Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows Verschlüsselungs Trojaner -.- (https://www.trojaner-board.de/114562-windows-verschluesselungs-trojaner.html)

Sayri 02.05.2012 18:35
Windows Verschlüsselungs Trojaner -.-
 
Hi,

so also nachdem meine Mutter diese dubiose E-Mail erhalten hat, musste Sie natürlich auch den Anhang direkt öffnen.

Bekannt ist ja was nun geschieht beim starten kommt diese Meldund von wegen man müsste das Geld bezahlen um weiter zukommen.

Ich habe die OTLP Cd gebrannt und grade schonmal auf Ihrem Laptop zum laufen bekommen und hoffe derweil das es alles gut geht.

I.eine Idee wie lange der Durchlauf ungefähr braucht ?

Der hängt derzeit bei:


Manual File Scan - Getting folder structure

Und wenn ich die OTLP exe starte fragt er mich nur nach :Do you wish to load remote user profile(s) for scanning und die Frage nach: Do you wish to load the remote registry fällt weg.

Wenn ich danach den Hacken bei Automatically Load All Remaining Users wegmache, muss ich ja trzdm eines von mir 4 angezeigten Profilen nehmen oder ?
----------------------------

So Edit: ;) und übrigens super Forum und nette Hilfe alleine wäre ich kein bisschen weiter gekommen mit dem Trojaner :)

habe alles hinbekommen und
nachdem ich jz einfach nichts in die Textbox geschrieben habe is der Scan erfolgreich gewesen.

Nun bekomme ich folgende log Datei:OTL Logfile:
Code:
OTL logfile created on: 5/2/2012 8:46:23 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278.32 Gb Total Space | 112.42 Gb Free Space | 40.39% Space Free | Partition Type: NTFS
Drive E: | 19.76 Gb Total Space | 6.69 Gb Free Space | 33.88% Space Free | Partition Type: FAT32
Drive F: | 3.73 Gb Total Space | 3.58 Gb Free Space | 95.82% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/04/25 04:48:58 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/12 13:02:26 | 000,918,880 | ---- | M] () [Auto] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/02/10 05:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 05:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/02/09 06:59:08 | 001,529,152 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009/05/15 15:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) [Auto] -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
SRV - [2009/03/23 06:09:26 | 000,603,904 | ---- | M] (TuneUp Software GmbH) [Auto] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009/03/23 06:09:21 | 000,362,752 | ---- | M] (TuneUp Software GmbH) [On_Demand] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008/11/07 06:37:38 | 000,027,904 | ---- | M] (TuneUp Software GmbH) [Auto] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/09/02 08:24:44 | 000,069,120 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2008/08/29 14:11:38 | 002,180,392 | ---- | M] () [Auto] -- C:\Program Files\EgisTec\VITAKEY\BASVC.exe -- (IGBASVC)
SRV - [2008/08/04 10:45:56 | 000,304,688 | ---- | M] () [Auto] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2008/02/28 12:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) [Auto] -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/05 07:20:32 | 000,177,704 | ---- | M] () [Auto] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2001/11/12 07:31:48 | 000,020,480 | ---- | M] (X10) [Auto] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WtSmpFlt)
DRV - File not found [Kernel | On_Demand] --  -- (wtsmpadap)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (KUSBusByTCPMasterBus)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2012/02/09 06:48:24 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2008/08/28 08:27:57 | 000,066,856 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\FPWinIo.sys -- (FPWinIo)
DRV - [2008/08/28 08:27:45 | 000,026,920 | ---- | M] (LTT) [Kernel | Auto] -- C:\Windows\System32\drivers\FPSensor.sys -- (FPSensor) LTT-Corp Fingerprint Reader Driver (FPSensor.sys)
DRV - [2008/08/07 22:15:00 | 007,555,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/08/06 10:26:08 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/08/05 18:59:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/08/04 10:46:06 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008/08/04 10:46:04 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008/08/04 10:46:04 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008/07/10 05:12:56 | 001,753,984 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/06/18 11:04:34 | 000,026,760 | R--- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/04/28 00:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/03/17 05:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/07/31 05:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2007/03/09 21:33:50 | 000,882,432 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\mosuport.sys -- (mosuport)
DRV - [2006/11/30 09:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006/11/17 04:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\dagmar_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\dagmar_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={7F78FFAE-8F3D-4E7C-BD38-57542C0788A8}&mid=0ad1e0af5fe847d1a9b264b9e522cff8-244949e3879da9d0fd68234c09e98073b34560dc&lang=de&ds=tt015&pr=sa&d=2012-03-09 12:20:46&v=8.0.0.34&sap=hp
IE - HKU\dagmar_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\dagmar_ON_C\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKU\dagmar_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\dagmar_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/25 04:48:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/03 20:52:38 | 000,000,000 | ---D | M]
 
[2008/11/17 17:31:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dagmar\AppData\Roaming\Mozilla\Extensions
[2012/05/02 11:37:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\r3o3ieey.default\extensions
[2012/05/02 11:37:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\r3o3ieey.default\extensions\avg@toolbar
[2011/05/28 07:04:03 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com
[2011/11/12 10:46:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2008/12/11 11:25:57 | 000,000,000 | ---D | M] (PDFCreator Toolbar) -- C:\PROGRAM FILES\PDFCREATOR TOOLBAR\V3.3.0.1\FIREFOX
File not found (No name found) -- C:\USERS\DAGMAR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R3O3IEEY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/04/25 04:48:58 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/03 22:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/24 10:47:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/12 13:02:22 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/24 10:47:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/24 10:47:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/24 10:47:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/24 10:47:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/24 10:47:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\dagmar_ON_C\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKU\dagmar_ON_C\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [iTunesHelper]  File not found
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files\EgisTec\VITAKEY\PdtWzd.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\dagmar_ON_C..\Run: [B2971A31] C:\Users\dagmar\AppData\Roaming\Nmtgqpxlyn\321BFD41B2971A315607.exe ()
O4 - HKU\dagmar_ON_C..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe (Egis Technology Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://juwelvpn.dyndns.org/XTSAC.cab (XTSAC Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/21 11:50:32 | 000,000,672 | RH-- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{046213fa-6c74-11de-aa7f-0016ead6b5d6}\Shell - "" = AutoRun
O33 - MountPoints2\{046213fa-6c74-11de-aa7f-0016ead6b5d6}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0462140a-6c74-11de-aa7f-0016ead6b5d6}\Shell - "" = AutoRun
O33 - MountPoints2\{0462140a-6c74-11de-aa7f-0016ead6b5d6}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{04621416-6c74-11de-aa7f-00ade1ac1c1a}\Shell - "" = AutoRun
O33 - MountPoints2\{04621416-6c74-11de-aa7f-00ade1ac1c1a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0462143c-6c74-11de-aa7f-00ade1ac1c1a}\Shell - "" = AutoRun
O33 - MountPoints2\{0462143c-6c74-11de-aa7f-00ade1ac1c1a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{091292ec-75e8-11de-929e-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{091292ec-75e8-11de-929e-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{09129313-75e8-11de-929e-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{09129313-75e8-11de-929e-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{247c9e8a-75e6-11de-b01a-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{247c9e8a-75e6-11de-b01a-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{247c9e8c-75e6-11de-b01a-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{247c9e8c-75e6-11de-b01a-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{24ac7b4b-2351-11de-8f4c-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{24ac7b4b-2351-11de-8f4c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{24ac7b71-2351-11de-8f4c-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{24ac7b71-2351-11de-8f4c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{24ac7b76-2351-11de-8f4c-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{24ac7b76-2351-11de-8f4c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{24ac7b79-2351-11de-8f4c-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{24ac7b79-2351-11de-8f4c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{24ac7ba2-2351-11de-8f4c-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{24ac7ba2-2351-11de-8f4c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4924f045-004e-11de-a894-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{4924f045-004e-11de-a894-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4924f06b-004e-11de-a894-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{4924f06b-004e-11de-a894-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{544d06c8-76bd-11de-97ed-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{544d06c8-76bd-11de-97ed-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8cd78866-7697-11de-ad7c-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{8cd78866-7697-11de-ad7c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{90ed5b6d-00d2-11de-9db9-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{90ed5b6d-00d2-11de-9db9-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\Shell\AutoRun\command - "" = G:\Autorun.exe /run
O33 - MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\Shell\Shell00\Command - "" = G:\Autorun.exe /run
O33 - MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\Shell\Shell01\Command - "" = G:\Autorun.exe /action
O33 - MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\Shell\Shell02\Command - "" = G:\Autorun.exe /uninstall
O33 - MountPoints2\{c8fda64f-75da-11de-870d-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{c8fda64f-75da-11de-870d-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c8fda653-75da-11de-870d-8cd2572bbcd9}\Shell - "" = AutoRun
O33 - MountPoints2\{c8fda653-75da-11de-870d-8cd2572bbcd9}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d3b5bed2-004b-11de-968b-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{d3b5bed2-004b-11de-968b-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d3b5bf0e-004b-11de-968b-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{d3b5bf0e-004b-11de-968b-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/02 20:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/02 11:23:30 | 000,000,000 | ---D | C] -- C:\Users\dagmar\AppData\Roaming\Nmtgqpxlyn
[2012/04/30 13:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/30 13:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/30 13:08:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/04/30 10:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\ABUS Security-Center
[2012/04/30 10:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABUS Security-Center
[2012/04/25 04:49:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2008/08/28 05:58:13 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2008/08/28 05:58:13 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/02 14:17:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/02 14:17:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/02 13:18:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/02 13:18:24 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/05/02 13:17:57 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/02 13:17:56 | 000,000,502 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012/05/02 12:15:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2012/05/02 12:06:51 | 000,628,730 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/05/02 12:06:51 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/02 12:06:51 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/05/02 12:06:51 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/02 11:39:12 | 000,268,427 | ---- | M] () -- C:\Users\dagmar\Documents\locked-Scan0001.pdf.xdrz
[2012/05/02 11:38:39 | 000,253,774 | ---- | M] () -- C:\Users\dagmar\Documents\locked-Dennis Kruse2.jpg.dtfz
[2012/05/02 11:38:33 | 000,306,345 | ---- | M] () -- C:\Users\dagmar\Documents\locked-Bewerbung Rosalie Resl.pdf.kfyc
[2012/05/02 11:38:33 | 000,234,096 | ---- | M] () -- C:\Users\dagmar\Documents\locked-Anfahrt.jpg.onjs
[2012/05/02 11:32:56 | 000,000,153 | ---- | M] () -- C:\Users\dagmar\AppData\locked-default.pls.slzs
[2012/05/02 11:12:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/30 13:14:19 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/04/30 13:14:19 | 000,001,854 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012/04/30 13:14:19 | 000,001,854 | ---- | M] () -- C:\Users\dagmar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/04/30 13:10:41 | 000,001,409 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/30 13:10:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/30 13:01:50 | 309,324,901 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/30 10:41:14 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Installationsassistent2.lnk
[2012/04/30 10:41:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABUS Security-Center
[2012/04/30 10:40:37 | 000,000,637 | ---- | M] () -- C:\Users\Public\Desktop\ABUS IP-Installer.lnk
 
========== Files Created - No Company Name ==========
 
[2012/04/30 13:14:19 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/04/30 13:10:41 | 000,001,409 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/30 10:41:14 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Installationsassistent2.lnk
[2012/04/30 10:40:37 | 000,000,637 | ---- | C] () -- C:\Users\Public\Desktop\ABUS IP-Installer.lnk
[2012/04/18 04:31:27 | 309,324,901 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/10/14 12:34:17 | 000,882,432 | ---- | C] () -- C:\Windows\System32\drivers\mosuport.sys
[2011/10/14 12:34:17 | 000,278,528 | ---- | C] () -- C:\Windows\System32\MosUsbSerial.exe
[2011/10/14 12:34:17 | 000,262,144 | ---- | C] () -- C:\Windows\System32\MosUnst.exe
[2011/10/14 12:34:17 | 000,225,280 | ---- | C] () -- C:\Windows\System32\MosUSBParallel.exe
[2011/10/14 12:34:17 | 000,057,344 | ---- | C] () -- C:\Windows\System32\MosUSBSerPropPage.dll
[2011/10/14 12:34:17 | 000,053,248 | ---- | C] () -- C:\Windows\System32\MosUSBParPropPage.dll
[2011/10/14 12:34:17 | 000,028,672 | ---- | C] () -- C:\Windows\System32\dbgmsgcfg.dll
[2011/09/08 17:03:59 | 000,000,000 | ---- | C] () -- C:\Users\dagmar\AppData\Local\{8FAF1DC2-324B-4AF2-82C5-CF35492BC72C}
[2011/09/08 17:01:58 | 000,000,000 | ---- | C] () -- C:\Users\dagmar\AppData\Local\{1BF95C17-1E8B-437A-856E-3638C7E6FAEE}
[2011/09/08 06:20:28 | 000,000,153 | ---- | C] () -- C:\Users\dagmar\AppData\locked-default.pls.slzs
[2011/07/13 01:47:36 | 000,000,000 | ---- | C] () -- C:\Users\dagmar\AppData\Local\{E474D4A3-F08A-4D4E-8AD6-CFC429808E2E}
[2011/07/13 01:40:20 | 000,000,000 | ---- | C] () -- C:\Users\dagmar\AppData\Local\{0DA4FE39-CAAF-4DA3-ABDE-EAFB9154A010}
[2010/05/07 18:12:06 | 000,015,022 | ---- | C] () -- C:\Windows\UN060501.INI
[2010/03/15 14:45:06 | 000,285,216 | ---- | C] () -- C:\Windows\System32\drivers\Onsio.sys
[2009/10/19 14:36:48 | 000,004,366 | ---- | C] () -- C:\Windows\UN090928.INI
[2009/06/18 01:50:02 | 000,000,680 | ---- | C] () -- C:\Users\dagmar\AppData\Local\d3d9caps.dat
[2009/02/13 12:59:56 | 000,026,624 | ---- | C] () -- C:\Users\dagmar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/10 12:39:55 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/02/04 03:05:26 | 000,004,592 | ---- | C] () -- C:\Users\dagmar\AppData\Roaming\wklnhst.dat
[2008/12/11 11:25:53 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2008/11/17 17:18:35 | 000,000,035 | ---- | C] () -- C:\Windows\Ulead32.INI
[2008/11/17 17:16:12 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\Onsreged.sys
[2008/09/02 07:45:19 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2008/08/28 11:46:27 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Hooks.dll
[2008/08/28 08:27:57 | 000,066,856 | ---- | C] () -- C:\Windows\System32\drivers\FPWinIo.sys
[2008/08/28 08:15:44 | 000,628,730 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/08/28 08:15:44 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/08/28 08:15:44 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/08/28 08:15:44 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/08/28 08:02:32 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2008/08/28 08:02:32 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2008/08/28 06:33:16 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2008/08/28 05:58:13 | 001,753,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008/08/28 05:58:13 | 000,233,472 | ---- | C] () -- C:\Windows\tsnp2uvc.exe
[2008/08/28 05:58:13 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008/08/28 05:58:13 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008/08/28 05:35:46 | 000,119,296 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008/08/28 04:31:15 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/08/28 04:31:15 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\29563E424B.sys
[2008/08/28 00:25:39 | 000,000,143 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/08/27 22:21:34 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/08/27 21:43:57 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2008/06/18 11:04:34 | 000,026,760 | R--- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2008/01/20 22:24:14 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2007/06/05 07:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,430,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2003/02/20 12:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2008/11/13 06:58:41 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Buhl Data Service GmbH
[2012/03/12 19:11:28 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\DataDesign
[2011/08/31 14:46:47 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\NASNaviator2
[2012/05/02 11:23:30 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Nmtgqpxlyn
[2010/06/10 15:47:55 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\OpenOffice.org
[2009/04/07 07:35:25 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Sierra Wireless
[2009/02/04 03:06:47 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Template
[2012/05/02 11:37:59 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\TuneAid
[2012/03/09 07:19:54 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\TuneUp Software
[2012/05/02 11:38:01 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\UseNeXT
[2009/03/05 13:07:46 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\WebCompiler2
[2011/08/10 06:53:46 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\WindSolutions
[2012/05/02 13:17:56 | 000,000,502 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2012/05/02 13:18:25 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/02 12:15:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---

cosinus 02.05.2012 19:33
Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?



Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten

Sayri 02.05.2012 19:34
ok danke für die Antwort ich versuche es jz mal.

Nein klappt leider nicht, startet sich von alleine neu.

cosinus 02.05.2012 19:52
Zitat:
Nein klappt leider nicht, startet sich von alleine neu.
Was genau heißt das? Wo genau startet es sich von allein neu?
Der normale Modus scheint ja zu blockiert zu werden?

Sayri 02.05.2012 19:54
Wenn ich im normalen Modus starte, komme ich auf den Desktop und dann sofort in dieses Trojaner interface,

Wenn ich im abgesicherten Modus starte, dann lädt der diese ganzen schriften rein, man sieht kurz den Cursor und dann startet sich der Computer neu und fährt im "normalen" Modus hoch.

cosinus 02.05.2012 20:19
Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
O4 - HKU\dagmar_ON_C..\Run: [B2971A31] C:\Users\dagmar\AppData\Roaming\Nmtgqpxlyn\321BFD41B2971A315607.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/21 11:50:32 | 000,000,672 | RH-- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{046213fa-6c74-11de-aa7f-0016ead6b5d6}\Shell - "" = AutoRun
O33 - MountPoints2\{046213fa-6c74-11de-aa7f-0016ead6b5d6}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0462140a-6c74-11de-aa7f-0016ead6b5d6}\Shell - "" = AutoRun
O33 - MountPoints2\{0462140a-6c74-11de-aa7f-0016ead6b5d6}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{04621416-6c74-11de-aa7f-00ade1ac1c1a}\Shell - "" = AutoRun
O33 - MountPoints2\{04621416-6c74-11de-aa7f-00ade1ac1c1a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{0462143c-6c74-11de-aa7f-00ade1ac1c1a}\Shell - "" = AutoRun
O33 - MountPoints2\{0462143c-6c74-11de-aa7f-00ade1ac1c1a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{091292ec-75e8-11de-929e-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{091292ec-75e8-11de-929e-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{09129313-75e8-11de-929e-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{09129313-75e8-11de-929e-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{247c9e8a-75e6-11de-b01a-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{247c9e8a-75e6-11de-b01a-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{247c9e8c-75e6-11de-b01a-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{247c9e8c-75e6-11de-b01a-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{24ac7b4b-2351-11de-8f4c-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{24ac7b4b-2351-11de-8f4c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{24ac7b71-2351-11de-8f4c-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{24ac7b71-2351-11de-8f4c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{24ac7b76-2351-11de-8f4c-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{24ac7b76-2351-11de-8f4c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{24ac7b79-2351-11de-8f4c-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{24ac7b79-2351-11de-8f4c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{24ac7ba2-2351-11de-8f4c-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{24ac7ba2-2351-11de-8f4c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4924f045-004e-11de-a894-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{4924f045-004e-11de-a894-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4924f06b-004e-11de-a894-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{4924f06b-004e-11de-a894-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{544d06c8-76bd-11de-97ed-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{544d06c8-76bd-11de-97ed-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8cd78866-7697-11de-ad7c-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{8cd78866-7697-11de-ad7c-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{90ed5b6d-00d2-11de-9db9-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{90ed5b6d-00d2-11de-9db9-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\Shell\AutoRun\command - "" = G:\Autorun.exe /run
O33 - MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\Shell\Shell00\Command - "" = G:\Autorun.exe /run
O33 - MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\Shell\Shell01\Command - "" = G:\Autorun.exe /action
O33 - MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\Shell\Shell02\Command - "" = G:\Autorun.exe /uninstall
O33 - MountPoints2\{c8fda64f-75da-11de-870d-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{c8fda64f-75da-11de-870d-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c8fda653-75da-11de-870d-8cd2572bbcd9}\Shell - "" = AutoRun
O33 - MountPoints2\{c8fda653-75da-11de-870d-8cd2572bbcd9}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d3b5bed2-004b-11de-968b-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{d3b5bed2-004b-11de-968b-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d3b5bf0e-004b-11de-968b-001f1609bb94}\Shell - "" = AutoRun
O33 - MountPoints2\{d3b5bf0e-004b-11de-968b-001f1609bb94}\Shell\AutoRun\command - "" = G:\AutoRun.exe
:Files
C:\Users\dagmar\AppData\Roaming\Nmtgqpxlyn
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Sayri 02.05.2012 20:30
Ok fix ist durch: hier das Logfile:

========== OTL ==========
Registry value HKEY_USERS\dagmar_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\B2971A31 deleted successfully.
C:\Users\dagmar\AppData\Roaming\Nmtgqpxlyn\321BFD41B2971A315607.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File E:\AUTOEXEC.BAT not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{046213fa-6c74-11de-aa7f-0016ead6b5d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{046213fa-6c74-11de-aa7f-0016ead6b5d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{046213fa-6c74-11de-aa7f-0016ead6b5d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{046213fa-6c74-11de-aa7f-0016ead6b5d6}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0462140a-6c74-11de-aa7f-0016ead6b5d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0462140a-6c74-11de-aa7f-0016ead6b5d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0462140a-6c74-11de-aa7f-0016ead6b5d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0462140a-6c74-11de-aa7f-0016ead6b5d6}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04621416-6c74-11de-aa7f-00ade1ac1c1a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04621416-6c74-11de-aa7f-00ade1ac1c1a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04621416-6c74-11de-aa7f-00ade1ac1c1a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04621416-6c74-11de-aa7f-00ade1ac1c1a}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0462143c-6c74-11de-aa7f-00ade1ac1c1a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0462143c-6c74-11de-aa7f-00ade1ac1c1a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0462143c-6c74-11de-aa7f-00ade1ac1c1a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0462143c-6c74-11de-aa7f-00ade1ac1c1a}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{091292ec-75e8-11de-929e-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{091292ec-75e8-11de-929e-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{091292ec-75e8-11de-929e-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{091292ec-75e8-11de-929e-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09129313-75e8-11de-929e-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09129313-75e8-11de-929e-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09129313-75e8-11de-929e-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09129313-75e8-11de-929e-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{247c9e8a-75e6-11de-b01a-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{247c9e8a-75e6-11de-b01a-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{247c9e8a-75e6-11de-b01a-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{247c9e8a-75e6-11de-b01a-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{247c9e8c-75e6-11de-b01a-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{247c9e8c-75e6-11de-b01a-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{247c9e8c-75e6-11de-b01a-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{247c9e8c-75e6-11de-b01a-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ac7b4b-2351-11de-8f4c-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ac7b4b-2351-11de-8f4c-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ac7b4b-2351-11de-8f4c-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ac7b4b-2351-11de-8f4c-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ac7b71-2351-11de-8f4c-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ac7b71-2351-11de-8f4c-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ac7b71-2351-11de-8f4c-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ac7b71-2351-11de-8f4c-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ac7b76-2351-11de-8f4c-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ac7b76-2351-11de-8f4c-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ac7b76-2351-11de-8f4c-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ac7b76-2351-11de-8f4c-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ac7b79-2351-11de-8f4c-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ac7b79-2351-11de-8f4c-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ac7b79-2351-11de-8f4c-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ac7b79-2351-11de-8f4c-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ac7ba2-2351-11de-8f4c-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ac7ba2-2351-11de-8f4c-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24ac7ba2-2351-11de-8f4c-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24ac7ba2-2351-11de-8f4c-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4924f045-004e-11de-a894-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4924f045-004e-11de-a894-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4924f045-004e-11de-a894-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4924f045-004e-11de-a894-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4924f06b-004e-11de-a894-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4924f06b-004e-11de-a894-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4924f06b-004e-11de-a894-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4924f06b-004e-11de-a894-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{544d06c8-76bd-11de-97ed-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{544d06c8-76bd-11de-97ed-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{544d06c8-76bd-11de-97ed-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{544d06c8-76bd-11de-97ed-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cd78866-7697-11de-ad7c-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cd78866-7697-11de-ad7c-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cd78866-7697-11de-ad7c-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cd78866-7697-11de-ad7c-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90ed5b6d-00d2-11de-9db9-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90ed5b6d-00d2-11de-9db9-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90ed5b6d-00d2-11de-9db9-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90ed5b6d-00d2-11de-9db9-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\ not found.
File G:\Autorun.exe /run not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\ not found.
File G:\Autorun.exe /run not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\ not found.
File G:\Autorun.exe /action not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6b28f87-f289-11dd-8b3d-001f1609bb94}\ not found.
File G:\Autorun.exe /uninstall not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8fda64f-75da-11de-870d-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8fda64f-75da-11de-870d-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8fda64f-75da-11de-870d-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8fda64f-75da-11de-870d-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8fda653-75da-11de-870d-8cd2572bbcd9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8fda653-75da-11de-870d-8cd2572bbcd9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8fda653-75da-11de-870d-8cd2572bbcd9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8fda653-75da-11de-870d-8cd2572bbcd9}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3b5bed2-004b-11de-968b-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3b5bed2-004b-11de-968b-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3b5bed2-004b-11de-968b-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3b5bed2-004b-11de-968b-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3b5bf0e-004b-11de-968b-001f1609bb94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3b5bf0e-004b-11de-968b-001f1609bb94}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3b5bf0e-004b-11de-968b-001f1609bb94}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3b5bf0e-004b-11de-968b-001f1609bb94}\ not found.
File G:\AutoRun.exe not found.
========== FILES ==========
C:\Users\dagmar\AppData\Roaming\Nmtgqpxlyn folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTLPE by OldTimer - Version 3.1.48.0 log created on 05022012_222835

Wowwwww danke :) ich komme wieder auf den Laptop, ich suche nun mal die OTL Datei


vielen vielen dank echt gute skills :)

Datei: _OTL.rar empfangen

Vorgang erfolgreich abgeschlossen.



So auch die Datei ist auf eurem Server,

bin ich soweit durch oder muss ich noch was machen?

cosinus 02.05.2012 20:43
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Sayri 02.05.2012 20:52
Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.02.06

Windows Vista Service Pack 1 x86 FAT32
Internet Explorer 8.0.6001.19088
dagmar :: MAMA-PC [Administrator]

02.05.2012 21:44:01
mbam-log-2012-05-02 (21-44-01).txt

Art des Suchlaufs: Voll-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 207054
Laufzeit: 5 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\System\CurrentControlSet\Services\svchost (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 02.05.2012 20:54
Der Vollscan ist bei dir nach 5 Minuten fertig? Das halte ich für fragwürdig

Sayri 02.05.2012 21:21
ich habe den scan nochmal gestartet, war da auch etwas irritiert.

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
das ist der Log von Eset

und das ist der log von dem Suchlauf über die Software

Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.02.06

Windows Vista Service Pack 1 x86 FAT32
Internet Explorer 8.0.6001.19088
dagmar :: MAMA-PC [Administrator]

02.05.2012 21:56:42
mbam-log-2012-05-02 (21-56-42).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 443157
Laufzeit: 1 Stunde(n), 55 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
c:\$recycle.bin\s-1-5-21-1186228194-2826595677-3955999054-1001\$rzf385w\movedfiles\05022012_222835\c_users\dagmar\appdata\roaming\nmtgqpxlyn\321bfd41b2971a315607.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

cosinus 03.05.2012 07:39
ESET hast du falsch gemacht. Stand extra ein dicker Hinweis zu

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen

Sayri 06.05.2012 20:11
Soo, habe nochmal ESET laufen lassen dismal richtig hoffe ich.


Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=01051b5e26023441adda1bbc4db7c7db
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-06 01:32:20
# local_time=2012-05-06 03:32:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 0 173839335 0 0
# compatibility_mode=8192 67108863 100 0 318141 318141 0 0
# scanned=81059
# found=28
# cleaned=28
# scan_time=4533
C:\$RECYCLE.BIN\S-1-5-21-1186228194-2826595677-3955999054-1001\$R4K0YEY.rar        a variant of Win32/Injector.QUK trojan (deleted - quarantined)        00000000000000000000000000000000        C
C:\Program Files\Reviversoft\Registry Reviver\aso3sys.dll        probably a variant of Win32/RegistryReviver application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Program Files\Reviversoft\Registry Reviver\ASOHelper.dll        a variant of Win32/RegistryReviver application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe        a variant of Win32/RegistryReviver application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Program Files\Reviversoft\Registry Reviver\SendLogs.exe        Win32/RegistryReviver application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Program Files\Reviversoft\Registry Reviver\bg\regclean.ini        Win32/RegistryReviver application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Program Files\Reviversoft\Registry Reviver\cs\regclean.ini        Win32/RegistryReviver application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Program Files\Reviversoft\Registry Reviver\DA\regclean.ini        Win32/RegistryReviver application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Program Files\Reviversoft\Registry Reviver\DTCH\regclean.ini        Win32/RegistryReviver application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Program Files\Reviversoft\Registry Reviver\el\regclean.ini        Win32/RegistryReviver application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Program Files\Reviversoft\Registry Reviver\ENG\regclean.ini        Win32/RegistryReviver application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Program Files\Reviversoft\Registry Reviver\ES\regclean.ini        Win32/RegistryReviver application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Program Files\Reviversoft\Registry Reviver\fi\regclean.ini        Win32/RegistryReviver application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Program Files\Reviversoft\Registry Reviver\FR\regclean.ini        Win32/RegistryReviver application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Program Files\Reviversoft\Registry Reviver\GRMN\regclean.ini        Win32/RegistryReviver application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Program Files\Reviversoft\Registry Reviver\hu\regclean.ini        Win32/RegistryReviver application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Program Files\Reviversoft\Registry Reviver\in\regclean.ini        Win32/RegistryReviver application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Program Files\Reviversoft\Registry Reviver\ITLY\regclean.ini        Win32/RegistryReviver application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Program Files\Reviversoft\Registry Reviver\JA\regclean.ini        Win32/RegistryReviver application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Program Files\Reviversoft\Registry Reviver\no\regclean.ini        Win32/RegistryReviver application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Program Files\Reviversoft\Registry Reviver\pl\regclean.ini        Win32/RegistryReviver application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Program Files\Reviversoft\Registry Reviver\pt\regclean.ini        Win32/RegistryReviver application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Program Files\Reviversoft\Registry Reviver\ro\regclean.ini        Win32/RegistryReviver application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Program Files\Reviversoft\Registry Reviver\sv\regclean.ini        Win32/RegistryReviver application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Program Files\Reviversoft\Registry Reviver\th\regclean.ini        Win32/RegistryReviver application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Program Files\Reviversoft\Registry Reviver\TR\regclean.ini        Win32/RegistryReviver application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Program Files\Reviversoft\Registry Reviver\ZH\regclean.ini        Win32/RegistryReviver application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Program Files\Reviversoft\Registry Reviver\zhcn\regclean.ini        Win32/RegistryReviver application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=01051b5e26023441adda1bbc4db7c7db
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-06 04:04:41
# local_time=2012-05-06 06:04:41 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 0 173844017 0 0
# compatibility_mode=8192 67108863 100 0 322823 322823 0 0
# scanned=221132
# found=1
# cleaned=0
# scan_time=8991
C:\Users\dagmar\Downloads\RegistryReviverSetup.exe        a variant of Win32/RegistryReviver application (unable to clean)        00000000000000000000000000000000        I

cosinus 07.05.2012 09:31
Zitat:
C:\Users\dagmar\Downloads\RegistryReviverSetup.exe
Finger weg von Registry-Cleanern!!

