Trojaner-Board - Windows Verschlüsselungs Trojaner -.-

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Windows Verschlüsselungs Trojaner -.- (https://www.trojaner-board.de/114562-windows-verschluesselungs-trojaner.html)

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

So OTL ist durch, hier das Ergebniss:

Code:

OTL logfile created on: 07.05.2012 15:51:14 - Run 1

OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\dagmar\Downloads

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,99 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,51% Memory free

6,18 Gb Paging File | 5,19 Gb Available in Paging File | 83,93% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 278,32 Gb Total Space | 122,13 Gb Free Space | 43,88% Space Free | Partition Type: NTFS

Drive D: | 19,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: FAT32

 

Computer Name: MAMA-PC | User Name: dagmar | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - File not found -- 

PRC - [2012.04.25 10:48:57 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2012.03.12 19:02:26 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

PRC - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE

PRC - [2012.02.09 12:59:08 | 001,529,152 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

PRC - [2012.02.09 12:59:08 | 001,220,928 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe

PRC - [2009.05.15 21:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe

PRC - [2009.03.23 12:09:26 | 000,603,904 | ---- | M] (TuneUp Software GmbH) -- C:\Windows\System32\TUProgSt.exe

PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008.08.29 20:11:42 | 003,202,344 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\VITAKEY\PwdBank.exe

PRC - [2008.08.29 20:11:40 | 002,303,272 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\VITAKEY\PdtWzd.exe

PRC - [2008.08.29 20:11:38 | 002,436,392 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\VITAKEY\CompPtcVUI.exe

PRC - [2008.08.29 20:11:38 | 002,180,392 | ---- | M] () -- C:\Program Files\EgisTec\VITAKEY\BASVC.exe

PRC - [2008.08.04 16:45:56 | 000,304,688 | ---- | M] (EgisTec Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe

PRC - [2008.08.04 16:45:54 | 000,334,384 | ---- | M] (EgisTec Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlNotifyIcon.exe

PRC - [2008.08.04 16:45:52 | 000,326,192 | ---- | M] (EgisTec Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

PRC - [2008.07.24 18:16:02 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2008.02.28 18:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe

PRC - [2008.01.21 04:23:52 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE

PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe

PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.04.25 10:48:57 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2008.09.16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.04.25 10:48:58 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.03.12 19:02:26 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)

SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)

SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)

SRV - [2012.02.09 12:59:08 | 001,529,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)

SRV - [2009.05.15 21:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)

SRV - [2009.03.23 12:09:26 | 000,603,904 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)

SRV - [2009.03.23 12:09:21 | 000,362,752 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)

SRV - [2008.11.07 12:37:38 | 000,027,904 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)

SRV - [2008.09.02 14:24:44 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)

SRV - [2008.08.29 20:11:38 | 002,180,392 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\VITAKEY\BASVC.exe -- (IGBASVC)

SRV - [2008.08.04 16:45:56 | 000,304,688 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)

SRV - [2008.02.28 18:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)

SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)

SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wtsmpflt.sys -- (WtSmpFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wtsmpadap.sys -- (wtsmpadap)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\KUSBusByTCPMasterBus.sys -- (KUSBusByTCPMasterBus)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - [2012.02.09 12:48:24 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)

DRV - [2008.08.28 14:27:57 | 000,066,856 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\FPWinIo.sys -- (FPWinIo)

DRV - [2008.08.28 14:27:45 | 000,026,920 | ---- | M] (LTT) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\FPSensor.sys -- (FPSensor) LTT-Corp Fingerprint Reader Driver (FPSensor.sys)

DRV - [2008.08.08 04:15:00 | 007,555,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2008.08.06 16:26:08 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2008.08.06 00:59:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2008.08.04 16:46:06 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV - [2008.08.04 16:46:04 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV - [2008.08.04 16:46:04 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV - [2008.07.10 11:12:56 | 001,753,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

DRV - [2008.06.18 17:04:34 | 000,026,760 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)

DRV - [2008.04.28 06:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)

DRV - [2008.03.17 11:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2007.07.31 11:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)

DRV - [2007.03.10 03:33:50 | 000,882,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mosuport.sys -- (mosuport)

DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)

DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/

IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul = 

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/

IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={7F78FFAE-8F3D-4E7C-BD38-57542C0788A8}&mid=0ad1e0af5fe847d1a9b264b9e522cff8-244949e3879da9d0fd68234c09e98073b34560dc&lang=de&ds=tt015&pr=sa&d=2012-03-09 12:20:46&v=8.0.0.34&sap=hp

IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul = 

IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field

IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA_deDE301

IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={7F78FFAE-8F3D-4E7C-BD38-57542C0788A8}&mid=0ad1e0af5fe847d1a9b264b9e522cff8-244949e3879da9d0fd68234c09e98073b34560dc&lang=de&ds=tt015&pr=sa&d=2012-03-09 12:20:46&v=8.0.0.34&sap=dsp&q={searchTerms}

IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.25 10:48:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.04 02:52:38 | 000,000,000 | ---D | M]

 

[2008.11.17 23:31:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dagmar\AppData\Roaming\mozilla\Extensions

[2012.05.06 22:34:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions

[2011.05.28 13:04:03 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com

[2011.11.12 16:46:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2008.12.11 17:25:57 | 000,000,000 | ---D | M] (PDFCreator Toolbar) -- C:\PROGRAM FILES\PDFCREATOR TOOLBAR\V3.3.0.1\FIREFOX

[2012.05.07 02:04:55 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\DAGMAR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R3O3IEEY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012.04.25 10:48:58 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012.02.24 16:47:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.03.12 19:02:22 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

[2012.02.24 16:47:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.02.24 16:47:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.02.24 16:47:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.02.24 16:47:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.02.24 16:47:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2012.05.03 04:28:38 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()

O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()

O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O3 - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()

O3 - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files\EgisTec\VITAKEY\PdtWzd.exe (Egis Technology Inc.)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found

O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found

O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe (Egis Technology Inc.)

O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe (Egis Technology Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..Trusted Ranges: GD ([http] in Lokales Intranet)

O15 - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..Trusted Ranges: Range1 ([https] in Vertrauenswürdige Sites)

O15 - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..Trusted Ranges: Range2 ([https] in Vertrauenswürdige Sites)

O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://juwelvpn.dyndns.org/XTSAC.cab (XTSAC Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{228BBEBE-E967-411B-B950-8E7B8C6843A4}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D0C0C1F-7C8A-4A90-A61C-AD06E31C043E}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\dagmar\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\dagmar\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner Finder.lnk -  - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - D:\Program Files\WinZip\WZQKPICK.EXE - (WinZip Computing, S.L.)

MsConfig - StartUpFolder: C:^Users^dagmar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)

MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

MsConfig - StartUpReg: BullGuard - hkey= - key= -  File not found

MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()

MsConfig - StartUpReg: MobileDocuments - hkey= - key= - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

MsConfig - StartUpReg: msnmsgr - hkey= - key= -  File not found

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - D:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

MsConfig - StartUpReg: toolbar_eula_launcher - hkey= - key= - C:\Program Files\GoogleEULA\EULALauncher.exe ( )

MsConfig - StartUpReg: tsnp2uvc - hkey= - key= - C:\Windows\tsnp2uvc.exe ()

MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

MsConfig - StartUpReg: vProt - hkey= - key= - C:\Program Files\AVG Secure Search\vprot.exe ()

MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found

MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

MsConfig - State: "startup" - 2

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.05.07 15:18:13 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\dagmar\Desktop\OTL.exe

[2012.05.06 20:57:17 | 000,000,000 | ---D | C] -- C:\Users\dagmar\Desktop\Neuer Ordner

[2012.05.04 19:47:00 | 000,000,000 | ---D | C] -- C:\Users\dagmar\AppData\Roaming\Reviversoft

[2012.05.04 19:46:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reviversoft

[2012.05.04 19:46:48 | 000,017,224 | ---- | C] (ReviverSoft) -- C:\Windows\System32\roboot.exe

[2012.05.04 19:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\Reviversoft

[2012.05.03 02:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.05.02 21:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.05.02 21:43:10 | 000,000,000 | ---D | C] -- C:\Users\dagmar\AppData\Roaming\Malwarebytes

[2012.05.02 21:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.05.02 21:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.05.02 21:39:42 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.04.30 19:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012.04.30 19:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012.04.30 16:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\ABUS Security-Center

[2012.04.30 16:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABUS Security-Center

[2012.04.25 10:49:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

[2012.04.25 10:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.05.07 15:55:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job

[2012.05.07 15:51:36 | 000,628,730 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.05.07 15:51:36 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.05.07 15:51:36 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.05.07 15:51:36 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.05.07 15:47:46 | 000,000,502 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job

[2012.05.07 15:47:45 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.05.07 15:45:18 | 000,042,654 | ---- | M] () -- C:\ProgramData\nvModes.001

[2012.05.07 15:45:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.05.07 15:45:14 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.05.07 15:45:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.05.07 15:21:59 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012.05.07 15:18:24 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\dagmar\Desktop\OTL.exe

[2012.05.07 15:12:23 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.05.07 10:26:10 | 000,027,136 | ---- | M] () -- C:\Users\dagmar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.05.07 02:09:45 | 000,268,427 | ---- | M] () -- C:\Users\dagmar\Documents\Scan0001.pdf

[2012.05.07 02:09:28 | 000,306,345 | ---- | M] () -- C:\Users\dagmar\Documents\Bewerbung Rosalie Resl.pdf

[2012.05.07 02:09:28 | 000,253,774 | ---- | M] () -- C:\Users\dagmar\Documents\Dennis Kruse2.jpg

[2012.05.07 02:09:27 | 000,234,096 | ---- | M] () -- C:\Users\dagmar\Documents\Anfahrt.jpg

[2012.05.02 17:39:12 | 000,268,427 | ---- | M] () -- C:\Users\dagmar\Documents\locked-Scan0001.pdf.xdrz

[2012.05.02 17:38:39 | 000,253,774 | ---- | M] () -- C:\Users\dagmar\Documents\locked-Dennis Kruse2.jpg.dtfz

[2012.05.02 17:38:33 | 000,306,345 | ---- | M] () -- C:\Users\dagmar\Documents\locked-Bewerbung Rosalie Resl.pdf.kfyc

[2012.05.02 17:38:33 | 000,234,096 | ---- | M] () -- C:\Users\dagmar\Documents\locked-Anfahrt.jpg.onjs

[2012.05.02 17:32:33 | 000,042,654 | ---- | M] () -- C:\ProgramData\locked-nvModes.001.hmld

[2012.05.02 17:22:35 | 000,042,654 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2012.04.30 19:10:41 | 000,001,409 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012.04.30 19:01:50 | 309,324,901 | ---- | M] () -- C:\Windows\MEMORY.DMP

 
 ========== Files Created - No Company Name ==========

 

[2012.05.06 22:40:19 | 000,268,427 | ---- | C] () -- C:\Users\dagmar\Documents\Scan0001.pdf

[2012.05.06 22:40:02 | 000,253,774 | ---- | C] () -- C:\Users\dagmar\Documents\Dennis Kruse2.jpg

[2012.05.06 22:40:01 | 000,306,345 | ---- | C] () -- C:\Users\dagmar\Documents\Bewerbung Rosalie Resl.pdf

[2012.05.06 22:40:01 | 000,234,096 | ---- | C] () -- C:\Users\dagmar\Documents\Anfahrt.jpg

[2012.05.02 17:45:04 | 000,042,654 | ---- | C] () -- C:\ProgramData\nvModes.001

[2012.04.30 19:10:41 | 000,001,409 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012.04.18 10:31:27 | 309,324,901 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2011.10.14 18:34:17 | 000,882,432 | ---- | C] () -- C:\Windows\System32\drivers\mosuport.sys

[2011.10.14 18:34:17 | 000,278,528 | ---- | C] () -- C:\Windows\System32\MosUsbSerial.exe

