok
16:47:26.0368 1640  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:47:26.0383 1640  intelide - ok
16:47:26.0415 1640  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:47:26.0461 1640  intelppm - ok
16:47:26.0508 1640  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:47:26.0555 1640  IPBusEnum - ok
16:47:26.0586 1640  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:47:26.0633 1640  IpFilterDriver - ok
16:47:26.0680 1640  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:47:26.0742 1640  iphlpsvc - ok
16:47:26.0758 1640  IpInIp - ok
16:47:26.0805 1640  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
16:47:26.0867 1640  IPMIDRV - ok
16:47:26.0914 1640  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
16:47:26.0976 1640  IPNAT - ok
16:47:27.0007 1640  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:47:27.0054 1640  IRENUM - ok
16:47:27.0085 1640  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:47:27.0101 1640  isapnp - ok
16:47:27.0163 1640  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
16:47:27.0179 1640  iScsiPrt - ok
16:47:27.0210 1640  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
16:47:27.0226 1640  iteatapi - ok
16:47:27.0241 1640  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
16:47:27.0257 1640  iteraid - ok
16:47:27.0319 1640  [ 5DCE7EED60BAE992BAB7F5FF1CE60641 ] Iviaspi         C:\Windows\system32\drivers\iviaspi.sys
16:47:27.0335 1640  Iviaspi - ok
16:47:27.0366 1640  [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr       C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
16:47:27.0382 1640  IviRegMgr - ok
16:47:27.0429 1640  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:47:27.0444 1640  kbdclass - ok
16:47:27.0475 1640  [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
16:47:27.0538 1640  kbdhid - ok
16:47:27.0569 1640  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
16:47:27.0585 1640  KeyIso - ok
16:47:27.0647 1640  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:47:27.0678 1640  KSecDD - ok
16:47:27.0756 1640  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:47:27.0819 1640  KtmRm - ok
16:47:27.0865 1640  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:47:27.0912 1640  LanmanServer - ok
16:47:27.0975 1640  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:47:28.0006 1640  LanmanWorkstation - ok
16:47:28.0068 1640  [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
16:47:28.0084 1640  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
16:47:28.0084 1640  LightScribeService - detected UnsignedFile.Multi.Generic (1)
16:47:28.0115 1640  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:47:28.0162 1640  lltdio - ok
16:47:28.0209 1640  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:47:28.0255 1640  lltdsvc - ok
16:47:28.0287 1640  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:47:28.0365 1640  lmhosts - ok
16:47:28.0411 1640  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:47:28.0427 1640  LSI_FC - ok
16:47:28.0458 1640  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:47:28.0474 1640  LSI_SAS - ok
16:47:28.0489 1640  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:47:28.0505 1640  LSI_SCSI - ok
16:47:28.0552 1640  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
16:47:28.0599 1640  luafv - ok
16:47:28.0599 1640  mailKmd - ok
16:47:28.0677 1640  [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
16:47:28.0692 1640  MBAMProtector - ok
16:47:28.0895 1640  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:47:28.0926 1640  MBAMScheduler - ok
16:47:28.0989 1640  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:47:29.0051 1640  MBAMService - ok
16:47:29.0129 1640  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:47:29.0160 1640  Mcx2Svc - ok
16:47:29.0207 1640  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
16:47:29.0223 1640  megasas - ok
16:47:29.0269 1640  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
16:47:29.0316 1640  MMCSS - ok
16:47:29.0363 1640  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
16:47:29.0425 1640  Modem - ok
16:47:29.0472 1640  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:47:29.0519 1640  monitor - ok
16:47:29.0566 1640  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:47:29.0597 1640  mouclass - ok
16:47:29.0597 1640  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:47:29.0675 1640  mouhid - ok
16:47:29.0737 1640  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
16:47:29.0753 1640  MountMgr - ok
16:47:29.0769 1640  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:47:29.0784 1640  mpio - ok
16:47:29.0831 1640  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:47:29.0847 1640  mpsdrv - ok
16:47:29.0909 1640  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:47:29.0987 1640  MpsSvc - ok
16:47:30.0018 1640  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
16:47:30.0034 1640  Mraid35x - ok
16:47:30.0081 1640  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:47:30.0112 1640  MRxDAV - ok
16:47:30.0174 1640  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:47:30.0221 1640  mrxsmb - ok
16:47:30.0252 1640  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:47:30.0299 1640  mrxsmb10 - ok
16:47:30.0315 1640  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:47:30.0346 1640  mrxsmb20 - ok
16:47:30.0377 1640  [ 86068B8B54A5EB092F51657F00B2222A ] msahci          C:\Windows\system32\drivers\msahci.sys
16:47:30.0393 1640  msahci - ok
16:47:30.0439 1640  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:47:30.0455 1640  msdsm - ok
