Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Tr/trash.gen vollständig gelöscht? Bin mir nicht sicher (https://www.trojaner-board.de/120294-tr-trash-gen-vollstaendig-geloescht-mir-sicher.html)

Kleineunifee 24.07.2012 18:27
Tr/trash.gen vollständig gelöscht? Bin mir nicht sicher
 
Hallo ich habe mit den o.g. Trojaner eingefangen. Leider habe ich wohl wie viele erst gehandelt und dann gelesen. Den Trojaner hat Antivir gefunden, in Quarantäne geschoben und den habe ich dann gelöscht.

Hier der LogFile mit dem Fund

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 23. Juli 2012 20:53

Es wird nach 3920507 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : NICOLE-PC

Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 18.05.2012 10:17:19
AVSCAN.DLL : 12.3.0.15 66256 Bytes 18.05.2012 10:17:19
LUKE.DLL : 12.3.0.15 68304 Bytes 18.05.2012 10:17:20
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 18.05.2012 10:17:20
AVREG.DLL : 12.3.0.17 232200 Bytes 18.05.2012 10:17:20
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 10:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 17:20:59
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 15:41:54
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 17:04:43
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 07:13:20
VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 07:13:20
VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 07:13:20
VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 07:13:20
VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 07:13:20
VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 07:13:20
VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 07:13:20
VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 07:13:20
VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 07:13:20
VBASE014.VDF : 7.11.34.201 169472 Bytes 02.07.2012 17:01:49
VBASE015.VDF : 7.11.35.19 122368 Bytes 04.07.2012 17:01:50
VBASE016.VDF : 7.11.35.87 146944 Bytes 06.07.2012 16:35:28
VBASE017.VDF : 7.11.35.143 126464 Bytes 09.07.2012 14:16:46
VBASE018.VDF : 7.11.35.235 151552 Bytes 12.07.2012 15:01:50
VBASE019.VDF : 7.11.36.45 118784 Bytes 13.07.2012 14:42:12
VBASE020.VDF : 7.11.36.107 123904 Bytes 16.07.2012 08:32:39
VBASE021.VDF : 7.11.36.147 238592 Bytes 17.07.2012 08:32:39
VBASE022.VDF : 7.11.36.209 135168 Bytes 19.07.2012 16:52:26
VBASE023.VDF : 7.11.37.19 116224 Bytes 21.07.2012 16:52:28
VBASE024.VDF : 7.11.37.79 149504 Bytes 23.07.2012 18:50:34
VBASE025.VDF : 7.11.37.80 2048 Bytes 23.07.2012 18:50:34
VBASE026.VDF : 7.11.37.81 2048 Bytes 23.07.2012 18:50:34
VBASE027.VDF : 7.11.37.82 2048 Bytes 23.07.2012 18:50:34
VBASE028.VDF : 7.11.37.83 2048 Bytes 23.07.2012 18:50:34
VBASE029.VDF : 7.11.37.84 2048 Bytes 23.07.2012 18:50:34
VBASE030.VDF : 7.11.37.85 2048 Bytes 23.07.2012 18:50:34
VBASE031.VDF : 7.11.37.88 3072 Bytes 23.07.2012 18:50:34
Engineversion : 8.2.10.118
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 14:16:49
AESCRIPT.DLL : 8.1.4.34 455035 Bytes 21.07.2012 16:52:33
AESCN.DLL : 8.1.8.2 131444 Bytes 28.01.2012 09:40:03
AESBX.DLL : 8.2.5.12 606578 Bytes 19.06.2012 12:57:04
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 22:16:06
AEPACK.DLL : 8.3.0.16 807287 Bytes 21.07.2012 16:52:33
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 21.07.2012 16:52:32
AEHEUR.DLL : 8.1.4.76 5063031 Bytes 21.07.2012 16:52:32
AEHELP.DLL : 8.1.23.2 258422 Bytes 01.07.2012 07:13:22
AEGEN.DLL : 8.1.5.34 434548 Bytes 21.07.2012 16:52:29
AEEXP.DLL : 8.1.0.68 86389 Bytes 21.07.2012 16:52:33
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 14:16:48
AECORE.DLL : 8.1.27.2 201078 Bytes 10.07.2012 14:16:48
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 22:46:01
AVWINLL.DLL : 12.3.0.15 27344 Bytes 18.05.2012 10:17:19
AVPREF.DLL : 12.3.0.15 51920 Bytes 18.05.2012 10:17:19
AVREP.DLL : 12.3.0.15 179208 Bytes 18.05.2012 10:17:20
AVARKT.DLL : 12.3.0.15 211408 Bytes 18.05.2012 10:17:19
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 18.05.2012 10:17:19
SQLITE3.DLL : 3.7.0.1 398288 Bytes 18.05.2012 10:17:20
AVSMTP.DLL : 12.3.0.15 63440 Bytes 18.05.2012 10:17:19
NETNT.DLL : 12.3.0.15 17104 Bytes 18.05.2012 10:17:20
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 18.05.2012 10:17:19
RCTEXT.DLL : 12.3.0.15 98512 Bytes 18.05.2012 10:17:19

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_500d9bb8\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +APPL,+JOKE,+SPR,

Beginn des Suchlaufs: Montag, 23. Juli 2012 20:53

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sppsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IELowutil.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqgpc01.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqbam08.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqSTE08.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'APSDaemon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'distnoted.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'COCIManager.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqtra08.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ubd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ApplePhotoStreams.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iCloudServices.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSOSYNC.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AnyDVDtray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuschd2.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CameraHelperShell.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmdc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LWS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'brs.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'x10nets.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'UMVPFSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\$RECYCLE.BIN\S-1-5-21-2369891443-1425051336-381616636-1000\$R3L7KNQ.exe'
C:\$RECYCLE.BIN\S-1-5-21-2369891443-1425051336-381616636-1000\$R3L7KNQ.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen

Beginne mit der Desinfektion:
C:\$RECYCLE.BIN\S-1-5-21-2369891443-1425051336-381616636-1000\$R3L7KNQ.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54c0303b.qua' verschoben!


Ende des Suchlaufs: Montag, 23. Juli 2012 20:53
Benötigte Zeit: 00:01 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

0 Verzeichnisse wurden überprüft
82 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
81 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
1 Hinweise


Die Suchergebnisse werden an den Guard übermittelt.

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 23. Juli 2012 20:52

Es wird nach 3920507 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : NICOLE-PC

Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 18.05.2012 10:17:19
AVSCAN.DLL : 12.3.0.15 66256 Bytes 18.05.2012 10:17:19
LUKE.DLL : 12.3.0.15 68304 Bytes 18.05.2012 10:17:20
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 18.05.2012 10:17:20
AVREG.DLL : 12.3.0.17 232200 Bytes 18.05.2012 10:17:20
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 10:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 17:20:59
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 15:41:54
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 17:04:43
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 07:13:20
VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 07:13:20
VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 07:13:20
VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 07:13:20
VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 07:13:20
VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 07:13:20
VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 07:13:20
VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 07:13:20
VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 07:13:20
VBASE014.VDF : 7.11.34.201 169472 Bytes 02.07.2012 17:01:49
VBASE015.VDF : 7.11.35.19 122368 Bytes 04.07.2012 17:01:50
VBASE016.VDF : 7.11.35.87 146944 Bytes 06.07.2012 16:35:28
VBASE017.VDF : 7.11.35.143 126464 Bytes 09.07.2012 14:16:46
VBASE018.VDF : 7.11.35.235 151552 Bytes 12.07.2012 15:01:50
VBASE019.VDF : 7.11.36.45 118784 Bytes 13.07.2012 14:42:12
VBASE020.VDF : 7.11.36.107 123904 Bytes 16.07.2012 08:32:39
VBASE021.VDF : 7.11.36.147 238592 Bytes 17.07.2012 08:32:39
VBASE022.VDF : 7.11.36.209 135168 Bytes 19.07.2012 16:52:26
VBASE023.VDF : 7.11.37.19 116224 Bytes 21.07.2012 16:52:28
VBASE024.VDF : 7.11.37.79 149504 Bytes 23.07.2012 18:50:34
VBASE025.VDF : 7.11.37.80 2048 Bytes 23.07.2012 18:50:34
VBASE026.VDF : 7.11.37.81 2048 Bytes 23.07.2012 18:50:34
VBASE027.VDF : 7.11.37.82 2048 Bytes 23.07.2012 18:50:34
VBASE028.VDF : 7.11.37.83 2048 Bytes 23.07.2012 18:50:34
VBASE029.VDF : 7.11.37.84 2048 Bytes 23.07.2012 18:50:34
VBASE030.VDF : 7.11.37.85 2048 Bytes 23.07.2012 18:50:34
VBASE031.VDF : 7.11.37.88 3072 Bytes 23.07.2012 18:50:34
Engineversion : 8.2.10.118
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 14:16:49
AESCRIPT.DLL : 8.1.4.34 455035 Bytes 21.07.2012 16:52:33
AESCN.DLL : 8.1.8.2 131444 Bytes 28.01.2012 09:40:03
AESBX.DLL : 8.2.5.12 606578 Bytes 19.06.2012 12:57:04
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 22:16:06
AEPACK.DLL : 8.3.0.16 807287 Bytes 21.07.2012 16:52:33
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 21.07.2012 16:52:32
AEHEUR.DLL : 8.1.4.76 5063031 Bytes 21.07.2012 16:52:32
AEHELP.DLL : 8.1.23.2 258422 Bytes 01.07.2012 07:13:22
AEGEN.DLL : 8.1.5.34 434548 Bytes 21.07.2012 16:52:29
AEEXP.DLL : 8.1.0.68 86389 Bytes 21.07.2012 16:52:33
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 14:16:48
AECORE.DLL : 8.1.27.2 201078 Bytes 10.07.2012 14:16:48
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 22:46:01
AVWINLL.DLL : 12.3.0.15 27344 Bytes 18.05.2012 10:17:19
AVPREF.DLL : 12.3.0.15 51920 Bytes 18.05.2012 10:17:19
AVREP.DLL : 12.3.0.15 179208 Bytes 18.05.2012 10:17:20
AVARKT.DLL : 12.3.0.15 211408 Bytes 18.05.2012 10:17:19
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 18.05.2012 10:17:19
SQLITE3.DLL : 3.7.0.1 398288 Bytes 18.05.2012 10:17:20
AVSMTP.DLL : 12.3.0.15 63440 Bytes 18.05.2012 10:17:19
NETNT.DLL : 12.3.0.15 17104 Bytes 18.05.2012 10:17:20
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 18.05.2012 10:17:19
RCTEXT.DLL : 12.3.0.15 98512 Bytes 18.05.2012 10:17:19

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_500d9bb8\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +APPL,+JOKE,+SPR,

Beginn des Suchlaufs: Montag, 23. Juli 2012 20:52

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sppsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IELowutil.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqgpc01.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqbam08.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqSTE08.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'APSDaemon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'distnoted.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'COCIManager.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqtra08.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ubd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ApplePhotoStreams.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iCloudServices.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSOSYNC.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AnyDVDtray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuschd2.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CameraHelperShell.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmdc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LWS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'brs.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'x10nets.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'UMVPFSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\$RECYCLE.BIN\S-1-5-21-2369891443-1425051336-381616636-1000\$R4WEU8R.exe'
C:\$RECYCLE.BIN\S-1-5-21-2369891443-1425051336-381616636-1000\$R4WEU8R.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen

Beginne mit der Desinfektion:
C:\$RECYCLE.BIN\S-1-5-21-2369891443-1425051336-381616636-1000\$R4WEU8R.exe
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '53a9301c.qua' verschoben!


Ende des Suchlaufs: Montag, 23. Juli 2012 20:52
Benötigte Zeit: 00:01 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

0 Verzeichnisse wurden überprüft
86 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
85 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
1 Hinweise


Die Suchergebnisse werden an den Guard übermittelt.
_____________________________________________________________


Hier der Logfile von Malwarebytes nach dem Löschen aus der Quarantäne:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.23.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Nicole :: NICOLE-PC [Administrator]

24.07.2012 06:51:22
mbam-log-2012-07-24 (06-51-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 395921
Laufzeit: 1 Stunde(n), 5 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L30Z48JC\WORLD_21_target_5830[1].exe (PUP.Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
_______________________________________________________________

OTL.txt

OTL logfile created on: 7/24/2012 6:46:58 PM - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Nicole\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 50.61% Memory free
5.99 Gb Paging File | 4.33 Gb Available in Paging File | 72.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 434.66 Gb Total Space | 305.26 Gb Free Space | 70.23% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 13.29 Gb Free Space | 44.30% Space Free | Partition Type: NTFS