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.



Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Sayri 07.05.2012 13:38
hi

nein, also außer das überall diese nicht zu öffnenden "locked-..." Datein sind ist alles normal, der Laptop fährt normal hoch und alle Ordner sind da, auch keine leeren Ordner.

cosinus 07.05.2012 13:58
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Sayri 07.05.2012 15:26
So OTL ist durch, hier das Ergebniss:

Code:
OTL logfile created on: 07.05.2012 15:51:14 - Run 1
OTL by OldTimer - Version 3.2.42.3    Folder = C:\Users\dagmar\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,51% Memory free
6,18 Gb Paging File | 5,19 Gb Available in Paging File | 83,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,32 Gb Total Space | 122,13 Gb Free Space | 43,88% Space Free | Partition Type: NTFS
Drive D: | 19,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: FAT32
 
Computer Name: MAMA-PC | User Name: dagmar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2012.04.25 10:48:57 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.03.12 19:02:26 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
PRC - [2012.02.09 12:59:08 | 001,529,152 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2012.02.09 12:59:08 | 001,220,928 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2009.05.15 21:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
PRC - [2009.03.23 12:09:26 | 000,603,904 | ---- | M] (TuneUp Software GmbH) -- C:\Windows\System32\TUProgSt.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.29 20:11:42 | 003,202,344 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\VITAKEY\PwdBank.exe
PRC - [2008.08.29 20:11:40 | 002,303,272 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\VITAKEY\PdtWzd.exe
PRC - [2008.08.29 20:11:38 | 002,436,392 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\VITAKEY\CompPtcVUI.exe
PRC - [2008.08.29 20:11:38 | 002,180,392 | ---- | M] () -- C:\Program Files\EgisTec\VITAKEY\BASVC.exe
PRC - [2008.08.04 16:45:56 | 000,304,688 | ---- | M] (EgisTec Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2008.08.04 16:45:54 | 000,334,384 | ---- | M] (EgisTec Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlNotifyIcon.exe
PRC - [2008.08.04 16:45:52 | 000,326,192 | ---- | M] (EgisTec Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2008.07.24 18:16:02 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.28 18:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
PRC - [2008.01.21 04:23:52 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.25 10:48:57 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008.09.16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.04.25 10:48:58 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.12 19:02:26 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2012.02.09 12:59:08 | 001,529,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009.05.15 21:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
SRV - [2009.03.23 12:09:26 | 000,603,904 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009.03.23 12:09:21 | 000,362,752 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.11.07 12:37:38 | 000,027,904 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.09.02 14:24:44 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2008.08.29 20:11:38 | 002,180,392 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\VITAKEY\BASVC.exe -- (IGBASVC)
SRV - [2008.08.04 16:45:56 | 000,304,688 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2008.02.28 18:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wtsmpflt.sys -- (WtSmpFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wtsmpadap.sys -- (wtsmpadap)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\KUSBusByTCPMasterBus.sys -- (KUSBusByTCPMasterBus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.02.09 12:48:24 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2008.08.28 14:27:57 | 000,066,856 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\FPWinIo.sys -- (FPWinIo)
DRV - [2008.08.28 14:27:45 | 000,026,920 | ---- | M] (LTT) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\FPSensor.sys -- (FPSensor) LTT-Corp Fingerprint Reader Driver (FPSensor.sys)
DRV - [2008.08.08 04:15:00 | 007,555,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.08.06 16:26:08 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.08.06 00:59:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.08.04 16:46:06 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008.08.04 16:46:04 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008.08.04 16:46:04 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008.07.10 11:12:56 | 001,753,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008.06.18 17:04:34 | 000,026,760 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008.04.28 06:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.03.17 11:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.07.31 11:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2007.03.10 03:33:50 | 000,882,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mosuport.sys -- (mosuport)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul =
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={7F78FFAE-8F3D-4E7C-BD38-57542C0788A8}&mid=0ad1e0af5fe847d1a9b264b9e522cff8-244949e3879da9d0fd68234c09e98073b34560dc&lang=de&ds=tt015&pr=sa&d=2012-03-09 12:20:46&v=8.0.0.34&sap=hp
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul =
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA_deDE301
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={7F78FFAE-8F3D-4E7C-BD38-57542C0788A8}&mid=0ad1e0af5fe847d1a9b264b9e522cff8-244949e3879da9d0fd68234c09e98073b34560dc&lang=de&ds=tt015&pr=sa&d=2012-03-09 12:20:46&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.25 10:48:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.04 02:52:38 | 000,000,000 | ---D | M]
 
[2008.11.17 23:31:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dagmar\AppData\Roaming\mozilla\Extensions
[2012.05.06 22:34:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions
[2011.05.28 13:04:03 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com
[2011.11.12 16:46:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008.12.11 17:25:57 | 000,000,000 | ---D | M] (PDFCreator Toolbar) -- C:\PROGRAM FILES\PDFCREATOR TOOLBAR\V3.3.0.1\FIREFOX
[2012.05.07 02:04:55 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\DAGMAR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R3O3IEEY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.04.25 10:48:58 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.24 16:47:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.12 19:02:22 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.02.24 16:47:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.24 16:47:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.24 16:47:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.24 16:47:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.24 16:47:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.05.03 04:28:38 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files\EgisTec\VITAKEY\PdtWzd.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe (Egis Technology Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..Trusted Ranges: GD ([http] in Lokales Intranet)
O15 - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..Trusted Ranges: Range1 ([https] in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..Trusted Ranges: Range2 ([https] in Vertrauenswürdige Sites)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://juwelvpn.dyndns.org/XTSAC.cab (XTSAC Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{228BBEBE-E967-411B-B950-8E7B8C6843A4}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D0C0C1F-7C8A-4A90-A61C-AD06E31C043E}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\dagmar\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\dagmar\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner Finder.lnk -  - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - D:\Program Files\WinZip\WZQKPICK.EXE - (WinZip Computing, S.L.)
MsConfig - StartUpFolder: C:^Users^dagmar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: BullGuard - hkey= - key= -  File not found
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
MsConfig - StartUpReg: MobileDocuments - hkey= - key= - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - D:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: toolbar_eula_launcher - hkey= - key= - C:\Program Files\GoogleEULA\EULALauncher.exe ( )
MsConfig - StartUpReg: tsnp2uvc - hkey= - key= - C:\Windows\tsnp2uvc.exe ()
MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: vProt - hkey= - key= - C:\Program Files\AVG Secure Search\vprot.exe ()
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.07 15:18:13 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\dagmar\Desktop\OTL.exe
[2012.05.06 20:57:17 | 000,000,000 | ---D | C] -- C:\Users\dagmar\Desktop\Neuer Ordner
[2012.05.04 19:47:00 | 000,000,000 | ---D | C] -- C:\Users\dagmar\AppData\Roaming\Reviversoft
[2012.05.04 19:46:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reviversoft
[2012.05.04 19:46:48 | 000,017,224 | ---- | C] (ReviverSoft) -- C:\Windows\System32\roboot.exe
[2012.05.04 19:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\Reviversoft
[2012.05.03 02:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.02 21:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.02 21:43:10 | 000,000,000 | ---D | C] -- C:\Users\dagmar\AppData\Roaming\Malwarebytes
[2012.05.02 21:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.02 21:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.02 21:39:42 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.30 19:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.04.30 19:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.04.30 16:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\ABUS Security-Center
[2012.04.30 16:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABUS Security-Center
[2012.04.25 10:49:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.04.25 10:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.07 15:55:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2012.05.07 15:51:36 | 000,628,730 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.07 15:51:36 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.07 15:51:36 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.07 15:51:36 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.07 15:47:46 | 000,000,502 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.05.07 15:47:45 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.07 15:45:18 | 000,042,654 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.05.07 15:45:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.07 15:45:14 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.07 15:45:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.07 15:21:59 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.05.07 15:18:24 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\dagmar\Desktop\OTL.exe
[2012.05.07 15:12:23 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.07 10:26:10 | 000,027,136 | ---- | M] () -- C:\Users\dagmar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.07 02:09:45 | 000,268,427 | ---- | M] () -- C:\Users\dagmar\Documents\Scan0001.pdf
[2012.05.07 02:09:28 | 000,306,345 | ---- | M] () -- C:\Users\dagmar\Documents\Bewerbung Rosalie Resl.pdf
[2012.05.07 02:09:28 | 000,253,774 | ---- | M] () -- C:\Users\dagmar\Documents\Dennis Kruse2.jpg
[2012.05.07 02:09:27 | 000,234,096 | ---- | M] () -- C:\Users\dagmar\Documents\Anfahrt.jpg
[2012.05.02 17:39:12 | 000,268,427 | ---- | M] () -- C:\Users\dagmar\Documents\locked-Scan0001.pdf.xdrz
[2012.05.02 17:38:39 | 000,253,774 | ---- | M] () -- C:\Users\dagmar\Documents\locked-Dennis Kruse2.jpg.dtfz
[2012.05.02 17:38:33 | 000,306,345 | ---- | M] () -- C:\Users\dagmar\Documents\locked-Bewerbung Rosalie Resl.pdf.kfyc
[2012.05.02 17:38:33 | 000,234,096 | ---- | M] () -- C:\Users\dagmar\Documents\locked-Anfahrt.jpg.onjs
[2012.05.02 17:32:33 | 000,042,654 | ---- | M] () -- C:\ProgramData\locked-nvModes.001.hmld
[2012.05.02 17:22:35 | 000,042,654 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.04.30 19:10:41 | 000,001,409 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.04.30 19:01:50 | 309,324,901 | ---- | M] () -- C:\Windows\MEMORY.DMP
 
========== Files Created - No Company Name ==========
 
[2012.05.06 22:40:19 | 000,268,427 | ---- | C] () -- C:\Users\dagmar\Documents\Scan0001.pdf
[2012.05.06 22:40:02 | 000,253,774 | ---- | C] () -- C:\Users\dagmar\Documents\Dennis Kruse2.jpg
[2012.05.06 22:40:01 | 000,306,345 | ---- | C] () -- C:\Users\dagmar\Documents\Bewerbung Rosalie Resl.pdf
[2012.05.06 22:40:01 | 000,234,096 | ---- | C] () -- C:\Users\dagmar\Documents\Anfahrt.jpg
[2012.05.02 17:45:04 | 000,042,654 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012.04.30 19:10:41 | 000,001,409 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.04.18 10:31:27 | 309,324,901 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.10.14 18:34:17 | 000,882,432 | ---- | C] () -- C:\Windows\System32\drivers\mosuport.sys
[2011.10.14 18:34:17 | 000,278,528 | ---- | C] () -- C:\Windows\System32\MosUsbSerial.exe
[2011.10.14 18:34:17 | 000,262,144 | ---- | C] () -- C:\Windows\System32\MosUnst.exe
[2011.10.14 18:34:17 | 000,225,280 | ---- | C] () -- C:\Windows\System32\MosUSBParallel.exe
[2011.10.14 18:34:17 | 000,057,344 | ---- | C] () -- C:\Windows\System32\MosUSBSerPropPage.dll
[2011.10.14 18:34:17 | 000,053,248 | ---- | C] () -- C:\Windows\System32\MosUSBParPropPage.dll
[2011.10.14 18:34:17 | 000,028,672 | ---- | C] () -- C:\Windows\System32\dbgmsgcfg.dll
[2011.09.08 23:03:59 | 000,000,000 | ---- | C] () -- C:\Users\dagmar\AppData\Local\{8FAF1DC2-324B-4AF2-82C5-CF35492BC72C}
[2011.09.08 23:01:58 | 000,000,000 | ---- | C] () -- C:\Users\dagmar\AppData\Local\{1BF95C17-1E8B-437A-856E-3638C7E6FAEE}
[2011.07.13 07:47:36 | 000,000,000 | ---- | C] () -- C:\Users\dagmar\AppData\Local\{E474D4A3-F08A-4D4E-8AD6-CFC429808E2E}
[2011.07.13 07:40:20 | 000,000,000 | ---- | C] () -- C:\Users\dagmar\AppData\Local\{0DA4FE39-CAAF-4DA3-ABDE-EAFB9154A010}
 