[2011.10.14 18:34:17 | 000,262,144 | ---- | C] () -- C:\Windows\System32\MosUnst.exe

[2011.10.14 18:34:17 | 000,225,280 | ---- | C] () -- C:\Windows\System32\MosUSBParallel.exe

[2011.10.14 18:34:17 | 000,057,344 | ---- | C] () -- C:\Windows\System32\MosUSBSerPropPage.dll

[2011.10.14 18:34:17 | 000,053,248 | ---- | C] () -- C:\Windows\System32\MosUSBParPropPage.dll

[2011.10.14 18:34:17 | 000,028,672 | ---- | C] () -- C:\Windows\System32\dbgmsgcfg.dll

[2011.09.08 23:03:59 | 000,000,000 | ---- | C] () -- C:\Users\dagmar\AppData\Local\{8FAF1DC2-324B-4AF2-82C5-CF35492BC72C}

[2011.09.08 23:01:58 | 000,000,000 | ---- | C] () -- C:\Users\dagmar\AppData\Local\{1BF95C17-1E8B-437A-856E-3638C7E6FAEE}

[2011.07.13 07:47:36 | 000,000,000 | ---- | C] () -- C:\Users\dagmar\AppData\Local\{E474D4A3-F08A-4D4E-8AD6-CFC429808E2E}

[2011.07.13 07:40:20 | 000,000,000 | ---- | C] () -- C:\Users\dagmar\AppData\Local\{0DA4FE39-CAAF-4DA3-ABDE-EAFB9154A010}

 
 ========== LOP Check ==========

 

[2008.11.13 12:58:41 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Buhl Data Service GmbH

[2012.03.13 01:11:28 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\DataDesign

[2011.08.31 20:46:47 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\NASNaviator2

[2010.06.10 21:47:55 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\OpenOffice.org

[2012.05.04 19:47:00 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Reviversoft

[2009.04.07 13:35:25 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Sierra Wireless

[2009.02.04 09:06:47 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Template

[2012.05.06 22:35:07 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\TuneAid

[2012.03.09 13:19:54 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\TuneUp Software

[2012.05.07 10:28:07 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\UseNeXT

[2009.03.05 19:07:46 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\WebCompiler2

[2011.08.10 12:53:46 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\WindSolutions

[2012.05.07 15:47:46 | 000,000,502 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job

[2012.05.07 15:22:01 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012.05.07 15:55:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2008.11.13 11:46:10 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Adobe

[2012.03.13 01:24:50 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Apple Computer

[2008.11.13 12:58:41 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Buhl Data Service GmbH

[2009.04.29 07:14:58 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Corel

[2009.03.15 16:24:23 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\CyberLink

[2012.03.13 01:11:28 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\DataDesign

[2008.11.12 23:03:45 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Google

[2011.06.19 14:06:32 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\HpUpdate

[2008.11.12 11:10:49 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Identities

[2008.11.13 01:12:13 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Macromedia

[2012.05.02 21:43:10 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Malwarebytes

[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Media Center Programs

[2011.08.08 20:22:09 | 000,000,000 | --SD | M] -- C:\Users\dagmar\AppData\Roaming\Microsoft

[2008.11.17 23:31:58 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Mozilla

[2011.08.31 20:46:47 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\NASNaviator2

[2009.02.18 18:43:32 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Nero

[2010.06.10 21:47:55 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\OpenOffice.org

[2012.05.04 19:47:00 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Reviversoft

[2009.04.07 13:35:25 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Sierra Wireless

[2009.02.04 09:06:47 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Template

[2012.05.06 22:35:07 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\TuneAid

[2012.03.09 13:19:54 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\TuneUp Software

[2012.05.07 10:28:07 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\UseNeXT

[2012.05.06 22:35:08 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\vlc

[2009.03.05 19:07:46 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\WebCompiler2

[2011.08.10 12:53:46 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\WindSolutions

[2009.02.18 18:45:29 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2012.05.07 02:04:43 | 000,010,398 | ---- | M] () -- C:\Users\dagmar\AppData\Roaming\Microsoft\Installer\{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}\_6FA99008F6BBB97A091E2D.exe

[2012.05.07 02:04:43 | 000,025,214 | ---- | M] () -- C:\Users\dagmar\AppData\Roaming\Microsoft\Installer\{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}\_E38944F26F8D876B004311.exe

[2011.08.10 12:22:31 | 007,128,264 | ---- | M] (WindSolutions) -- C:\Users\dagmar\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTrans.exe

[2011.08.10 12:20:58 | 003,461,672 | ---- | M] (WindSolutions) -- C:\Users\dagmar\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe

[2011.08.10 12:28:53 | 007,665,928 | ---- | M] (WindSolutions) -- C:\Users\dagmar\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransManager.exe

[2011.08.10 12:53:40 | 006,480,904 | ---- | M] (WindSolutions) -- C:\Users\dagmar\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransPhoto.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.08.13 13:05:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys

[2008.08.13 13:05:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys

[2008.08.13 13:05:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2008.08.13 13:05:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: EVENTLOG.DLL  >

[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll

[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll

[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 21:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe

[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:24051EFF
 

< End of report >

Es gab noch ein 2tes logfile, Extras.Txt ist das auch relevant

Code:

OTL Extras logfile created on: 07.05.2012 15:51:14 - Run 1

OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\dagmar\Downloads

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,99 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,51% Memory free

6,18 Gb Paging File | 5,19 Gb Available in Paging File | 83,93% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 278,32 Gb Total Space | 122,13 Gb Free Space | 43,88% Space Free | Partition Type: NTFS

Drive D: | 19,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: FAT32

 

Computer Name: MAMA-PC | User Name: dagmar | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{072BADE7-E429-43FE-9632-ED8119CE21AD}" = lport=445 | protocol=6 | dir=in | app=system | 

"{09E01168-DA8D-46D0-8EFD-C6E9083FC886}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{107D0A42-F4BA-412D-9029-16163429C935}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe | 

"{12FC471E-B764-4859-8FEA-994D1C51962A}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{16580E1A-8D8B-433B-B34C-65EBE21F8EE4}" = lport=3390 | protocol=6 | dir=in | app=system | 

"{1898FFB9-B7C1-49D5-8E40-20A42EF93F8F}" = lport=139 | protocol=6 | dir=in | app=system | 

"{1B09A108-22A1-4FE2-8FAB-FB8CE335F740}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 

"{1BE36594-6ADC-4202-913F-5F749C81337A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{1DE35918-D31B-45BE-8D16-9C45DCF6BF6E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{2350A216-2946-493D-A29E-33B1EDC82162}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{25E21EE2-7560-4474-91C7-C44508DC6489}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{2DFAD5C0-C566-4F61-AD19-525886803112}" = rport=10244 | protocol=6 | dir=out | app=system | 

"{30E4A4FF-9E33-499F-B798-6A06F2E3E9D8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{3191DECA-417D-496A-96E7-02FEF02CFEFF}" = lport=10244 | protocol=6 | dir=in | app=system | 

"{37A67E49-16A2-4AA4-B483-A04C5F07AC75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{39BA89BA-5E33-47BA-8848-ACB49C572B2E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 

"{3C77367C-B142-4B4F-9343-0CA4D6459332}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 

"{5503186A-1591-40C3-85F0-7D9A5BC9A93B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{5E8A0030-0D36-4994-AC3B-1893BEE04794}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{64B06681-9A1C-47EB-A743-D2204BC730EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{776BEAB3-FDA1-46A4-90DA-8B6DCB3706A6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 

"{78C098D2-3236-4208-9D54-0C010F77A004}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{8AAD5D66-4F82-499A-9331-0BD43DD2AD08}" = rport=445 | protocol=6 | dir=out | app=system | 

"{8F2EF8C8-FDD2-4682-94D1-B5D4770F5D3F}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{A4EB2E77-D18E-4E07-8F7D-72C40E556E4E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 

"{AB35FD29-C819-4EBD-B954-63A5BB8A7741}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 

"{AEED3589-EE54-4D38-80A0-A0FD6BBEE827}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{B100CB64-BCF7-442B-93A4-5AFE17A56603}" = lport=137 | protocol=17 | dir=in | app=system | 

"{B800D73E-0396-4E6D-BDA6-D5D7A84ADA2D}" = lport=138 | protocol=17 | dir=in | app=system | 

"{B838CFCA-84E9-4CB0-A27B-B1504B9BEFCA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{CF21D257-A7FD-48E5-8A21-E5E4CB0E5702}" = rport=139 | protocol=6 | dir=out | app=system | 

"{CFC551D5-7442-41F2-ADF9-A61C70D3A89C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{D5375A35-82EE-4FD0-B983-D0FEEA98E25F}" = rport=137 | protocol=17 | dir=out | app=system | 

"{D9074FF1-D1C0-430F-92B1-6C44AE88A44B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{EA2C2A43-E142-4B23-943F-710440FD9CFD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 

"{EA319ABF-05EE-4D32-B53A-46B7CCB3D10C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{EEDCD9E0-81A0-4689-8060-018F689F528B}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe | 

"{F046B3A2-66D7-4970-B531-637807A9DD0F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{F36D0674-9292-4E9C-A993-7AB57DE2F9C3}" = rport=138 | protocol=17 | dir=out | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{10E8C456-0210-4E73-9472-4CD35799A79D}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 

"{11963E22-D3FE-496F-B11F-233178653710}" = protocol=6 | dir=out | app=system | 

"{1272C230-B63C-46F1-8ECA-1DF57EDF3BC3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{247C9EBC-C3AF-45FF-9884-040D30047C33}" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 

"{28391B67-FDC6-4A4A-801E-F7124E8FFE10}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 

"{2E25BF11-24F1-4485-90FF-5C9EDEC477AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{33EC455F-2EFE-41DC-95FB-56CFFE7DF70A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{350076D4-693F-41B8-BD90-A4B6F6115FE6}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe | 

"{363B42AB-E3C9-4696-B3C3-B1217C66CCB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{3DC48DDD-4051-4111-BBBB-B6C39424525A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{5682B6E3-4375-4741-B791-6FD1FAD13D9B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{5A30A4F1-1B8D-4A7C-8AC5-52340E33DE87}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 

"{5AA83A82-8265-41C6-B6EF-8C3862D11B09}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{61E9D938-C4B4-47F7-913B-66796D781DFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{63784E9D-FD24-4581-A97F-C3955134D42B}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe | 

"{6E5D556C-4E80-4907-9EAD-1EBF44A77099}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{6E92F78E-C7CB-4FC7-9E0F-57970BA652D9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 

"{714D7EB7-FE58-4FC8-B460-647B353CBADD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{76060410-9C04-4622-9CBA-04056B76FE3D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{78380F14-117A-4524-A57A-14973C030903}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 

"{7F12D708-E9D3-44CB-A2F3-F205FECD04D4}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 

"{86E887C7-8A68-450A-87FA-4C222710B361}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{8CE86474-D536-460A-B95E-A313F2D1520F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{8E61314E-0629-489A-BC91-18BE94AA8A04}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{944FC150-6A9B-4A53-B29E-D48889CAF127}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{9BD81D42-DB56-43F2-812C-F4CDB1A9FE2C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{9FA08E23-060E-4DF9-90AF-D3930F5E0F35}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{A06754D5-078E-4E7D-8406-2B1C57977B3E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{A8841B5F-B5AC-4C80-8592-5FF2F79D9678}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{AF54A96A-D584-4EC8-8B2E-2F6B9A85F50D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{B36A40E3-B27B-452A-AF45-52DA8E110142}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{B43B1CCB-5D98-40A6-95FB-C38F7D7455B0}" = protocol=6 | dir=in | app=c:\program files\unlimited connection manager\unlimited connection manager.exe | 

"{B73F2DBB-A331-4D55-A03C-AAC21C5F6F73}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{B968BE4F-BD65-4877-B105-F76F317B84F9}" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 

"{B99B9C4A-8C79-4267-96DB-19D72DED4F2D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{C3D36FB7-6922-41E6-96C3-A0B658A5578B}" = protocol=17 | dir=in | app=c:\program files\unlimited connection manager\unlimited connection manager.exe | 