16:47:30.0502 1640  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
16:47:30.0549 1640  MSDTC - ok
16:47:30.0611 1640  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:47:30.0642 1640  Msfs - ok
16:47:30.0720 1640  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:47:30.0720 1640  msisadrv - ok
16:47:30.0767 1640  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:47:30.0814 1640  MSiSCSI - ok
16:47:30.0829 1640  msiserver - ok
16:47:30.0892 1640  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:47:30.0939 1640  MSKSSRV - ok
16:47:31.0001 1640  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:47:31.0048 1640  MSPCLOCK - ok
16:47:31.0110 1640  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:47:31.0141 1640  MSPQM - ok
16:47:31.0188 1640  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:47:31.0219 1640  MsRPC - ok
16:47:31.0235 1640  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:47:31.0251 1640  mssmbios - ok
16:47:31.0282 1640  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:47:31.0329 1640  MSTEE - ok
16:47:31.0375 1640  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
16:47:31.0391 1640  Mup - ok
16:47:31.0438 1640  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
16:47:31.0485 1640  napagent - ok
16:47:31.0547 1640  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:47:31.0578 1640  NativeWifiP - ok
16:47:31.0719 1640  [ 3BAE2BFCB6D69E19C8373F635DD544DC ] NBService       C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
16:47:31.0781 1640  NBService - ok
16:47:31.0843 1640  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:47:31.0875 1640  NDIS - ok
16:47:31.0921 1640  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:47:31.0953 1640  NdisTapi - ok
16:47:31.0999 1640  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:47:32.0046 1640  Ndisuio - ok
16:47:32.0077 1640  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:47:32.0124 1640  NdisWan - ok
16:47:32.0171 1640  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:47:32.0218 1640  NDProxy - ok
16:47:32.0249 1640  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:47:32.0296 1640  NetBIOS - ok
16:47:32.0343 1640  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
16:47:32.0389 1640  netbt - ok
16:47:32.0421 1640  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
16:47:32.0436 1640  Netlogon - ok
16:47:32.0483 1640  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
16:47:32.0514 1640  Netman - ok
16:47:32.0561 1640  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
16:47:32.0608 1640  netprofm - ok
16:47:32.0639 1640  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:47:32.0655 1640  NetTcpPortSharing - ok
16:47:32.0701 1640  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
16:47:32.0717 1640  nfrd960 - ok
16:47:32.0748 1640  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:47:32.0811 1640  NlaSvc - ok
16:47:32.0935 1640  [ 193FA51DDDD0BFFDED1C340F0434999A ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
16:47:32.0967 1640  NMIndexingService - ok
16:47:33.0029 1640  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:47:33.0060 1640  Npfs - ok
16:47:33.0091 1640  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
16:47:33.0138 1640  nsi - ok
16:47:33.0169 1640  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:47:33.0232 1640  nsiproxy - ok
16:47:33.0325 1640  [ 8D11DA92F83D8C8281689739BEF05FD5 ] NSM             C:\Program Files\Norton Family\Engine\2.6.0.52\ccSvcHst.exe
16:47:33.0341 1640  NSM - ok
16:47:33.0435 1640  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:47:33.0544 1640  Ntfs - ok
16:47:33.0591 1640  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
16:47:33.0669 1640  ntrigdigi - ok
16:47:33.0731 1640  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
16:47:33.0840 1640  Null - ok
16:47:33.0887 1640  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:47:33.0903 1640  nvraid - ok
16:47:33.0949 1640  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:47:33.0965 1640  nvstor - ok
16:47:33.0996 1640  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:47:34.0012 1640  nv_agp - ok
16:47:34.0027 1640  NwlnkFlt - ok
16:47:34.0043 1640  NwlnkFwd - ok
16:47:34.0121 1640  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:47:34.0168 1640  odserv - ok
16:47:34.0215 1640  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
16:47:34.0246 1640  ohci1394 - ok
16:47:34.0293 1640  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:47:34.0324 1640  ose - ok
16:47:34.0386 1640  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
16:47:34.0495 1640  p2pimsvc - ok
16:47:34.0511 1640  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:47:34.0558 1640  p2psvc - ok
16:47:34.0589 1640  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:47:34.0667 1640  Parport - ok
16:47:34.0698 1640  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:47:34.0714 1640  partmgr - ok
16:47:34.0745 1640  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
16:47:34.0807 1640  Parvdm - ok
16:47:34.0854 1640  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:47:34.0917 1640  PcaSvc - ok
16:47:34.0963 1640  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
16:47:34.0995 1640  pci - ok
16:47:35.0041 1640  [ 304048C2565A803D091CCA1AC945F593 ] pciide          C:\Windows\system32\drivers\pciide.sys
16:47:35.0057 1640  pciide - ok
16:47:35.0073 1640  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:47:35.0104 1640  pcmcia - ok