========== LOP Check ==========
 
[2008.11.13 12:58:41 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Buhl Data Service GmbH
[2012.03.13 01:11:28 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\DataDesign
[2011.08.31 20:46:47 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\NASNaviator2
[2010.06.10 21:47:55 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\OpenOffice.org
[2012.05.04 19:47:00 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Reviversoft
[2009.04.07 13:35:25 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Sierra Wireless
[2009.02.04 09:06:47 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Template
[2012.05.06 22:35:07 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\TuneAid
[2012.03.09 13:19:54 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\TuneUp Software
[2012.05.07 10:28:07 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\UseNeXT
[2009.03.05 19:07:46 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\WebCompiler2
[2011.08.10 12:53:46 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\WindSolutions
[2012.05.07 15:47:46 | 000,000,502 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2012.05.07 15:22:01 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.05.07 15:55:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.11.13 11:46:10 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Adobe
[2012.03.13 01:24:50 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Apple Computer
[2008.11.13 12:58:41 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Buhl Data Service GmbH
[2009.04.29 07:14:58 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Corel
[2009.03.15 16:24:23 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\CyberLink
[2012.03.13 01:11:28 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\DataDesign
[2008.11.12 23:03:45 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Google
[2011.06.19 14:06:32 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\HpUpdate
[2008.11.12 11:10:49 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Identities
[2008.11.13 01:12:13 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Macromedia
[2012.05.02 21:43:10 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Media Center Programs
[2011.08.08 20:22:09 | 000,000,000 | --SD | M] -- C:\Users\dagmar\AppData\Roaming\Microsoft
[2008.11.17 23:31:58 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Mozilla
[2011.08.31 20:46:47 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\NASNaviator2
[2009.02.18 18:43:32 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Nero
[2010.06.10 21:47:55 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\OpenOffice.org
[2012.05.04 19:47:00 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Reviversoft
[2009.04.07 13:35:25 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Sierra Wireless
[2009.02.04 09:06:47 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Template
[2012.05.06 22:35:07 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\TuneAid
[2012.03.09 13:19:54 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\TuneUp Software
[2012.05.07 10:28:07 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\UseNeXT
[2012.05.06 22:35:08 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\vlc
[2009.03.05 19:07:46 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\WebCompiler2
[2011.08.10 12:53:46 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\WindSolutions
[2009.02.18 18:45:29 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.05.07 02:04:43 | 000,010,398 | ---- | M] () -- C:\Users\dagmar\AppData\Roaming\Microsoft\Installer\{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}\_6FA99008F6BBB97A091E2D.exe
[2012.05.07 02:04:43 | 000,025,214 | ---- | M] () -- C:\Users\dagmar\AppData\Roaming\Microsoft\Installer\{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}\_E38944F26F8D876B004311.exe
[2011.08.10 12:22:31 | 007,128,264 | ---- | M] (WindSolutions) -- C:\Users\dagmar\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTrans.exe
[2011.08.10 12:20:58 | 003,461,672 | ---- | M] (WindSolutions) -- C:\Users\dagmar\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe
[2011.08.10 12:28:53 | 007,665,928 | ---- | M] (WindSolutions) -- C:\Users\dagmar\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransManager.exe
[2011.08.10 12:53:40 | 006,480,904 | ---- | M] (WindSolutions) -- C:\Users\dagmar\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransPhoto.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.08.13 13:05:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2008.08.13 13:05:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.08.13 13:05:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.08.13 13:05:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 21:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:24051EFF

< End of report >
Es gab noch ein 2tes logfile, Extras.Txt ist das auch relevant

Code:
OTL Extras logfile created on: 07.05.2012 15:51:14 - Run 1
OTL by OldTimer - Version 3.2.42.3    Folder = C:\Users\dagmar\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,51% Memory free
6,18 Gb Paging File | 5,19 Gb Available in Paging File | 83,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,32 Gb Total Space | 122,13 Gb Free Space | 43,88% Space Free | Partition Type: NTFS
Drive D: | 19,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: FAT32
 
Computer Name: MAMA-PC | User Name: dagmar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{072BADE7-E429-43FE-9632-ED8119CE21AD}" = lport=445 | protocol=6 | dir=in | app=system |
"{09E01168-DA8D-46D0-8EFD-C6E9083FC886}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{107D0A42-F4BA-412D-9029-16163429C935}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{12FC471E-B764-4859-8FEA-994D1C51962A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{16580E1A-8D8B-433B-B34C-65EBE21F8EE4}" = lport=3390 | protocol=6 | dir=in | app=system |
"{1898FFB9-B7C1-49D5-8E40-20A42EF93F8F}" = lport=139 | protocol=6 | dir=in | app=system |
"{1B09A108-22A1-4FE2-8FAB-FB8CE335F740}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{1BE36594-6ADC-4202-913F-5F749C81337A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1DE35918-D31B-45BE-8D16-9C45DCF6BF6E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2350A216-2946-493D-A29E-33B1EDC82162}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{25E21EE2-7560-4474-91C7-C44508DC6489}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2DFAD5C0-C566-4F61-AD19-525886803112}" = rport=10244 | protocol=6 | dir=out | app=system |
"{30E4A4FF-9E33-499F-B798-6A06F2E3E9D8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3191DECA-417D-496A-96E7-02FEF02CFEFF}" = lport=10244 | protocol=6 | dir=in | app=system |
"{37A67E49-16A2-4AA4-B483-A04C5F07AC75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{39BA89BA-5E33-47BA-8848-ACB49C572B2E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{3C77367C-B142-4B4F-9343-0CA4D6459332}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{5503186A-1591-40C3-85F0-7D9A5BC9A93B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5E8A0030-0D36-4994-AC3B-1893BEE04794}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{64B06681-9A1C-47EB-A743-D2204BC730EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{776BEAB3-FDA1-46A4-90DA-8B6DCB3706A6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{78C098D2-3236-4208-9D54-0C010F77A004}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8AAD5D66-4F82-499A-9331-0BD43DD2AD08}" = rport=445 | protocol=6 | dir=out | app=system |
"{8F2EF8C8-FDD2-4682-94D1-B5D4770F5D3F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A4EB2E77-D18E-4E07-8F7D-72C40E556E4E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{AB35FD29-C819-4EBD-B954-63A5BB8A7741}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{AEED3589-EE54-4D38-80A0-A0FD6BBEE827}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B100CB64-BCF7-442B-93A4-5AFE17A56603}" = lport=137 | protocol=17 | dir=in | app=system |
"{B800D73E-0396-4E6D-BDA6-D5D7A84ADA2D}" = lport=138 | protocol=17 | dir=in | app=system |
"{B838CFCA-84E9-4CB0-A27B-B1504B9BEFCA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF21D257-A7FD-48E5-8A21-E5E4CB0E5702}" = rport=139 | protocol=6 | dir=out | app=system |
"{CFC551D5-7442-41F2-ADF9-A61C70D3A89C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D5375A35-82EE-4FD0-B983-D0FEEA98E25F}" = rport=137 | protocol=17 | dir=out | app=system |
"{D9074FF1-D1C0-430F-92B1-6C44AE88A44B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EA2C2A43-E142-4B23-943F-710440FD9CFD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{EA319ABF-05EE-4D32-B53A-46B7CCB3D10C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EEDCD9E0-81A0-4689-8060-018F689F528B}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{F046B3A2-66D7-4970-B531-637807A9DD0F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F36D0674-9292-4E9C-A993-7AB57DE2F9C3}" = rport=138 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10E8C456-0210-4E73-9472-4CD35799A79D}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{11963E22-D3FE-496F-B11F-233178653710}" = protocol=6 | dir=out | app=system |
"{1272C230-B63C-46F1-8ECA-1DF57EDF3BC3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{247C9EBC-C3AF-45FF-9884-040D30047C33}" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe |
"{28391B67-FDC6-4A4A-801E-F7124E8FFE10}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{2E25BF11-24F1-4485-90FF-5C9EDEC477AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{33EC455F-2EFE-41DC-95FB-56CFFE7DF70A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{350076D4-693F-41B8-BD90-A4B6F6115FE6}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{363B42AB-E3C9-4696-B3C3-B1217C66CCB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3DC48DDD-4051-4111-BBBB-B6C39424525A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5682B6E3-4375-4741-B791-6FD1FAD13D9B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5A30A4F1-1B8D-4A7C-8AC5-52340E33DE87}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{5AA83A82-8265-41C6-B6EF-8C3862D11B09}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{61E9D938-C4B4-47F7-913B-66796D781DFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{63784E9D-FD24-4581-A97F-C3955134D42B}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{6E5D556C-4E80-4907-9EAD-1EBF44A77099}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6E92F78E-C7CB-4FC7-9E0F-57970BA652D9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{714D7EB7-FE58-4FC8-B460-647B353CBADD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{76060410-9C04-4622-9CBA-04056B76FE3D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{78380F14-117A-4524-A57A-14973C030903}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{7F12D708-E9D3-44CB-A2F3-F205FECD04D4}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{86E887C7-8A68-450A-87FA-4C222710B361}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8CE86474-D536-460A-B95E-A313F2D1520F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8E61314E-0629-489A-BC91-18BE94AA8A04}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{944FC150-6A9B-4A53-B29E-D48889CAF127}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9BD81D42-DB56-43F2-812C-F4CDB1A9FE2C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{9FA08E23-060E-4DF9-90AF-D3930F5E0F35}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A06754D5-078E-4E7D-8406-2B1C57977B3E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A8841B5F-B5AC-4C80-8592-5FF2F79D9678}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF54A96A-D584-4EC8-8B2E-2F6B9A85F50D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B36A40E3-B27B-452A-AF45-52DA8E110142}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B43B1CCB-5D98-40A6-95FB-C38F7D7455B0}" = protocol=6 | dir=in | app=c:\program files\unlimited connection manager\unlimited connection manager.exe |
"{B73F2DBB-A331-4D55-A03C-AAC21C5F6F73}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B968BE4F-BD65-4877-B105-F76F317B84F9}" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe |
"{B99B9C4A-8C79-4267-96DB-19D72DED4F2D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C3D36FB7-6922-41E6-96C3-A0B658A5578B}" = protocol=17 | dir=in | app=c:\program files\unlimited connection manager\unlimited connection manager.exe |
"{C7CD8410-D29F-45F6-AD00-6BF36B9195AB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CC9C1220-4F21-4A2A-A776-8D16A72204A4}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{CFBDF621-2C22-45F8-81DF-C9DB0EE8CFD6}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{D8CAEFF8-0CEE-4015-A755-7D319E768EA4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D8FB8F8D-8F98-43A6-B850-E2A6A4E0B283}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{E29CCEC6-577E-4D6B-9DC3-3012CA1A41E2}" = dir=in | app=d:\program files\itunes\itunes.exe |
"{E719ADE9-BA03-4D6F-BB65-6314D0093DDD}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{EE538957-909D-4EFC-A085-B929A39B048C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F84A0EAD-AFBE-49AC-BD25-9F26D2A3E73F}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{FBA59B54-C69C-426B-9966-B55F12E2094F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FE9892ED-1298-4C3D-AFDD-C09E6F9D63CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FF3F1D4A-93D0-4CA3-AFAD-C537458E08B2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{1084484C-BC64-460A-8853-54AAEA1E5825}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{149D4CFE-B018-4FD1-AC82-9F5EBDEC1629}C:\program files\buffalo\nasnavi\nasnavi.exe" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe |
"TCP Query User{5A3E0E37-CD92-4BFA-8BC6-EB04C475C83D}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"TCP Query User{88039DB5-A764-4A9D-8E9B-BFD87728A560}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=6 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe |
"TCP Query User{990B1384-F106-44AE-8305-F66B4771C731}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=6 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe |
"TCP Query User{9E8FB15F-2F0A-43BA-A172-CB92F5F49756}C:\program files\abus security-center\installationsassistent 2\iw2.exe" = protocol=6 | dir=in | app=c:\program files\abus security-center\installationsassistent 2\iw2.exe |
"TCP Query User{E264E4D9-FDE6-43E7-BA1C-43160AE55B08}C:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=6 | dir=in | app=c:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe |
"UDP Query User{2554715F-8C9F-42CE-93B5-EBC0B851717D}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=17 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe |
"UDP Query User{2A46460A-95E7-49C1-AE87-96F93D60DD5D}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{455AAC0F-D976-4D18-ADE8-3B3EEE00C2AE}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=17 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe |
"UDP Query User{4835702D-D30C-4E7D-84E0-70708198B8D9}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"UDP Query User{557BA70D-592B-426C-AC23-60FA3C617B26}C:\program files\abus security-center\installationsassistent 2\iw2.exe" = protocol=17 | dir=in | app=c:\program files\abus security-center\installationsassistent 2\iw2.exe |
"UDP Query User{72A5BD2A-C6A5-4032-9ADA-E1115D0844CD}C:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=17 | dir=in | app=c:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe |
"UDP Query User{C1DFAC81-009A-404C-8B4C-C6B675E475CF}C:\program files\buffalo\nasnavi\nasnavi.exe" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Hilfe
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Foxlink Webcam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45015CD6-4E70-4D1F-811E-2906B23BF27F}" = Studie zur Verbesserung von HP Officejet 6500 E710n-z Produkten
"{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6414E7C5-C329-4C99-A223-FCCDB499E3E9}" = D-Link AirPlus Xtreme G AP Manager for DWL-2100AP
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker 3
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75674E4C-CDE5-4E64-8014-FDF6D9204C4B}" = HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{924DAFFB-CA84-43a3-8205-A6E94461EC79}_is1" = Registry Reviver
"{9428A68A-9B43-473D-9771-FDA1D15B4C0D}" = VITAKEY
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B5C193AA-3BCE-483D-B9E7-97138248EB8B}" = ABUS IP-Installer
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5DECB40-7801-11D4-AFAE-0050DA073284}" = T-Concept X320 Xi320 Xi520
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AVG Secure Search" = AVG Security Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"File Recover_is1" = File Recover 7.5
"Google Desktop" = Google Desktop
"Installationsassistent2" = Installationsassistent2
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{9428A68A-9B43-473D-9771-FDA1D15B4C0D}" = VITAKEY
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"PDFCreator Toolbar" = PDFCreator Toolbar
"PROGNOS für Windows_is1" = PfW 4.7.2.3
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"TuneAid_is1" = TuneAid 3.76
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"UN060501" = BUFFALO NAS Navigator2
"UN090928" = BUFFALO LinkStation(LX-WXL) Setup Guide
"Unlimited Connection Manager" = Unlimited Connection Manager
"USB Compound Device" = USB Compound Device
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"X10Hardware" = X10 Hardware(TM)
"ZoomPlayer" = Zoom Player (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"GoToMeeting" = GoToMeeting 5.1.0.874
 
========== Last 10 Event Log Errors ==========
 
Error: Unable to start EventLog service!
 