"{C7CD8410-D29F-45F6-AD00-6BF36B9195AB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{CC9C1220-4F21-4A2A-A776-8D16A72204A4}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 

"{CFBDF621-2C22-45F8-81DF-C9DB0EE8CFD6}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 

"{D8CAEFF8-0CEE-4015-A755-7D319E768EA4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{D8FB8F8D-8F98-43A6-B850-E2A6A4E0B283}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 

"{E29CCEC6-577E-4D6B-9DC3-3012CA1A41E2}" = dir=in | app=d:\program files\itunes\itunes.exe | 

"{E719ADE9-BA03-4D6F-BB65-6314D0093DDD}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe | 

"{EE538957-909D-4EFC-A085-B929A39B048C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 

"{F84A0EAD-AFBE-49AC-BD25-9F26D2A3E73F}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe | 

"{FBA59B54-C69C-426B-9966-B55F12E2094F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{FE9892ED-1298-4C3D-AFDD-C09E6F9D63CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{FF3F1D4A-93D0-4CA3-AFAD-C537458E08B2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"TCP Query User{1084484C-BC64-460A-8853-54AAEA1E5825}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 

"TCP Query User{149D4CFE-B018-4FD1-AC82-9F5EBDEC1629}C:\program files\buffalo\nasnavi\nasnavi.exe" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 

"TCP Query User{5A3E0E37-CD92-4BFA-8BC6-EB04C475C83D}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 

"TCP Query User{88039DB5-A764-4A9D-8E9B-BFD87728A560}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=6 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe | 

"TCP Query User{990B1384-F106-44AE-8305-F66B4771C731}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=6 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe | 

"TCP Query User{9E8FB15F-2F0A-43BA-A172-CB92F5F49756}C:\program files\abus security-center\installationsassistent 2\iw2.exe" = protocol=6 | dir=in | app=c:\program files\abus security-center\installationsassistent 2\iw2.exe | 

"TCP Query User{E264E4D9-FDE6-43E7-BA1C-43160AE55B08}C:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=6 | dir=in | app=c:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe | 

"UDP Query User{2554715F-8C9F-42CE-93B5-EBC0B851717D}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=17 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe | 

"UDP Query User{2A46460A-95E7-49C1-AE87-96F93D60DD5D}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 

"UDP Query User{455AAC0F-D976-4D18-ADE8-3B3EEE00C2AE}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=17 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe | 

"UDP Query User{4835702D-D30C-4E7D-84E0-70708198B8D9}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 

"UDP Query User{557BA70D-592B-426C-AC23-60FA3C617B26}C:\program files\abus security-center\installationsassistent 2\iw2.exe" = protocol=17 | dir=in | app=c:\program files\abus security-center\installationsassistent 2\iw2.exe | 

"UDP Query User{72A5BD2A-C6A5-4032-9ADA-E1115D0844CD}C:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=17 | dir=in | app=c:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe | 

"UDP Query User{C1DFAC81-009A-404C-8B4C-C6B675E475CF}C:\program files\buffalo\nasnavi\nasnavi.exe" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Hilfe

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26

"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie

"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Foxlink Webcam

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{45015CD6-4E70-4D1F-811E-2906B23BF27F}" = Studie zur Verbesserung von HP Officejet 6500 E710n-z Produkten

"{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher

"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV

"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{6414E7C5-C329-4C99-A223-FCCDB499E3E9}" = D-Link AirPlus Xtreme G AP Manager for DWL-2100AP

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker 3

"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{75674E4C-CDE5-4E64-8014-FDF6D9204C4B}" = HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät

"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007

"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007

"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007

"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{924DAFFB-CA84-43a3-8205-A6E94461EC79}_is1" = Registry Reviver

"{9428A68A-9B43-473D-9771-FDA1D15B4C0D}" = VITAKEY

"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne

"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch

"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3

"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update

"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc

"{B5C193AA-3BCE-483D-B9E7-97138248EB8B}" = ABUS IP-Installer

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer

"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]

"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{C5DECB40-7801-11D4-AFAE-0050DA073284}" = T-Concept X320 Xi320 Xi520

"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0

"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar

"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional

"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11

"AVG Secure Search" = AVG Security Toolbar

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ESET Online Scanner" = ESET Online Scanner v3

"File Recover_is1" = File Recover 7.5

"Google Desktop" = Google Desktop

"Installationsassistent2" = Installationsassistent2

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"InstallShield_{9428A68A-9B43-473D-9771-FDA1D15B4C0D}" = VITAKEY

"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"LetsTrade" = LetsTrade Komponenten

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NVIDIA Drivers" = NVIDIA Drivers

"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch

"PDFCreator Toolbar" = PDFCreator Toolbar

"PROGNOS für Windows_is1" = PfW 4.7.2.3

"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar

"TuneAid_is1" = TuneAid 3.76

"TuneUp Utilities 2012" = TuneUp Utilities 2012

"UN060501" = BUFFALO NAS Navigator2

"UN090928" = BUFFALO LinkStation(LX-WXL) Setup Guide

"Unlimited Connection Manager" = Unlimited Connection Manager

"USB Compound Device" = USB Compound Device

"UseNeXT_is1" = UseNeXT

"VLC media player" = VLC media player 1.1.11

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

"X10Hardware" = X10 Hardware(TM)

"ZoomPlayer" = Zoom Player (remove only)

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.

"GoToMeeting" = GoToMeeting 5.1.0.874

 
 ========== Last 10 Event Log Errors ==========

 

Error: Unable to start EventLog service!

 

< End of report >

oh entschuldigung i.wie doppelt gepostet Oo

Es gab noch ein 2tes logfile, Extras.Txt ist das auch relevant

Code:

OTL Extras logfile created on: 07.05.2012 15:51:14 - Run 1

OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\dagmar\Downloads

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,99 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,51% Memory free

6,18 Gb Paging File | 5,19 Gb Available in Paging File | 83,93% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 278,32 Gb Total Space | 122,13 Gb Free Space | 43,88% Space Free | Partition Type: NTFS

Drive D: | 19,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: FAT32

 

Computer Name: MAMA-PC | User Name: dagmar | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{072BADE7-E429-43FE-9632-ED8119CE21AD}" = lport=445 | protocol=6 | dir=in | app=system | 

"{09E01168-DA8D-46D0-8EFD-C6E9083FC886}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{107D0A42-F4BA-412D-9029-16163429C935}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe | 

"{12FC471E-B764-4859-8FEA-994D1C51962A}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{16580E1A-8D8B-433B-B34C-65EBE21F8EE4}" = lport=3390 | protocol=6 | dir=in | app=system | 

"{1898FFB9-B7C1-49D5-8E40-20A42EF93F8F}" = lport=139 | protocol=6 | dir=in | app=system | 

"{1B09A108-22A1-4FE2-8FAB-FB8CE335F740}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 

"{1BE36594-6ADC-4202-913F-5F749C81337A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{1DE35918-D31B-45BE-8D16-9C45DCF6BF6E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{2350A216-2946-493D-A29E-33B1EDC82162}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{25E21EE2-7560-4474-91C7-C44508DC6489}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{2DFAD5C0-C566-4F61-AD19-525886803112}" = rport=10244 | protocol=6 | dir=out | app=system | 

"{30E4A4FF-9E33-499F-B798-6A06F2E3E9D8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{3191DECA-417D-496A-96E7-02FEF02CFEFF}" = lport=10244 | protocol=6 | dir=in | app=system | 

"{37A67E49-16A2-4AA4-B483-A04C5F07AC75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{39BA89BA-5E33-47BA-8848-ACB49C572B2E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 

"{3C77367C-B142-4B4F-9343-0CA4D6459332}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 

"{5503186A-1591-40C3-85F0-7D9A5BC9A93B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{5E8A0030-0D36-4994-AC3B-1893BEE04794}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{64B06681-9A1C-47EB-A743-D2204BC730EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{776BEAB3-FDA1-46A4-90DA-8B6DCB3706A6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 

"{78C098D2-3236-4208-9D54-0C010F77A004}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{8AAD5D66-4F82-499A-9331-0BD43DD2AD08}" = rport=445 | protocol=6 | dir=out | app=system | 

"{8F2EF8C8-FDD2-4682-94D1-B5D4770F5D3F}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{A4EB2E77-D18E-4E07-8F7D-72C40E556E4E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 

"{AB35FD29-C819-4EBD-B954-63A5BB8A7741}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 

"{AEED3589-EE54-4D38-80A0-A0FD6BBEE827}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{B100CB64-BCF7-442B-93A4-5AFE17A56603}" = lport=137 | protocol=17 | dir=in | app=system | 

"{B800D73E-0396-4E6D-BDA6-D5D7A84ADA2D}" = lport=138 | protocol=17 | dir=in | app=system | 

"{B838CFCA-84E9-4CB0-A27B-B1504B9BEFCA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{CF21D257-A7FD-48E5-8A21-E5E4CB0E5702}" = rport=139 | protocol=6 | dir=out | app=system | 

"{CFC551D5-7442-41F2-ADF9-A61C70D3A89C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{D5375A35-82EE-4FD0-B983-D0FEEA98E25F}" = rport=137 | protocol=17 | dir=out | app=system | 

"{D9074FF1-D1C0-430F-92B1-6C44AE88A44B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{EA2C2A43-E142-4B23-943F-710440FD9CFD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 

"{EA319ABF-05EE-4D32-B53A-46B7CCB3D10C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{EEDCD9E0-81A0-4689-8060-018F689F528B}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe | 

"{F046B3A2-66D7-4970-B531-637807A9DD0F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{F36D0674-9292-4E9C-A993-7AB57DE2F9C3}" = rport=138 | protocol=17 | dir=out | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{10E8C456-0210-4E73-9472-4CD35799A79D}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 

"{11963E22-D3FE-496F-B11F-233178653710}" = protocol=6 | dir=out | app=system | 

"{1272C230-B63C-46F1-8ECA-1DF57EDF3BC3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{247C9EBC-C3AF-45FF-9884-040D30047C33}" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 

"{28391B67-FDC6-4A4A-801E-F7124E8FFE10}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 

"{2E25BF11-24F1-4485-90FF-5C9EDEC477AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{33EC455F-2EFE-41DC-95FB-56CFFE7DF70A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{350076D4-693F-41B8-BD90-A4B6F6115FE6}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe | 

"{363B42AB-E3C9-4696-B3C3-B1217C66CCB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{3DC48DDD-4051-4111-BBBB-B6C39424525A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{5682B6E3-4375-4741-B791-6FD1FAD13D9B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{5A30A4F1-1B8D-4A7C-8AC5-52340E33DE87}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 

"{5AA83A82-8265-41C6-B6EF-8C3862D11B09}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{61E9D938-C4B4-47F7-913B-66796D781DFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{63784E9D-FD24-4581-A97F-C3955134D42B}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe | 

"{6E5D556C-4E80-4907-9EAD-1EBF44A77099}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{6E92F78E-C7CB-4FC7-9E0F-57970BA652D9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 

"{714D7EB7-FE58-4FC8-B460-647B353CBADD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{76060410-9C04-4622-9CBA-04056B76FE3D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{78380F14-117A-4524-A57A-14973C030903}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 

"{7F12D708-E9D3-44CB-A2F3-F205FECD04D4}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 

"{86E887C7-8A68-450A-87FA-4C222710B361}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{8CE86474-D536-460A-B95E-A313F2D1520F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{8E61314E-0629-489A-BC91-18BE94AA8A04}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{944FC150-6A9B-4A53-B29E-D48889CAF127}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{9BD81D42-DB56-43F2-812C-F4CDB1A9FE2C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{9FA08E23-060E-4DF9-90AF-D3930F5E0F35}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{A06754D5-078E-4E7D-8406-2B1C57977B3E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{A8841B5F-B5AC-4C80-8592-5FF2F79D9678}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{AF54A96A-D584-4EC8-8B2E-2F6B9A85F50D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{B36A40E3-B27B-452A-AF45-52DA8E110142}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{B43B1CCB-5D98-40A6-95FB-C38F7D7455B0}" = protocol=6 | dir=in | app=c:\program files\unlimited connection manager\unlimited connection manager.exe | 