16:47:35.0151 1640  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:47:35.0275 1640  PEAUTH - ok
16:47:35.0369 1640  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
16:47:35.0509 1640  pla - ok
16:47:35.0556 1640  [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
16:47:35.0556 1640  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
16:47:35.0556 1640  PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
16:47:35.0603 1640  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:47:35.0634 1640  PlugPlay - ok
16:47:35.0681 1640  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
16:47:35.0712 1640  PNRPAutoReg - ok
16:47:35.0759 1640  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
16:47:35.0790 1640  PNRPsvc - ok
16:47:35.0853 1640  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:47:35.0899 1640  PolicyAgent - ok
16:47:35.0931 1640  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:47:35.0977 1640  PptpMiniport - ok
16:47:36.0024 1640  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
16:47:36.0087 1640  Processor - ok
16:47:36.0133 1640  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:47:36.0165 1640  ProfSvc - ok
16:47:36.0180 1640  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
16:47:36.0196 1640  ProtectedStorage - ok
16:47:36.0243 1640  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
16:47:36.0274 1640  PSched - ok
16:47:36.0352 1640  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:47:36.0445 1640  ql2300 - ok
16:47:36.0477 1640  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:47:36.0492 1640  ql40xx - ok
16:47:36.0539 1640  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
16:47:36.0586 1640  QWAVE - ok
16:47:36.0617 1640  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:47:36.0633 1640  QWAVEdrv - ok
16:47:36.0757 1640  [ E642B131FB74CAF4BB8A014F31113142 ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
16:47:36.0960 1640  R300 - ok
16:47:37.0007 1640  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:47:37.0054 1640  RasAcd - ok
16:47:37.0101 1640  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
16:47:37.0163 1640  RasAuto - ok
16:47:37.0210 1640  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:47:37.0257 1640  Rasl2tp - ok
16:47:37.0303 1640  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
16:47:37.0350 1640  RasMan - ok
16:47:37.0381 1640  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:47:37.0413 1640  RasPppoe - ok
16:47:37.0459 1640  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:47:37.0475 1640  RasSstp - ok
16:47:37.0506 1640  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:47:37.0569 1640  rdbss - ok
16:47:37.0600 1640  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:47:37.0647 1640  RDPCDD - ok
16:47:37.0693 1640  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
16:47:37.0771 1640  rdpdr - ok
16:47:37.0787 1640  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:47:37.0818 1640  RDPENCDD - ok
16:47:37.0865 1640  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:47:37.0912 1640  RDPWD - ok
16:47:37.0959 1640  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:47:38.0005 1640  RemoteAccess - ok
16:47:38.0052 1640  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:47:38.0068 1640  RemoteRegistry - ok
16:47:38.0130 1640  [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
16:47:38.0161 1640  rimmptsk - ok
16:47:38.0193 1640  [ DB8EB01C58C9FADA00C70B1775278AE0 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
16:47:38.0239 1640  rimsptsk - ok
16:47:38.0271 1640  [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp         C:\Windows\system32\DRIVERS\rixdptsk.sys
16:47:38.0302 1640  rismxdp - ok
16:47:38.0349 1640  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
16:47:38.0395 1640  RpcLocator - ok
16:47:38.0427 1640  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
16:47:38.0473 1640  RpcSs - ok
16:47:38.0505 1640  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:47:38.0567 1640  rspndr - ok
16:47:38.0583 1640  [ B8B159FA669C6386A458FCD468EBB1E6 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
16:47:38.0645 1640  RTL8169 - ok
16:47:38.0707 1640  [ 0F2D736066656DEE1C791087E0751E99 ] RTL8187B        C:\Windows\system32\DRIVERS\RTL8187B.sys
16:47:38.0754 1640  RTL8187B - ok
16:47:38.0770 1640  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
16:47:38.0785 1640  SamSs - ok
16:47:38.0817 1640  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:47:38.0832 1640  sbp2port - ok
16:47:38.0879 1640  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:47:38.0910 1640  SCardSvr - ok
16:47:38.0988 1640  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
16:47:39.0066 1640  Schedule - ok
16:47:39.0097 1640  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:47:39.0129 1640  SCPolicySvc - ok
16:47:39.0191 1640  [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
16:47:39.0222 1640  sdbus - ok
16:47:39.0253 1640  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:47:39.0316 1640  SDRSVC - ok
16:47:39.0331 1640  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:47:39.0409 1640  secdrv - ok
16:47:39.0456 1640  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
16:47:39.0503 1640  seclogon - ok
16:47:39.0519 1640  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
16:47:39.0581 1640  SENS - ok
16:47:39.0597 1640  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:47:39.0675 1640  Serenum - ok
16:47:39.0706 1640  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:47:39.0815 1640  Serial - ok