Computer Name: NICOLE-PC | User Name: Nicole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/24 18:45:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Downloads\OTL.exe
PRC - [2012/06/28 00:24:08 | 002,053,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\msxml4-KB2721691-enu.exe
PRC - [2012/05/30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/05/18 12:19:15 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/05/18 12:17:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/18 12:17:19 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/18 12:17:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/18 12:17:19 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/02/24 04:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2011/12/08 18:26:29 | 005,529,208 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\Any DVD\AnyDVD\AnyDVDtray.exe
PRC - [2011/08/19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2011/08/12 13:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/08/12 13:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/07/22 00:07:38 | 000,718,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/01/19 16:10:48 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared files\brs.exe
PRC - [2009/12/10 03:02:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/10 03:02:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/07/14 03:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe
PRC - [2001/11/12 23:31:48 | 000,020,480 | ---- | M] (X10) -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/14 10:54:58 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/04/14 10:54:35 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/04/14 10:54:29 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/04/14 10:54:17 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/04/14 10:54:12 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/04/14 10:54:09 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/04/14 10:54:08 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/31 09:14:25 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/08/22 16:47:44 | 000,336,408 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
MOD - [2011/08/12 13:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010/11/13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/05/07 19:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
MOD - [2010/05/07 19:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
MOD - [2010/05/07 19:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
MOD - [2010/05/07 19:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
MOD - [2010/05/07 19:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/15 16:39:19 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/18 12:19:15 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/18 12:17:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/18 12:17:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/02/15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009/12/10 03:02:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2001/11/12 23:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Start_Pending] -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpnva.sys -- (vpnva)
DRV - [2012/05/18 12:17:20 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/18 12:17:20 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/12/04 23:23:51 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/10/11 16:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/08/19 11:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUVC.sys -- (LVUVC)
DRV - [2011/08/19 11:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/06/17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/04/03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/01/20 01:10:38 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/05/12 00:54:06] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009/09/24 10:30:02 | 001,006,816 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:54:15 | 001,311,232 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2009/07/14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/06/05 12:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express)
DRV - [2009/05/13 22:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009/05/13 22:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2008/11/28 14:34:56 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf_devolo.sys -- (NPF_devolo)
DRV - [2008/11/16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/04/11 23:30:06 | 000,038,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IAMTV.sys -- (IAMTV)
DRV - [2007/04/11 23:30:00 | 000,047,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IAMTXP.sys -- (IAMTXP)
DRV - [2007/04/11 23:29:58 | 000,040,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IAMT03.sys -- (IAMT03)
DRV - [2007/01/18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.alice-dsl.de/selfcare/content/segment/kundencenter/
IE - HKCU\..\SearchScopes,DefaultScope = {3DF8413E-553F-4BB9-924B-7F68952C126F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2BC22A4E-8150-4885-A093-EB070CFD71C3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{3DF8413E-553F-4BB9-924B-7F68952C126F}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.bestsecret.com/index.htm"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:5.0.4.0
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/30 11:08:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/18 16:35:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/18 16:35:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/30 11:08:37 | 000,000,000 | ---D | M]

[2010/09/09 18:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\mozilla\Extensions
[2012/05/02 14:56:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\s5ke6d7e.default\extensions
[2011/04/21 07:48:54 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\s5ke6d7e.default\extensions\2020Player@2020Technologies.com
[2012/02/18 10:22:14 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\s5ke6d7e.default\extensions\2020Player_IKEA@2020Technologies.com
[2012/03/30 11:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/12/11 09:34:26 | 000,084,268 | ---- | M] () (No name found) -- C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
[2012/01/08 13:25:41 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/05/18 12:19:15 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/05 16:47:31 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/03/19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012/02/16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/10/07 19:01:55 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src
[2012/02/16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\Any DVD\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F46D5C4-40BB-4D49-BD63-CCE3004FD17D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C226EB25-A07D-4423-9DD0-A25930273625}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{277fca80-8183-11e0-81a2-0024210f9ef9}\Shell - "" = AutoRun
O33 - MountPoints2\{277fca80-8183-11e0-81a2-0024210f9ef9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/24 18:49:11 | 000,000,000 | ---D | C] -- C:\2974ff8eb3e5cf7ab832
[2012/07/19 11:43:32 | 000,000,000 | ---D | C] -- C:\Users\Nicole\blue rays muxed
[2012/07/19 11:43:21 | 000,000,000 | ---D | C] -- C:\Users\Nicole\blue rays
[2012/07/18 12:41:21 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\AVS4YOU
[2012/07/18 12:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2012/07/18 12:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012/07/18 12:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2012/07/18 12:20:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\VSOBlurayConverter
[2012/07/18 12:16:50 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\NVIDIA
[2012/07/18 12:16:39 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Nicole\AppData\Roaming\pcouffin.sys
[2012/07/18 12:16:39 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Vso
[2012/07/18 12:16:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\PcSetup
[2012/07/18 12:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
[2012/07/18 12:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\vso
[2012/07/18 12:04:38 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2012/07/18 12:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2012/07/04 19:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\devolo
[2012/07/04 18:58:01 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\Macromedia
[2012/05/27 18:37:55 | 543,234,792 | ---- | C] (Microsoft Corporation) -- C:\Users\Nicole\X12-30058.exe

========== Files - Modified Within 30 Days ==========

[2012/07/24 18:50:18 | 000,668,850 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/07/24 18:50:18 | 000,630,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/24 18:50:18 | 000,134,562 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/07/24 18:50:18 | 000,110,786 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/24 18:44:46 | 000,000,739 | ---- | M] () -- C:\Users\Nicole\Desktop\Defogger - Verknüpfung.lnk
[2012/07/24 18:43:07 | 000,000,000 | ---- | M] () -- C:\Users\Nicole\defogger_reenable
[2012/07/24 18:38:19 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 18:38:19 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 18:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/24 18:29:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/24 18:28:58 | 2414,481,408 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/23 20:49:03 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/19 12:51:46 | 000,000,797 | ---- | M] () -- C:\Users\Nicole\Desktop\Ipad Iphone.lnk
[2012/07/19 12:50:44 | 000,001,231 | ---- | M] () -- C:\Users\Nicole\Desktop\blue rays muxed.lnk
[2012/07/19 12:50:27 | 000,001,177 | ---- | M] () -- C:\Users\Nicole\Desktop\blue rays.lnk
[2012/07/19 11:51:45 | 000,450,048 | ---- | M] (Cinema Squid) -- C:\Users\Nicole\Desktop\BDInfo.exe
[2012/07/19 11:15:51 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\XMedia Recode.lnk
[2012/07/19 11:12:55 | 000,000,866 | ---- | M] () -- C:\Users\Nicole\Desktop\tsMuxerGUI - Verknüpfung.lnk
[2012/07/18 12:16:39 | 000,087,608 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\inst.exe
[2012/07/18 12:16:39 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Nicole\AppData\Roaming\pcouffin.sys
[2012/07/18 12:16:39 | 000,007,887 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\pcouffin.cat
[2012/07/18 12:16:39 | 000,001,144 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\pcouffin.inf
[2012/07/04 19:17:29 | 000,002,091 | ---- | M] () -- C:\Users\Nicole\Desktop\dLAN-Konfigurationsassistent.lnk
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/07/24 18:44:46 | 000,000,739 | ---- | C] () -- C:\Users\Nicole\Desktop\Defogger - Verknüpfung.lnk
[2012/07/24 18:43:07 | 000,000,000 | ---- | C] () -- C:\Users\Nicole\defogger_reenable
[2012/07/23 20:49:03 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/19 12:51:46 | 000,000,797 | ---- | C] () -- C:\Users\Nicole\Desktop\Ipad Iphone.lnk
[2012/07/19 12:50:44 | 000,001,231 | ---- | C] () -- C:\Users\Nicole\Desktop\blue rays muxed.lnk
[2012/07/19 12:50:27 | 000,001,177 | ---- | C] () -- C:\Users\Nicole\Desktop\blue rays.lnk
[2012/07/19 11:12:55 | 000,000,866 | ---- | C] () -- C:\Users\Nicole\Desktop\tsMuxerGUI - Verknüpfung.lnk
[2012/07/18 12:16:39 | 000,087,608 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\inst.exe
[2012/07/18 12:16:39 | 000,007,887 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\pcouffin.cat
[2012/07/18 12:16:39 | 000,001,144 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\pcouffin.inf
[2012/07/04 19:17:29 | 000,002,091 | ---- | C] () -- C:\Users\Nicole\Desktop\dLAN-Konfigurationsassistent.lnk
[2012/03/30 11:01:44 | 000,226,470 | ---- | C] () -- C:\Windows\hpoins18.dat
[2012/03/30 11:01:44 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2012/02/17 09:49:26 | 000,000,559 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2012/02/17 09:48:25 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2011/11/02 18:06:16 | 004,300,532 | ---- | C] () -- C:\Users\Nicole\Handbuch_FN12.pdf
[2011/11/02 16:20:48 | 001,456,640 | ---- | C] () -- C:\Program Files\Common Files\Falk Navi-Manager.msi
[2011/10/18 17:48:35 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/08/19 11:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/08/19 11:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/08/19 11:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/08/12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/07/26 08:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/11/15 18:34:31 | 000,000,076 | ---- | C] () -- C:\Windows\System32\Sun Clock 6.ini
[2010/09/19 18:43:21 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/09/09 18:19:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== LOP Check ==========

[2010/10/29 16:01:14 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\AliceHilfe
[2010/11/16 19:34:38 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Cisco
[2012/01/15 18:07:24 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\DVDVideoSoft
[2010/11/20 19:11:53 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Free iPad Video Converter
[2012/03/05 18:00:06 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\gotomaxx
[2010/11/01 17:52:01 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Gutscheinmieze
[2010/12/24 09:17:43 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Leadertech
[2011/01/15 23:18:18 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Map Maker
[2012/02/17 10:05:21 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\MyHeritage
[2012/01/15 18:01:25 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Pavtube
[2010/11/01 17:55:58 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\SoftGrid Client
[2012/02/17 09:48:24 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2010/09/09 19:05:38 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\TP
[2012/07/19 11:10:23 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Vso
[2010/09/19 18:53:54 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\XMedia Recode
[2012/07/13 16:56:30 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
_________________________________________________________________

Extras.txt

OTL Extras logfile created on: 7/24/2012 6:46:58 PM - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Nicole\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 50.61% Memory free
5.99 Gb Paging File | 4.33 Gb Available in Paging File | 72.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 434.66 Gb Total Space | 305.26 Gb Free Space | 70.23% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 13.29 Gb Free Space | 44.30% Space Free | Partition Type: NTFS