< End of report >

oh entschuldigung i.wie doppelt gepostet Oo

Sayri 07.05.2012 15:28
Es gab noch ein 2tes logfile, Extras.Txt ist das auch relevant

Code:
OTL Extras logfile created on: 07.05.2012 15:51:14 - Run 1
OTL by OldTimer - Version 3.2.42.3    Folder = C:\Users\dagmar\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,51% Memory free
6,18 Gb Paging File | 5,19 Gb Available in Paging File | 83,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,32 Gb Total Space | 122,13 Gb Free Space | 43,88% Space Free | Partition Type: NTFS
Drive D: | 19,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: FAT32
 
Computer Name: MAMA-PC | User Name: dagmar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{072BADE7-E429-43FE-9632-ED8119CE21AD}" = lport=445 | protocol=6 | dir=in | app=system |
"{09E01168-DA8D-46D0-8EFD-C6E9083FC886}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{107D0A42-F4BA-412D-9029-16163429C935}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{12FC471E-B764-4859-8FEA-994D1C51962A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{16580E1A-8D8B-433B-B34C-65EBE21F8EE4}" = lport=3390 | protocol=6 | dir=in | app=system |
"{1898FFB9-B7C1-49D5-8E40-20A42EF93F8F}" = lport=139 | protocol=6 | dir=in | app=system |
"{1B09A108-22A1-4FE2-8FAB-FB8CE335F740}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{1BE36594-6ADC-4202-913F-5F749C81337A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1DE35918-D31B-45BE-8D16-9C45DCF6BF6E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2350A216-2946-493D-A29E-33B1EDC82162}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{25E21EE2-7560-4474-91C7-C44508DC6489}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2DFAD5C0-C566-4F61-AD19-525886803112}" = rport=10244 | protocol=6 | dir=out | app=system |
"{30E4A4FF-9E33-499F-B798-6A06F2E3E9D8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3191DECA-417D-496A-96E7-02FEF02CFEFF}" = lport=10244 | protocol=6 | dir=in | app=system |
"{37A67E49-16A2-4AA4-B483-A04C5F07AC75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{39BA89BA-5E33-47BA-8848-ACB49C572B2E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{3C77367C-B142-4B4F-9343-0CA4D6459332}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{5503186A-1591-40C3-85F0-7D9A5BC9A93B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5E8A0030-0D36-4994-AC3B-1893BEE04794}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{64B06681-9A1C-47EB-A743-D2204BC730EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{776BEAB3-FDA1-46A4-90DA-8B6DCB3706A6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{78C098D2-3236-4208-9D54-0C010F77A004}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8AAD5D66-4F82-499A-9331-0BD43DD2AD08}" = rport=445 | protocol=6 | dir=out | app=system |
"{8F2EF8C8-FDD2-4682-94D1-B5D4770F5D3F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A4EB2E77-D18E-4E07-8F7D-72C40E556E4E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{AB35FD29-C819-4EBD-B954-63A5BB8A7741}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{AEED3589-EE54-4D38-80A0-A0FD6BBEE827}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B100CB64-BCF7-442B-93A4-5AFE17A56603}" = lport=137 | protocol=17 | dir=in | app=system |
"{B800D73E-0396-4E6D-BDA6-D5D7A84ADA2D}" = lport=138 | protocol=17 | dir=in | app=system |
"{B838CFCA-84E9-4CB0-A27B-B1504B9BEFCA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF21D257-A7FD-48E5-8A21-E5E4CB0E5702}" = rport=139 | protocol=6 | dir=out | app=system |
"{CFC551D5-7442-41F2-ADF9-A61C70D3A89C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D5375A35-82EE-4FD0-B983-D0FEEA98E25F}" = rport=137 | protocol=17 | dir=out | app=system |
"{D9074FF1-D1C0-430F-92B1-6C44AE88A44B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EA2C2A43-E142-4B23-943F-710440FD9CFD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{EA319ABF-05EE-4D32-B53A-46B7CCB3D10C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EEDCD9E0-81A0-4689-8060-018F689F528B}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{F046B3A2-66D7-4970-B531-637807A9DD0F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F36D0674-9292-4E9C-A993-7AB57DE2F9C3}" = rport=138 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10E8C456-0210-4E73-9472-4CD35799A79D}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{11963E22-D3FE-496F-B11F-233178653710}" = protocol=6 | dir=out | app=system |
"{1272C230-B63C-46F1-8ECA-1DF57EDF3BC3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{247C9EBC-C3AF-45FF-9884-040D30047C33}" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe |
"{28391B67-FDC6-4A4A-801E-F7124E8FFE10}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{2E25BF11-24F1-4485-90FF-5C9EDEC477AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{33EC455F-2EFE-41DC-95FB-56CFFE7DF70A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{350076D4-693F-41B8-BD90-A4B6F6115FE6}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{363B42AB-E3C9-4696-B3C3-B1217C66CCB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3DC48DDD-4051-4111-BBBB-B6C39424525A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5682B6E3-4375-4741-B791-6FD1FAD13D9B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5A30A4F1-1B8D-4A7C-8AC5-52340E33DE87}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{5AA83A82-8265-41C6-B6EF-8C3862D11B09}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{61E9D938-C4B4-47F7-913B-66796D781DFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{63784E9D-FD24-4581-A97F-C3955134D42B}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{6E5D556C-4E80-4907-9EAD-1EBF44A77099}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6E92F78E-C7CB-4FC7-9E0F-57970BA652D9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{714D7EB7-FE58-4FC8-B460-647B353CBADD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{76060410-9C04-4622-9CBA-04056B76FE3D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{78380F14-117A-4524-A57A-14973C030903}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{7F12D708-E9D3-44CB-A2F3-F205FECD04D4}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{86E887C7-8A68-450A-87FA-4C222710B361}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8CE86474-D536-460A-B95E-A313F2D1520F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8E61314E-0629-489A-BC91-18BE94AA8A04}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{944FC150-6A9B-4A53-B29E-D48889CAF127}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9BD81D42-DB56-43F2-812C-F4CDB1A9FE2C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{9FA08E23-060E-4DF9-90AF-D3930F5E0F35}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A06754D5-078E-4E7D-8406-2B1C57977B3E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A8841B5F-B5AC-4C80-8592-5FF2F79D9678}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF54A96A-D584-4EC8-8B2E-2F6B9A85F50D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B36A40E3-B27B-452A-AF45-52DA8E110142}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B43B1CCB-5D98-40A6-95FB-C38F7D7455B0}" = protocol=6 | dir=in | app=c:\program files\unlimited connection manager\unlimited connection manager.exe |
"{B73F2DBB-A331-4D55-A03C-AAC21C5F6F73}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B968BE4F-BD65-4877-B105-F76F317B84F9}" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe |
"{B99B9C4A-8C79-4267-96DB-19D72DED4F2D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C3D36FB7-6922-41E6-96C3-A0B658A5578B}" = protocol=17 | dir=in | app=c:\program files\unlimited connection manager\unlimited connection manager.exe |
"{C7CD8410-D29F-45F6-AD00-6BF36B9195AB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CC9C1220-4F21-4A2A-A776-8D16A72204A4}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{CFBDF621-2C22-45F8-81DF-C9DB0EE8CFD6}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{D8CAEFF8-0CEE-4015-A755-7D319E768EA4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D8FB8F8D-8F98-43A6-B850-E2A6A4E0B283}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{E29CCEC6-577E-4D6B-9DC3-3012CA1A41E2}" = dir=in | app=d:\program files\itunes\itunes.exe |
"{E719ADE9-BA03-4D6F-BB65-6314D0093DDD}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{EE538957-909D-4EFC-A085-B929A39B048C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F84A0EAD-AFBE-49AC-BD25-9F26D2A3E73F}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{FBA59B54-C69C-426B-9966-B55F12E2094F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FE9892ED-1298-4C3D-AFDD-C09E6F9D63CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FF3F1D4A-93D0-4CA3-AFAD-C537458E08B2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{1084484C-BC64-460A-8853-54AAEA1E5825}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{149D4CFE-B018-4FD1-AC82-9F5EBDEC1629}C:\program files\buffalo\nasnavi\nasnavi.exe" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe |
"TCP Query User{5A3E0E37-CD92-4BFA-8BC6-EB04C475C83D}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"TCP Query User{88039DB5-A764-4A9D-8E9B-BFD87728A560}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=6 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe |
"TCP Query User{990B1384-F106-44AE-8305-F66B4771C731}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=6 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe |
"TCP Query User{9E8FB15F-2F0A-43BA-A172-CB92F5F49756}C:\program files\abus security-center\installationsassistent 2\iw2.exe" = protocol=6 | dir=in | app=c:\program files\abus security-center\installationsassistent 2\iw2.exe |
"TCP Query User{E264E4D9-FDE6-43E7-BA1C-43160AE55B08}C:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=6 | dir=in | app=c:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe |
"UDP Query User{2554715F-8C9F-42CE-93B5-EBC0B851717D}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=17 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe |
"UDP Query User{2A46460A-95E7-49C1-AE87-96F93D60DD5D}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{455AAC0F-D976-4D18-ADE8-3B3EEE00C2AE}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=17 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe |
"UDP Query User{4835702D-D30C-4E7D-84E0-70708198B8D9}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"UDP Query User{557BA70D-592B-426C-AC23-60FA3C617B26}C:\program files\abus security-center\installationsassistent 2\iw2.exe" = protocol=17 | dir=in | app=c:\program files\abus security-center\installationsassistent 2\iw2.exe |
"UDP Query User{72A5BD2A-C6A5-4032-9ADA-E1115D0844CD}C:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=17 | dir=in | app=c:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe |
"UDP Query User{C1DFAC81-009A-404C-8B4C-C6B675E475CF}C:\program files\buffalo\nasnavi\nasnavi.exe" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Hilfe
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Foxlink Webcam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45015CD6-4E70-4D1F-811E-2906B23BF27F}" = Studie zur Verbesserung von HP Officejet 6500 E710n-z Produkten
"{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6414E7C5-C329-4C99-A223-FCCDB499E3E9}" = D-Link AirPlus Xtreme G AP Manager for DWL-2100AP
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker 3
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75674E4C-CDE5-4E64-8014-FDF6D9204C4B}" = HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{924DAFFB-CA84-43a3-8205-A6E94461EC79}_is1" = Registry Reviver
"{9428A68A-9B43-473D-9771-FDA1D15B4C0D}" = VITAKEY
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B5C193AA-3BCE-483D-B9E7-97138248EB8B}" = ABUS IP-Installer
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5DECB40-7801-11D4-AFAE-0050DA073284}" = T-Concept X320 Xi320 Xi520
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AVG Secure Search" = AVG Security Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"File Recover_is1" = File Recover 7.5
"Google Desktop" = Google Desktop
"Installationsassistent2" = Installationsassistent2
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{9428A68A-9B43-473D-9771-FDA1D15B4C0D}" = VITAKEY
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"PDFCreator Toolbar" = PDFCreator Toolbar
"PROGNOS für Windows_is1" = PfW 4.7.2.3
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"TuneAid_is1" = TuneAid 3.76
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"UN060501" = BUFFALO NAS Navigator2
"UN090928" = BUFFALO LinkStation(LX-WXL) Setup Guide
"Unlimited Connection Manager" = Unlimited Connection Manager
"USB Compound Device" = USB Compound Device
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"X10Hardware" = X10 Hardware(TM)
"ZoomPlayer" = Zoom Player (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"GoToMeeting" = GoToMeeting 5.1.0.874
 
========== Last 10 Event Log Errors ==========
 
Error: Unable to start EventLog service!
 
< End of report >

cosinus 07.05.2012 18:37
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul =
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = http://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
[2011.05.28 13:04:03 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:24051EFF
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Sayri 08.05.2012 12:17
So der OTL fix ist auch durch hier das LOG:

Code:
All processes killed
========== OTL ==========
HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ deleted successfully.
C:\Program Files\Softonic_Deutsch\tbSoft.dll moved successfully.
HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Internet Explorer\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}\ deleted successfully.
C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}\ deleted successfully.
C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Program Files\Softonic_Deutsch\tbSoft.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}\ deleted successfully.
C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found.
File C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Program Files\Softonic_Deutsch\tbSoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{eec0f710-38b5-4aba-99bf-ec87564a4e13} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eec0f710-38b5-4aba-99bf-ec87564a4e13}\ deleted successfully.
File C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll not found.
Registry value HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found.
File C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}\ not found.
File C:\Program Files\Softonic_Deutsch\tbSoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
D:\AUTOEXEC.BAT moved successfully.
ADS C:\ProgramData\Temp:24051EFF deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: dagmar
->Temp folder emptied: 6258338 bytes
->Temporary Internet Files folder emptied: 194433655 bytes
->Java cache emptied: 2597569 bytes
->FireFox cache emptied: 169292027 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 102965 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2861268 bytes
RecycleBin emptied: 9853266451 bytes
 
Total Files Cleaned = 9.755,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: dagmar
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.42.3 log created on 05082012_122544

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\JET94FE.tmp not found!

Registry entries deleted on Reboot...

cosinus 08.05.2012 14:28
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Sayri 08.05.2012 15:29
Alles klar habe ich gemacht, hier der Report, und bis hier hin schonmal danke, viele Dank für deine Mühe.