16:47:39.0831 1640  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:47:39.0877 1640  sermouse - ok
16:47:39.0940 1640  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:47:39.0987 1640  SessionEnv - ok
16:47:40.0033 1640  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
16:47:40.0080 1640  sffdisk - ok
16:47:40.0111 1640  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:47:40.0189 1640  sffp_mmc - ok
16:47:40.0236 1640  [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
16:47:40.0267 1640  sffp_sd - ok
16:47:40.0299 1640  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
16:47:40.0361 1640  sfloppy - ok
16:47:40.0408 1640  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:47:40.0470 1640  SharedAccess - ok
16:47:40.0517 1640  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:47:40.0579 1640  ShellHWDetection - ok
16:47:40.0595 1640  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
16:47:40.0611 1640  SiSRaid2 - ok
16:47:40.0657 1640  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:47:40.0673 1640  SiSRaid4 - ok
16:47:40.0907 1640  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
16:47:41.0141 1640  Skype C2C Service - ok
16:47:41.0219 1640  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
16:47:41.0235 1640  SkypeUpdate - ok
16:47:41.0375 1640  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
16:47:41.0609 1640  slsvc - ok
16:47:41.0656 1640  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
16:47:41.0687 1640  SLUINotify - ok
16:47:41.0734 1640  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:47:41.0781 1640  Smb - ok
16:47:41.0859 1640  [ C8A58FC905C9184FA70E37F71060C64D ] smserial        C:\Windows\system32\DRIVERS\smserial.sys
16:47:41.0968 1640  smserial - ok
16:47:42.0015 1640  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:47:42.0030 1640  SNMPTRAP - ok
16:47:42.0124 1640  [ 53D1E2ECBF26B313FFDD2B8BA3D2F66E ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
16:47:42.0280 1640  SNP2UVC - ok
16:47:42.0311 1640  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
16:47:42.0327 1640  spldr - ok
16:47:42.0389 1640  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
16:47:42.0405 1640  Spooler - ok
16:47:42.0467 1640  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:47:42.0498 1640  srv - ok
16:47:42.0561 1640  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:47:42.0607 1640  srv2 - ok
16:47:42.0670 1640  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:47:42.0685 1640  srvnet - ok
16:47:42.0732 1640  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:47:42.0779 1640  SSDPSRV - ok
16:47:42.0857 1640  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
16:47:42.0873 1640  ssmdrv - ok
16:47:42.0935 1640  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:47:42.0951 1640  SstpSvc - ok
16:47:43.0013 1640  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
16:47:43.0138 1640  stisvc - ok
16:47:43.0185 1640  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:47:43.0200 1640  swenum - ok
16:47:43.0247 1640  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
16:47:43.0294 1640  swprv - ok
16:47:43.0341 1640  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
16:47:43.0356 1640  Symc8xx - ok
16:47:43.0387 1640  [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS
16:47:43.0403 1640  SymEvent - ok
16:47:43.0497 1640  [ BB77096DC7F6E408D44C0BC6D2641850 ] SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} C:\Windows\System32\Drivers\NSM\0206000.034\SymRdr.SYS
16:47:43.0528 1640  SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} - ok
16:47:43.0543 1640  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
16:47:43.0559 1640  Sym_hi - ok
16:47:43.0590 1640  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
16:47:43.0606 1640  Sym_u3 - ok
16:47:43.0668 1640  [ 3196C5DF63D5E86FC0041AE0C816B80F ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
16:47:43.0684 1640  SynTP - ok
16:47:43.0746 1640  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
16:47:43.0824 1640  SysMain - ok
16:47:43.0855 1640  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:47:43.0887 1640  TabletInputService - ok
16:47:43.0933 1640  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:47:43.0996 1640  TapiSrv - ok
16:47:44.0058 1640  [ 77BD6143C6DCE0A1BF7B5571BED860DC ] tbhsd           C:\Windows\system32\drivers\tbhsd.sys
16:47:44.0074 1640  tbhsd - ok
16:47:44.0121 1640  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
16:47:44.0183 1640  TBS - ok
16:47:44.0245 1640  [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:47:44.0339 1640  Tcpip - ok
16:47:44.0370 1640  [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
16:47:44.0433 1640  Tcpip6 - ok
16:47:44.0479 1640  [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:47:44.0526 1640  tcpipreg - ok
16:47:44.0557 1640  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:47:44.0589 1640  TDPIPE - ok
16:47:44.0635 1640  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:47:44.0682 1640  TDTCP - ok
16:47:44.0729 1640  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:47:44.0760 1640  tdx - ok
16:47:44.0916 1640  [ 9C1F776825207C203CB44CA3C63B5A6E ] TeamViewer7     C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
16:47:45.0119 1640  TeamViewer7 - ok
16:47:45.0135 1640  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:47:45.0150 1640  TermDD - ok
16:47:45.0197 1640  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
16:47:45.0275 1640  TermService - ok