Computer Name: NICOLE-PC | User Name: Nicole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008B5939-5C46-4AC1-9075-828066641984}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{02F9456D-CF4F-421C-ACA8-202166BF1A91}" = lport=139 | protocol=6 | dir=in | app=system |
"{1C0654A9-2EA6-4C1F-AC05-4880C7599ACE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3152C08A-2A4F-41F7-9ED4-FA48AAC32B75}" = rport=137 | protocol=17 | dir=out | app=system |
"{3B94A5DC-693D-425B-A61C-07763258D159}" = rport=139 | protocol=6 | dir=out | app=system |
"{3E7862CB-2DB6-4672-A8DA-BFCA1B42B9BD}" = lport=138 | protocol=17 | dir=in | app=system |
"{6AB56D4E-063E-4F2D-AF1E-3B4C0F8B78AC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73D8A3FD-6A0B-46A1-A6BE-84136E378450}" = rport=10243 | protocol=6 | dir=out | app=system |
"{790E723C-13F9-4596-B1C8-4286ECCF2E38}" = lport=10300 | protocol=6 | dir=in | app=c:\program files\devolo\informer\devinf.exe |
"{80C04E50-E22D-4A05-ABEC-EF6FF5E51BBA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{82753CBD-52E1-40F6-AA6B-C57E7BC68049}" = lport=10301 | protocol=17 | dir=in | app=c:\program files\devolo\informer\devinf.exe |
"{95E05753-9E0C-4008-87AA-4A889A2C3634}" = lport=2869 | protocol=6 | dir=in | app=system |
"{977E1CD4-8AA1-4212-B0E2-F60584DF283E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A30D7FA6-4949-4041-A5CA-31E38C8266AD}" = lport=445 | protocol=6 | dir=in | app=system |
"{A8E9960D-F914-4BF4-9D1A-8C566A6D6B1B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AAA23A57-A27A-4B6A-87EB-CF1428B6142D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AC4F819A-C064-47BC-9B86-8C6019970DDB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD908E15-FF14-4757-ACB7-EDB6CFB0E64D}" = lport=137 | protocol=17 | dir=in | app=system |
"{BB5AD1B5-F35C-4F52-A0C9-8AE839C485DE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CD1A650E-B0A2-4C90-9B19-CB1EFF8B7220}" = rport=138 | protocol=17 | dir=out | app=system |
"{D32ECD96-D136-4806-B0F9-DC8F49DBD9C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DE290936-75D9-4E81-84BE-5FC35D2D26BD}" = rport=445 | protocol=6 | dir=out | app=system |
"{E33018A1-FB70-4CE9-8968-84977C95530A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E516C5E9-459E-40F9-AEDD-56F0939EFEA8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E5513022-3310-4326-AD3E-02C4EF53258C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E82457A9-B282-4608-B0DA-7379C5282FFB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{ECD01848-3191-42D2-983B-D87F55F2E05F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F47CD37E-6ADA-4A4D-A71F-9CCD039B84AF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02BA14FB-56D6-414E-9122-A111BC9B2C44}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{0456845D-4F39-41E6-AA79-4609E0EAB667}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{0459800E-A3BA-41E5-B597-7C835BFD48E6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{090CC56F-11EE-4F08-A6AD-4881E4429014}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{10A94668-EB15-4E8A-8AF7-EA3204068194}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{10D7DE8B-5320-437F-953A-BC2AF9B7C803}" = protocol=6 | dir=out | app=system |
"{183854E0-8573-40A7-A6B9-D2E51AED8EDA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{1A349071-DF31-437C-89FD-AF46FE81183B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{1A74F8F5-8B5F-4583-9A74-68DF600681C9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{1CDD61FF-90D9-4928-9056-C3828BC43FD1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{1DDE96C2-0B45-4466-A0C1-2F9CF961D0FC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{1EA8892F-5FEA-447A-A3B5-F7EA985070C3}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{1EE66381-1849-4109-8830-364C9E8E34EC}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\dataproxy.exe |
"{21F2ECF6-30CF-4FD4-ACAE-A91B0EF231F2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{248185DC-75AB-4A22-9824-03AFF51601BC}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{282FDBE5-ECEB-4EB4-B59A-AEEA22E684F2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3566D613-5280-404D-A9AE-1179F41F092A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{3722B7BA-B110-4536-8279-634DAAAE3692}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{39056181-E87B-4F47-BB79-30BC6B79F106}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{400DF7FB-BA8C-468E-808D-CDAA53505F36}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{46179131-C2CC-4FD6-948E-D7E045719506}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{49D517EA-F182-476F-81A1-6ACD8F6FC1CD}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{49EC1978-B5E5-4609-8CB1-68D57A7B9C73}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{5331A99F-BC0B-4DD0-B5B7-FC4A4DDB7477}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{541AE362-D541-4989-8446-3DD021BE37A2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{578DC4E3-6C61-4796-8CCD-766CC9D6DDC8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{5B5FCCAB-8948-472F-BB46-E228A9084756}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5BC42500-CA69-420A-87ED-14C985E32E8A}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{6444EFAC-B9FE-4C1E-BCD4-874626421443}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{656353A3-FCBE-4936-92C8-993E14F1CA88}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{66B9D5B4-C09E-4D82-8C77-4DC950A797B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6AAAB6C9-2FDB-425F-8723-1AC99E28CFCD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{6D01F59E-75DD-49C8-A0E5-5608429B12EF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{719D9DD2-85CF-4286-A578-8ECD575FD37F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{781E79D4-BF37-4782-B8AA-FFCB00AA7E8E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7F4A8A05-7BAA-4920-8DCD-BBA398EE2B65}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{823367B6-BB85-4BE8-B4C3-6A98D66F64E2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{89D2E26E-DCE2-47B9-ADA7-F08E6485D4AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8FC9B0EF-1374-44F9-90CB-18A40FA252D4}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{9001A5F5-9B58-4F1E-898E-0BD1A7B43960}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{93550904-C8F6-415B-9C41-6EDC531384FA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{972B1929-3E49-4DA5-AE96-F269BABA10C1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{9A8BFE28-F8D8-4DE2-B635-7CF4736A0AF1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A16E9082-6589-4FAB-820B-2D8748259486}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A7C49FE9-2978-41B4-8EF1-C0D1768724B3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B320FEA7-AE97-4E7B-8C26-2408EBE9D898}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B58517F1-0D1F-4E1B-A40A-F7FAD73FEB07}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{B6EDC451-E1B6-4CFA-95F8-8775473D0C97}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{B801AFB9-70BD-44E1-A0CD-9A1C37658818}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BAABFD73-59A7-4221-BA4D-2539FC5E9AB9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BFD779E5-D35B-4E12-9F00-4F1DBD7222DF}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\srserver.exe |
"{C73A3378-5BA7-462D-8185-364AF3347373}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{CB7E1EB1-CA91-4568-88C2-E649ECC8000A}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{D10B766B-95F5-496E-A7C9-726A6956C473}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D17A5DD0-121B-4416-BEF7-D69F66398669}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{D55BFB33-00F3-4195-963C-E9FC39FD7FE5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D6144A3B-534E-4F08-BA52-1B2F3E53E724}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E4B95CA3-93C0-4CB8-BDA6-5AFA42978E08}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EC4C3263-C02F-4A15-9E86-562D67475070}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\sndserv.exe |
"{EF951ADA-E84B-4FF7-A6F7-4A8082E3FF10}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F3359952-626A-467B-A361-556E8228FF67}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{F36EA185-332E-4A13-9125-9FF644D2786C}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\gdiserv.exe |
"{F88BC457-39E0-42FA-A43D-4C884CFA3203}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\inputserv.exe |
"{F9774DF3-C66C-4B21-B3F0-44E7E1A34C3B}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{F9884AED-E01F-4703-8524-A7C86135EC7A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FE89C13F-8705-40DD-98BF-E3F8A755D344}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FEC828D8-1314-4D26-ABA6-09462652ADC7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{7CBEDF0D-C69E-4C66-8B44-CCFC17609D60}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{CFAA289C-2B1D-4D70-A5A4-FEBDE408BA9F}C:\program files\devolo\informer\devinf.exe" = protocol=6 | dir=in | app=c:\program files\devolo\informer\devinf.exe |
"UDP Query User{8FFEB623-4FC7-49E9-A072-F3869D99FC79}C:\program files\devolo\informer\devinf.exe" = protocol=17 | dir=in | app=c:\program files\devolo\informer\devinf.exe |
"UDP Query User{ECA40748-9CCA-41F0-96B9-7195D92AC0DC}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01310914-E3B8-40E8-BCF7-9C42E0639A43}" = gotomaxx PDFMAILER
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager
"{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AAA8CA88-8A22-43D1-867F-ABD7944C9815}" = Intel(R) Network Connections 14.3.100.0
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B6916E4B-FD07-47E7-B906-B3F734F08E29}" = C4100
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB8CA439-DA83-419C-A4CF-5A0A50025144}" = Windows Mobile-Gerätecenter: Treiberupdate
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.1.6
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA208693-1080-4671-9503-58599DB491E0}" = Falk Navi-Manager
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AliceHilfe 1.0.0.1" = AliceHilfe
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira Free Antivirus
"Blu-ray Converter Ultimate_is1" = Blu-ray Converter Ultimate 1.4.0.8
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"Family Tree Builder" = MyHeritage Family Tree Builder
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"LuPO_is1" = LuPO 1.0.2.43
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PROSetDX" = Intel(R) Network Connections 14.3.100.0
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.9.4
"X10Hardware" = X10 Hardware(TM)
"XMedia Recode" = XMedia Recode 2.2.8.4

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/22/2012 10:03:03 AM | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8081

Error - 6/22/2012 10:03:03 AM | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8081

Error - 6/22/2012 10:03:04 AM | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/22/2012 10:03:04 AM | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9079

Error - 6/22/2012 10:03:04 AM | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9079

Error - 7/18/2012 8:00:06 AM | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/18/2012 8:00:06 AM | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16021

Error - 7/18/2012 8:00:06 AM | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16021

Error - 7/19/2012 7:05:33 AM | Computer Name = Nicole-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: XMedia Recode.exe, Version: 3.1.1.6,
Zeitstempel: 0x5004562c Name des fehlerhaften Moduls: ffmpeg.dll, Version: 0.0.0.0,
Zeitstempel: 0x5004561f Ausnahmecode: 0xc0000005 Fehleroffset: 0x000c62cf ID des fehlerhaften
Prozesses: 0x14e8 Startzeit der fehlerhaften Anwendung: 0x01cd659bc104e241 Pfad der
fehlerhaften Anwendung: C:\Program Files\XMedia Recode\XMedia Recode.exe Pfad des
fehlerhaften Moduls: C:\Program Files\XMedia Recode\ffmpeg.dll Berichtskennung:
a8b719c3-d191-11e1-8255-0024210f9ef9

Error - 7/19/2012 10:04:08 AM | Computer Name = Nicole-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: XMedia Recode.exe, Version: 3.1.1.6,
Zeitstempel: 0x5004562c Name des fehlerhaften Moduls: ffmpeg.dll, Version: 0.0.0.0,
Zeitstempel: 0x5004561f Ausnahmecode: 0xc0000005 Fehleroffset: 0x003a77a4 ID des fehlerhaften
Prozesses: 0x15d8 Startzeit der fehlerhaften Anwendung: 0x01cd65b71ba2f52f Pfad der
fehlerhaften Anwendung: C:\Program Files\XMedia Recode\XMedia Recode.exe Pfad des
fehlerhaften Moduls: C:\Program Files\XMedia Recode\ffmpeg.dll Berichtskennung:
9b1c8caf-d1aa-11e1-8255-0024210f9ef9

[ Cisco AnyConnect VPN Client Events ]
Error - 2/28/2011 11:34:31 AM | Computer Name = Nicole-PC | Source = vpnui | ID = 50724865
Description = Function: CCertStore::Enumerate Return code: 0xFE21000B File: .\Certificates\CollectiveCertStore.cpp
Line:
327 Description: unknown

Error - 2/28/2011 11:35:43 AM | Computer Name = Nicole-PC | Source = vpnui | ID = 50724865
Description = Function: CertOpenStore Return code: 5 File: .\Certificates\CapiCertStore.cpp
Line:
168 Description: Zugriff verweigert

Error - 2/28/2011 11:35:43 AM | Computer Name = Nicole-PC | Source = vpnui | ID = 50724865
Description = Function: CCertStore::Enumerate Return code: 0xFE21000B File: .\Certificates\CollectiveCertStore.cpp
Line:
327 Description: unknown

Error - 2/28/2011 11:36:44 AM | Computer Name = Nicole-PC | Source = vpnui | ID = 50724865
Description = Function: ConnectIfc::TranslateStatusCode Return code: 0xFE00001A File:
.\ConnectIfc.cpp Line: 5267 Description: downloader not found

Error - 2/28/2011 11:36:44 AM | Computer Name = Nicole-PC | Source = vpnui | ID = 50724865
Description = Function: ConnectMgr :: launchdownloader Return code: 0xFE00001A File:
.\ConnectMgr.cpp Line: 3587 Description: unknown Failed to download the downloader

Error - 2/28/2011 11:36:44 AM | Computer Name = Nicole-PC | Source = vpnui | ID = 50724865
Description = Function: CertOpenStore Return code: 5 File: .\Certificates\CapiCertStore.cpp
Line:
168 Description: Zugriff verweigert

Error - 2/28/2011 11:36:44 AM | Computer Name = Nicole-PC | Source = vpnui | ID = 50724865
Description = Function: CCertStore::Enumerate Return code: 0xFE21000B File: .\Certificates\CollectiveCertStore.cpp
Line:
327 Description: unknown

Error - 2/28/2011 11:36:44 AM | Computer Name = Nicole-PC | Source = vpnui | ID = 50724865
Description = Function: CertOpenStore Return code: 5 File: .\Certificates\CapiCertStore.cpp
Line:
168 Description: Zugriff verweigert

Error - 2/28/2011 11:36:44 AM | Computer Name = Nicole-PC | Source = vpnui | ID = 50724865
Description = Function: CCertStore::Enumerate Return code: 0xFE21000B File: .\Certificates\CollectiveCertStore.cpp
Line:
327 Description: unknown

Error - 6/16/2011 11:12:13 AM | Computer Name = Nicole-PC | Source = vpnagent | ID = 50331649
Description = Function: WaitForSingleObject Return code: 6 File: .\Agent.cpp Line:
677 Description: Das Handle ist ungültig.

[ Media Center Events ]
Error - 7/10/2011 11:47:43 AM | Computer Name = Nicole-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc004050b) 713x BDA
Analog TV Tuner

Error - 7/10/2011 11:47:44 AM | Computer Name = Nicole-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc004050b) 713x BDA
Analog TV Tuner

Error - 7/10/2011 11:47:44 AM | Computer Name = Nicole-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc004050b) 713x BDA
Analog TV Tuner

Error - 7/10/2011 11:47:45 AM | Computer Name = Nicole-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc004050b) 713x BDA
Analog TV Tuner

Error - 7/10/2011 11:47:46 AM | Computer Name = Nicole-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc004050b) 713x BDA
Analog TV Tuner

Error - 7/10/2011 12:09:18 PM | Computer Name = Nicole-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) 713x BDA
DVBT Tuner

Error - 7/17/2011 1:51:41 AM | Computer Name = Nicole-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) 713x BDA
DVBT Tuner

Error - 7/17/2011 12:40:52 PM | Computer Name = Nicole-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) 713x BDA
DVBT Tuner

Error - 7/28/2011 1:51:42 AM | Computer Name = Nicole-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) 713x BDA
DVBT Tuner

Error - 7/30/2011 2:38:47 PM | Computer Name = Nicole-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) 713x BDA
DVBT Tuner

Error - 9/11/2011 8:30:00 AM | Computer Name = Nicole-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) 713x BDA
DVBT Tuner

[ System Events ]
Error - 7/19/2012 2:10:36 PM | Computer Name = Nicole-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error - 7/20/2012 2:20:48 AM | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "X10 Device Network Service" wurde nicht richtig gestartet.

Error - 7/21/2012 12:49:14 PM | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "X10 Device Network Service" wurde nicht richtig gestartet.

Error - 7/23/2012 2:47:17 PM | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "X10 Device Network Service" wurde nicht richtig gestartet.

Error - 7/23/2012 2:49:41 PM | Computer Name = Nicole-PC | Source = BROWSER | ID = 8032
Description =

Error - 7/23/2012 3:13:42 PM | Computer Name = Nicole-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error - 7/23/2012 3:47:12 PM | Computer Name = Nicole-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error - 7/24/2012 12:48:18 AM | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "X10 Device Network Service" wurde nicht richtig gestartet.

Error - 7/24/2012 8:23:10 AM | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "X10 Device Network Service" wurde nicht richtig gestartet.

Error - 7/24/2012 12:31:15 PM | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "X10 Device Network Service" wurde nicht richtig gestartet.