Code:
16:25:30.0311 0276        TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18
16:25:30.0820 0276        ============================================================
16:25:30.0820 0276        Current date / time: 2012/05/08 16:25:30.0820
16:25:30.0820 0276        SystemInfo:
16:25:30.0820 0276       
16:25:30.0820 0276        OS Version: 6.0.6001 ServicePack: 1.0
16:25:30.0820 0276        Product type: Workstation
16:25:30.0821 0276        ComputerName: MAMA-PC
16:25:30.0821 0276        UserName: dagmar
16:25:30.0821 0276        Windows directory: C:\Windows
16:25:30.0821 0276        System windows directory: C:\Windows
16:25:30.0821 0276        Processor architecture: Intel x86
16:25:30.0821 0276        Number of processors: 2
16:25:30.0821 0276        Page size: 0x1000
16:25:30.0821 0276        Boot type: Normal boot
16:25:30.0821 0276        ============================================================
16:25:32.0359 0276        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:25:32.0370 0276        ============================================================
16:25:32.0370 0276        \Device\Harddisk0\DR0:
16:25:32.0370 0276        MBR partitions:
16:25:32.0370 0276        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x22CA4800
16:25:32.0370 0276        \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x22CA5000, BlocksNum 0x2789000
16:25:32.0370 0276        ============================================================
16:25:32.0406 0276        C: <-> \Device\Harddisk0\DR0\Partition0
16:25:32.0434 0276        D: <-> \Device\Harddisk0\DR0\Partition1
16:25:32.0434 0276        ============================================================
16:25:32.0434 0276        Initialize success
16:25:32.0434 0276        ============================================================
16:27:08.0703 3352        ============================================================
16:27:08.0703 3352        Scan started
16:27:08.0703 3352        Mode: Manual; SigCheck; TDLFS;
16:27:08.0703 3352        ============================================================
16:27:09.0450 3352        ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
16:27:09.0544 3352        ACPI - ok
16:27:09.0593 3352        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:27:09.0623 3352        adp94xx - ok
16:27:09.0673 3352        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:27:09.0697 3352        adpahci - ok
16:27:09.0731 3352        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:27:09.0756 3352        adpu160m - ok
16:27:09.0781 3352        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:27:09.0802 3352        adpu320 - ok
16:27:09.0834 3352        AeLookupSvc    (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
16:27:09.0947 3352        AeLookupSvc - ok
16:27:10.0020 3352        AFD            (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
16:27:10.0076 3352        AFD - ok
16:27:10.0093 3352        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:27:10.0103 3352        agp440 - ok
16:27:10.0128 3352        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:27:10.0140 3352        aic78xx - ok
16:27:10.0173 3352        ALG            (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
16:27:10.0222 3352        ALG - ok
16:27:10.0245 3352        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:27:10.0254 3352        aliide - ok
16:27:10.0278 3352        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:27:10.0288 3352        amdagp - ok
16:27:10.0333 3352        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:27:10.0342 3352        amdide - ok
16:27:10.0372 3352        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:27:10.0408 3352        AmdK7 - ok
16:27:10.0429 3352        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:27:10.0474 3352        AmdK8 - ok
16:27:10.0488 3352        Appinfo        (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
16:27:10.0523 3352        Appinfo - ok
16:27:10.0713 3352        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:27:10.0723 3352        Apple Mobile Device - ok
16:27:10.0745 3352        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:27:10.0756 3352        arc - ok
16:27:10.0778 3352        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:27:10.0788 3352        arcsas - ok
16:27:10.0813 3352        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:27:10.0868 3352        AsyncMac - ok
16:27:10.0890 3352        atapi          (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
16:27:10.0898 3352        atapi - ok
16:27:10.0987 3352        AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
16:27:11.0028 3352        AudioEndpointBuilder - ok
16:27:11.0033 3352        Audiosrv        (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
16:27:11.0061 3352        Audiosrv - ok
16:27:11.0078 3352        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:27:11.0116 3352        Beep - ok
16:27:11.0161 3352        BFE            (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
16:27:11.0219 3352        BFE - ok
16:27:11.0359 3352        BITS            (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll
16:27:11.0450 3352        BITS - ok
16:27:11.0483 3352        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:27:11.0524 3352        blbdrive - ok
16:27:11.0678 3352        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
16:27:11.0695 3352        Bonjour Service - ok
16:27:11.0766 3352        bowser          (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
16:27:11.0823 3352        bowser - ok
16:27:11.0836 3352        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:27:11.0914 3352        BrFiltLo - ok
16:27:11.0943 3352        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:27:11.0974 3352        BrFiltUp - ok
16:27:12.0008 3352        Browser        (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
16:27:12.0052 3352        Browser - ok
16:27:12.0080 3352        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:27:12.0140 3352        Brserid - ok
16:27:12.0337 3352        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:27:12.0402 3352        BrSerWdm - ok
16:27:12.0424 3352        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:27:12.0476 3352        BrUsbMdm - ok
16:27:12.0491 3352        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:27:12.0534 3352        BrUsbSer - ok
16:27:12.0584 3352        BthEnum        (ae19cfbbba41800f3d5343e21d2ca09f) C:\Windows\system32\DRIVERS\BthEnum.sys
16:27:12.0619 3352        BthEnum - ok
16:27:12.0642 3352        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:27:12.0712 3352        BTHMODEM - ok
16:27:12.0752 3352        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
16:27:12.0792 3352        BthPan - ok
16:27:12.0876 3352        BTHPORT        (75f19df0bc62992d05fdd8a32d968531) C:\Windows\system32\Drivers\BTHport.sys
16:27:12.0982 3352        BTHPORT - ok
16:27:13.0017 3352        BthServ        (fc930b47a83f5f61dfadc64a0719de43) C:\Windows\System32\bthserv.dll
16:27:13.0062 3352        BthServ - ok
16:27:13.0104 3352        BTHUSB          (4ce2a25c5936bc515357d60fee73f221) C:\Windows\system32\Drivers\BTHUSB.sys
16:27:13.0117 3352        BTHUSB - ok
16:27:13.0146 3352        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:27:13.0181 3352        cdfs - ok
16:27:13.0207 3352        cdrom          (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
16:27:13.0233 3352        cdrom - ok
16:27:13.0260 3352        CertPropSvc    (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
16:27:13.0285 3352        CertPropSvc - ok
16:27:13.0300 3352        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:27:13.0325 3352        circlass - ok
16:27:13.0375 3352        CLFS            (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
16:27:13.0402 3352        CLFS - ok
16:27:13.0509 3352        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:27:13.0520 3352        clr_optimization_v2.0.50727_32 - ok
16:27:13.0631 3352        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:27:13.0652 3352        clr_optimization_v4.0.30319_32 - ok
16:27:13.0681 3352        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:27:13.0727 3352        CmBatt - ok
16:27:13.0758 3352        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:27:13.0767 3352        cmdide - ok
16:27:13.0788 3352        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:27:13.0797 3352        Compbatt - ok
16:27:13.0800 3352        COMSysApp - ok
16:27:13.0808 3352        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:27:13.0818 3352        crcdisk - ok
16:27:13.0838 3352        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:27:13.0888 3352        Crusoe - ok
16:27:13.0933 3352        CryptSvc        (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
16:27:13.0994 3352        CryptSvc - ok
16:27:14.0092 3352        DcomLaunch      (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
16:27:14.0131 3352        DcomLaunch - ok
16:27:14.0189 3352        DfsC            (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
16:27:14.0245 3352        DfsC - ok
16:27:14.0453 3352        DFSR            (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
16:27:14.0596 3352        DFSR - ok
16:27:14.0754 3352        Dhcp            (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
16:27:14.0786 3352        Dhcp - ok
16:27:14.0836 3352        disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
16:27:14.0846 3352        disk - ok
16:27:14.0903 3352        Dnscache        (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
16:27:14.0941 3352        Dnscache - ok
16:27:14.0980 3352        dot3svc        (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
16:27:15.0068 3352        dot3svc - ok
16:27:15.0109 3352        Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
16:27:15.0167 3352        Dot4 - ok
16:27:15.0219 3352        Dot4Print      (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:27:15.0256 3352        Dot4Print - ok
16:27:15.0349 3352        dot4usb        (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
16:27:15.0392 3352        dot4usb - ok
16:27:15.0430 3352        DPS            (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
16:27:15.0479 3352        DPS - ok
16:27:15.0518 3352        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:27:15.0545 3352        drmkaud - ok
16:27:15.0633 3352        DXGKrnl        (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
16:27:15.0693 3352        DXGKrnl - ok
16:27:15.0751 3352        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:27:15.0797 3352        E1G60 - ok
16:27:15.0829 3352        EapHost        (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
16:27:15.0864 3352        EapHost - ok
16:27:15.0897 3352        Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
16:27:15.0918 3352        Ecache - ok
16:27:16.0028 3352        ehRecvr        (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
16:27:16.0051 3352        ehRecvr - ok
16:27:16.0074 3352        ehSched        (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
16:27:16.0112 3352        ehSched - ok
16:27:16.0147 3352        ehstart        (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
16:27:16.0171 3352        ehstart - ok
16:27:16.0233 3352        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:27:16.0256 3352        elxstor - ok
16:27:16.0354 3352        EMDMgmt        (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
16:27:16.0399 3352        EMDMgmt - ok
16:27:16.0427 3352        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:27:16.0482 3352        ErrDev - ok
16:27:16.0536 3352        EventSystem    (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
16:27:16.0561 3352        EventSystem - ok
16:27:16.0600 3352        exfat          (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
16:27:16.0655 3352        exfat - ok
16:27:16.0689 3352        fastfat        (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
16:27:16.0744 3352        fastfat - ok
16:27:16.0770 3352        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:27:16.0795 3352        fdc - ok
16:27:16.0827 3352        fdPHost        (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
16:27:16.0868 3352        fdPHost - ok
16:27:16.0894 3352        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
16:27:16.0953 3352        FDResPub - ok
16:27:16.0984 3352        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:27:16.0995 3352        FileInfo - ok
16:27:17.0021 3352        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:27:17.0063 3352        Filetrace - ok
16:27:17.0085 3352        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:27:17.0110 3352        flpydisk - ok
16:27:17.0128 3352        FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
16:27:17.0142 3352        FltMgr - ok
16:27:17.0257 3352        FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:27:17.0265 3352        FontCache3.0.0.0 - ok
16:27:17.0295 3352        FPSensor        (78c108c807afdc45d7867b96d01aa8f2) C:\Windows\system32\Drivers\FPSensor.sys
16:27:17.0302 3352        FPSensor - ok
16:27:17.0311 3352        FPWinIo        (4eff8408dd280f2468c39d0f4a2cec0d) C:\Windows\system32\DRIVERS\FPWinIo.sys
16:27:17.0319 3352        FPWinIo - ok
16:27:17.0329 3352        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:27:17.0368 3352        Fs_Rec - ok
16:27:17.0401 3352        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:27:17.0411 3352        gagp30kx - ok
16:27:17.0444 3352        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:27:17.0450 3352        GEARAspiWDM - ok
16:27:17.0536 3352        GoogleDesktopManager (33efd5039ea1bfa623d8bb9fb787cb0f) C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
16:27:17.0554 3352        GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - warning
16:27:17.0554 3352        GoogleDesktopManager - detected UnsignedFile.Multi.Generic (1)
16:27:17.0631 3352        gpsvc          (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
16:27:17.0676 3352        gpsvc - ok
16:27:17.0731 3352        gusvc          (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:27:17.0752 3352        gusvc - ok
16:27:17.0817 3352        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:27:17.0903 3352        HdAudAddService - ok
16:27:17.0959 3352        HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:27:17.0984 3352        HDAudBus - ok
16:27:17.0996 3352        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:27:18.0060 3352        HidBth - ok
16:27:18.0083 3352        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:27:18.0127 3352        HidIr - ok
16:27:18.0169 3352        hidserv        (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
16:27:18.0244 3352        hidserv - ok
16:27:18.0270 3352        HidUsb          (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
16:27:18.0288 3352        HidUsb - ok
16:27:18.0309 3352        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
16:27:18.0353 3352        hkmsvc - ok
16:27:18.0372 3352        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:27:18.0382 3352        HpCISSs - ok
16:27:18.0482 3352        HTTP            (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
16:27:18.0598 3352        HTTP - ok
16:27:18.0660 3352        hwdatacard      (19e6885a061011d8dabe8f64498423fa) C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:27:18.0687 3352        hwdatacard - ok
16:27:18.0712 3352        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:27:18.0721 3352        i2omp - ok
16:27:18.0741 3352        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:27:18.0760 3352        i8042prt - ok
16:27:18.0797 3352        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:27:18.0825 3352        iaStorV - ok
16:27:18.0958 3352        IDriverT        (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
16:27:18.0978 3352        IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:27:18.0979 3352        IDriverT - detected UnsignedFile.Multi.Generic (1)
16:27:19.0165 3352        idsvc          (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:27:19.0221 3352        idsvc - ok
16:27:19.0446 3352        IGBASVC        (be449d6218d34d93a95c1d2873dd8a5d) C:\Program Files\EgisTec\VITAKEY\BASVC.exe
16:27:19.0544 3352        IGBASVC - ok
16:27:19.0728 3352        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:27:19.0737 3352        iirsp - ok
16:27:19.0806 3352        IKEEXT          (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
16:27:19.0882 3352        IKEEXT - ok
16:27:20.0140 3352        IntcAzAudAddService (c3c499a704a2d7958d9d7e5a9db60ce4) C:\Windows\system32\drivers\RTKVHDA.sys
16:27:20.0215 3352        IntcAzAudAddService - ok
16:27:20.0386 3352        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:27:20.0395 3352        intelide - ok
16:27:20.0426 3352        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:27:20.0464 3352        intelppm - ok
16:27:20.0492 3352        IPBusEnum      (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
16:27:20.0537 3352        IPBusEnum - ok
16:27:20.0560 3352        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:27:20.0601 3352        IpFilterDriver - ok
16:27:20.0660 3352        iphlpsvc        (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
16:27:20.0712 3352        iphlpsvc - ok
16:27:20.0716 3352        IpInIp - ok
16:27:20.0742 3352        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
16:27:20.0768 3352        IPMIDRV - ok
16:27:20.0790 3352        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:27:20.0817 3352        IPNAT - ok
16:27:21.0018 3352        iPod Service    (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
16:27:21.0071 3352        iPod Service - ok
16:27:21.0112 3352        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:27:21.0137 3352        IRENUM - ok
16:27:21.0173 3352        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
16:27:21.0183 3352        isapnp - ok
16:27:21.0213 3352        iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
16:27:21.0224 3352        iScsiPrt - ok
16:27:21.0242 3352        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:27:21.0251 3352        iteatapi - ok
16:27:21.0270 3352        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:27:21.0279 3352        iteraid - ok
16:27:21.0317 3352        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:27:21.0325 3352        kbdclass - ok
16:27:21.0342 3352        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
16:27:21.0366 3352        kbdhid - ok
16:27:21.0388 3352        KeyIso          (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
16:27:21.0427 3352        KeyIso - ok
16:27:21.0477 3352        KSecDD          (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
16:27:21.0506 3352        KSecDD - ok
16:27:21.0566 3352        KtmRm          (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
16:27:21.0647 3352        KtmRm - ok
16:27:21.0650 3352        KUSBusByTCPMasterBus - ok
16:27:21.0707 3352        LanmanServer    (1925e63c91cf1610ae41bfd539062079) C:\Windows\system32\srvsvc.dll
16:27:21.0722 3352        LanmanServer - ok
16:27:21.0792 3352        LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
16:27:21.0816 3352        LanmanWorkstation - ok
16:27:21.0841 3352        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:27:21.0889 3352        lltdio - ok
16:27:21.0956 3352        lltdsvc        (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
16:27:22.0039 3352        lltdsvc - ok
16:27:22.0057 3352        lmhosts        (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
16:27:22.0112 3352        lmhosts - ok
16:27:22.0134 3352        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
16:27:22.0145 3352        LSI_FC - ok
16:27:22.0164 3352        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
16:27:22.0176 3352        LSI_SAS - ok
16:27:22.0200 3352        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
16:27:22.0211 3352        LSI_SCSI - ok
16:27:22.0238 3352        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:27:22.0264 3352        luafv - ok
16:27:22.0276 3352        Mcx2Svc        (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
16:27:22.0288 3352        Mcx2Svc - ok
16:27:22.0306 3352        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
16:27:22.0316 3352        megasas - ok
16:27:22.0370 3352        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
16:27:22.0454 3352        MegaSR - ok
16:27:22.0716 3352        Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
16:27:22.0726 3352        Microsoft Office Groove Audit Service - ok
16:27:22.0748 3352        MMCSS          (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
16:27:22.0773 3352        MMCSS - ok
16:27:22.0784 3352        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:27:22.0814 3352        Modem - ok
16:27:22.0832 3352        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:27:22.0871 3352        monitor - ok
16:27:22.0993 3352        mosuport        (cfdcf35739762dc51a431ac0524a0efb) C:\Windows\system32\DRIVERS\mosuport.sys
16:27:23.0068 3352        mosuport ( UnsignedFile.Multi.Generic ) - warning
16:27:23.0068 3352        mosuport - detected UnsignedFile.Multi.Generic (1)
16:27:23.0090 3352        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:27:23.0098 3352        mouclass - ok
16:27:23.0110 3352        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:27:23.0136 3352        mouhid - ok
16:27:23.0149 3352        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:27:23.0159 3352        MountMgr - ok
16:27:23.0237 3352        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:27:23.0261 3352        MozillaMaintenance - ok
16:27:23.0291 3352        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
16:27:23.0318 3352        mpio - ok
16:27:23.0342 3352        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:27:23.0379 3352        mpsdrv - ok
16:27:23.0442 3352        MpsSvc          (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
16:27:23.0504 3352        MpsSvc - ok
16:27:23.0524 3352        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:27:23.0534 3352        Mraid35x - ok
16:27:23.0566 3352        MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
16:27:23.0599 3352        MRxDAV - ok
16:27:23.0665 3352        mrxsmb          (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:27:23.0710 3352        mrxsmb - ok
16:27:23.0779 3352        mrxsmb10        (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:27:23.0798 3352        mrxsmb10 - ok
16:27:23.0817 3352        mrxsmb20        (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:27:23.0831 3352        mrxsmb20 - ok
16:27:23.0863 3352        msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
16:27:23.0871 3352        msahci - ok
16:27:23.0892 3352        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
16:27:23.0904 3352        msdsm - ok
16:27:23.0934 3352        MSDTC          (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
16:27:23.0973 3352        MSDTC - ok
16:27:23.0990 3352        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:27:24.0024 3352        Msfs - ok
16:27:24.0038 3352        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:27:24.0047 3352        msisadrv - ok
16:27:24.0091 3352        MSiSCSI        (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
16:27:24.0135 3352        MSiSCSI - ok
16:27:24.0138 3352        msiserver - ok
16:27:24.0166 3352        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:27:24.0202 3352        MSKSSRV - ok
16:27:24.0236 3352        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:27:24.0260 3352        MSPCLOCK - ok
16:27:24.0277 3352        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:27:24.0302 3352        MSPQM - ok
16:27:24.0330 3352        MsRPC          (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
16:27:24.0343 3352        MsRPC - ok
16:27:24.0364 3352        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:27:24.0373 3352        mssmbios - ok
16:27:24.0387 3352        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:27:24.0411 3352        MSTEE - ok
16:27:24.0444 3352        Mup            (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
16:27:24.0454 3352        Mup - ok
16:27:24.0470 3352        mwlPSDFilter    (62d3c8e2e75abd9fc3dee1b0e5b437e0) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
16:27:24.0495 3352        mwlPSDFilter - ok
16:27:24.0514 3352        mwlPSDNServ    (3963db3d50d60d17ce7a5eb7d4da2e7d) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
16:27:24.0520 3352        mwlPSDNServ - ok
16:27:24.0535 3352        mwlPSDVDisk    (c6de675ce2f2b6e4f78bf7e8187fc1ec) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
16:27:24.0542 3352        mwlPSDVDisk - ok
16:27:24.0722 3352        MWLService      (3fd2d2f48c05c9e8ec0a8d61bce12bfa) C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
16:27:24.0738 3352        MWLService - ok
16:27:24.0789 3352        napagent        (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
16:27:24.0831 3352        napagent - ok
16:27:24.0889 3352        NasPmService - ok
16:27:24.0936 3352        NativeWifiP    (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
16:27:24.0971 3352        NativeWifiP - ok
16:27:25.0070 3352        NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
16:27:25.0131 3352        NDIS - ok
16:27:25.0180 3352        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:27:25.0214 3352        NdisTapi - ok
16:27:25.0228 3352        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:27:25.0273 3352        Ndisuio - ok
16:27:25.0328 3352        NdisWan        (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
16:27:25.0365 3352        NdisWan - ok
16:27:25.0373 3352        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:27:25.0393 3352        NDProxy - ok
16:27:25.0540 3352        Nero BackItUp Scheduler 3 (40d7d0a208ee863bca8d89e299216f15) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
16:27:25.0566 3352        Nero BackItUp Scheduler 3 - ok
16:27:25.0591 3352        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:27:25.0626 3352        NetBIOS - ok
16:27:25.0653 3352        netbt          (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
16:27:25.0698 3352        netbt - ok
16:27:25.0742 3352        Netlogon        (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
16:27:25.0756 3352        Netlogon - ok
16:27:25.0805 3352        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
16:27:25.0848 3352        Netman - ok
16:27:25.0880 3352        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
16:27:25.0920 3352        netprofm - ok
16:27:26.0020 3352        NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:27:26.0042 3352        NetTcpPortSharing - ok
16:27:26.0379 3352        NETw5v32        (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
16:27:26.0628 3352        NETw5v32 - ok