16:47:45.0306 1640  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
16:47:45.0322 1640  Themes - ok
16:47:45.0353 1640  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
16:47:45.0384 1640  THREADORDER - ok
16:47:45.0415 1640  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
16:47:45.0447 1640  TrkWks - ok
16:47:45.0509 1640  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:47:45.0556 1640  TrustedInstaller - ok
16:47:45.0603 1640  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:47:45.0649 1640  tssecsrv - ok
16:47:45.0743 1640  [ 6EB2DC366A0D69FF7295ADF7C4253475 ] TuneUp.Defrag   C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
16:47:45.0805 1640  TuneUp.Defrag - ok
16:47:45.0915 1640  [ 38556055313BC87C21457E000BBAECA2 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
16:47:45.0977 1640  TuneUp.UtilitiesSvc - ok
16:47:46.0024 1640  [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
16:47:46.0039 1640  TuneUpUtilitiesDrv - ok
16:47:46.0086 1640  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
16:47:46.0117 1640  tunmp - ok
16:47:46.0164 1640  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:47:46.0195 1640  tunnel - ok
16:47:46.0211 1640  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:47:46.0227 1640  uagp35 - ok
16:47:46.0273 1640  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:47:46.0305 1640  udfs - ok
16:47:46.0367 1640  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:47:46.0398 1640  UI0Detect - ok
16:47:46.0461 1640  [ F13DA74969897359A88F2A739F54A250 ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
16:47:46.0476 1640  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
16:47:46.0476 1640  UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
16:47:46.0492 1640  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:47:46.0523 1640  uliagpkx - ok
16:47:46.0554 1640  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
16:47:46.0570 1640  uliahci - ok
16:47:46.0601 1640  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
16:47:46.0617 1640  UlSata - ok
16:47:46.0648 1640  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
16:47:46.0663 1640  ulsata2 - ok
16:47:46.0695 1640  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:47:46.0726 1640  umbus - ok
16:47:46.0773 1640  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
16:47:46.0804 1640  upnphost - ok
16:47:46.0851 1640  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:47:46.0897 1640  usbccgp - ok
16:47:46.0913 1640  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:47:46.0991 1640  usbcir - ok
16:47:47.0053 1640  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:47:47.0100 1640  usbehci - ok
16:47:47.0131 1640  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:47:47.0178 1640  usbhub - ok
16:47:47.0194 1640  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:47:47.0287 1640  usbohci - ok
16:47:47.0319 1640  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:47:47.0365 1640  usbprint - ok
16:47:47.0428 1640  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:47:47.0459 1640  usbscan - ok
16:47:47.0490 1640  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:47:47.0553 1640  USBSTOR - ok
16:47:47.0584 1640  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
16:47:47.0615 1640  usbuhci - ok
16:47:47.0662 1640  [ 0A6B81F01BC86399482E27E6FDA7B33B ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
16:47:47.0740 1640  usbvideo - ok
16:47:47.0787 1640  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
16:47:47.0849 1640  UxSms - ok
16:47:47.0896 1640  [ 5BCE34CFE78E80DDE4FD1F3249565BBB ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
16:47:47.0911 1640  UxTuneUp - ok
16:47:47.0958 1640  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
16:47:48.0052 1640  vds - ok
16:47:48.0130 1640  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:47:48.0192 1640  vga - ok
16:47:48.0255 1640  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:47:48.0301 1640  VgaSave - ok
16:47:48.0333 1640  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
16:47:48.0348 1640  viaagp - ok
16:47:48.0379 1640  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
16:47:48.0442 1640  ViaC7 - ok
16:47:48.0473 1640  [ 7AA7EC9A08DC2C39649C413B1A26E298 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:47:48.0504 1640  viaide - ok
16:47:48.0520 1640  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:47:48.0535 1640  volmgr - ok
16:47:48.0582 1640  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:47:48.0613 1640  volmgrx - ok
16:47:48.0645 1640  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:47:48.0660 1640  volsnap - ok
16:47:48.0691 1640  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:47:48.0707 1640  vsmraid - ok
16:47:48.0801 1640  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
16:47:48.0879 1640  VSS - ok
16:47:49.0019 1640  [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
16:47:49.0081 1640  vToolbarUpdater13.2.0 - ok
16:47:49.0128 1640  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
16:47:49.0175 1640  W32Time - ok
16:47:49.0191 1640  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:47:49.0253 1640  WacomPen - ok
16:47:49.0300 1640  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
16:47:49.0331 1640  Wanarp - ok
16:47:49.0331 1640  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:47:49.0362 1640  Wanarpv6 - ok
16:47:49.0393 1640  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:47:49.0425 1640  wcncsvc - ok