< End of report >
________________________________________________________________


Gmer.txt

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit quick scan 2012-07-24 19:05:25
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0
Running: jg7mxszu.exe; Driver: C:\Users\Nicole\AppData\Local\Temp\kxriqpog.sys


---- Devices - GMER 1.0.15 ----

Device \Driver\iaStor \Device\Ide\iaStor0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)

---- EOF - GMER 1.0.15 ----
______________________________________________________________

Falls ich etwas vergessen habe oder noch etwas gebraucht wird, ich gebe mir Mühe :crazy:
Vielen Dank für alle helfenden Augen :bussi:

cosinus 27.07.2012 22:55
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Kleineunifee 28.07.2012 11:10
Hallo,
hier die drei Logfiles, der neueste zuerst:
Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.23.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Nicole :: NICOLE-PC [Administrator]

23.07.2012 22:44:25
mbam-log-2012-07-23 (22-44-25).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 196059
Laufzeit: 5 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.23.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Nicole :: NICOLE-PC [Administrator]

23.07.2012 20:49:37
mbam-log-2012-07-23 (20-49-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 124992
Laufzeit: 22 Minute(n), 15 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.14.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Nicole :: NICOLE-PC [Administrator]

14.04.2012 08:56:34
mbam-log-2012-04-14 (08-56-34).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 407895
Laufzeit: 1 Stunde(n), 51 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Nicole\Downloads\VideoToMp3Setup(2).exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Nicole\Downloads\VideoToMp3Setup.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Eset Online Scanner habe ich am 28.07.12 ebenfalls durchführt:
Code:
C:\Users\Nicole\Downloads\vlc-1.1.4-win32.exe        Win32/StartPage.OIE Trojaner        Gesäubert durch Löschen - in Quarantäne kopiert

cosinus 28.07.2012 23:33
Zitat:
C:\Users\Nicole\Downloads\vlc-1.1.4-win32.exe Win32/StartPage.OIE Trojaner
Lass mich :glaskugel: du bist auch auf vlc.de reingefallen!
Den Video/Audio Player VLC lädt man sich bon videolan.org und nicht von vlc.de! :kloppen:

Kleineunifee 29.07.2012 09:25
Hallo Arne,
was du nicht alles siehst!!
Sieht so aus :-) wie wohl tausende vor mir.
Dein Rat?
Deinstallieren? Brauch ich eigentlich nicht mehr.

Ich habe ich auch noch ein Logfile vom WiseRegistryCleaner, brauchst du den auch?
Gruß
Nicole

cosinus 29.07.2012 17:00
Finger weg von Registry-Cleanern!!

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Kleineunifee 29.07.2012 18:45
Hallo Arne,
ja das ist mir bewusst. Bisher habe ich das nur mit allergrößter Vorsicht genutzt und nur gelöscht was wirklich bekannt war. Verwaiste Registry Einträge habe ich jede Menge...aber das seht ihr wahrscheinlich anders :-)
Aber bei Viren und Trojanern hört der Spaß und meine Kenntnis auf.
Ich wünschte mir ich hätte mehr Zeit mich damit auseinanderzusetzen und ziehe meinen Hut vor Euch Allen die uns unwissenden Usern helfen.
Gruß
Nicole

cosinus 29.07.2012 20:12
Lass einfach die Finger von der Registry, du glaubst garnicht wieviele Probleme dadruch verursacht werden und sich Helfer den Kopf zerbrechen um hinterher festzustellen, dass sowas wie TuneUp oder ein andere Registrycleaner da Mist gebaut hat!

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Kleineunifee 30.07.2012 04:55
Hallo Arne,
hier der Logfile:

Code:
# AdwCleaner v1.703 - Logfile created 07/30/2012 at 05:53:09
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Nicole - NICOLE-PC
# Running from : C:\Users\Nicole\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found : HKLM\SOFTWARE\Software

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (de)

Profile name : default
File : C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\s5ke6d7e.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [863 octets] - [30/07/2012 05:53:09]

########## EOF - C:\AdwCleaner[R1].txt - [990 octets] ##########
Gruß Nicole

cosinus 30.07.2012 09:22
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Kleineunifee 30.07.2012 13:57
Hallo Arne,
hier der Logfile:

Code:
# AdwCleaner v1.703 - Logfile created 07/30/2012 at 14:53:11
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Nicole - NICOLE-PC
# Running from : C:\Users\Nicole\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Software

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (de)

Profile name : default
File : C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\s5ke6d7e.default\prefs.js

C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\s5ke6d7e.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [990 octets] - [30/07/2012 05:53:09]
AdwCleaner[S1].txt - [1027 octets] - [30/07/2012 14:53:11]

########## EOF - C:\AdwCleaner[S1].txt - [1155 octets] ##########
Gruß Nicole

cosinus 30.07.2012 18:46
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Kleineunifee 30.07.2012 19:39
Hallo Arne,

zu 1.) ja geht wieder alles normal..
zu 2.) nein, ich vermisse nix im Startmenü
leere Ordner gibt es nicht und soweit ich das überblicke ist alles da oder nix
ungewöhnliches drin.

Gruß
Nicole

cosinus 30.07.2012 21:13
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Kleineunifee 31.07.2012 06:03
Hier der OTL-Logfile:
OTL Logfile:
Code:
OTL logfile created on: 7/31/2012 6:45:14 AM - Run 2
OTL by OldTimer - Version 3.2.54.1    Folder = C:\Users\Nicole\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 64.27% Memory free
5.99 Gb Paging File | 4.79 Gb Available in Paging File | 79.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 434.66 Gb Total Space | 306.24 Gb Free Space | 70.45% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 13.29 Gb Free Space | 44.30% Space Free | Partition Type: NTFS
 
Computer Name: NICOLE-PC | User Name: Nicole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/07/24 18:45:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Downloads\OTL.exe
PRC - [2012/05/30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/05/18 12:17:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/18 12:17:19 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/18 12:17:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/18 12:17:19 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/02/24 04:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2011/12/08 18:26:29 | 005,529,208 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\Any DVD\AnyDVD\AnyDVDtray.exe
PRC - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/08/19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2011/08/12 13:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/08/12 13:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/07/22 00:07:38 | 000,718,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/01/19 16:10:48 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared files\brs.exe
PRC - [2009/12/10 03:02:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/10 03:02:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2001/11/12 23:31:48 | 000,020,480 | ---- | M] (X10) -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/07/24 19:45:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/07/24 19:45:04 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/07/24 19:44:58 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/07/24 19:44:46 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/07/24 19:44:42 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/07/24 19:44:38 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/07/24 19:44:37 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/07/24 19:44:32 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/08/22 16:47:44 | 000,336,408 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
MOD - [2011/08/12 13:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010/11/13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/05/07 19:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
MOD - [2010/05/07 19:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
MOD - [2010/05/07 19:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
MOD - [2010/05/07 19:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
MOD - [2010/05/07 19:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/07/30 15:13:57 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/28 19:38:20 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/18 12:17:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/18 12:17:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/02/15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/08/19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009/12/10 03:02:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2001/11/12 23:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Start_Pending] -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpnva.sys -- (vpnva)
DRV - [2012/05/18 12:17:20 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/18 12:17:20 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/12/04 23:23:51 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/10/11 16:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/08/19 11:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUVC.sys -- (LVUVC)
DRV - [2011/08/19 11:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/06/17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/04/03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/01/20 01:10:38 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/05/12 00:54:06] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009/09/24 10:30:02 | 001,006,816 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:54:15 | 001,311,232 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2009/07/14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/06/05 12:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express)
DRV - [2009/05/13 22:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009/05/13 22:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2008/11/28 14:34:56 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf_devolo.sys -- (NPF_devolo)
DRV - [2008/11/16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/04/11 23:30:06 | 000,038,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IAMTV.sys -- (IAMTV)
DRV - [2007/04/11 23:30:00 | 000,047,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IAMTXP.sys -- (IAMTXP)
DRV - [2007/04/11 23:29:58 | 000,040,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IAMT03.sys -- (IAMT03)
DRV - [2007/01/18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.alice-dsl.de/selfcare/content/segment/kundencenter/
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\..\SearchScopes,DefaultScope = {3DF8413E-553F-4BB9-924B-7F68952C126F}
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\..\SearchScopes\{2BC22A4E-8150-4885-A093-EB070CFD71C3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\..\SearchScopes\{3DF8413E-553F-4BB9-924B-7F68952C126F}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.bestsecret.com/index.htm"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:5.0.4.0
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/30 11:08:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/30 15:13:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/18 16:35:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/30 11:08:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/30 15:13:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/18 16:35:18 | 000,000,000 | ---D | M]
 
[2010/09/09 18:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\mozilla\Extensions
[2012/05/02 14:56:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\s5ke6d7e.default\extensions
[2011/04/21 07:48:54 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\s5ke6d7e.default\extensions\2020Player@2020Technologies.com
[2012/02/18 10:22:14 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\s5ke6d7e.default\extensions\2020Player_IKEA@2020Technologies.com
[2012/03/30 11:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/12/11 09:34:26 | 000,084,268 | ---- | M] () (No name found) -- C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
[2012/01/08 13:25:41 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/07/30 15:13:57 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/05 16:47:31 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/03/19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012/07/30 15:13:56 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/07/30 15:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/30 15:13:56 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/10/07 19:01:55 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src
[2012/07/30 15:13:56 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/07/30 15:13:56 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/07/30 15:13:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-2369891443-1425051336-381616636-1000..\Run: [AnyDVD] C:\Program Files\Any DVD\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-2369891443-1425051336-381616636-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2369891443-1425051336-381616636-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2369891443-1425051336-381616636-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2369891443-1425051336-381616636-1000..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F46D5C4-40BB-4D49-BD63-CCE3004FD17D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C226EB25-A07D-4423-9DD0-A25930273625}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{277fca80-8183-11e0-81a2-0024210f9ef9}\Shell - "" = AutoRun
O33 - MountPoints2\{277fca80-8183-11e0-81a2-0024210f9ef9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: BsScanner - Service
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: BsScanner - Service
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - i420vfw.dll File not found
Drivers32: vidc.yv12 - yv12vfw.dll File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/25 14:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/07/19 11:43:32 | 000,000,000 | ---D | C] -- C:\Users\Nicole\blue rays muxed
[2012/07/19 11:43:21 | 000,000,000 | ---D | C] -- C:\Users\Nicole\blue rays
[2012/07/18 12:41:21 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\AVS4YOU
[2012/07/18 12:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012/07/18 12:20:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\VSOBlurayConverter
[2012/07/18 12:16:50 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\NVIDIA
[2012/07/18 12:16:39 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Nicole\AppData\Roaming\pcouffin.sys
[2012/07/18 12:16:39 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Vso
[2012/07/18 12:16:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\PcSetup
[2012/07/18 12:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
[2012/07/18 12:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\vso
[2012/07/18 12:04:38 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2012/07/18 12:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2012/07/04 19:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\devolo
[2012/07/04 18:58:01 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\Macromedia
[2012/05/27 18:37:55 | 543,234,792 | ---- | C] (Microsoft Corporation) -- C:\Users\Nicole\X12-30058.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/31 06:39:48 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/31 06:39:48 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/31 06:38:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/31 06:37:00 | 000,001,091 | ---- | M] () -- C:\Users\Nicole\Desktop\OTL - Verknüpfung.lnk
[2012/07/31 06:35:12 | 000,668,850 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/07/31 06:35:12 | 000,630,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/31 06:35:12 | 000,134,562 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/07/31 06:35:12 | 000,110,786 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/31 06:30:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/31 06:30:26 | 2414,481,408 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/30 14:52:51 | 000,001,164 | ---- | M] () -- C:\Users\Nicole\Desktop\adwcleaner - Verknüpfung.lnk
[2012/07/25 18:46:28 | 000,001,110 | ---- | M] () -- C:\Users\Nicole\Desktop\ESET - Verknüpfung.lnk
[2012/07/24 19:41:43 | 000,418,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/24 19:04:13 | 000,001,146 | ---- | M] () -- C:\Users\Nicole\Desktop\jg7mxszu - Verknüpfung.lnk
[2012/07/24 19:02:43 | 000,001,130 | ---- | M] () -- C:\Users\Nicole\Desktop\Extras - Verknüpfung.lnk
[2012/07/24 18:44:46 | 000,000,739 | ---- | M] () -- C:\Users\Nicole\Desktop\Defogger - Verknüpfung.lnk
[2012/07/24 18:43:07 | 000,000,000 | ---- | M] () -- C:\Users\Nicole\defogger_reenable
[2012/07/23 20:49:03 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/19 12:51:46 | 000,000,797 | ---- | M] () -- C:\Users\Nicole\Desktop\Ipad Iphone.lnk
[2012/07/19 12:50:44 | 000,001,231 | ---- | M] () -- C:\Users\Nicole\Desktop\blue rays muxed.lnk
[2012/07/19 12:50:27 | 000,001,177 | ---- | M] () -- C:\Users\Nicole\Desktop\blue rays.lnk
[2012/07/19 11:51:45 | 000,450,048 | ---- | M] (Cinema Squid) -- C:\Users\Nicole\Desktop\BDInfo.exe
[2012/07/19 11:15:51 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\XMedia Recode.lnk
[2012/07/19 11:12:55 | 000,000,866 | ---- | M] () -- C:\Users\Nicole\Desktop\tsMuxerGUI - Verknüpfung.lnk
[2012/07/18 12:16:39 | 000,087,608 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\inst.exe
[2012/07/18 12:16:39 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Nicole\AppData\Roaming\pcouffin.sys
[2012/07/18 12:16:39 | 000,007,887 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\pcouffin.cat
[2012/07/18 12:16:39 | 000,001,144 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\pcouffin.inf
[2012/07/04 19:17:29 | 000,002,091 | ---- | M] () -- C:\Users\Nicole\Desktop\dLAN-Konfigurationsassistent.lnk
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012/07/31 06:37:00 | 000,001,091 | ---- | C] () -- C:\Users\Nicole\Desktop\OTL - Verknüpfung.lnk
[2012/07/30 14:52:51 | 000,001,164 | ---- | C] () -- C:\Users\Nicole\Desktop\adwcleaner - Verknüpfung.lnk
[2012/07/25 18:46:28 | 000,001,110 | ---- | C] () -- C:\Users\Nicole\Desktop\ESET - Verknüpfung.lnk
[2012/07/24 19:04:13 | 000,001,146 | ---- | C] () -- C:\Users\Nicole\Desktop\jg7mxszu - Verknüpfung.lnk
[2012/07/24 19:02:43 | 000,001,130 | ---- | C] () -- C:\Users\Nicole\Desktop\Extras - Verknüpfung.lnk
[2012/07/24 18:44:46 | 000,000,739 | ---- | C] () -- C:\Users\Nicole\Desktop\Defogger - Verknüpfung.lnk
[2012/07/24 18:43:07 | 000,000,000 | ---- | C] () -- C:\Users\Nicole\defogger_reenable
[2012/07/23 20:49:03 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/19 12:51:46 | 000,000,797 | ---- | C] () -- C:\Users\Nicole\Desktop\Ipad Iphone.lnk
[2012/07/19 12:50:44 | 000,001,231 | ---- | C] () -- C:\Users\Nicole\Desktop\blue rays muxed.lnk
[2012/07/19 12:50:27 | 000,001,177 | ---- | C] () -- C:\Users\Nicole\Desktop\blue rays.lnk
[2012/07/19 11:12:55 | 000,000,866 | ---- | C] () -- C:\Users\Nicole\Desktop\tsMuxerGUI - Verknüpfung.lnk
[2012/07/18 12:16:39 | 000,087,608 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\inst.exe
[2012/07/18 12:16:39 | 000,007,887 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\pcouffin.cat
[2012/07/18 12:16:39 | 000,001,144 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\pcouffin.inf
[2012/07/04 19:17:29 | 000,002,091 | ---- | C] () -- C:\Users\Nicole\Desktop\dLAN-Konfigurationsassistent.lnk
[2012/03/30 11:01:44 | 000,226,470 | ---- | C] () -- C:\Windows\hpoins18.dat
[2012/03/30 11:01:44 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2012/02/17 09:49:26 | 000,000,559 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2012/02/17 09:48:25 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2011/11/02 18:06:16 | 004,300,532 | ---- | C] () -- C:\Users\Nicole\Handbuch_FN12.pdf
[2011/11/02 16:20:48 | 001,456,640 | ---- | C] () -- C:\Program Files\Common Files\Falk Navi-Manager.msi
[2011/10/18 17:48:35 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/08/19 11:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/08/19 11:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/08/19 11:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/08/12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/07/26 08:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/11/15 18:34:31 | 000,000,076 | ---- | C] () -- C:\Windows\System32\Sun Clock 6.ini
[2010/09/19 18:43:21 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/09/09 18:19:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== LOP Check ==========
 