"{B73F2DBB-A331-4D55-A03C-AAC21C5F6F73}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{B968BE4F-BD65-4877-B105-F76F317B84F9}" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 

"{B99B9C4A-8C79-4267-96DB-19D72DED4F2D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{C3D36FB7-6922-41E6-96C3-A0B658A5578B}" = protocol=17 | dir=in | app=c:\program files\unlimited connection manager\unlimited connection manager.exe | 

"{C7CD8410-D29F-45F6-AD00-6BF36B9195AB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{CC9C1220-4F21-4A2A-A776-8D16A72204A4}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 

"{CFBDF621-2C22-45F8-81DF-C9DB0EE8CFD6}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 

"{D8CAEFF8-0CEE-4015-A755-7D319E768EA4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{D8FB8F8D-8F98-43A6-B850-E2A6A4E0B283}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 

"{E29CCEC6-577E-4D6B-9DC3-3012CA1A41E2}" = dir=in | app=d:\program files\itunes\itunes.exe | 

"{E719ADE9-BA03-4D6F-BB65-6314D0093DDD}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe | 

"{EE538957-909D-4EFC-A085-B929A39B048C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 

"{F84A0EAD-AFBE-49AC-BD25-9F26D2A3E73F}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe | 

"{FBA59B54-C69C-426B-9966-B55F12E2094F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{FE9892ED-1298-4C3D-AFDD-C09E6F9D63CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{FF3F1D4A-93D0-4CA3-AFAD-C537458E08B2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"TCP Query User{1084484C-BC64-460A-8853-54AAEA1E5825}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 

"TCP Query User{149D4CFE-B018-4FD1-AC82-9F5EBDEC1629}C:\program files\buffalo\nasnavi\nasnavi.exe" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 

"TCP Query User{5A3E0E37-CD92-4BFA-8BC6-EB04C475C83D}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 

"TCP Query User{88039DB5-A764-4A9D-8E9B-BFD87728A560}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=6 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe | 

"TCP Query User{990B1384-F106-44AE-8305-F66B4771C731}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=6 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe | 

"TCP Query User{9E8FB15F-2F0A-43BA-A172-CB92F5F49756}C:\program files\abus security-center\installationsassistent 2\iw2.exe" = protocol=6 | dir=in | app=c:\program files\abus security-center\installationsassistent 2\iw2.exe | 

"TCP Query User{E264E4D9-FDE6-43E7-BA1C-43160AE55B08}C:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=6 | dir=in | app=c:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe | 

"UDP Query User{2554715F-8C9F-42CE-93B5-EBC0B851717D}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=17 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe | 

"UDP Query User{2A46460A-95E7-49C1-AE87-96F93D60DD5D}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 

"UDP Query User{455AAC0F-D976-4D18-ADE8-3B3EEE00C2AE}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=17 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe | 

"UDP Query User{4835702D-D30C-4E7D-84E0-70708198B8D9}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 

"UDP Query User{557BA70D-592B-426C-AC23-60FA3C617B26}C:\program files\abus security-center\installationsassistent 2\iw2.exe" = protocol=17 | dir=in | app=c:\program files\abus security-center\installationsassistent 2\iw2.exe | 

"UDP Query User{72A5BD2A-C6A5-4032-9ADA-E1115D0844CD}C:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=17 | dir=in | app=c:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe | 

"UDP Query User{C1DFAC81-009A-404C-8B4C-C6B675E475CF}C:\program files\buffalo\nasnavi\nasnavi.exe" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Hilfe

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26

"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie

"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Foxlink Webcam

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{45015CD6-4E70-4D1F-811E-2906B23BF27F}" = Studie zur Verbesserung von HP Officejet 6500 E710n-z Produkten

"{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher

"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV

"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{6414E7C5-C329-4C99-A223-FCCDB499E3E9}" = D-Link AirPlus Xtreme G AP Manager for DWL-2100AP

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker 3

"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{75674E4C-CDE5-4E64-8014-FDF6D9204C4B}" = HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät

"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007

"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007

"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007

"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{924DAFFB-CA84-43a3-8205-A6E94461EC79}_is1" = Registry Reviver

"{9428A68A-9B43-473D-9771-FDA1D15B4C0D}" = VITAKEY

"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne

"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch

"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3

"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update

"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc

"{B5C193AA-3BCE-483D-B9E7-97138248EB8B}" = ABUS IP-Installer

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer

"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]

"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{C5DECB40-7801-11D4-AFAE-0050DA073284}" = T-Concept X320 Xi320 Xi520

"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0

"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar

"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional

"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11

"AVG Secure Search" = AVG Security Toolbar

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ESET Online Scanner" = ESET Online Scanner v3

"File Recover_is1" = File Recover 7.5

"Google Desktop" = Google Desktop

"Installationsassistent2" = Installationsassistent2

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"InstallShield_{9428A68A-9B43-473D-9771-FDA1D15B4C0D}" = VITAKEY

"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"LetsTrade" = LetsTrade Komponenten

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NVIDIA Drivers" = NVIDIA Drivers

"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch

"PDFCreator Toolbar" = PDFCreator Toolbar

"PROGNOS für Windows_is1" = PfW 4.7.2.3

"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar

"TuneAid_is1" = TuneAid 3.76

"TuneUp Utilities 2012" = TuneUp Utilities 2012

"UN060501" = BUFFALO NAS Navigator2

"UN090928" = BUFFALO LinkStation(LX-WXL) Setup Guide

"Unlimited Connection Manager" = Unlimited Connection Manager

"USB Compound Device" = USB Compound Device

"UseNeXT_is1" = UseNeXT

"VLC media player" = VLC media player 1.1.11

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

"X10Hardware" = X10 Hardware(TM)

"ZoomPlayer" = Zoom Player (remove only)

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.

"GoToMeeting" = GoToMeeting 5.1.0.874

 
 ========== Last 10 Event Log Errors ==========

 

Error: Unable to start EventLog service!

 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul = 

IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = http://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field

[2011.05.28 13:04:03 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com

O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()

O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()

O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O3 - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()

O3 - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)

O4 - HKLM..\Run: []  File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:24051EFF

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

So der OTL fix ist auch durch hier das LOG:

Code:

All processes killed

========== OTL ==========

HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ deleted successfully.

C:\Program Files\Softonic_Deutsch\tbSoft.dll moved successfully.

HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Internet Explorer\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}\ deleted successfully.

C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com\searchplugin folder moved successfully.

C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com\META-INF folder moved successfully.

C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com\lib folder moved successfully.

C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com\DualPackage folder moved successfully.

C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com\defaults folder moved successfully.

C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com\components folder moved successfully.

C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com\chrome folder moved successfully.

C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com folder moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}\ deleted successfully.

C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.

File C:\Program Files\Softonic_Deutsch\tbSoft.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.

C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.

C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}\ deleted successfully.

C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found.

File C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.

File C:\Program Files\Softonic_Deutsch\tbSoft.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.

File C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{eec0f710-38b5-4aba-99bf-ec87564a4e13} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eec0f710-38b5-4aba-99bf-ec87564a4e13}\ deleted successfully.

File C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll not found.

Registry value HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found.

File C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll not found.

Registry value HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}\ not found.

File C:\Program Files\Softonic_Deutsch\tbSoft.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

D:\AUTOEXEC.BAT moved successfully.

ADS C:\ProgramData\Temp:24051EFF deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: dagmar

->Temp folder emptied: 6258338 bytes

->Temporary Internet Files folder emptied: 194433655 bytes

->Java cache emptied: 2597569 bytes

->FireFox cache emptied: 169292027 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 102965 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2861268 bytes

RecycleBin emptied: 9853266451 bytes

 

Total Files Cleaned = 9.755,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: dagmar

->Flash cache emptied: 0 bytes

 

User: Default

 

User: Default User

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.42.3 log created on 05082012_122544
 

Files\Folders moved on Reboot...

File\Folder C:\Windows\temp\JET94FE.tmp not found!
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Alles klar habe ich gemacht, hier der Report, und bis hier hin schonmal danke, viele Dank für deine Mühe.

Code:

16:25:30.0311 0276        TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18

16:25:30.0820 0276        ============================================================

16:25:30.0820 0276        Current date / time: 2012/05/08 16:25:30.0820

16:25:30.0820 0276        SystemInfo:

16:25:30.0820 0276        

16:25:30.0820 0276        OS Version: 6.0.6001 ServicePack: 1.0

16:25:30.0820 0276        Product type: Workstation

16:25:30.0821 0276        ComputerName: MAMA-PC

16:25:30.0821 0276        UserName: dagmar

16:25:30.0821 0276        Windows directory: C:\Windows

16:25:30.0821 0276        System windows directory: C:\Windows

16:25:30.0821 0276        Processor architecture: Intel x86

16:25:30.0821 0276        Number of processors: 2

16:25:30.0821 0276        Page size: 0x1000

16:25:30.0821 0276        Boot type: Normal boot

16:25:30.0821 0276        ============================================================

16:25:32.0359 0276        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

16:25:32.0370 0276        ============================================================

16:25:32.0370 0276        \Device\Harddisk0\DR0:

16:25:32.0370 0276        MBR partitions:

16:25:32.0370 0276        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x22CA4800

16:25:32.0370 0276        \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x22CA5000, BlocksNum 0x2789000

16:25:32.0370 0276        ============================================================

16:25:32.0406 0276        C: <-> \Device\Harddisk0\DR0\Partition0

16:25:32.0434 0276        D: <-> \Device\Harddisk0\DR0\Partition1

16:25:32.0434 0276        ============================================================

16:25:32.0434 0276        Initialize success

16:25:32.0434 0276        ============================================================

16:27:08.0703 3352        ============================================================

16:27:08.0703 3352        Scan started

16:27:08.0703 3352        Mode: Manual; SigCheck; TDLFS; 

16:27:08.0703 3352        ============================================================

16:27:09.0450 3352        ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys

16:27:09.0544 3352        ACPI - ok

16:27:09.0593 3352        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

16:27:09.0623 3352        adp94xx - ok

16:27:09.0673 3352        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

16:27:09.0697 3352        adpahci - ok

16:27:09.0731 3352        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

16:27:09.0756 3352        adpu160m - ok

16:27:09.0781 3352        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

16:27:09.0802 3352        adpu320 - ok

16:27:09.0834 3352        AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

16:27:09.0947 3352        AeLookupSvc - ok

16:27:10.0020 3352        AFD             (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys

16:27:10.0076 3352        AFD - ok

16:27:10.0093 3352        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

16:27:10.0103 3352        agp440 - ok

16:27:10.0128 3352        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

16:27:10.0140 3352        aic78xx - ok

16:27:10.0173 3352        ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

16:27:10.0222 3352        ALG - ok

16:27:10.0245 3352        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

16:27:10.0254 3352        aliide - ok

16:27:10.0278 3352        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

16:27:10.0288 3352        amdagp - ok

16:27:10.0333 3352        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

16:27:10.0342 3352        amdide - ok

16:27:10.0372 3352        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

16:27:10.0408 3352        AmdK7 - ok

16:27:10.0429 3352        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

16:27:10.0474 3352        AmdK8 - ok

16:27:10.0488 3352        Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

16:27:10.0523 3352        Appinfo - ok

16:27:10.0713 3352        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

16:27:10.0723 3352        Apple Mobile Device - ok

16:27:10.0745 3352        arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

16:27:10.0756 3352        arc - ok

16:27:10.0778 3352        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

16:27:10.0788 3352        arcsas - ok

16:27:10.0813 3352        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

16:27:10.0868 3352        AsyncMac - ok

16:27:10.0890 3352        atapi           (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys

16:27:10.0898 3352        atapi - ok

16:27:10.0987 3352        AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll

16:27:11.0028 3352        AudioEndpointBuilder - ok

16:27:11.0033 3352        Audiosrv        (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll

16:27:11.0061 3352        Audiosrv - ok

16:27:11.0078 3352        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

16:27:11.0116 3352        Beep - ok

16:27:11.0161 3352        BFE             (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll

16:27:11.0219 3352        BFE - ok

16:27:11.0359 3352        BITS            (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll

16:27:11.0450 3352        BITS - ok

16:27:11.0483 3352        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

16:27:11.0524 3352        blbdrive - ok

16:27:11.0678 3352        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

16:27:11.0695 3352        Bonjour Service - ok

16:27:11.0766 3352        bowser          (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys

16:27:11.0823 3352        bowser - ok

16:27:11.0836 3352        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

16:27:11.0914 3352        BrFiltLo - ok

16:27:11.0943 3352        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

16:27:11.0974 3352        BrFiltUp - ok

16:27:12.0008 3352        Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

16:27:12.0052 3352        Browser - ok

16:27:12.0080 3352        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

16:27:12.0140 3352        Brserid - ok

16:27:12.0337 3352        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

16:27:12.0402 3352        BrSerWdm - ok

16:27:12.0424 3352        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

16:27:12.0476 3352        BrUsbMdm - ok

16:27:12.0491 3352        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

16:27:12.0534 3352        BrUsbSer - ok

16:27:12.0584 3352        BthEnum         (ae19cfbbba41800f3d5343e21d2ca09f) C:\Windows\system32\DRIVERS\BthEnum.sys

16:27:12.0619 3352        BthEnum - ok

16:27:12.0642 3352        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

16:27:12.0712 3352        BTHMODEM - ok

16:27:12.0752 3352        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys

16:27:12.0792 3352        BthPan - ok

16:27:12.0876 3352        BTHPORT         (75f19df0bc62992d05fdd8a32d968531) C:\Windows\system32\Drivers\BTHport.sys

16:27:12.0982 3352        BTHPORT - ok

16:27:13.0017 3352        BthServ         (fc930b47a83f5f61dfadc64a0719de43) C:\Windows\System32\bthserv.dll

16:27:13.0062 3352        BthServ - ok

16:27:13.0104 3352        BTHUSB          (4ce2a25c5936bc515357d60fee73f221) C:\Windows\system32\Drivers\BTHUSB.sys

16:27:13.0117 3352        BTHUSB - ok

16:27:13.0146 3352        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

16:27:13.0181 3352        cdfs - ok

16:27:13.0207 3352        cdrom           (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys

16:27:13.0233 3352        cdrom - ok

16:27:13.0260 3352        CertPropSvc     (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll

16:27:13.0285 3352        CertPropSvc - ok

16:27:13.0300 3352        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

16:27:13.0325 3352        circlass - ok

16:27:13.0375 3352        CLFS            (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys

16:27:13.0402 3352        CLFS - ok

16:27:13.0509 3352        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:27:13.0520 3352        clr_optimization_v2.0.50727_32 - ok

16:27:13.0631 3352        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

16:27:13.0652 3352        clr_optimization_v4.0.30319_32 - ok

16:27:13.0681 3352        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

16:27:13.0727 3352        CmBatt - ok

16:27:13.0758 3352        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

16:27:13.0767 3352        cmdide - ok

16:27:13.0788 3352        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

16:27:13.0797 3352        Compbatt - ok

16:27:13.0800 3352        COMSysApp - ok

16:27:13.0808 3352        crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

16:27:13.0818 3352        crcdisk - ok

16:27:13.0838 3352        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

16:27:13.0888 3352        Crusoe - ok

16:27:13.0933 3352        CryptSvc        (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll

16:27:13.0994 3352        CryptSvc - ok

16:27:14.0092 3352        DcomLaunch      (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll

16:27:14.0131 3352        DcomLaunch - ok

16:27:14.0189 3352        DfsC            (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys

16:27:14.0245 3352        DfsC - ok

16:27:14.0453 3352        DFSR            (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe

16:27:14.0596 3352        DFSR - ok

16:27:14.0754 3352        Dhcp            (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll

16:27:14.0786 3352        Dhcp - ok

16:27:14.0836 3352        disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys

16:27:14.0846 3352        disk - ok

16:27:14.0903 3352        Dnscache        (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll

16:27:14.0941 3352        Dnscache - ok

16:27:14.0980 3352        dot3svc         (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll

16:27:15.0068 3352        dot3svc - ok

16:27:15.0109 3352        Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

16:27:15.0167 3352        Dot4 - ok

16:27:15.0219 3352        Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

16:27:15.0256 3352        Dot4Print - ok

16:27:15.0349 3352        dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

16:27:15.0392 3352        dot4usb - ok

16:27:15.0430 3352        DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

16:27:15.0479 3352        DPS - ok

16:27:15.0518 3352        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

16:27:15.0545 3352        drmkaud - ok

16:27:15.0633 3352        DXGKrnl         (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys

16:27:15.0693 3352        DXGKrnl - ok

16:27:15.0751 3352        E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

16:27:15.0797 3352        E1G60 - ok

16:27:15.0829 3352        EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

16:27:15.0864 3352        EapHost - ok

16:27:15.0897 3352        Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys

16:27:15.0918 3352        Ecache - ok

16:27:16.0028 3352        ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe

16:27:16.0051 3352        ehRecvr - ok

16:27:16.0074 3352        ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

16:27:16.0112 3352        ehSched - ok

16:27:16.0147 3352        ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

16:27:16.0171 3352        ehstart - ok

16:27:16.0233 3352        elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

16:27:16.0256 3352        elxstor - ok

16:27:16.0354 3352        EMDMgmt         (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll

16:27:16.0399 3352        EMDMgmt - ok

16:27:16.0427 3352        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

16:27:16.0482 3352        ErrDev - ok

16:27:16.0536 3352        EventSystem     (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll

16:27:16.0561 3352        EventSystem - ok

16:27:16.0600 3352        exfat           (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys

16:27:16.0655 3352        exfat - ok

16:27:16.0689 3352        fastfat         (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys

16:27:16.0744 3352        fastfat - ok

16:27:16.0770 3352        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

16:27:16.0795 3352        fdc - ok

16:27:16.0827 3352        fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

16:27:16.0868 3352        fdPHost - ok

16:27:16.0894 3352        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

16:27:16.0953 3352        FDResPub - ok

16:27:16.0984 3352        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

16:27:16.0995 3352        FileInfo - ok

16:27:17.0021 3352        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

16:27:17.0063 3352        Filetrace - ok

16:27:17.0085 3352        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

16:27:17.0110 3352        flpydisk - ok

16:27:17.0128 3352        FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys

16:27:17.0142 3352        FltMgr - ok

16:27:17.0257 3352        FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

16:27:17.0265 3352        FontCache3.0.0.0 - ok

16:27:17.0295 3352        FPSensor        (78c108c807afdc45d7867b96d01aa8f2) C:\Windows\system32\Drivers\FPSensor.sys

16:27:17.0302 3352        FPSensor - ok

16:27:17.0311 3352        FPWinIo         (4eff8408dd280f2468c39d0f4a2cec0d) C:\Windows\system32\DRIVERS\FPWinIo.sys

16:27:17.0319 3352        FPWinIo - ok

16:27:17.0329 3352        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

16:27:17.0368 3352        Fs_Rec - ok

16:27:17.0401 3352        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

16:27:17.0411 3352        gagp30kx - ok

16:27:17.0444 3352        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

16:27:17.0450 3352        GEARAspiWDM - ok

16:27:17.0536 3352        GoogleDesktopManager (33efd5039ea1bfa623d8bb9fb787cb0f) C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe

16:27:17.0554 3352        GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - warning

16:27:17.0554 3352        GoogleDesktopManager - detected UnsignedFile.Multi.Generic (1)

16:27:17.0631 3352        gpsvc           (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll

16:27:17.0676 3352        gpsvc - ok

16:27:17.0731 3352        gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

16:27:17.0752 3352        gusvc - ok

16:27:17.0817 3352        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

16:27:17.0903 3352        HdAudAddService - ok

16:27:17.0959 3352        HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys

16:27:17.0984 3352        HDAudBus - ok

16:27:17.0996 3352        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

16:27:18.0060 3352        HidBth - ok

16:27:18.0083 3352        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

16:27:18.0127 3352        HidIr - ok

16:27:18.0169 3352        hidserv         (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll

16:27:18.0244 3352        hidserv - ok

16:27:18.0270 3352        HidUsb          (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys

16:27:18.0288 3352        HidUsb - ok

16:27:18.0309 3352        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

16:27:18.0353 3352        hkmsvc - ok

16:27:18.0372 3352        HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

16:27:18.0382 3352        HpCISSs - ok

16:27:18.0482 3352        HTTP            (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys

16:27:18.0598 3352        HTTP - ok

16:27:18.0660 3352        hwdatacard      (19e6885a061011d8dabe8f64498423fa) C:\Windows\system32\DRIVERS\ewusbmdm.sys

16:27:18.0687 3352        hwdatacard - ok

16:27:18.0712 3352        i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

16:27:18.0721 3352        i2omp - ok

16:27:18.0741 3352        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

16:27:18.0760 3352        i8042prt - ok

16:27:18.0797 3352        iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

16:27:18.0825 3352        iaStorV - ok

16:27:18.0958 3352        IDriverT        (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

16:27:18.0978 3352        IDriverT ( UnsignedFile.Multi.Generic ) - warning

16:27:18.0979 3352        IDriverT - detected UnsignedFile.Multi.Generic (1)

16:27:19.0165 3352        idsvc           (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

16:27:19.0221 3352        idsvc - ok

16:27:19.0446 3352        IGBASVC         (be449d6218d34d93a95c1d2873dd8a5d) C:\Program Files\EgisTec\VITAKEY\BASVC.exe

16:27:19.0544 3352        IGBASVC - ok

16:27:19.0728 3352        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

16:27:19.0737 3352        iirsp - ok

16:27:19.0806 3352        IKEEXT          (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll

16:27:19.0882 3352        IKEEXT - ok

16:27:20.0140 3352        IntcAzAudAddService (c3c499a704a2d7958d9d7e5a9db60ce4) C:\Windows\system32\drivers\RTKVHDA.sys

16:27:20.0215 3352        IntcAzAudAddService - ok

16:27:20.0386 3352        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

16:27:20.0395 3352        intelide - ok

16:27:20.0426 3352        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

16:27:20.0464 3352        intelppm - ok

16:27:20.0492 3352        IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

16:27:20.0537 3352        IPBusEnum - ok

16:27:20.0560 3352        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:27:20.0601 3352        IpFilterDriver - ok

16:27:20.0660 3352        iphlpsvc        (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll

16:27:20.0712 3352        iphlpsvc - ok

16:27:20.0716 3352        IpInIp - ok

16:27:20.0742 3352        IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

16:27:20.0768 3352        IPMIDRV - ok

16:27:20.0790 3352        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

16:27:20.0817 3352        IPNAT - ok

16:27:21.0018 3352        iPod Service    (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe

16:27:21.0071 3352        iPod Service - ok

16:27:21.0112 3352        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

16:27:21.0137 3352        IRENUM - ok

16:27:21.0173 3352        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

16:27:21.0183 3352        isapnp - ok

16:27:21.0213 3352        iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys

16:27:21.0224 3352        iScsiPrt - ok

16:27:21.0242 3352        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

16:27:21.0251 3352        iteatapi - ok

16:27:21.0270 3352        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

16:27:21.0279 3352        iteraid - ok

16:27:21.0317 3352        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

16:27:21.0325 3352        kbdclass - ok

16:27:21.0342 3352        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys

16:27:21.0366 3352        kbdhid - ok

16:27:21.0388 3352        KeyIso          (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe

16:27:21.0427 3352        KeyIso - ok

16:27:21.0477 3352        KSecDD          (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys

16:27:21.0506 3352        KSecDD - ok

16:27:21.0566 3352        KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

16:27:21.0647 3352        KtmRm - ok

16:27:21.0650 3352        KUSBusByTCPMasterBus - ok

16:27:21.0707 3352        LanmanServer    (1925e63c91cf1610ae41bfd539062079) C:\Windows\system32\srvsvc.dll

16:27:21.0722 3352        LanmanServer - ok

16:27:21.0792 3352        LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll

16:27:21.0816 3352        LanmanWorkstation - ok

16:27:21.0841 3352        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

16:27:21.0889 3352        lltdio - ok

16:27:21.0956 3352        lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

16:27:22.0039 3352        lltdsvc - ok

16:27:22.0057 3352        lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

16:27:22.0112 3352        lmhosts - ok

16:27:22.0134 3352        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

16:27:22.0145 3352        LSI_FC - ok

16:27:22.0164 3352        LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

16:27:22.0176 3352        LSI_SAS - ok

16:27:22.0200 3352        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

16:27:22.0211 3352        LSI_SCSI - ok

16:27:22.0238 3352        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

16:27:22.0264 3352        luafv - ok

16:27:22.0276 3352        Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll

16:27:22.0288 3352        Mcx2Svc - ok

16:27:22.0306 3352        megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

16:27:22.0316 3352        megasas - ok

16:27:22.0370 3352        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

16:27:22.0454 3352        MegaSR - ok

16:27:22.0716 3352        Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

16:27:22.0726 3352        Microsoft Office Groove Audit Service - ok

16:27:22.0748 3352        MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

16:27:22.0773 3352        MMCSS - ok

16:27:22.0784 3352        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

16:27:22.0814 3352        Modem - ok

16:27:22.0832 3352        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

16:27:22.0871 3352        monitor - ok

16:27:22.0993 3352        mosuport        (cfdcf35739762dc51a431ac0524a0efb) C:\Windows\system32\DRIVERS\mosuport.sys

16:27:23.0068 3352        mosuport ( UnsignedFile.Multi.Generic ) - warning

16:27:23.0068 3352        mosuport - detected UnsignedFile.Multi.Generic (1)

16:27:23.0090 3352        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

16:27:23.0098 3352        mouclass - ok

16:27:23.0110 3352        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

16:27:23.0136 3352        mouhid - ok

16:27:23.0149 3352        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

16:27:23.0159 3352        MountMgr - ok

16:27:23.0237 3352        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

16:27:23.0261 3352        MozillaMaintenance - ok

16:27:23.0291 3352        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

16:27:23.0318 3352        mpio - ok

16:27:23.0342 3352        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

16:27:23.0379 3352        mpsdrv - ok

16:27:23.0442 3352        MpsSvc          (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll

16:27:23.0504 3352        MpsSvc - ok

16:27:23.0524 3352        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

16:27:23.0534 3352        Mraid35x - ok

16:27:23.0566 3352        MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys

16:27:23.0599 3352        MRxDAV - ok

16:27:23.0665 3352        mrxsmb          (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys

16:27:23.0710 3352        mrxsmb - ok

16:27:23.0779 3352        mrxsmb10        (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:27:23.0798 3352        mrxsmb10 - ok

16:27:23.0817 3352        mrxsmb20        (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:27:23.0831 3352        mrxsmb20 - ok

16:27:23.0863 3352        msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys

16:27:23.0871 3352        msahci - ok

16:27:23.0892 3352        msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

16:27:23.0904 3352        msdsm - ok

16:27:23.0934 3352        MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

16:27:23.0973 3352        MSDTC - ok

16:27:23.0990 3352        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

16:27:24.0024 3352        Msfs - ok

16:27:24.0038 3352        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

16:27:24.0047 3352        msisadrv - ok

16:27:24.0091 3352        MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

16:27:24.0135 3352        MSiSCSI - ok

16:27:24.0138 3352        msiserver - ok

16:27:24.0166 3352        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

16:27:24.0202 3352        MSKSSRV - ok

16:27:24.0236 3352        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

16:27:24.0260 3352        MSPCLOCK - ok

16:27:24.0277 3352        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

16:27:24.0302 3352        MSPQM - ok

16:27:24.0330 3352        MsRPC           (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys

16:27:24.0343 3352        MsRPC - ok

16:27:24.0364 3352        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

16:27:24.0373 3352        mssmbios - ok

16:27:24.0387 3352        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

16:27:24.0411 3352        MSTEE - ok

16:27:24.0444 3352        Mup             (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys

16:27:24.0454 3352        Mup - ok

16:27:24.0470 3352        mwlPSDFilter    (62d3c8e2e75abd9fc3dee1b0e5b437e0) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys

16:27:24.0495 3352        mwlPSDFilter - ok

16:27:24.0514 3352        mwlPSDNServ     (3963db3d50d60d17ce7a5eb7d4da2e7d) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys

16:27:24.0520 3352        mwlPSDNServ - ok

16:27:24.0535 3352        mwlPSDVDisk     (c6de675ce2f2b6e4f78bf7e8187fc1ec) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys

16:27:24.0542 3352        mwlPSDVDisk - ok

16:27:24.0722 3352        MWLService      (3fd2d2f48c05c9e8ec0a8d61bce12bfa) C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe

16:27:24.0738 3352        MWLService - ok

16:27:24.0789 3352        napagent        (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll

16:27:24.0831 3352        napagent - ok

16:27:24.0889 3352        NasPmService - ok

16:27:24.0936 3352        NativeWifiP     (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys

16:27:24.0971 3352        NativeWifiP - ok

16:27:25.0070 3352        NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys

16:27:25.0131 3352        NDIS - ok

16:27:25.0180 3352        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

16:27:25.0214 3352        NdisTapi - ok

16:27:25.0228 3352        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

16:27:25.0273 3352        Ndisuio - ok

16:27:25.0328 3352        NdisWan         (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys

16:27:25.0365 3352        NdisWan - ok

16:27:25.0373 3352        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

16:27:25.0393 3352        NDProxy - ok

16:27:25.0540 3352        Nero BackItUp Scheduler 3 (40d7d0a208ee863bca8d89e299216f15) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

16:27:25.0566 3352        Nero BackItUp Scheduler 3 - ok

16:27:25.0591 3352        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

16:27:25.0626 3352        NetBIOS - ok

16:27:25.0653 3352        netbt           (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys

16:27:25.0698 3352        netbt - ok

16:27:25.0742 3352        Netlogon        (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe

16:27:25.0756 3352        Netlogon - ok

16:27:25.0805 3352        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

16:27:25.0848 3352        Netman - ok

16:27:25.0880 3352        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

16:27:25.0920 3352        netprofm - ok

16:27:26.0020 3352        NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

16:27:26.0042 3352        NetTcpPortSharing - ok

16:27:26.0379 3352        NETw5v32        (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys

16:27:26.0628 3352        NETw5v32 - ok

16:27:26.0793 3352        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

16:27:26.0804 3352        nfrd960 - ok

16:27:26.0862 3352        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

16:27:26.0936 3352        NlaSvc - ok

16:27:27.0070 3352        NMIndexingService (eba1b4bf2e2375abdadedb649f283541) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

16:27:27.0105 3352        NMIndexingService - ok

16:27:27.0159 3352        Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys

16:27:27.0201 3352        Npfs - ok

16:27:27.0218 3352        nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

16:27:27.0251 3352        nsi - ok

16:27:27.0260 3352        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

16:27:27.0308 3352        nsiproxy - ok

16:27:27.0420 3352        Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys

16:27:27.0505 3352        Ntfs - ok

16:27:27.0535 3352        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

16:27:27.0589 3352        ntrigdigi - ok

16:27:27.0629 3352        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

16:27:27.0653 3352        Null - ok

16:27:27.0688 3352        NVHDA           (a103162c62c336c2cb3c5e1e2773d17b) C:\Windows\system32\drivers\nvhda32v.sys

16:27:27.0696 3352        NVHDA - ok

16:27:28.0677 3352        nvlddmkm        (692bd7ae273b8fd16d1ef1677394dd84) C:\Windows\system32\DRIVERS\nvlddmkm.sys

16:27:29.0300 3352        nvlddmkm - ok

16:27:29.0453 3352        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

16:27:29.0478 3352        nvraid - ok

16:27:29.0507 3352        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

16:27:29.0518 3352        nvstor - ok

16:27:29.0565 3352        nvsvc           (7708f81cc3c92e107da01caa67dfdb0a) C:\Windows\system32\nvvsvc.exe

16:27:29.0583 3352        nvsvc - ok

16:27:29.0613 3352        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

16:27:29.0627 3352        nv_agp - ok

16:27:29.0631 3352        NwlnkFlt - ok

16:27:29.0635 3352        NwlnkFwd - ok

16:27:29.0805 3352        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

16:27:29.0833 3352        odserv - ok

16:27:29.0859 3352        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

16:27:29.0917 3352        ohci1394 - ok

16:27:29.0951 3352        ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:27:29.0971 3352        ose - ok

16:27:30.0052 3352        p2pimsvc        (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll

16:27:30.0112 3352        p2pimsvc - ok

16:27:30.0119 3352        p2psvc          (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll

16:27:30.0177 3352        p2psvc - ok

16:27:30.0228 3352        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

16:27:30.0284 3352        Parport - ok

16:27:30.0315 3352        partmgr         (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys

16:27:30.0325 3352        partmgr - ok

16:27:30.0342 3352        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

16:27:30.0386 3352        Parvdm - ok

16:27:30.0404 3352        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

16:27:30.0436 3352        PcaSvc - ok

16:27:30.0552 3352        pci             (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys

16:27:30.0565 3352        pci - ok

16:27:30.0588 3352        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

16:27:30.0597 3352        pciide - ok

16:27:30.0634 3352        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

16:27:30.0653 3352        pcmcia - ok

16:27:30.0746 3352        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

16:27:30.0838 3352        PEAUTH - ok

16:27:30.0986 3352        PhilCap         (f433b5aa6dbac3c8626eefaf134e4763) C:\Windows\system32\DRIVERS\PhilCap.sys

16:27:31.0047 3352        PhilCap - ok

16:27:31.0261 3352        pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

16:27:31.0384 3352        pla - ok

16:27:31.0544 3352        PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe

16:27:31.0583 3352        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning

16:27:31.0583 3352        PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)

16:27:31.0630 3352        PlugPlay        (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll

16:27:31.0711 3352        PlugPlay - ok

16:27:31.0810 3352        PNRPAutoReg     (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll

16:27:31.0858 3352        PNRPAutoReg - ok

16:27:31.0865 3352        PNRPsvc         (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll

16:27:31.0915 3352        PNRPsvc - ok

16:27:32.0010 3352        PolicyAgent     (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll

16:27:32.0074 3352        PolicyAgent - ok

16:27:32.0152 3352        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

16:27:32.0194 3352        PptpMiniport - ok

16:27:32.0233 3352        Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

16:27:32.0259 3352        Processor - ok

16:27:32.0301 3352        ProfSvc         (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll

16:27:32.0341 3352        ProfSvc - ok

16:27:32.0380 3352        ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe

16:27:32.0391 3352        ProtectedStorage - ok

16:27:32.0435 3352        ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\Windows\system32\PSIService.exe

16:27:32.0446 3352        ProtexisLicensing - ok

16:27:32.0474 3352        PSched          (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys

16:27:32.0512 3352        PSched - ok

16:27:32.0624 3352        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

16:27:32.0740 3352        ql2300 - ok

16:27:32.0857 3352        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

16:27:32.0886 3352        ql40xx - ok

16:27:33.0057 3352        QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

16:27:33.0086 3352        QWAVE - ok

16:27:33.0105 3352        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

16:27:33.0133 3352        QWAVEdrv - ok

16:27:33.0148 3352        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

16:27:33.0173 3352        RasAcd - ok

16:27:33.0197 3352        RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

16:27:33.0244 3352        RasAuto - ok

16:27:33.0272 3352        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

16:27:33.0298 3352        Rasl2tp - ok

16:27:33.0338 3352        RasMan          (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll

16:27:33.0379 3352        RasMan - ok

16:27:33.0386 3352        RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys

16:27:33.0411 3352        RasPppoe - ok

16:27:33.0428 3352        RasSstp         (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys

16:27:33.0459 3352        RasSstp - ok

16:27:33.0509 3352        rdbss           (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys

16:27:33.0548 3352        rdbss - ok

16:27:33.0568 3352        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

16:27:33.0602 3352        RDPCDD - ok

16:27:33.0650 3352        rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

16:27:33.0692 3352        rdpdr - ok

16:27:33.0697 3352        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

16:27:33.0746 3352        RDPENCDD - ok

16:27:33.0773 3352        RDPWD           (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys

16:27:33.0814 3352        RDPWD - ok

16:27:33.0857 3352        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

16:27:33.0883 3352        RemoteAccess - ok

16:27:33.0925 3352        RemoteRegistry  (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll

16:27:33.0964 3352        RemoteRegistry - ok

16:27:34.0015 3352        RFCOMM          (23f486726da7a9b2f3ec7326421a9c36) C:\Windows\system32\DRIVERS\rfcomm.sys

16:27:34.0037 3352        RFCOMM - ok

16:27:34.0148 3352        RichVideo       (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files\CyberLink\Shared Files\RichVideo.exe

16:27:34.0182 3352        RichVideo ( UnsignedFile.Multi.Generic ) - warning

16:27:34.0183 3352        RichVideo - detected UnsignedFile.Multi.Generic (1)

16:27:34.0225 3352        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

16:27:34.0237 3352        RpcLocator - ok

16:27:34.0327 3352        RpcSs           (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll

16:27:34.0348 3352        RpcSs - ok

16:27:34.0368 3352        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

16:27:34.0393 3352        rspndr - ok

16:27:34.0425 3352        RTL8169         (174b9514cd1a0c33ce4bbc02a3c81a62) C:\Windows\system32\DRIVERS\Rtlh86.sys

16:27:34.0510 3352        RTL8169 - ok

16:27:34.0561 3352        RTSTOR          (9ea88492b1dab90dce43a6f2c0e133bd) C:\Windows\system32\drivers\RTSTOR.SYS

16:27:34.0602 3352        RTSTOR - ok

16:27:34.0616 3352        SamSs           (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe

16:27:34.0629 3352        SamSs - ok

16:27:34.0662 3352        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

16:27:34.0673 3352        sbp2port - ok

16:27:34.0715 3352        SCardSvr        (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll

16:27:34.0749 3352        SCardSvr - ok

16:27:34.0853 3352        Schedule        (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll

16:27:34.0878 3352        Schedule - ok

16:27:34.0907 3352        SCPolicySvc     (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll

16:27:34.0932 3352        SCPolicySvc - ok

16:27:34.0951 3352        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

16:27:34.0986 3352        SDRSVC - ok

16:27:35.0019 3352        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

16:27:35.0075 3352        secdrv - ok

16:27:35.0086 3352        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

16:27:35.0113 3352        seclogon - ok

16:27:35.0125 3352        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll

16:27:35.0163 3352        SENS - ok

16:27:35.0183 3352        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys

16:27:35.0244 3352        Serenum - ok

16:27:35.0296 3352        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

16:27:35.0351 3352        Serial - ok

16:27:35.0370 3352        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

16:27:35.0396 3352        sermouse - ok

16:27:35.0436 3352        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

16:27:35.0464 3352        SessionEnv - ok

16:27:35.0476 3352        sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

16:27:35.0495 3352        sffdisk - ok

16:27:35.0512 3352        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

16:27:35.0552 3352        sffp_mmc - ok

16:27:35.0564 3352        sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

16:27:35.0601 3352        sffp_sd - ok

16:27:35.0612 3352        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

16:27:35.0656 3352        sfloppy - ok

16:27:35.0717 3352        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

16:27:35.0775 3352        SharedAccess - ok

16:27:35.0835 3352        ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll

16:27:35.0871 3352        ShellHWDetection - ok

16:27:35.0896 3352        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

16:27:35.0909 3352        sisagp - ok

16:27:35.0922 3352        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

16:27:35.0935 3352        SiSRaid2 - ok

16:27:35.0967 3352        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

16:27:35.0981 3352        SiSRaid4 - ok

16:27:36.0236 3352        slsvc           (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe

16:27:36.0405 3352        slsvc - ok

16:27:36.0587 3352        SLUINotify      (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll

16:27:36.0615 3352        SLUINotify - ok

16:27:36.0656 3352        Smb             (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys

16:27:36.0696 3352        Smb - ok

16:27:36.0719 3352        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

16:27:36.0732 3352        SNMPTRAP - ok

16:27:36.0908 3352        SNP2UVC         (913d2ce973ed904fe54de9db38fceff2) C:\Windows\system32\DRIVERS\snp2uvc.sys

16:27:37.0039 3352        SNP2UVC - ok

16:27:37.0204 3352        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

16:27:37.0214 3352        spldr - ok

16:27:37.0270 3352        Spooler         (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe

16:27:37.0324 3352        Spooler - ok

16:27:37.0397 3352        srv             (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys

16:27:37.0441 3352        srv - ok

16:27:37.0508 3352        srv2            (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys

16:27:37.0540 3352        srv2 - ok

16:27:37.0807 3352        srvcPVR         (71db619f4068d7c70d447d73617cdfac) C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe

16:27:37.0909 3352        srvcPVR ( UnsignedFile.Multi.Generic ) - warning

16:27:37.0909 3352        srvcPVR - detected UnsignedFile.Multi.Generic (1)

16:27:38.0265 3352        srvnet          (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys

16:27:38.0307 3352        srvnet - ok

16:27:38.0348 3352        SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

16:27:38.0388 3352        SSDPSRV - ok

16:27:38.0436 3352        SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

16:27:38.0458 3352        SstpSvc - ok

16:27:38.0504 3352        StillCam        (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys

16:27:38.0524 3352        StillCam - ok

16:27:38.0584 3352        stisvc          (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll

16:27:38.0605 3352        stisvc - ok

16:27:38.0628 3352        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

16:27:38.0636 3352        swenum - ok

16:27:38.0674 3352        swmsflt         (57bbaef27dc790160245b43eb6dcd576) C:\Windows\System32\drivers\swmsflt.sys

16:27:38.0683 3352        swmsflt - ok

16:27:38.0741 3352        swprv           (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll

16:27:38.0773 3352        swprv - ok

16:27:38.0803 3352        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

16:27:38.0812 3352        Symc8xx - ok

16:27:38.0841 3352        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

16:27:38.0850 3352        Sym_hi - ok

16:27:38.0875 3352        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

16:27:38.0884 3352        Sym_u3 - ok

16:27:38.0954 3352        SysMain         (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll

16:27:38.0999 3352        SysMain - ok

16:27:39.0025 3352        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

16:27:39.0041 3352        TabletInputService - ok

16:27:39.0080 3352        TapiSrv         (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll

16:27:39.0121 3352        TapiSrv - ok

16:27:39.0139 3352        TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

16:27:39.0166 3352        TBS - ok

16:27:39.0289 3352        Tcpip           (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys

16:27:39.0339 3352        Tcpip - ok

16:27:39.0350 3352        Tcpip6          (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys

16:27:39.0393 3352        Tcpip6 - ok

16:27:39.0417 3352        tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys

16:27:39.0458 3352        tcpipreg - ok

16:27:39.0479 3352        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

16:27:39.0526 3352        TDPIPE - ok

16:27:39.0548 3352        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

16:27:39.0573 3352        TDTCP - ok

16:27:39.0591 3352        tdx             (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys

16:27:39.0634 3352        tdx - ok

16:27:39.0648 3352        TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys

16:27:39.0657 3352        TermDD - ok

16:27:39.0729 3352        TermService     (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll

16:27:39.0788 3352        TermService - ok

16:27:39.0876 3352        Themes          (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll

16:27:39.0893 3352        Themes - ok

16:27:39.0914 3352        THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

16:27:39.0940 3352        THREADORDER - ok

16:27:39.0953 3352        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

16:27:39.0979 3352        TrkWks - ok

16:27:40.0043 3352        TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe

16:27:40.0084 3352        TrustedInstaller - ok

16:27:40.0108 3352        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

16:27:40.0155 3352        tssecsrv - ok

16:27:40.0175 3352        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

16:27:40.0187 3352        tunmp - ok

16:27:40.0217 3352        tunnel          (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys

16:27:40.0230 3352        tunnel - ok

16:27:40.0265 3352        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

16:27:40.0276 3352        uagp35 - ok

16:27:40.0345 3352        udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys

16:27:40.0376 3352        udfs - ok

16:27:40.0412 3352        UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

16:27:40.0449 3352        UI0Detect - ok

16:27:40.0474 3352        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

16:27:40.0484 3352        uliagpkx - ok

16:27:40.0530 3352        uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

16:27:40.0554 3352        uliahci - ok

16:27:40.0585 3352        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

16:27:40.0596 3352        UlSata - ok

16:27:40.0616 3352        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

16:27:40.0628 3352        ulsata2 - ok

16:27:40.0654 3352        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

16:27:40.0691 3352        umbus - ok

16:27:40.0699 3352        UMPass          (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys

16:27:40.0732 3352        UMPass - ok

16:27:40.0771 3352        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

16:27:40.0813 3352        upnphost - ok

16:27:40.0857 3352        USBAAPL         (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys

16:27:40.0884 3352        USBAAPL - ok

16:27:40.0927 3352        usbaudio        (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys

16:27:40.0953 3352        usbaudio - ok

16:27:40.0999 3352        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

16:27:41.0038 3352        usbccgp - ok

16:27:41.0067 3352        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

16:27:41.0129 3352        usbcir - ok

16:27:41.0151 3352        usbehci         (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys

16:27:41.0196 3352        usbehci - ok

16:27:41.0225 3352        usbhub          (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys

16:27:41.0281 3352        usbhub - ok

16:27:41.0303 3352        usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

16:27:41.0348 3352        usbohci - ok

16:27:41.0388 3352        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

16:27:41.0413 3352        usbprint - ok

16:27:41.0451 3352        usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

16:27:41.0470 3352        usbscan - ok

16:27:41.0508 3352        USBSTOR         (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:27:41.0534 3352        USBSTOR - ok

16:27:41.0546 3352        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

16:27:41.0592 3352        usbuhci - ok

16:27:41.0643 3352        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

16:27:41.0743 3352        usbvideo - ok

16:27:41.0766 3352        UxSms           (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll

16:27:41.0830 3352        UxSms - ok

16:27:41.0883 3352        vds             (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe

16:27:41.0945 3352        vds - ok

16:27:42.0167 3352        vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

16:27:42.0217 3352        vga - ok

16:27:42.0248 3352        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

16:27:42.0287 3352        VgaSave - ok

16:27:42.0315 3352        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

16:27:42.0328 3352        viaagp - ok

16:27:42.0378 3352        ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

16:27:42.0403 3352        ViaC7 - ok

16:27:42.0423 3352        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

16:27:42.0432 3352        viaide - ok

16:27:42.0460 3352        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

16:27:42.0470 3352        volmgr - ok

16:27:42.0566 3352        volmgrx         (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys

16:27:42.0596 3352        volmgrx - ok

16:27:42.0632 3352        volsnap         (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys

16:27:42.0670 3352        volsnap - ok

16:27:42.0704 3352        vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

16:27:42.0726 3352        vsmraid - ok

16:27:42.0938 3352        VSS             (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe

16:27:43.0038 3352        VSS - ok

16:27:43.0107 3352        W32Time         (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll

16:27:43.0159 3352        W32Time - ok

16:27:43.0257 3352        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

16:27:43.0301 3352        WacomPen - ok

16:27:43.0330 3352        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

16:27:43.0365 3352        Wanarp - ok

16:27:43.0380 3352        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

16:27:43.0400 3352        Wanarpv6 - ok

16:27:43.0590 3352        wcncsvc         (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll

16:27:43.0634 3352        wcncsvc - ok

16:27:43.0685 3352        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

16:27:43.0719 3352        WcsPlugInService - ok

16:27:43.0815 3352        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

16:27:43.0824 3352        Wd - ok

16:27:44.0066 3352        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

16:27:44.0099 3352        Wdf01000 - ok

16:27:44.0120 3352        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

16:27:44.0162 3352        WdiServiceHost - ok

16:27:44.0165 3352        WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

16:27:44.0192 3352        WdiSystemHost - ok

16:27:44.0225 3352        WebClient       (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll

16:27:44.0255 3352        WebClient - ok

16:27:44.0317 3352        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

16:27:44.0350 3352        Wecsvc - ok

16:27:44.0373 3352        wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

16:27:44.0412 3352        wercplsupport - ok

16:27:44.0466 3352        WerSvc          (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll

16:27:44.0489 3352        WerSvc - ok

16:27:44.0572 3352        WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

16:27:44.0597 3352        WinDefend - ok

16:27:44.0602 3352        WinHttpAutoProxySvc - ok

16:27:44.0685 3352        Winmgmt         (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll

16:27:44.0724 3352        Winmgmt - ok

16:27:44.0901 3352        WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

16:27:45.0008 3352        WinRM - ok

16:27:45.0133 3352        Wlansvc         (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll

16:27:45.0181 3352        Wlansvc - ok

16:27:45.0230 3352        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

16:27:45.0249 3352        WmiAcpi - ok

16:27:45.0414 3352        wmiApSrv        (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe

16:27:45.0458 3352        wmiApSrv - ok

16:27:45.0631 3352        WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

16:27:45.0680 3352        WMPNetworkSvc - ok

16:27:45.0817 3352        WPCSvc          (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll

16:27:45.0837 3352        WPCSvc - ok

16:27:45.0858 3352        WPDBusEnum      (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll

16:27:45.0892 3352        WPDBusEnum - ok

16:27:45.0970 3352        WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

16:27:46.0008 3352        WpdUsb - ok

16:27:46.0338 3352        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

16:27:46.0385 3352        WPFFontCache_v0400 - ok

16:27:46.0411 3352        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

16:27:46.0473 3352        ws2ifsl - ok

16:27:46.0509 3352        wscsvc          (683dd16b590372f2c9661d277f35e49c) C:\Windows\System32\wscsvc.dll

16:27:46.0526 3352        wscsvc - ok

16:27:46.0539 3352        WSearch - ok

16:27:46.0548 3352        wtsmpadap - ok

16:27:46.0554 3352        WtSmpFlt - ok

16:27:46.0766 3352        wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

16:27:46.0906 3352        wuauserv - ok

16:27:47.0038 3352        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

16:27:47.0076 3352        WUDFRd - ok

16:27:47.0105 3352        wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

16:27:47.0144 3352        wudfsvc - ok

16:27:47.0169 3352        X10Hid          (ab2d77bf7222b007717abb61b15f9ae2) C:\Windows\system32\Drivers\x10hid.sys

16:27:47.0177 3352        X10Hid - ok

16:27:47.0264 3352        x10nets         (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

16:27:47.0279 3352        x10nets ( UnsignedFile.Multi.Generic ) - warning

16:27:47.0279 3352        x10nets - detected UnsignedFile.Multi.Generic (1)

16:27:47.0312 3352        XUIF            (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys

16:27:47.0319 3352        XUIF - ok

16:27:47.0333 3352        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

16:27:47.0484 3352        \Device\Harddisk0\DR0 - ok

16:27:47.0487 3352        Boot (0x1200)   (d388fb9ccf230ec959d1a647c421c6b8) \Device\Harddisk0\DR0\Partition0

16:27:47.0489 3352        \Device\Harddisk0\DR0\Partition0 - ok

16:27:47.0507 3352        Boot (0x1200)   (bd23f3459bb4a4a6ef4d891f1def3ff1) \Device\Harddisk0\DR0\Partition1

16:27:47.0508 3352        \Device\Harddisk0\DR0\Partition1 - ok

16:27:47.0508 3352        ============================================================

16:27:47.0508 3352        Scan finished

16:27:47.0508 3352        ============================================================

16:27:47.0520 0788        Detected object count: 7

16:27:47.0520 0788        Actual detected object count: 7

16:27:55.0293 0788        GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - skipped by user

16:27:55.0293 0788        GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:27:55.0295 0788        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

16:27:55.0295 0788        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:27:55.0297 0788        mosuport ( UnsignedFile.Multi.Generic ) - skipped by user

16:27:55.0297 0788        mosuport ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:27:55.0299 0788        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user

16:27:55.0299 0788        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:27:55.0300 0788        RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user

16:27:55.0301 0788        RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:27:55.0302 0788        srvcPVR ( UnsignedFile.Multi.Generic ) - skipped by user

16:27:55.0302 0788        srvcPVR ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:27:55.0304 0788        x10nets ( UnsignedFile.Multi.Generic ) - skipped by user

16:27:55.0304 0788        x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Soo und hier die CF.txt

Code:

ComboFix 12-05-08.02 - dagmar 08.05.2012  21:42:50.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3066.2006 [GMT 2:00]

ausgeführt von:: c:\users\dagmar\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\abmeldung.doc.rkhv

c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\ALDI Blumen Service.url.fbja

c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\ALDI Fotoservice.url.vrih

c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\anmeldung.doc.qaxl

c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\antrag 05.doc.fvgu

c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\antrag 05.doc.joqj

c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\antrag 05.xml

c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\Antrag neubau.rtf.yycy

c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\briefbogenbw.doc.nhib

c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\BullGuard Internet Security.url.lpal

c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\Currenta Bewerbungsbogen.pdf.jnwp

c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\Einladung_Medenspiel_Sommer.doc.nbgu

c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\göckemeyer.doc.yycy

c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\GiroBetriebs10-11.xls.qnwm

c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\GiroVerein 12.xls.pkmw

c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\HOTHotel Maritim Bonn.URL.vcyf

c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\MEDION Games.url.vqms

c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\MEDION Homepage.url.ynja

c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\Namentliche_Meldung_Kreismeisterschaften_2012BlauWeiß Leichlingen.doc.nqon

c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\Sommerplan 2011.xlsx.hinp

c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\Trainigskosten SS 2011.xlsx.dtfn

c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\www.bahn.de - Ihr Mobilitätsportal für Reisen, Bahn, Urlaub, Hotels, Städtereisen und Mietwagen.URL.gtln

c:\windows\IsUn0407.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-04-08 bis 2012-05-08  ))))))))))))))))))))))))))))))

.

.

2012-05-08 19:49 . 2012-05-08 19:49        --------        d-----w-        c:\users\dagmar\AppData\Local\temp

2012-05-08 19:49 . 2012-05-08 19:49        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-05-08 10:25 . 2012-05-08 10:25        --------        d-----w-        C:\_OTL

2012-05-08 10:08 . 2012-04-13 07:36        6734704        ----a-w-        c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{9F285FC0-BD01-4B42-8492-E12866761F47}\mpengine.dll        ERROR(0x00000005)

2012-05-06 20:16 . 2012-05-08 14:56        1152760        ----a-w-        c:\documents and settings\All Users\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll        ERROR(0x00000005)

2012-05-03 00:00 . 2012-05-03 00:00        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-05-02 19:43 . 2012-05-02 19:43        --------        d-----w-        c:\users\dagmar\AppData\Roaming\Malwarebytes

2012-05-02 19:39 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-04-30 17:09 . 2012-04-30 17:09        --------        d-----w-        c:\program files\iPod

2012-04-30 14:41 . 2012-04-30 14:41        --------        d-----w-        c:\program files\ABUS Security-Center

2012-04-25 08:49 . 2012-04-25 08:49        --------        d-----w-        c:\program files\Mozilla Maintenance Service

2012-04-25 08:48 . 2012-04-25 08:48        157352        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice_installer.exe

2012-04-25 08:48 . 2012-04-25 08:48        129976        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-13 07:36 . 2008-08-28 02:31        6734704        ----a-w-        c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll        ERROR(0x00000005)

2012-02-23 08:18 . 2009-10-03 10:08        237072        ------w-        c:\windows\system32\MpSigStub.exe

2012-02-15 10:01 . 2012-02-15 10:01        4547944        ----a-w-        c:\windows\system32\usbaaplrc.dll

2012-02-15 10:01 . 2012-02-15 10:01        43520        ----a-w-        c:\windows\system32\drivers\usbaapl.sys

2012-04-25 08:48 . 2011-05-26 15:41        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-08-04 14:45        40496        ----a-w-        c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-08 13548064]

"RtHDVCpl"="RtHDVCpl.exe" [2008-07-24 6265376]

"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2008-08-04 326192]

"VitaKeyPdtWzd"="c:\program files\EgisTec\VITAKEY\PdtWzd.exe" [2008-08-29 2303272]

"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages        REG_MULTI_SZ           c:\program files\EgisTec\VITAKEY\PwdFilter

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner Finder.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk

backup=c:\windows\pss\Scanner Finder.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^dagmar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]

path=c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-02-20 20:28        59240        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2008-09-02 12:24        220160        ----a-w-        c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2009-02-26 17:36        30040        ----a-w-        c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2007-01-08 20:17        52256        ----a-w-        c:\program files\HomeCinema\PowerDVD\Language\Language.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]

2012-02-23 11:30        59240        ----a-w-        c:\program files\Common Files\Apple\Internet Services\ubd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-10-24 12:28        421888        ----a-w-        d:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2007-02-09 18:51        71216        ----a-w-        c:\program files\HomeCinema\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-04-08 10:59        254696        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-04-25 11:38        39408        ----a-w-        c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]

2007-02-09 20:54        16896        ----a-w-        c:\program files\GoogleEULA\EULALauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2uvc]

2008-08-28 13:03        233472        ----a-w-        c:\windows\tsnp2uvc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

2008-06-13 16:11        210216        ------w-        c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:23        1008184        ----a-w-        c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-21 02:25        202240        ----a-w-        c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"ehTray.exe"=c:\windows\ehome\ehTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe"

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"

"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs        REG_MULTI_SZ           BthServ

.

Inhalt des "geplante Tasks" Ordners

.

2012-05-08 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job

- c:\windows\system32\msfeedssync.exe [2011-06-16 04:32]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://isearch.avg.com/?cid={7F78FFAE-8F3D-4E7C-BD38-57542C0788A8}&mid=0ad1e0af5fe847d1a9b264b9e522cff8-244949e3879da9d0fd68234c09e98073b34560dc&lang=de&ds=tt015&pr=sa&d=2012-03-09 12:20&v=8.0.0.34&sap=hp

uInternet Settings,ProxyOverride = *.local

IE: Nach Microsoft &Excel exportieren - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\r3o3ieey.default\

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

FF - user.js: yahoo.homepage.dontask - true

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

MSConfigStartUp-BullGuard - c:\program files\BullGuard Ltd\BullGuard\bullguard.exe

MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe

MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe

AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-05-08 21:49

Windows 6.0.6001 Service Pack 1 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'lsass.exe'(680)

c:\program files\EgisTec\VITAKEY\PwdFilter.dll

.

Zeit der Fertigstellung: 2012-05-08  21:53:09

ComboFix-quarantined-files.txt  2012-05-08 19:52

.

Vor Suchlauf: 10 Verzeichnis(se), 149.309.288.448 Bytes frei

Nach Suchlauf: 14 Verzeichnis(se), 149.279.653.888 Bytes frei

.

- - End Of File - - 510ADED92F5B59506D0E8CA93F8CFDBF

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.