16:47:49.0440 1640  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:47:49.0487 1640  WcsPlugInService - ok
16:47:49.0518 1640  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
16:47:49.0534 1640  Wd - ok
16:47:49.0612 1640  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:47:49.0643 1640  Wdf01000 - ok
16:47:49.0690 1640  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:47:49.0752 1640  WdiServiceHost - ok
16:47:49.0752 1640  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:47:49.0799 1640  WdiSystemHost - ok
16:47:49.0846 1640  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
16:47:49.0893 1640  WebClient - ok
16:47:49.0939 1640  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:47:50.0002 1640  Wecsvc - ok
16:47:50.0033 1640  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:47:50.0095 1640  wercplsupport - ok
16:47:50.0142 1640  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:47:50.0189 1640  WerSvc - ok
16:47:50.0251 1640  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
16:47:50.0267 1640  WinDefend - ok
16:47:50.0283 1640  WinHttpAutoProxySvc - ok
16:47:50.0345 1640  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:47:50.0361 1640  Winmgmt - ok
16:47:50.0439 1640  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
16:47:50.0563 1640  WinRM - ok
16:47:50.0657 1640  [ B0E6FAA0F0EAD4772C545A3737EFB47F ] WisLMSvc        C:\Program Files\Launch Manager\WisLMSvc.exe
16:47:50.0657 1640  WisLMSvc ( UnsignedFile.Multi.Generic ) - warning
16:47:50.0657 1640  WisLMSvc - detected UnsignedFile.Multi.Generic (1)
16:47:50.0735 1640  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:47:50.0844 1640  Wlansvc - ok
16:47:51.0016 1640  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:47:51.0031 1640  wlcrasvc - ok
16:47:51.0141 1640  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:47:51.0281 1640  wlidsvc - ok
16:47:51.0312 1640  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
16:47:51.0359 1640  WmiAcpi - ok
16:47:51.0406 1640  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:47:51.0453 1640  wmiApSrv - ok
16:47:51.0562 1640  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
16:47:51.0624 1640  WMPNetworkSvc - ok
16:47:51.0671 1640  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:47:51.0702 1640  WPCSvc - ok
16:47:51.0749 1640  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:47:51.0780 1640  WPDBusEnum - ok
16:47:51.0952 1640  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:47:52.0014 1640  WPFFontCache_v0400 - ok
16:47:52.0045 1640  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:47:52.0077 1640  ws2ifsl - ok
16:47:52.0123 1640  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
16:47:52.0155 1640  wscsvc - ok
16:47:52.0170 1640  WSearch - ok
16:47:52.0264 1640  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
16:47:52.0435 1640  wuauserv - ok
16:47:52.0498 1640  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:47:52.0545 1640  WUDFRd - ok
16:47:52.0591 1640  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:47:52.0638 1640  wudfsvc - ok
16:47:52.0685 1640  ================ Scan global ===============================
16:47:52.0716 1640  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
16:47:52.0763 1640  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:47:52.0794 1640  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:47:52.0857 1640  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
16:47:52.0857 1640  [Global] - ok
16:47:52.0857 1640  ================ Scan MBR ==================================
16:47:52.0872 1640  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:47:53.0512 1640  \Device\Harddisk0\DR0 - ok
16:47:53.0512 1640  ================ Scan VBR ==================================
16:47:53.0527 1640  [ 04F8AC9F3E3667E716E9DFE8CAAA6810 ] \Device\Harddisk0\DR0\Partition1
16:47:53.0543 1640  \Device\Harddisk0\DR0\Partition1 - ok
16:47:53.0543 1640  [ 4B1D68FD8CA15EE4266C68622C739133 ] \Device\Harddisk0\DR0\Partition2
16:47:53.0543 1640  \Device\Harddisk0\DR0\Partition2 - ok
16:47:53.0543 1640  ============================================================
16:47:53.0543 1640  Scan finished
16:47:53.0543 1640  ============================================================
16:47:53.0559 2540  Detected object count: 8
16:47:53.0559 2540  Actual detected object count: 8
16:48:36.0100 2540  ACEDRV07 ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:36.0100 2540  ACEDRV07 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:48:36.0100 2540  GnabService ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:36.0100 2540  GnabService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:48:36.0100 2540  Hotkey ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:36.0100 2540  Hotkey ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:48:36.0100 2540  IAANTMON ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:36.0100 2540  IAANTMON ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:48:36.0100 2540  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:36.0100 2540  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:48:36.0100 2540  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:36.0100 2540  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:48:36.0115 2540  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:36.0115 2540  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:48:36.0115 2540  WisLMSvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:36.0115 2540  WisLMSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:51:37.0883 4552  Deinitialize success
         