[2010/10/29 16:01:14 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\AliceHilfe
[2010/11/16 19:34:38 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Cisco
[2012/01/15 18:07:24 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\DVDVideoSoft
[2010/11/20 19:11:53 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Free iPad Video Converter
[2012/03/05 18:00:06 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\gotomaxx
[2010/11/01 17:52:01 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Gutscheinmieze
[2010/12/24 09:17:43 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Leadertech
[2011/01/15 23:18:18 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Map Maker
[2012/02/17 10:05:21 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\MyHeritage
[2012/01/15 18:01:25 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Pavtube
[2010/11/01 17:55:58 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\SoftGrid Client
[2012/02/17 09:48:24 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2010/09/09 19:05:38 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\TP
[2012/07/19 11:10:23 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Vso
[2010/09/19 18:53:54 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\XMedia Recode
[2012/07/13 16:56:30 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/04/05 14:16:03 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Adobe
[2010/10/29 16:01:14 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\AliceHilfe
[2012/01/25 17:44:45 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Apple Computer
[2011/11/29 15:49:40 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Avira
[2012/07/18 12:41:21 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\AVS4YOU
[2010/11/16 19:34:38 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Cisco
[2010/10/08 16:37:02 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\CyberLink
[2012/01/15 18:07:24 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\DVDVideoSoft
[2010/11/20 19:11:53 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Free iPad Video Converter
[2012/03/05 18:00:06 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\gotomaxx
[2010/11/01 17:52:01 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Gutscheinmieze
[2012/03/30 11:14:54 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\HP
[2012/05/27 18:39:01 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\HpUpdate
[2010/09/09 17:59:03 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Identities
[2010/09/09 17:59:27 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Intel Corporation
[2010/12/24 09:17:43 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Leadertech
[2010/09/10 10:58:11 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Macromedia
[2012/04/14 08:53:57 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Malwarebytes
[2011/01/15 23:18:18 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Map Maker
[2009/07/14 09:48:18 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Media Center Programs
[2011/12/15 17:50:28 | 000,000,000 | --SD | M] -- C:\Users\Nicole\AppData\Roaming\Microsoft
[2010/09/09 18:15:24 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Mozilla
[2012/02/17 10:05:21 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\MyHeritage
[2012/07/18 12:16:50 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\NVIDIA
[2012/01/15 18:01:25 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Pavtube
[2012/07/31 06:45:11 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Skype
[2012/02/27 21:18:51 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\skypePM
[2010/11/01 17:55:58 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\SoftGrid Client
[2012/02/17 09:48:24 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2010/09/09 19:05:38 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\TP
[2010/11/16 19:21:14 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\vlc
[2012/07/19 11:10:23 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Vso
[2010/09/19 18:53:54 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\XMedia Recode
 
< %APPDATA%\*.exe /s >
[2012/07/18 12:16:39 | 000,087,608 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\inst.exe
[2010/06/10 14:19:22 | 000,825,856 | ---- | M] (Synatix GmbH) -- C:\Users\Nicole\AppData\Roaming\Gutscheinmieze\uninstall.exe
[2010/12/24 09:17:43 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Nicole\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2011/12/21 18:38:42 | 000,113,680 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\MyHeritage\Bin\Convert\Convertor.exe
[2011/12/21 18:38:44 | 000,113,680 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\MyHeritage\Bin\Convert\ConvertorFDB.exe
[2011/12/21 18:38:46 | 000,047,104 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\MyHeritage\Bin\Convert\depcheck.exe
[2011/12/21 18:01:20 | 000,110,592 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\MyHeritage\Bin\Convert\gbtest.exe
[2011/12/21 18:01:34 | 000,058,896 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\MyHeritage\Bin\Detect\Detect.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2008/06/06 23:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2009/12/10 02:20:44 | 000,432,664 | ---- | M] (Intel Corporation) MD5=5A6C5876FB84418D08D67B8CAED5EFCF -- C:\Windows\System32\drivers\iaStor.sys
[2009/12/10 02:20:44 | 000,432,664 | ---- | M] (Intel Corporation) MD5=5A6C5876FB84418D08D67B8CAED5EFCF -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_b8fa525561a80e4a\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll

< End of report >
--- --- ---


Gruß
Nicole

cosinus 31.07.2012 11:05
Code:
OTL by OldTimer - Version 3.2.54.1
zugegeben etwas kleinkariert mag das jetzt klingen, aber OTL hast du dir nicht vorher neu runtergeladen oder? :pfeiff:

Kleineunifee 31.07.2012 12:05
Shit, nein habe ich nicht...mache ich aber...gibt schon eine neue Version :pfeiff:...neuer Logfile kommt heute nachmittag...

once again :-)

Code:
OTL logfile created on: 7/31/2012 2:35:39 PM - Run 3
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\Nicole\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 67.74% Memory free
5.99 Gb Paging File | 4.93 Gb Available in Paging File | 82.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 434.66 Gb Total Space | 306.03 Gb Free Space | 70.41% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 13.29 Gb Free Space | 44.30% Space Free | Partition Type: NTFS
 
Computer Name: NICOLE-PC | User Name: Nicole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/07/31 14:33:55 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Downloads\OTL(1).exe
PRC - [2012/05/30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/05/18 12:17:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/18 12:17:19 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/18 12:17:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/18 12:17:19 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/02/24 04:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2011/12/08 18:26:29 | 005,529,208 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\Any DVD\AnyDVD\AnyDVDtray.exe
PRC - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/08/19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2011/08/12 13:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/08/12 13:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/07/22 00:07:38 | 000,718,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/01/19 16:10:48 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared files\brs.exe
PRC - [2009/12/10 03:02:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/10 03:02:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2001/11/12 23:31:48 | 000,020,480 | ---- | M] (X10) -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/07/24 19:45:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/07/24 19:45:04 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/07/24 19:44:58 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/07/24 19:44:46 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/07/24 19:44:42 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/07/24 19:44:38 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/07/24 19:44:37 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/07/24 19:44:32 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/08/22 16:47:44 | 000,336,408 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
MOD - [2011/08/12 13:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010/11/13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/05/07 19:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
MOD - [2010/05/07 19:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
MOD - [2010/05/07 19:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
MOD - [2010/05/07 19:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
MOD - [2010/05/07 19:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
 
 
========== Win32 Services (SafeList) ==========

cosinus 31.07.2012 13:58
Log ist leider unvollständig :rolleyes:

Kleineunifee 31.07.2012 14:33
Das ist heute definitiv nicht mein Tag:
Entschuldige meine Blödheit!!

Code:
OTL logfile created on: 7/31/2012 2:35:39 PM - Run 3
OTL by OldTimer - Version 3.2.55.0    Folder = C:\Users\Nicole\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 67.74% Memory free
5.99 Gb Paging File | 4.93 Gb Available in Paging File | 82.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 434.66 Gb Total Space | 306.03 Gb Free Space | 70.41% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 13.29 Gb Free Space | 44.30% Space Free | Partition Type: NTFS
 
Computer Name: NICOLE-PC | User Name: Nicole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/07/31 14:33:55 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Downloads\OTL(1).exe
PRC - [2012/05/30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/05/18 12:17:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/18 12:17:19 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/18 12:17:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/18 12:17:19 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/02/24 04:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2011/12/08 18:26:29 | 005,529,208 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\Any DVD\AnyDVD\AnyDVDtray.exe
PRC - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/08/19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2011/08/12 13:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/08/12 13:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/07/22 00:07:38 | 000,718,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/01/19 16:10:48 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared files\brs.exe
PRC - [2009/12/10 03:02:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/10 03:02:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2001/11/12 23:31:48 | 000,020,480 | ---- | M] (X10) -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/07/24 19:45:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/07/24 19:45:04 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/07/24 19:44:58 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/07/24 19:44:46 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/07/24 19:44:42 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/07/24 19:44:38 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/07/24 19:44:37 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/07/24 19:44:32 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/08/22 16:47:44 | 000,336,408 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
MOD - [2011/08/12 13:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010/11/13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/05/07 19:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
MOD - [2010/05/07 19:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
MOD - [2010/05/07 19:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
MOD - [2010/05/07 19:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
MOD - [2010/05/07 19:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/07/30 15:13:57 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/28 19:38:20 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/18 12:17:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/18 12:17:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/02/15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/08/19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009/12/10 03:02:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2001/11/12 23:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Start_Pending] -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpnva.sys -- (vpnva)
DRV - [2012/05/18 12:17:20 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/18 12:17:20 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/12/04 23:23:51 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/10/11 16:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/08/19 11:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUVC.sys -- (LVUVC)
DRV - [2011/08/19 11:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/06/17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/04/03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/01/20 01:10:38 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/05/12 00:54:06] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009/09/24 10:30:02 | 001,006,816 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:54:15 | 001,311,232 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2009/07/14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/06/05 12:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express)
DRV - [2009/05/13 22:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009/05/13 22:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2008/11/28 14:34:56 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf_devolo.sys -- (NPF_devolo)
DRV - [2008/11/16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/04/11 23:30:06 | 000,038,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IAMTV.sys -- (IAMTV)
DRV - [2007/04/11 23:30:00 | 000,047,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IAMTXP.sys -- (IAMTXP)
DRV - [2007/04/11 23:29:58 | 000,040,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IAMT03.sys -- (IAMT03)
DRV - [2007/01/18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.alice-dsl.de/selfcare/content/segment/kundencenter/
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\..\SearchScopes,DefaultScope = {3DF8413E-553F-4BB9-924B-7F68952C126F}
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\..\SearchScopes\{2BC22A4E-8150-4885-A093-EB070CFD71C3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\..\SearchScopes\{3DF8413E-553F-4BB9-924B-7F68952C126F}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.bestsecret.com/index.htm"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:5.0.4.0
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/30 11:08:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/30 15:13:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/18 16:35:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/30 11:08:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/30 15:13:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/18 16:35:18 | 000,000,000 | ---D | M]
 