16:27:26.0793 3352        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:27:26.0804 3352        nfrd960 - ok
16:27:26.0862 3352        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
16:27:26.0936 3352        NlaSvc - ok
16:27:27.0070 3352        NMIndexingService (eba1b4bf2e2375abdadedb649f283541) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
16:27:27.0105 3352        NMIndexingService - ok
16:27:27.0159 3352        Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
16:27:27.0201 3352        Npfs - ok
16:27:27.0218 3352        nsi            (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
16:27:27.0251 3352        nsi - ok
16:27:27.0260 3352        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:27:27.0308 3352        nsiproxy - ok
16:27:27.0420 3352        Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
16:27:27.0505 3352        Ntfs - ok
16:27:27.0535 3352        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:27:27.0589 3352        ntrigdigi - ok
16:27:27.0629 3352        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:27:27.0653 3352        Null - ok
16:27:27.0688 3352        NVHDA          (a103162c62c336c2cb3c5e1e2773d17b) C:\Windows\system32\drivers\nvhda32v.sys
16:27:27.0696 3352        NVHDA - ok
16:27:28.0677 3352        nvlddmkm        (692bd7ae273b8fd16d1ef1677394dd84) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:27:29.0300 3352        nvlddmkm - ok
16:27:29.0453 3352        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
16:27:29.0478 3352        nvraid - ok
16:27:29.0507 3352        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
16:27:29.0518 3352        nvstor - ok
16:27:29.0565 3352        nvsvc          (7708f81cc3c92e107da01caa67dfdb0a) C:\Windows\system32\nvvsvc.exe
16:27:29.0583 3352        nvsvc - ok
16:27:29.0613 3352        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
16:27:29.0627 3352        nv_agp - ok
16:27:29.0631 3352        NwlnkFlt - ok
16:27:29.0635 3352        NwlnkFwd - ok
16:27:29.0805 3352        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:27:29.0833 3352        odserv - ok
16:27:29.0859 3352        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
16:27:29.0917 3352        ohci1394 - ok
16:27:29.0951 3352        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:27:29.0971 3352        ose - ok
16:27:30.0052 3352        p2pimsvc        (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
16:27:30.0112 3352        p2pimsvc - ok
16:27:30.0119 3352        p2psvc          (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
16:27:30.0177 3352        p2psvc - ok
16:27:30.0228 3352        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:27:30.0284 3352        Parport - ok
16:27:30.0315 3352        partmgr        (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
16:27:30.0325 3352        partmgr - ok
16:27:30.0342 3352        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:27:30.0386 3352        Parvdm - ok
16:27:30.0404 3352        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
16:27:30.0436 3352        PcaSvc - ok
16:27:30.0552 3352        pci            (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
16:27:30.0565 3352        pci - ok
16:27:30.0588 3352        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
16:27:30.0597 3352        pciide - ok
16:27:30.0634 3352        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:27:30.0653 3352        pcmcia - ok
16:27:30.0746 3352        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:27:30.0838 3352        PEAUTH - ok
16:27:30.0986 3352        PhilCap        (f433b5aa6dbac3c8626eefaf134e4763) C:\Windows\system32\DRIVERS\PhilCap.sys
16:27:31.0047 3352        PhilCap - ok
16:27:31.0261 3352        pla            (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
16:27:31.0384 3352        pla - ok
16:27:31.0544 3352        PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe
16:27:31.0583 3352        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
16:27:31.0583 3352        PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
16:27:31.0630 3352        PlugPlay        (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
16:27:31.0711 3352        PlugPlay - ok
16:27:31.0810 3352        PNRPAutoReg    (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
16:27:31.0858 3352        PNRPAutoReg - ok
16:27:31.0865 3352        PNRPsvc        (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
16:27:31.0915 3352        PNRPsvc - ok
16:27:32.0010 3352        PolicyAgent    (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
16:27:32.0074 3352        PolicyAgent - ok
16:27:32.0152 3352        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:27:32.0194 3352        PptpMiniport - ok
16:27:32.0233 3352        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
16:27:32.0259 3352        Processor - ok
16:27:32.0301 3352        ProfSvc        (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
16:27:32.0341 3352        ProfSvc - ok
16:27:32.0380 3352        ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
16:27:32.0391 3352        ProtectedStorage - ok
16:27:32.0435 3352        ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\Windows\system32\PSIService.exe
16:27:32.0446 3352        ProtexisLicensing - ok
16:27:32.0474 3352        PSched          (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
16:27:32.0512 3352        PSched - ok
16:27:32.0624 3352        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
16:27:32.0740 3352        ql2300 - ok
16:27:32.0857 3352        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:27:32.0886 3352        ql40xx - ok
16:27:33.0057 3352        QWAVE          (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
16:27:33.0086 3352        QWAVE - ok
16:27:33.0105 3352        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:27:33.0133 3352        QWAVEdrv - ok
16:27:33.0148 3352        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:27:33.0173 3352        RasAcd - ok
16:27:33.0197 3352        RasAuto        (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
16:27:33.0244 3352        RasAuto - ok
16:27:33.0272 3352        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:27:33.0298 3352        Rasl2tp - ok
16:27:33.0338 3352        RasMan          (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
16:27:33.0379 3352        RasMan - ok
16:27:33.0386 3352        RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
16:27:33.0411 3352        RasPppoe - ok
16:27:33.0428 3352        RasSstp        (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
16:27:33.0459 3352        RasSstp - ok
16:27:33.0509 3352        rdbss          (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
16:27:33.0548 3352        rdbss - ok
16:27:33.0568 3352        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:27:33.0602 3352        RDPCDD - ok
16:27:33.0650 3352        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
16:27:33.0692 3352        rdpdr - ok
16:27:33.0697 3352        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:27:33.0746 3352        RDPENCDD - ok
16:27:33.0773 3352        RDPWD          (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
16:27:33.0814 3352        RDPWD - ok
16:27:33.0857 3352        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
16:27:33.0883 3352        RemoteAccess - ok
16:27:33.0925 3352        RemoteRegistry  (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
16:27:33.0964 3352        RemoteRegistry - ok
16:27:34.0015 3352        RFCOMM          (23f486726da7a9b2f3ec7326421a9c36) C:\Windows\system32\DRIVERS\rfcomm.sys
16:27:34.0037 3352        RFCOMM - ok
16:27:34.0148 3352        RichVideo      (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
16:27:34.0182 3352        RichVideo ( UnsignedFile.Multi.Generic ) - warning
16:27:34.0183 3352        RichVideo - detected UnsignedFile.Multi.Generic (1)
16:27:34.0225 3352        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
16:27:34.0237 3352        RpcLocator - ok
16:27:34.0327 3352        RpcSs          (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
16:27:34.0348 3352        RpcSs - ok
16:27:34.0368 3352        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:27:34.0393 3352        rspndr - ok
16:27:34.0425 3352        RTL8169        (174b9514cd1a0c33ce4bbc02a3c81a62) C:\Windows\system32\DRIVERS\Rtlh86.sys
16:27:34.0510 3352        RTL8169 - ok
16:27:34.0561 3352        RTSTOR          (9ea88492b1dab90dce43a6f2c0e133bd) C:\Windows\system32\drivers\RTSTOR.SYS
16:27:34.0602 3352        RTSTOR - ok
16:27:34.0616 3352        SamSs          (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
16:27:34.0629 3352        SamSs - ok
16:27:34.0662 3352        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:27:34.0673 3352        sbp2port - ok
16:27:34.0715 3352        SCardSvr        (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
16:27:34.0749 3352        SCardSvr - ok
16:27:34.0853 3352        Schedule        (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
16:27:34.0878 3352        Schedule - ok
16:27:34.0907 3352        SCPolicySvc    (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
16:27:34.0932 3352        SCPolicySvc - ok
16:27:34.0951 3352        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
16:27:34.0986 3352        SDRSVC - ok
16:27:35.0019 3352        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:27:35.0075 3352        secdrv - ok
16:27:35.0086 3352        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
16:27:35.0113 3352        seclogon - ok
16:27:35.0125 3352        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
16:27:35.0163 3352        SENS - ok
16:27:35.0183 3352        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
16:27:35.0244 3352        Serenum - ok
16:27:35.0296 3352        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:27:35.0351 3352        Serial - ok
16:27:35.0370 3352        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:27:35.0396 3352        sermouse - ok
16:27:35.0436 3352        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
16:27:35.0464 3352        SessionEnv - ok
16:27:35.0476 3352        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
16:27:35.0495 3352        sffdisk - ok
16:27:35.0512 3352        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
16:27:35.0552 3352        sffp_mmc - ok
16:27:35.0564 3352        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
16:27:35.0601 3352        sffp_sd - ok
16:27:35.0612 3352        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:27:35.0656 3352        sfloppy - ok
16:27:35.0717 3352        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
16:27:35.0775 3352        SharedAccess - ok
16:27:35.0835 3352        ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
16:27:35.0871 3352        ShellHWDetection - ok
16:27:35.0896 3352        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
16:27:35.0909 3352        sisagp - ok
16:27:35.0922 3352        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
16:27:35.0935 3352        SiSRaid2 - ok
16:27:35.0967 3352        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
16:27:35.0981 3352        SiSRaid4 - ok
16:27:36.0236 3352        slsvc          (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
16:27:36.0405 3352        slsvc - ok
16:27:36.0587 3352        SLUINotify      (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
16:27:36.0615 3352        SLUINotify - ok
16:27:36.0656 3352        Smb            (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
16:27:36.0696 3352        Smb - ok
16:27:36.0719 3352        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
16:27:36.0732 3352        SNMPTRAP - ok
16:27:36.0908 3352        SNP2UVC        (913d2ce973ed904fe54de9db38fceff2) C:\Windows\system32\DRIVERS\snp2uvc.sys
16:27:37.0039 3352        SNP2UVC - ok
16:27:37.0204 3352        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:27:37.0214 3352        spldr - ok
16:27:37.0270 3352        Spooler        (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
16:27:37.0324 3352        Spooler - ok
16:27:37.0397 3352        srv            (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
16:27:37.0441 3352        srv - ok
16:27:37.0508 3352        srv2            (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
16:27:37.0540 3352        srv2 - ok
16:27:37.0807 3352        srvcPVR        (71db619f4068d7c70d447d73617cdfac) C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
16:27:37.0909 3352        srvcPVR ( UnsignedFile.Multi.Generic ) - warning
16:27:37.0909 3352        srvcPVR - detected UnsignedFile.Multi.Generic (1)
16:27:38.0265 3352        srvnet          (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
16:27:38.0307 3352        srvnet - ok
16:27:38.0348 3352        SSDPSRV        (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
16:27:38.0388 3352        SSDPSRV - ok
16:27:38.0436 3352        SstpSvc        (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
16:27:38.0458 3352        SstpSvc - ok
16:27:38.0504 3352        StillCam        (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
16:27:38.0524 3352        StillCam - ok
16:27:38.0584 3352        stisvc          (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
16:27:38.0605 3352        stisvc - ok
16:27:38.0628 3352        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:27:38.0636 3352        swenum - ok
16:27:38.0674 3352        swmsflt        (57bbaef27dc790160245b43eb6dcd576) C:\Windows\System32\drivers\swmsflt.sys
16:27:38.0683 3352        swmsflt - ok
16:27:38.0741 3352        swprv          (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
16:27:38.0773 3352        swprv - ok
16:27:38.0803 3352        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:27:38.0812 3352        Symc8xx - ok
16:27:38.0841 3352        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:27:38.0850 3352        Sym_hi - ok
16:27:38.0875 3352        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:27:38.0884 3352        Sym_u3 - ok
16:27:38.0954 3352        SysMain        (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
16:27:38.0999 3352        SysMain - ok
16:27:39.0025 3352        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
16:27:39.0041 3352        TabletInputService - ok
16:27:39.0080 3352        TapiSrv        (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
16:27:39.0121 3352        TapiSrv - ok
16:27:39.0139 3352        TBS            (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
16:27:39.0166 3352        TBS - ok
16:27:39.0289 3352        Tcpip          (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
16:27:39.0339 3352        Tcpip - ok
16:27:39.0350 3352        Tcpip6          (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
16:27:39.0393 3352        Tcpip6 - ok
16:27:39.0417 3352        tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
16:27:39.0458 3352        tcpipreg - ok
16:27:39.0479 3352        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:27:39.0526 3352        TDPIPE - ok
16:27:39.0548 3352        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:27:39.0573 3352        TDTCP - ok
16:27:39.0591 3352        tdx            (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
16:27:39.0634 3352        tdx - ok
16:27:39.0648 3352        TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
16:27:39.0657 3352        TermDD - ok
16:27:39.0729 3352        TermService    (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
16:27:39.0788 3352        TermService - ok
16:27:39.0876 3352        Themes          (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
16:27:39.0893 3352        Themes - ok
16:27:39.0914 3352        THREADORDER    (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
16:27:39.0940 3352        THREADORDER - ok
16:27:39.0953 3352        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
16:27:39.0979 3352        TrkWks - ok
16:27:40.0043 3352        TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
16:27:40.0084 3352        TrustedInstaller - ok
16:27:40.0108 3352        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:27:40.0155 3352        tssecsrv - ok
16:27:40.0175 3352        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:27:40.0187 3352        tunmp - ok
16:27:40.0217 3352        tunnel          (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
16:27:40.0230 3352        tunnel - ok
16:27:40.0265 3352        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
16:27:40.0276 3352        uagp35 - ok
16:27:40.0345 3352        udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
16:27:40.0376 3352        udfs - ok
16:27:40.0412 3352        UI0Detect      (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
16:27:40.0449 3352        UI0Detect - ok
16:27:40.0474 3352        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
16:27:40.0484 3352        uliagpkx - ok
16:27:40.0530 3352        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
16:27:40.0554 3352        uliahci - ok
16:27:40.0585 3352        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:27:40.0596 3352        UlSata - ok
16:27:40.0616 3352        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:27:40.0628 3352        ulsata2 - ok
16:27:40.0654 3352        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:27:40.0691 3352        umbus - ok
16:27:40.0699 3352        UMPass          (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
16:27:40.0732 3352        UMPass - ok
16:27:40.0771 3352        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
16:27:40.0813 3352        upnphost - ok
16:27:40.0857 3352        USBAAPL        (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
16:27:40.0884 3352        USBAAPL - ok
16:27:40.0927 3352        usbaudio        (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
16:27:40.0953 3352        usbaudio - ok
16:27:40.0999 3352        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:27:41.0038 3352        usbccgp - ok
16:27:41.0067 3352        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:27:41.0129 3352        usbcir - ok
16:27:41.0151 3352        usbehci        (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
16:27:41.0196 3352        usbehci - ok
16:27:41.0225 3352        usbhub          (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
16:27:41.0281 3352        usbhub - ok
16:27:41.0303 3352        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:27:41.0348 3352        usbohci - ok
16:27:41.0388 3352        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:27:41.0413 3352        usbprint - ok
16:27:41.0451 3352        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:27:41.0470 3352        usbscan - ok
16:27:41.0508 3352        USBSTOR        (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:27:41.0534 3352        USBSTOR - ok
16:27:41.0546 3352        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:27:41.0592 3352        usbuhci - ok
16:27:41.0643 3352        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
16:27:41.0743 3352        usbvideo - ok
16:27:41.0766 3352        UxSms          (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
16:27:41.0830 3352        UxSms - ok
16:27:41.0883 3352        vds            (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
16:27:41.0945 3352        vds - ok
16:27:42.0167 3352        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:27:42.0217 3352        vga - ok
16:27:42.0248 3352        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:27:42.0287 3352        VgaSave - ok
16:27:42.0315 3352        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
16:27:42.0328 3352        viaagp - ok
16:27:42.0378 3352        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
16:27:42.0403 3352        ViaC7 - ok
16:27:42.0423 3352        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
16:27:42.0432 3352        viaide - ok
16:27:42.0460 3352        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:27:42.0470 3352        volmgr - ok
16:27:42.0566 3352        volmgrx        (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
16:27:42.0596 3352        volmgrx - ok
16:27:42.0632 3352        volsnap        (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
16:27:42.0670 3352        volsnap - ok
16:27:42.0704 3352        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
16:27:42.0726 3352        vsmraid - ok
16:27:42.0938 3352        VSS            (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
16:27:43.0038 3352        VSS - ok
16:27:43.0107 3352        W32Time        (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
16:27:43.0159 3352        W32Time - ok
16:27:43.0257 3352        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:27:43.0301 3352        WacomPen - ok
16:27:43.0330 3352        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:27:43.0365 3352        Wanarp - ok
16:27:43.0380 3352        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:27:43.0400 3352        Wanarpv6 - ok
16:27:43.0590 3352        wcncsvc        (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
16:27:43.0634 3352        wcncsvc - ok
16:27:43.0685 3352        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
16:27:43.0719 3352        WcsPlugInService - ok
16:27:43.0815 3352        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:27:43.0824 3352        Wd - ok
16:27:44.0066 3352        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:27:44.0099 3352        Wdf01000 - ok
16:27:44.0120 3352        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
16:27:44.0162 3352        WdiServiceHost - ok
16:27:44.0165 3352        WdiSystemHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
16:27:44.0192 3352        WdiSystemHost - ok
16:27:44.0225 3352        WebClient      (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
16:27:44.0255 3352        WebClient - ok
16:27:44.0317 3352        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
16:27:44.0350 3352        Wecsvc - ok
16:27:44.0373 3352        wercplsupport  (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
16:27:44.0412 3352        wercplsupport - ok
16:27:44.0466 3352        WerSvc          (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
16:27:44.0489 3352        WerSvc - ok
16:27:44.0572 3352        WinDefend      (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
16:27:44.0597 3352        WinDefend - ok
16:27:44.0602 3352        WinHttpAutoProxySvc - ok
16:27:44.0685 3352        Winmgmt        (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
16:27:44.0724 3352        Winmgmt - ok
16:27:44.0901 3352        WinRM          (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
16:27:45.0008 3352        WinRM - ok
16:27:45.0133 3352        Wlansvc        (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
16:27:45.0181 3352        Wlansvc - ok
16:27:45.0230 3352        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:27:45.0249 3352        WmiAcpi - ok
16:27:45.0414 3352        wmiApSrv        (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
16:27:45.0458 3352        wmiApSrv - ok
16:27:45.0631 3352        WMPNetworkSvc  (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:27:45.0680 3352        WMPNetworkSvc - ok
16:27:45.0817 3352        WPCSvc          (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
16:27:45.0837 3352        WPCSvc - ok
16:27:45.0858 3352        WPDBusEnum      (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
16:27:45.0892 3352        WPDBusEnum - ok
16:27:45.0970 3352        WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
16:27:46.0008 3352        WpdUsb - ok
16:27:46.0338 3352        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:27:46.0385 3352        WPFFontCache_v0400 - ok
16:27:46.0411 3352        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:27:46.0473 3352        ws2ifsl - ok
16:27:46.0509 3352        wscsvc          (683dd16b590372f2c9661d277f35e49c) C:\Windows\System32\wscsvc.dll
16:27:46.0526 3352        wscsvc - ok
16:27:46.0539 3352        WSearch - ok
16:27:46.0548 3352        wtsmpadap - ok
16:27:46.0554 3352        WtSmpFlt - ok
16:27:46.0766 3352        wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
16:27:46.0906 3352        wuauserv - ok
16:27:47.0038 3352        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:27:47.0076 3352        WUDFRd - ok
16:27:47.0105 3352        wudfsvc        (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
16:27:47.0144 3352        wudfsvc - ok
16:27:47.0169 3352        X10Hid          (ab2d77bf7222b007717abb61b15f9ae2) C:\Windows\system32\Drivers\x10hid.sys
16:27:47.0177 3352        X10Hid - ok
16:27:47.0264 3352        x10nets        (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
16:27:47.0279 3352        x10nets ( UnsignedFile.Multi.Generic ) - warning
16:27:47.0279 3352        x10nets - detected UnsignedFile.Multi.Generic (1)
16:27:47.0312 3352        XUIF            (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys
16:27:47.0319 3352        XUIF - ok
16:27:47.0333 3352        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:27:47.0484 3352        \Device\Harddisk0\DR0 - ok
16:27:47.0487 3352        Boot (0x1200)  (d388fb9ccf230ec959d1a647c421c6b8) \Device\Harddisk0\DR0\Partition0
16:27:47.0489 3352        \Device\Harddisk0\DR0\Partition0 - ok
16:27:47.0507 3352        Boot (0x1200)  (bd23f3459bb4a4a6ef4d891f1def3ff1) \Device\Harddisk0\DR0\Partition1
16:27:47.0508 3352        \Device\Harddisk0\DR0\Partition1 - ok
16:27:47.0508 3352        ============================================================
16:27:47.0508 3352        Scan finished
16:27:47.0508 3352        ============================================================
16:27:47.0520 0788        Detected object count: 7
16:27:47.0520 0788        Actual detected object count: 7
16:27:55.0293 0788        GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - skipped by user
16:27:55.0293 0788        GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:27:55.0295 0788        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:27:55.0295 0788        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:27:55.0297 0788        mosuport ( UnsignedFile.Multi.Generic ) - skipped by user
16:27:55.0297 0788        mosuport ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:27:55.0299 0788        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:27:55.0299 0788        PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:27:55.0300 0788        RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
16:27:55.0301 0788        RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:27:55.0302 0788        srvcPVR ( UnsignedFile.Multi.Generic ) - skipped by user
16:27:55.0302 0788        srvcPVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:27:55.0304 0788        x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
16:27:55.0304 0788        x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 08.05.2012 17:42
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Sayri 08.05.2012 20:55
Soo und hier die CF.txt