Alt 29.11.2012, 17:38   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Firewall wird immer wieder unbemerkt deaktiviert - Standard

Windows Firewall wird immer wieder unbemerkt deaktiviert



Downloade dir bitte Farbar's Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • SecurityCenter / ActionCenter
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.
Poste bitte den Inhalt hier.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.11.2012, 17:47   #11
Densi
 
Windows Firewall wird immer wieder unbemerkt deaktiviert - Standard

Windows Firewall wird immer wieder unbemerkt deaktiviert



Code:
ATTFilter
Farbar Service Scanner Version: 09-11-2012
Ran by Denise (administrator) on 29-11-2012 at 17:44:56
Running from "C:\Users\Denise\Downloads"
Windows Vista (TM) Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
IE proxy is enabled.



Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Security Center:
============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
         
falls Du bald Feierabend machst - wünsch ich schon mal einen schönen Abend..
ich habe den Eindruck, dass ich kapiere, was gemacht werden muss
kann man schon sagen, was da los ist?

Alt 29.11.2012, 20:20   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Firewall wird immer wieder unbemerkt deaktiviert - Standard

Windows Firewall wird immer wieder unbemerkt deaktiviert



Irgendwas stimmt da nicht, bite ein Log mit CF machen

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.11.2012, 21:40   #13
Densi
 
Windows Firewall wird immer wieder unbemerkt deaktiviert - Standard

Windows Firewall wird immer wieder unbemerkt deaktiviert



Ich finde leider die Datei nicht und hatte vergessen, den Text zu kopieren

und nun?

und nun funktioniert der windows sicherheitscenter nicht mehr und lässt sich auch nicht mehr einschalten :-(
die firewall ist nach wie vor manuell einzuschalten.

Alt 29.11.2012, 22:29   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Firewall wird immer wieder unbemerkt deaktiviert - Standard

Windows Firewall wird immer wieder unbemerkt deaktiviert



Es steht alles in der Anleitung

Zitat:
Die Datei findest du außerdem unter: C:\ComboFix.txt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.11.2012, 22:45   #15
Densi
 
Windows Firewall wird immer wieder unbemerkt deaktiviert - Standard

Windows Firewall wird immer wieder unbemerkt deaktiviert



Dort habe ich gesucht, aber nichts gefunden. Ich habe auch auf C: per Suchprogramm suchen lassen, aber es wurde nichts gefunden.
Vielleicht mache ich etwas falsch?