[2010/09/09 18:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\mozilla\Extensions
[2012/05/02 14:56:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\s5ke6d7e.default\extensions
[2011/04/21 07:48:54 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\s5ke6d7e.default\extensions\2020Player@2020Technologies.com
[2012/02/18 10:22:14 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\s5ke6d7e.default\extensions\2020Player_IKEA@2020Technologies.com
[2012/03/30 11:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/12/11 09:34:26 | 000,084,268 | ---- | M] () (No name found) -- C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
[2012/01/08 13:25:41 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/07/30 15:13:57 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/05 16:47:31 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/03/19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012/07/30 15:13:56 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/07/30 15:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/30 15:13:56 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/10/07 19:01:55 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src
[2012/07/30 15:13:56 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/07/30 15:13:56 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/07/30 15:13:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-2369891443-1425051336-381616636-1000..\Run: [AnyDVD] C:\Program Files\Any DVD\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-2369891443-1425051336-381616636-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2369891443-1425051336-381616636-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2369891443-1425051336-381616636-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2369891443-1425051336-381616636-1000..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F46D5C4-40BB-4D49-BD63-CCE3004FD17D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C226EB25-A07D-4423-9DD0-A25930273625}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{277fca80-8183-11e0-81a2-0024210f9ef9}\Shell - "" = AutoRun
O33 - MountPoints2\{277fca80-8183-11e0-81a2-0024210f9ef9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: BsScanner - Service
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: BsScanner - Service
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - i420vfw.dll File not found
Drivers32: vidc.yv12 - yv12vfw.dll File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/25 14:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/07/19 11:43:32 | 000,000,000 | ---D | C] -- C:\Users\Nicole\blue rays muxed
[2012/07/19 11:43:21 | 000,000,000 | ---D | C] -- C:\Users\Nicole\blue rays
[2012/07/18 12:41:21 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\AVS4YOU
[2012/07/18 12:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012/07/18 12:20:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\VSOBlurayConverter
[2012/07/18 12:16:50 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\NVIDIA
[2012/07/18 12:16:39 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Nicole\AppData\Roaming\pcouffin.sys
[2012/07/18 12:16:39 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Vso
[2012/07/18 12:16:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\PcSetup
[2012/07/18 12:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
[2012/07/18 12:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\vso
[2012/07/18 12:04:38 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2012/07/18 12:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2012/07/04 19:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\devolo
[2012/07/04 18:58:01 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\Macromedia
[2012/05/27 18:37:55 | 543,234,792 | ---- | C] (Microsoft Corporation) -- C:\Users\Nicole\X12-30058.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/31 14:38:06 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/31 14:38:06 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/31 14:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/31 14:28:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/31 14:28:42 | 2414,481,408 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/31 07:00:03 | 000,001,095 | ---- | M] () -- C:\Users\Nicole\Desktop\OTL - Verknüpfung (2).lnk
[2012/07/31 06:35:12 | 000,668,850 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/07/31 06:35:12 | 000,630,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/31 06:35:12 | 000,134,562 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/07/31 06:35:12 | 000,110,786 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/30 14:52:51 | 000,001,164 | ---- | M] () -- C:\Users\Nicole\Desktop\adwcleaner - Verknüpfung.lnk
[2012/07/25 18:46:28 | 000,001,110 | ---- | M] () -- C:\Users\Nicole\Desktop\ESET - Verknüpfung.lnk
[2012/07/24 19:41:43 | 000,418,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/24 19:04:13 | 000,001,146 | ---- | M] () -- C:\Users\Nicole\Desktop\jg7mxszu - Verknüpfung.lnk
[2012/07/24 19:02:43 | 000,001,130 | ---- | M] () -- C:\Users\Nicole\Desktop\Extras - Verknüpfung.lnk
[2012/07/24 18:44:46 | 000,000,739 | ---- | M] () -- C:\Users\Nicole\Desktop\Defogger - Verknüpfung.lnk
[2012/07/24 18:43:07 | 000,000,000 | ---- | M] () -- C:\Users\Nicole\defogger_reenable
[2012/07/23 20:49:03 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/19 12:51:46 | 000,000,797 | ---- | M] () -- C:\Users\Nicole\Desktop\Ipad Iphone.lnk
[2012/07/19 12:50:44 | 000,001,231 | ---- | M] () -- C:\Users\Nicole\Desktop\blue rays muxed.lnk
[2012/07/19 12:50:27 | 000,001,177 | ---- | M] () -- C:\Users\Nicole\Desktop\blue rays.lnk
[2012/07/19 11:51:45 | 000,450,048 | ---- | M] (Cinema Squid) -- C:\Users\Nicole\Desktop\BDInfo.exe
[2012/07/19 11:15:51 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\XMedia Recode.lnk
[2012/07/19 11:12:55 | 000,000,866 | ---- | M] () -- C:\Users\Nicole\Desktop\tsMuxerGUI - Verknüpfung.lnk
[2012/07/18 12:16:39 | 000,087,608 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\inst.exe
[2012/07/18 12:16:39 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Nicole\AppData\Roaming\pcouffin.sys
[2012/07/18 12:16:39 | 000,007,887 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\pcouffin.cat
[2012/07/18 12:16:39 | 000,001,144 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\pcouffin.inf
[2012/07/04 19:17:29 | 000,002,091 | ---- | M] () -- C:\Users\Nicole\Desktop\dLAN-Konfigurationsassistent.lnk
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012/07/31 07:00:03 | 000,001,095 | ---- | C] () -- C:\Users\Nicole\Desktop\OTL - Verknüpfung (2).lnk
[2012/07/30 14:52:51 | 000,001,164 | ---- | C] () -- C:\Users\Nicole\Desktop\adwcleaner - Verknüpfung.lnk
[2012/07/25 18:46:28 | 000,001,110 | ---- | C] () -- C:\Users\Nicole\Desktop\ESET - Verknüpfung.lnk
[2012/07/24 19:04:13 | 000,001,146 | ---- | C] () -- C:\Users\Nicole\Desktop\jg7mxszu - Verknüpfung.lnk
[2012/07/24 19:02:43 | 000,001,130 | ---- | C] () -- C:\Users\Nicole\Desktop\Extras - Verknüpfung.lnk
[2012/07/24 18:44:46 | 000,000,739 | ---- | C] () -- C:\Users\Nicole\Desktop\Defogger - Verknüpfung.lnk
[2012/07/24 18:43:07 | 000,000,000 | ---- | C] () -- C:\Users\Nicole\defogger_reenable
[2012/07/23 20:49:03 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/19 12:51:46 | 000,000,797 | ---- | C] () -- C:\Users\Nicole\Desktop\Ipad Iphone.lnk
[2012/07/19 12:50:44 | 000,001,231 | ---- | C] () -- C:\Users\Nicole\Desktop\blue rays muxed.lnk
[2012/07/19 12:50:27 | 000,001,177 | ---- | C] () -- C:\Users\Nicole\Desktop\blue rays.lnk
[2012/07/19 11:12:55 | 000,000,866 | ---- | C] () -- C:\Users\Nicole\Desktop\tsMuxerGUI - Verknüpfung.lnk
[2012/07/18 12:16:39 | 000,087,608 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\inst.exe
[2012/07/18 12:16:39 | 000,007,887 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\pcouffin.cat
[2012/07/18 12:16:39 | 000,001,144 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\pcouffin.inf
[2012/07/04 19:17:29 | 000,002,091 | ---- | C] () -- C:\Users\Nicole\Desktop\dLAN-Konfigurationsassistent.lnk
[2012/03/30 11:01:44 | 000,226,470 | ---- | C] () -- C:\Windows\hpoins18.dat
[2012/03/30 11:01:44 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2012/02/17 09:49:26 | 000,000,559 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2012/02/17 09:48:25 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2011/11/02 18:06:16 | 004,300,532 | ---- | C] () -- C:\Users\Nicole\Handbuch_FN12.pdf
[2011/11/02 16:20:48 | 001,456,640 | ---- | C] () -- C:\Program Files\Common Files\Falk Navi-Manager.msi
[2011/10/18 17:48:35 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/08/19 11:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/08/19 11:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/08/19 11:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/08/12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/07/26 08:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/11/15 18:34:31 | 000,000,076 | ---- | C] () -- C:\Windows\System32\Sun Clock 6.ini
[2010/09/19 18:43:21 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/09/09 18:19:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== LOP Check ==========
 
[2010/10/29 16:01:14 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\AliceHilfe
[2010/11/16 19:34:38 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Cisco
[2012/01/15 18:07:24 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\DVDVideoSoft
[2010/11/20 19:11:53 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Free iPad Video Converter
[2012/03/05 18:00:06 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\gotomaxx
[2010/11/01 17:52:01 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Gutscheinmieze
[2010/12/24 09:17:43 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Leadertech
[2011/01/15 23:18:18 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Map Maker
[2012/02/17 10:05:21 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\MyHeritage
[2012/01/15 18:01:25 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Pavtube
[2010/11/01 17:55:58 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\SoftGrid Client
[2012/02/17 09:48:24 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2010/09/09 19:05:38 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\TP
[2012/07/19 11:10:23 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Vso
[2010/09/19 18:53:54 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\XMedia Recode
[2012/07/13 16:56:30 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/04/05 14:16:03 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Adobe
[2010/10/29 16:01:14 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\AliceHilfe
[2012/01/25 17:44:45 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Apple Computer
[2011/11/29 15:49:40 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Avira
[2012/07/18 12:41:21 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\AVS4YOU
[2010/11/16 19:34:38 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Cisco
[2010/10/08 16:37:02 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\CyberLink
[2012/01/15 18:07:24 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\DVDVideoSoft
[2010/11/20 19:11:53 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Free iPad Video Converter
[2012/03/05 18:00:06 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\gotomaxx
[2010/11/01 17:52:01 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Gutscheinmieze
[2012/03/30 11:14:54 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\HP
[2012/05/27 18:39:01 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\HpUpdate
[2010/09/09 17:59:03 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Identities
[2010/09/09 17:59:27 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Intel Corporation
[2010/12/24 09:17:43 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Leadertech
[2010/09/10 10:58:11 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Macromedia
[2012/04/14 08:53:57 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Malwarebytes
[2011/01/15 23:18:18 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Map Maker
[2009/07/14 09:48:18 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Media Center Programs
[2011/12/15 17:50:28 | 000,000,000 | --SD | M] -- C:\Users\Nicole\AppData\Roaming\Microsoft
[2010/09/09 18:15:24 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Mozilla
[2012/02/17 10:05:21 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\MyHeritage
[2012/07/18 12:16:50 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\NVIDIA
[2012/01/15 18:01:25 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Pavtube
[2012/07/31 14:35:38 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Skype
[2012/02/27 21:18:51 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\skypePM
[2010/11/01 17:55:58 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\SoftGrid Client
[2012/02/17 09:48:24 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2010/09/09 19:05:38 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\TP
[2010/11/16 19:21:14 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\vlc
[2012/07/19 11:10:23 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Vso
[2010/09/19 18:53:54 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\XMedia Recode
 
< %APPDATA%\*.exe /s >
[2012/07/18 12:16:39 | 000,087,608 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\inst.exe
[2010/06/10 14:19:22 | 000,825,856 | ---- | M] (Synatix GmbH) -- C:\Users\Nicole\AppData\Roaming\Gutscheinmieze\uninstall.exe
[2010/12/24 09:17:43 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Nicole\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2011/12/21 18:38:42 | 000,113,680 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\MyHeritage\Bin\Convert\Convertor.exe
[2011/12/21 18:38:44 | 000,113,680 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\MyHeritage\Bin\Convert\ConvertorFDB.exe
[2011/12/21 18:38:46 | 000,047,104 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\MyHeritage\Bin\Convert\depcheck.exe
[2011/12/21 18:01:20 | 000,110,592 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\MyHeritage\Bin\Convert\gbtest.exe
[2011/12/21 18:01:34 | 000,058,896 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\MyHeritage\Bin\Detect\Detect.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2008/06/06 23:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2009/12/10 02:20:44 | 000,432,664 | ---- | M] (Intel Corporation) MD5=5A6C5876FB84418D08D67B8CAED5EFCF -- C:\Windows\System32\drivers\iaStor.sys
[2009/12/10 02:20:44 | 000,432,664 | ---- | M] (Intel Corporation) MD5=5A6C5876FB84418D08D67B8CAED5EFCF -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_b8fa525561a80e4a\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll
 
<          >

< End of report >

cosinus 31.07.2012 20:05
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://medion.msn.com [binary data]
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alice-dsl.de/selfcare/content/segment/kundencenter/
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.bestsecret.com/index.htm"
FF - prefs.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - user.js - File not found
[2010/10/07 19:01:55 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{277fca80-8183-11e0-81a2-0024210f9ef9}\Shell - "" = AutoRun
O33 - MountPoints2\{277fca80-8183-11e0-81a2-0024210f9ef9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
:Files
C:\Users\Nicole\Downloads\vlc-1.1.4-win32.exe
C:\Users\Nicole\AppData\Roaming\inst.exe
C:\Users\Nicole\AppData\Roaming\Gutscheinmieze
c:\user.js
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Kleineunifee 31.07.2012 20:28
Code:
All processes killed
========== OTL ==========
HKU\S-1-5-21-2369891443-1425051336-381616636-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2369891443-1425051336-381616636-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2369891443-1425051336-381616636-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKU\S-1-5-21-2369891443-1425051336-381616636-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "foxsearch" removed from browser.search.defaultenginename
Prefs.js: "foxsearch" removed from browser.search.order.1
Prefs.js: "foxsearch" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "https://www.bestsecret.com/index.htm" removed from browser.startup.homepage
Prefs.js: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
C:\Program Files\mozilla firefox\searchplugins\foxsearch.src moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_USERS\S-1-5-21-2369891443-1425051336-381616636-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-2369891443-1425051336-381616636-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{277fca80-8183-11e0-81a2-0024210f9ef9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{277fca80-8183-11e0-81a2-0024210f9ef9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{277fca80-8183-11e0-81a2-0024210f9ef9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{277fca80-8183-11e0-81a2-0024210f9ef9}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found.
File J:\LaunchU3.exe -a not found.
========== FILES ==========
File\Folder C:\Users\Nicole\Downloads\vlc-1.1.4-win32.exe not found.
C:\Users\Nicole\AppData\Roaming\inst.exe moved successfully.
C:\Users\Nicole\AppData\Roaming\Gutscheinmieze folder moved successfully.
File\Folder c:\user.js not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Nicole
->Temp folder emptied: 53045771 bytes
->Temporary Internet Files folder emptied: 161932024 bytes
->Java cache emptied: 9809624 bytes
->FireFox cache emptied: 221974689 bytes
->Apple Safari cache emptied: 3724288 bytes
->Flash cache emptied: 84391 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 117424741 bytes
RecycleBin emptied: 2717960014 bytes
 
Total Files Cleaned = 3,134.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Nicole
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.55.0 log created on 07312012_211826

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 01.08.2012 19:22
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Kleineunifee 01.08.2012 20:11
Hier der Logfile vom TDSS-Killer