Code:
ComboFix 12-05-08.02 - dagmar 08.05.2012  21:42:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.49.1031.18.3066.2006 [GMT 2:00]
ausgeführt von:: c:\users\dagmar\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\abmeldung.doc.rkhv
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\ALDI Blumen Service.url.fbja
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\ALDI Fotoservice.url.vrih
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\anmeldung.doc.qaxl
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\antrag 05.doc.fvgu
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\antrag 05.doc.joqj
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\antrag 05.xml
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\Antrag neubau.rtf.yycy
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\briefbogenbw.doc.nhib
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\BullGuard Internet Security.url.lpal
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\Currenta Bewerbungsbogen.pdf.jnwp
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\Einladung_Medenspiel_Sommer.doc.nbgu
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\göckemeyer.doc.yycy
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\GiroBetriebs10-11.xls.qnwm
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\GiroVerein 12.xls.pkmw
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\HOTHotel Maritim Bonn.URL.vcyf
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\MEDION Games.url.vqms
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\MEDION Homepage.url.ynja
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\Namentliche_Meldung_Kreismeisterschaften_2012BlauWeiß Leichlingen.doc.nqon
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\Sommerplan 2011.xlsx.hinp
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\Trainigskosten SS 2011.xlsx.dtfn
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\www.bahn.de - Ihr Mobilitätsportal für Reisen, Bahn, Urlaub, Hotels, Städtereisen und Mietwagen.URL.gtln
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-04-08 bis 2012-05-08  ))))))))))))))))))))))))))))))
.
.
2012-05-08 19:49 . 2012-05-08 19:49        --------        d-----w-        c:\users\dagmar\AppData\Local\temp
2012-05-08 19:49 . 2012-05-08 19:49        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-05-08 10:25 . 2012-05-08 10:25        --------        d-----w-        C:\_OTL
2012-05-08 10:08 . 2012-04-13 07:36        6734704        ----a-w-        c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{9F285FC0-BD01-4B42-8492-E12866761F47}\mpengine.dll        ERROR(0x00000005)
2012-05-06 20:16 . 2012-05-08 14:56        1152760        ----a-w-        c:\documents and settings\All Users\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll        ERROR(0x00000005)
2012-05-03 00:00 . 2012-05-03 00:00        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-05-02 19:43 . 2012-05-02 19:43        --------        d-----w-        c:\users\dagmar\AppData\Roaming\Malwarebytes
2012-05-02 19:39 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-04-30 17:09 . 2012-04-30 17:09        --------        d-----w-        c:\program files\iPod
2012-04-30 14:41 . 2012-04-30 14:41        --------        d-----w-        c:\program files\ABUS Security-Center
2012-04-25 08:49 . 2012-04-25 08:49        --------        d-----w-        c:\program files\Mozilla Maintenance Service
2012-04-25 08:48 . 2012-04-25 08:48        157352        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 08:48 . 2012-04-25 08:48        129976        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 07:36 . 2008-08-28 02:31        6734704        ----a-w-        c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll        ERROR(0x00000005)
2012-02-23 08:18 . 2009-10-03 10:08        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-02-15 10:01 . 2012-02-15 10:01        4547944        ----a-w-        c:\windows\system32\usbaaplrc.dll
2012-02-15 10:01 . 2012-02-15 10:01        43520        ----a-w-        c:\windows\system32\drivers\usbaapl.sys
2012-04-25 08:48 . 2011-05-26 15:41        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-08-04 14:45        40496        ----a-w-        c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-08 13548064]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-24 6265376]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2008-08-04 326192]
"VitaKeyPdtWzd"="c:\program files\EgisTec\VITAKEY\PdtWzd.exe" [2008-08-29 2303272]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          c:\program files\EgisTec\VITAKEY\PwdFilter
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner Finder.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk
backup=c:\windows\pss\Scanner Finder.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^dagmar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 20:28        59240        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-09-02 12:24        220160        ----a-w-        c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36        30040        ----a-w-        c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 20:17        52256        ----a-w-        c:\program files\HomeCinema\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]
2012-02-23 11:30        59240        ----a-w-        c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 12:28        421888        ----a-w-        d:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-02-09 18:51        71216        ----a-w-        c:\program files\HomeCinema\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59        254696        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-25 11:38        39408        ----a-w-        c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
2007-02-09 20:54        16896        ----a-w-        c:\program files\GoogleEULA\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2uvc]
2008-08-28 13:03        233472        ----a-w-        c:\windows\tsnp2uvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2008-06-13 16:11        210216        ------w-        c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23        1008184        ----a-w-        c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25        202240        ----a-w-        c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"ehTray.exe"=c:\windows\ehome\ehTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-08 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2011-06-16 04:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://isearch.avg.com/?cid={7F78FFAE-8F3D-4E7C-BD38-57542C0788A8}&mid=0ad1e0af5fe847d1a9b264b9e522cff8-244949e3879da9d0fd68234c09e98073b34560dc&lang=de&ds=tt015&pr=sa&d=2012-03-09 12:20&v=8.0.0.34&sap=hp
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\r3o3ieey.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
MSConfigStartUp-BullGuard - c:\program files\BullGuard Ltd\BullGuard\bullguard.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-08 21:49
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(680)
c:\program files\EgisTec\VITAKEY\PwdFilter.dll
.
Zeit der Fertigstellung: 2012-05-08  21:53:09
ComboFix-quarantined-files.txt  2012-05-08 19:52
.
Vor Suchlauf: 10 Verzeichnis(se), 149.309.288.448 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 149.279.653.888 Bytes frei
.
- - End Of File - - 510ADED92F5B59506D0E8CA93F8CFDBF

cosinus 11.05.2012 09:55
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:55 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131