Im Windowsordner habe ich folgendes gefunden:
Code:
ATTFilter
11/27/2012 17:31:53 - PFRO Error: \??\C:\Users\Denise\Downloads\Miro_setup.exe, |delete operation|, 0xc0000034
11/27/2012 17:31:53 - 0 Successful PFRO operations

11/29/2012 21:27:28 - PFRO Error: \??\C:\Qoobox\Quarantine\C\MoveEx_test0123.vir, |delete operation|, 0xc0000034
11/29/2012 21:27:28 - PFRO Error: \??\C:\test0123, \??\C:\Qoobox\Quarantine\C\MoveEx_test0123.vir, 0xc0000034
11/29/2012 21:27:28 - 1 Successful PFRO operations
         

Antwort

Themen zu Windows Firewall wird immer wieder unbemerkt deaktiviert
avg, bereits, dateien, deaktiviert, defender, firewall, freigabe, gefunde, helfer, helferteam, immer wieder, infiziertes, inter, interne, internet, malwarebytes, nichts, objekt, problem, schließe, schonmal, security, unbemerkt, windows, windows firewall, überhaupt



Ähnliche Themen: Windows Firewall wird immer wieder unbemerkt deaktiviert


  1. Windows 7: Leerlauf Scan im BitDefender wird immer wieder ausgeschaltet und Browser Startseite "google" wird geändert
    Log-Analyse und Auswertung - 20.05.2014 (13)
  2. Chrome Browser Deaktiviert Sich immer Wieder
    Plagegeister aller Art und deren Bekämpfung - 23.04.2014 (11)
  3. McAfee Echtzeit Schutz deaktiviert sich immer wieder selbst
    Antiviren-, Firewall- und andere Schutzprogramme - 19.12.2013 (1)
  4. Sophos On-Access-Scan wird deaktiviert; Win7 Sicherheitscenter wird deaktiviert; PC startet neu
    Log-Analyse und Auswertung - 07.08.2013 (25)
  5. Virus kommt immer wieder, mehrmals gelöscht, deaktiviert Firewall etc. (Sirefef?!)
    Plagegeister aller Art und deren Bekämpfung - 03.08.2013 (10)
  6. Sicherheitscenter wird immer wieder deaktiviert, chrome meldet Profil Fehler
    Log-Analyse und Auswertung - 10.06.2013 (3)
  7. Windows XP Updates nicht mehr möglich /Windows Firewall ist immer beim Start deaktiviert
    Antiviren-, Firewall- und andere Schutzprogramme - 26.05.2013 (82)
  8. Trojaner eingefangen der immer meine McAffey Firewall deaktiviert
    Plagegeister aller Art und deren Bekämpfung - 04.10.2012 (18)
  9. Bundestrojaner wird immer wieder in den Autostart geladen - Windows XP
    Log-Analyse und Auswertung - 06.03.2012 (17)
  10. Notepad wird immer wieder geöffnet - Windows-8 - 64bit
    Plagegeister aller Art und deren Bekämpfung - 26.11.2011 (3)
  11. TR/Spy.59392.133 wird immer und immer wieder gefunden...
    Plagegeister aller Art und deren Bekämpfung - 30.10.2011 (11)
  12. Windows Firewall wird immer wieder deaktiviert
    Log-Analyse und Auswertung - 08.11.2010 (8)
  13. Firewall beim Start IMMER deaktiviert
    Plagegeister aller Art und deren Bekämpfung - 12.11.2009 (35)
  14. Taskmanager wird immer wieder deaktiviert
    Plagegeister aller Art und deren Bekämpfung - 10.04.2009 (58)
  15. Anti Vir Guard deaktiviert, Windows Firewall deaktiviert und andere Miseren...
    Log-Analyse und Auswertung - 24.01.2009 (13)
  16. Keinen Zugriff auf Taskmanager / Firewall wird laufend deaktiviert
    Log-Analyse und Auswertung - 16.07.2008 (9)
  17. Trojan.Downloader JS - Anti-Viren-Programm/Firewall wird automatisch deaktiviert.
    Log-Analyse und Auswertung - 24.05.2007 (1)

Zum Thema Windows Firewall wird immer wieder unbemerkt deaktiviert - Hallo liebes Helferteam, mein Problem ist, dass meine Windows Firewall sich immer wieder deaktiviert. Anschließend sind dann immer Netzwerkkennung und Freigabe von Dateien aktiviert. Mein AVG Internet Security 2012 hat - Windows Firewall wird immer wieder unbemerkt deaktiviert...
Archiv
Du betrachtest: Windows Firewall wird immer wieder unbemerkt deaktiviert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.