Code:
21:03:27.0015 4924        TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
21:03:27.0327 4924        ============================================================
21:03:27.0327 4924        Current date / time: 2012/08/01 21:03:27.0327
21:03:27.0327 4924        SystemInfo:
21:03:27.0327 4924       
21:03:27.0327 4924        OS Version: 6.1.7601 ServicePack: 1.0
21:03:27.0327 4924        Product type: Workstation
21:03:27.0327 4924        ComputerName: NICOLE-PC
21:03:27.0327 4924        UserName: Nicole
21:03:27.0327 4924        Windows directory: C:\Windows
21:03:27.0327 4924        System windows directory: C:\Windows
21:03:27.0327 4924        Processor architecture: Intel x86
21:03:27.0327 4924        Number of processors: 2
21:03:27.0327 4924        Page size: 0x1000
21:03:27.0327 4924        Boot type: Normal boot
21:03:27.0327 4924        ============================================================
21:03:28.0669 4924        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:03:28.0700 4924        ============================================================
21:03:28.0700 4924        \Device\Harddisk0\DR0:
21:03:28.0700 4924        MBR partitions:
21:03:28.0700 4924        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:03:28.0700 4924        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x36553000
21:03:28.0700 4924        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x36585800, BlocksNum 0x3C00000
21:03:28.0700 4924        ============================================================
21:03:28.0778 4924        C: <-> \Device\Harddisk0\DR0\Partition1
21:03:28.0856 4924        D: <-> \Device\Harddisk0\DR0\Partition2
21:03:28.0856 4924        ============================================================
21:03:28.0856 4924        Initialize success
21:03:28.0856 4924        ============================================================
21:04:23.0206 1444        ============================================================
21:04:23.0206 1444        Scan started
21:04:23.0206 1444        Mode: Manual; SigCheck; TDLFS;
21:04:23.0206 1444        ============================================================
21:04:23.0534 1444        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:04:23.0628 1444        1394ohci - ok
21:04:23.0706 1444        3xHybrid        (55e1acba424e14af3523df741d86f60a) C:\Windows\system32\DRIVERS\3xHybrid.sys
21:04:23.0768 1444        3xHybrid - ok
21:04:23.0830 1444        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:04:23.0830 1444        ACPI - ok
21:04:23.0862 1444        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:04:23.0924 1444        AcpiPmi - ok
21:04:24.0064 1444        AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:04:24.0064 1444        AdobeARMservice - ok
21:04:24.0142 1444        AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:04:24.0158 1444        AdobeFlashPlayerUpdateSvc - ok
21:04:24.0220 1444        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:04:24.0267 1444        adp94xx - ok
21:04:24.0298 1444        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:04:24.0330 1444        adpahci - ok
21:04:24.0361 1444        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:04:24.0361 1444        adpu320 - ok
21:04:24.0408 1444        AeLookupSvc    (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
21:04:24.0454 1444        AeLookupSvc - ok
21:04:24.0517 1444        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:04:24.0595 1444        AFD - ok
21:04:24.0626 1444        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:04:24.0642 1444        agp440 - ok
21:04:24.0673 1444        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:04:24.0688 1444        aic78xx - ok
21:04:24.0720 1444        ALG            (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
21:04:24.0751 1444        ALG - ok
21:04:24.0766 1444        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:04:24.0782 1444        aliide - ok
21:04:24.0798 1444        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:04:24.0813 1444        amdagp - ok
21:04:24.0829 1444        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:04:24.0844 1444        amdide - ok
21:04:24.0844 1444        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:04:24.0891 1444        AmdK8 - ok
21:04:24.0891 1444        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:04:24.0938 1444        AmdPPM - ok
21:04:24.0969 1444        amdsata        (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:04:24.0985 1444        amdsata - ok
21:04:25.0016 1444        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:04:25.0032 1444        amdsbs - ok
21:04:25.0047 1444        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:04:25.0063 1444        amdxata - ok
21:04:25.0156 1444        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:04:25.0156 1444        AntiVirSchedulerService - ok
21:04:25.0203 1444        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:04:25.0219 1444        AntiVirService - ok
21:04:25.0266 1444        AnyDVD          (486cf73f183e7adc5575fcd47f9fb1af) C:\Windows\system32\Drivers\AnyDVD.sys
21:04:25.0266 1444        AnyDVD - ok
21:04:25.0297 1444        AppID          (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:04:25.0406 1444        AppID - ok
21:04:25.0453 1444        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
21:04:25.0500 1444        AppIDSvc - ok
21:04:25.0546 1444        Appinfo        (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
21:04:25.0593 1444        Appinfo - ok
21:04:25.0734 1444        Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:04:25.0734 1444        Apple Mobile Device - ok
21:04:25.0796 1444        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:04:25.0796 1444        arc - ok
21:04:25.0843 1444        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:04:25.0843 1444        arcsas - ok
21:04:25.0890 1444        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:04:25.0968 1444        AsyncMac - ok
21:04:26.0030 1444        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:04:26.0030 1444        atapi - ok
21:04:26.0077 1444        AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:04:26.0108 1444        AudioEndpointBuilder - ok
21:04:26.0124 1444        Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:04:26.0139 1444        Audiosrv - ok
21:04:26.0202 1444        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
21:04:26.0202 1444        avgntflt - ok
21:04:26.0295 1444        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
21:04:26.0311 1444        avipbb - ok
21:04:26.0358 1444        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
21:04:26.0358 1444        avkmgr - ok
21:04:26.0404 1444        AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
21:04:26.0467 1444        AxInstSV - ok
21:04:26.0529 1444        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:04:26.0592 1444        b06bdrv - ok
21:04:26.0623 1444        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:04:26.0670 1444        b57nd60x - ok
21:04:26.0794 1444        BBSvc          (01a24b415926bb5f772dbe12459d97de) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
21:04:26.0810 1444        BBSvc - ok
21:04:26.0857 1444        BBUpdate        (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
21:04:26.0872 1444        BBUpdate - ok
21:04:26.0904 1444        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
21:04:26.0966 1444        BDESVC - ok
21:04:26.0997 1444        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:04:27.0028 1444        Beep - ok
21:04:27.0075 1444        BFE            (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
21:04:27.0153 1444        BFE - ok
21:04:27.0231 1444        BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
21:04:27.0340 1444        BITS - ok
21:04:27.0387 1444        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:04:27.0403 1444        blbdrive - ok
21:04:27.0512 1444        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:04:27.0528 1444        Bonjour Service - ok
21:04:27.0543 1444        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:04:27.0574 1444        bowser - ok
21:04:27.0606 1444        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:04:27.0637 1444        BrFiltLo - ok
21:04:27.0668 1444        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:04:27.0699 1444        BrFiltUp - ok
21:04:27.0730 1444        Browser        (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
21:04:27.0762 1444        Browser - ok
21:04:27.0777 1444        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:04:27.0824 1444        Brserid - ok
21:04:27.0855 1444        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:04:27.0886 1444        BrSerWdm - ok
21:04:27.0918 1444        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:04:27.0933 1444        BrUsbMdm - ok
21:04:27.0949 1444        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:04:27.0980 1444        BrUsbSer - ok
21:04:27.0996 1444        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:04:28.0027 1444        BTHMODEM - ok
21:04:28.0074 1444        bthserv        (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
21:04:28.0105 1444        bthserv - ok
21:04:28.0152 1444        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:04:28.0183 1444        cdfs - ok
21:04:28.0214 1444        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
21:04:28.0245 1444        cdrom - ok
21:04:28.0276 1444        CertPropSvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:04:28.0308 1444        CertPropSvc - ok
21:04:28.0323 1444        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:04:28.0370 1444        circlass - ok
21:04:28.0401 1444        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:04:28.0432 1444        CLFS - ok
21:04:28.0479 1444        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:04:28.0479 1444        clr_optimization_v2.0.50727_32 - ok
21:04:28.0542 1444        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:04:28.0588 1444        clr_optimization_v4.0.30319_32 - ok
21:04:28.0620 1444        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:04:28.0651 1444        CmBatt - ok
21:04:28.0651 1444        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:04:28.0666 1444        cmdide - ok
21:04:28.0713 1444        CNG            (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
21:04:28.0729 1444        CNG - ok
21:04:28.0760 1444        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:04:28.0760 1444        Compbatt - ok
21:04:28.0807 1444        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:04:28.0838 1444        CompositeBus - ok
21:04:28.0854 1444        COMSysApp - ok
21:04:28.0869 1444        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:04:28.0885 1444        crcdisk - ok
21:04:28.0916 1444        CryptSvc        (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
21:04:28.0947 1444        CryptSvc - ok
21:04:28.0994 1444        CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
21:04:29.0041 1444        CVirtA - ok
21:04:29.0072 1444        DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:04:29.0088 1444        DcomLaunch - ok
21:04:29.0119 1444        defragsvc      (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
21:04:29.0166 1444        defragsvc - ok
21:04:29.0197 1444        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:04:29.0228 1444        DfsC - ok
21:04:29.0259 1444        Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
21:04:29.0290 1444        Dhcp - ok
21:04:29.0306 1444        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:04:29.0337 1444        discache - ok
21:04:29.0368 1444        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:04:29.0384 1444        Disk - ok
21:04:29.0400 1444        DNE            (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
21:04:29.0415 1444        DNE - ok
21:04:29.0462 1444        Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
21:04:29.0493 1444        Dnscache - ok
21:04:29.0524 1444        dot3svc        (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
21:04:29.0618 1444        dot3svc - ok
21:04:29.0680 1444        Dot4            (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
21:04:29.0712 1444        Dot4 - ok
21:04:29.0743 1444        Dot4Print      (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:04:29.0774 1444        Dot4Print - ok
21:04:29.0805 1444        dot4usb        (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
21:04:29.0821 1444        dot4usb - ok
21:04:29.0852 1444        DPS            (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
21:04:29.0899 1444        DPS - ok
21:04:29.0930 1444        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:04:29.0946 1444        drmkaud - ok
21:04:30.0008 1444        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:04:30.0024 1444        DXGKrnl - ok
21:04:30.0086 1444        e1express      (0535bfbedb9378ddd15bdf9957d57d71) C:\Windows\system32\DRIVERS\e1e6232.sys
21:04:30.0102 1444        e1express - ok
21:04:30.0117 1444        EapHost        (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
21:04:30.0180 1444        EapHost - ok
21:04:30.0460 1444        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:04:30.0523 1444        ebdrv - ok
21:04:30.0632 1444        EFS            (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
21:04:30.0663 1444        EFS - ok
21:04:30.0772 1444        ehRecvr        (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
21:04:30.0850 1444        ehRecvr - ok
21:04:30.0897 1444        ehSched        (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
21:04:30.0928 1444        ehSched - ok
21:04:31.0006 1444        ElbyCDIO        (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
21:04:31.0022 1444        ElbyCDIO - ok
21:04:31.0084 1444        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:04:31.0116 1444        elxstor - ok
21:04:31.0147 1444        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:04:31.0162 1444        ErrDev - ok
21:04:31.0209 1444        EventSystem    (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
21:04:31.0240 1444        EventSystem - ok
21:04:31.0287 1444        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:04:31.0303 1444        exfat - ok
21:04:31.0350 1444        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:04:31.0412 1444        fastfat - ok
21:04:31.0490 1444        Fax            (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
21:04:31.0568 1444        Fax - ok
21:04:31.0584 1444        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:04:31.0615 1444        fdc - ok
21:04:31.0630 1444        fdPHost        (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
21:04:31.0662 1444        fdPHost - ok
21:04:31.0708 1444        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
21:04:31.0755 1444        FDResPub - ok
21:04:31.0786 1444        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:04:31.0802 1444        FileInfo - ok
21:04:31.0818 1444        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:04:31.0833 1444        Filetrace - ok
21:04:31.0880 1444        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:04:31.0896 1444        flpydisk - ok
21:04:31.0927 1444        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:04:31.0942 1444        FltMgr - ok
21:04:32.0005 1444        FontCache      (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
21:04:32.0052 1444        FontCache - ok
21:04:32.0114 1444        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:04:32.0130 1444        FontCache3.0.0.0 - ok
21:04:32.0145 1444        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:04:32.0145 1444        FsDepends - ok
21:04:32.0176 1444        Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
21:04:32.0192 1444        Fs_Rec - ok
21:04:32.0223 1444        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:04:32.0239 1444        fvevol - ok
21:04:32.0270 1444        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:04:32.0286 1444        gagp30kx - ok
21:04:32.0317 1444        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:04:32.0332 1444        GEARAspiWDM - ok
21:04:32.0364 1444        gpsvc          (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
21:04:32.0395 1444        gpsvc - ok
21:04:32.0442 1444        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:04:32.0473 1444        hcw85cir - ok
21:04:32.0535 1444        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
21:04:32.0566 1444        HdAudAddService - ok
21:04:32.0582 1444        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:04:32.0613 1444        HDAudBus - ok
21:04:32.0613 1444        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:04:32.0629 1444        HidBatt - ok
21:04:32.0660 1444        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:04:32.0691 1444        HidBth - ok
21:04:32.0722 1444        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:04:32.0738 1444        HidIr - ok
21:04:32.0769 1444        hidserv        (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
21:04:32.0800 1444        hidserv - ok
21:04:32.0832 1444        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
21:04:32.0847 1444        HidUsb - ok
21:04:32.0878 1444        hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
21:04:32.0910 1444        hkmsvc - ok
21:04:32.0925 1444        HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
21:04:32.0956 1444        HomeGroupListener - ok
21:04:32.0988 1444        HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
21:04:33.0003 1444        HomeGroupProvider - ok
21:04:33.0580 1444        hpqcxs08        (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:04:33.0612 1444        hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
21:04:33.0612 1444        hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
21:04:33.0643 1444        hpqddsvc        (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:04:33.0658 1444        hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
21:04:33.0658 1444        hpqddsvc - detected UnsignedFile.Multi.Generic (1)
21:04:33.0690 1444        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:04:33.0705 1444        HpSAMD - ok
21:04:33.0783 1444        HPSLPSVC        (79737e0f7d25de8405cb34d4c9882253) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
21:04:33.0830 1444        HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
21:04:33.0830 1444        HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
21:04:33.0877 1444        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:04:33.0924 1444        HTTP - ok
21:04:33.0955 1444        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:04:33.0970 1444        hwpolicy - ok
21:04:34.0017 1444        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:04:34.0064 1444        i8042prt - ok
21:04:34.0142 1444        IAMT03          (c7a9cd6b23c13433bc35c829003b41fa) C:\Windows\system32\DRIVERS\IAMT03.sys
21:04:34.0142 1444        IAMT03 - ok
21:04:34.0173 1444        IAMTV          (739757b5da9963f3effc4e4b42653949) C:\Windows\system32\DRIVERS\IAMTV.sys
21:04:34.0189 1444        IAMTV - ok
21:04:34.0220 1444        IAMTXP          (31ebce32fa98e51e21747b7efb16f281) C:\Windows\system32\DRIVERS\IAMTXP.sys
21:04:34.0220 1444        IAMTXP - ok
21:04:34.0282 1444        iaStor          (5a6c5876fb84418d08d67b8caed5efcf) C:\Windows\system32\DRIVERS\iaStor.sys
21:04:34.0298 1444        iaStor - ok
21:04:34.0376 1444        IAStorDataMgrSvc (de9560e9703bfe1bd08014a406be0033) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:04:34.0392 1444        IAStorDataMgrSvc - ok
21:04:34.0470 1444        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:04:34.0501 1444        iaStorV - ok
21:04:34.0672 1444        idsvc          (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:04:34.0704 1444        idsvc - ok
21:04:34.0828 1444        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:04:34.0844 1444        iirsp - ok
21:04:34.0938 1444        IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
21:04:35.0000 1444        IKEEXT - ok
21:04:35.0203 1444        IntcAzAudAddService (f4427e5df32cde359b2e2e5512d18001) C:\Windows\system32\drivers\RTKVHDA.sys
21:04:35.0296 1444        IntcAzAudAddService - ok
21:04:35.0530 1444        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:04:35.0546 1444        intelide - ok
21:04:35.0577 1444        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:04:35.0593 1444        intelppm - ok
21:04:35.0624 1444        IPBusEnum      (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
21:04:35.0686 1444        IPBusEnum - ok
21:04:35.0702 1444        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:04:35.0733 1444        IpFilterDriver - ok
21:04:35.0780 1444        iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
21:04:35.0827 1444        iphlpsvc - ok
21:04:35.0858 1444        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:04:35.0889 1444        IPMIDRV - ok
21:04:35.0889 1444        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:04:35.0936 1444        IPNAT - ok
21:04:36.0076 1444        iPod Service    (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
21:04:36.0108 1444        iPod Service - ok
21:04:36.0123 1444        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:04:36.0170 1444        IRENUM - ok
21:04:36.0201 1444        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:04:36.0217 1444        isapnp - ok
21:04:36.0232 1444        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:04:36.0264 1444        iScsiPrt - ok
21:04:36.0279 1444        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
21:04:36.0295 1444        kbdclass - ok
21:04:36.0326 1444        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
21:04:36.0357 1444        kbdhid - ok
21:04:36.0388 1444        KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:04:36.0404 1444        KeyIso - ok
21:04:36.0435 1444        KSecDD          (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
21:04:36.0451 1444        KSecDD - ok
21:04:36.0466 1444        KSecPkg        (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
21:04:36.0482 1444        KSecPkg - ok
21:04:36.0529 1444        KtmRm          (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
21:04:36.0591 1444        KtmRm - ok
21:04:36.0622 1444        LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
21:04:36.0669 1444        LanmanServer - ok
21:04:36.0700 1444        LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
21:04:36.0747 1444        LanmanWorkstation - ok
21:04:36.0778 1444        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:04:36.0825 1444        lltdio - ok
21:04:36.0841 1444        lltdsvc        (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
21:04:36.0903 1444        lltdsvc - ok
21:04:36.0919 1444        lmhosts        (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
21:04:36.0934 1444        lmhosts - ok
21:04:36.0981 1444        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:04:36.0981 1444        LSI_FC - ok
21:04:37.0059 1444        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:04:37.0075 1444        LSI_SAS - ok
21:04:37.0106 1444        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:04:37.0106 1444        LSI_SAS2 - ok
21:04:37.0137 1444        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:04:37.0153 1444        LSI_SCSI - ok
21:04:37.0168 1444        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:04:37.0200 1444        luafv - ok
21:04:37.0262 1444        LVPr2Mon        (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
21:04:37.0262 1444        LVPr2Mon - ok
21:04:37.0309 1444        LVRS            (7521c0c58ee91be90b6cc33e792d10c7) C:\Windows\system32\DRIVERS\lvrs.sys
21:04:37.0324 1444        LVRS - ok
21:04:37.0605 1444        LVUVC          (37e57c48af530df01cdd4e8a2ad77b51) C:\Windows\system32\DRIVERS\lvuvc.sys
21:04:37.0699 1444        LVUVC - ok
21:04:37.0980 1444        Mcx2Svc        (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
21:04:37.0995 1444        Mcx2Svc - ok
21:04:38.0026 1444        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:04:38.0042 1444        megasas - ok
21:04:38.0089 1444        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:04:38.0104 1444        MegaSR - ok
21:04:38.0198 1444        Microsoft SharePoint Workspace Audit Service - ok
21:04:38.0229 1444        MMCSS          (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:04:38.0292 1444        MMCSS - ok
21:04:38.0307 1444        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:04:38.0338 1444        Modem - ok
21:04:38.0370 1444        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:04:38.0385 1444        monitor - ok
21:04:38.0401 1444        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
21:04:38.0416 1444        mouclass - ok
21:04:38.0448 1444        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:04:38.0463 1444        mouhid - ok
21:04:38.0479 1444        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:04:38.0494 1444        mountmgr - ok
21:04:38.0541 1444        MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:04:38.0557 1444        MozillaMaintenance - ok
21:04:38.0572 1444        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:04:38.0588 1444        mpio - ok
21:04:38.0619 1444        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:04:38.0666 1444        mpsdrv - ok
21:04:38.0728 1444        MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
21:04:38.0775 1444        MpsSvc - ok
21:04:38.0806 1444        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:04:38.0838 1444        MRxDAV - ok
21:04:38.0884 1444        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:04:38.0931 1444        mrxsmb - ok
21:04:38.0947 1444        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:04:38.0978 1444        mrxsmb10 - ok
21:04:39.0009 1444        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:04:39.0025 1444        mrxsmb20 - ok
21:04:39.0056 1444        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:04:39.0056 1444        msahci - ok
21:04:39.0072 1444        msdsm          (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:04:39.0087 1444        msdsm - ok
21:04:39.0118 1444        MSDTC          (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
21:04:39.0134 1444        MSDTC - ok
21:04:39.0165 1444        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:04:39.0196 1444        Msfs - ok
21:04:39.0212 1444        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:04:39.0259 1444        mshidkmdf - ok
21:04:39.0274 1444        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:04:39.0290 1444        msisadrv - ok
21:04:39.0306 1444        MSiSCSI        (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
21:04:39.0337 1444        MSiSCSI - ok
21:04:39.0337 1444        msiserver - ok
21:04:39.0352 1444        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:04:39.0384 1444        MSKSSRV - ok
21:04:39.0399 1444        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:04:39.0446 1444        MSPCLOCK - ok
21:04:39.0462 1444        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:04:39.0508 1444        MSPQM - ok
21:04:39.0524 1444        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:04:39.0524 1444        MsRPC - ok
21:04:39.0540 1444        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:04:39.0555 1444        mssmbios - ok
21:04:39.0571 1444        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:04:39.0586 1444        MSTEE - ok
21:04:39.0602 1444        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:04:39.0633 1444        MTConfig - ok
21:04:39.0633 1444        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:04:39.0649 1444        Mup - ok
21:04:39.0680 1444        napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
21:04:39.0711 1444        napagent - ok
21:04:39.0758 1444        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:04:39.0789 1444        NativeWifiP - ok
21:04:39.0867 1444        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:04:39.0883 1444        NDIS - ok
21:04:39.0898 1444        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:04:39.0930 1444        NdisCap - ok
21:04:39.0945 1444        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:04:39.0992 1444        NdisTapi - ok
21:04:40.0039 1444        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:04:40.0070 1444        Ndisuio - ok
21:04:40.0086 1444        NdisWan        (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:04:40.0117 1444        NdisWan - ok
21:04:40.0132 1444        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:04:40.0164 1444        NDProxy - ok
21:04:40.0210 1444        Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
21:04:40.0242 1444        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:04:40.0242 1444        Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:04:40.0257 1444        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:04:40.0288 1444        NetBIOS - ok
21:04:40.0320 1444        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:04:40.0366 1444        NetBT - ok
21:04:40.0398 1444        Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:04:40.0398 1444        Netlogon - ok
21:04:40.0476 1444        Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
21:04:40.0507 1444        Netman - ok
21:04:40.0522 1444        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
21:04:40.0538 1444        netprofm - ok
21:04:40.0616 1444        netr28u        (27ee4b406e2f26f6117a9a420bd4cb65) C:\Windows\system32\DRIVERS\netr28u.sys
21:04:40.0678 1444        netr28u - ok
21:04:40.0741 1444        NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:04:40.0756 1444        NetTcpPortSharing - ok
21:04:40.0788 1444        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:04:40.0788 1444        nfrd960 - ok
21:04:40.0834 1444        NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
21:04:40.0881 1444        NlaSvc - ok
21:04:40.0897 1444        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:04:40.0944 1444        Npfs - ok
21:04:40.0990 1444        NPF_devolo      (75ac610a7481cb1f343dc971249bcb19) C:\Windows\system32\drivers\npf_devolo.sys
21:04:41.0006 1444        NPF_devolo ( UnsignedFile.Multi.Generic ) - warning
21:04:41.0006 1444        NPF_devolo - detected UnsignedFile.Multi.Generic (1)
21:04:41.0037 1444        nsi            (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
21:04:41.0068 1444        nsi - ok
21:04:41.0084 1444        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:04:41.0115 1444        nsiproxy - ok
21:04:41.0193 1444        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:04:41.0224 1444        Ntfs - ok
21:04:41.0365 1444        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:04:41.0412 1444        Null - ok
21:04:42.0036 1444        nvlddmkm        (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:04:42.0192 1444        nvlddmkm - ok
21:04:42.0535 1444        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:04:42.0550 1444        nvraid - ok
21:04:42.0597 1444        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:04:42.0613 1444        nvstor - ok
21:04:42.0660 1444        nvsvc          (c1303870d5f9ead4beb68559aab7a87b) C:\Windows\system32\nvvsvc.exe
21:04:42.0660 1444        nvsvc - ok
21:04:42.0691 1444        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:04:42.0691 1444        nv_agp - ok
21:04:42.0722 1444        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:04:42.0738 1444        ohci1394 - ok
21:04:42.0800 1444        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:04:42.0800 1444        ose - ok
21:04:43.0221 1444        osppsvc        (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:04:43.0330 1444        osppsvc - ok
21:04:43.0642 1444        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:04:43.0674 1444        p2pimsvc - ok
21:04:43.0720 1444        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
21:04:43.0752 1444        p2psvc - ok
21:04:43.0814 1444        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:04:43.0861 1444        Parport - ok
21:04:43.0892 1444        partmgr        (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
21:04:43.0908 1444        partmgr - ok
21:04:43.0923 1444        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:04:43.0954 1444        Parvdm - ok
21:04:43.0954 1444        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
21:04:43.0986 1444        PcaSvc - ok
21:04:44.0017 1444        pci            (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:04:44.0032 1444        pci - ok
21:04:44.0048 1444        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:04:44.0048 1444        pciide - ok
21:04:44.0079 1444        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:04:44.0095 1444        pcmcia - ok
21:04:44.0142 1444        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:04:44.0157 1444        pcw - ok
21:04:44.0204 1444        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:04:44.0266 1444        PEAUTH - ok
21:04:44.0407 1444        Ph3xIB32        (8b7aec0aba77de5d2feac1824c15a3fa) C:\Windows\system32\DRIVERS\Ph3xIB32.sys
21:04:44.0454 1444        Ph3xIB32 - ok
21:04:44.0688 1444        pla            (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
21:04:44.0750 1444        pla - ok
21:04:44.0859 1444        PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
21:04:44.0906 1444        PlugPlay - ok
21:04:44.0937 1444        Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
21:04:44.0953 1444        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:04:44.0953 1444        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:04:44.0984 1444        PNRPAutoReg    (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
21:04:45.0000 1444        PNRPAutoReg - ok
21:04:45.0015 1444        PNRPsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:04:45.0046 1444        PNRPsvc - ok
21:04:45.0078 1444        PolicyAgent    (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
21:04:45.0124 1444        PolicyAgent - ok
21:04:45.0156 1444        Power          (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
21:04:45.0202 1444        Power - ok
21:04:45.0265 1444        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:04:45.0296 1444        PptpMiniport - ok
21:04:45.0327 1444        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:04:45.0343 1444        Processor - ok
21:04:45.0390 1444        ProfSvc        (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
21:04:45.0421 1444        ProfSvc - ok
21:04:45.0436 1444        ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:04:45.0452 1444        ProtectedStorage - ok
21:04:45.0483 1444        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:04:45.0514 1444        Psched - ok
21:04:45.0592 1444        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:04:45.0655 1444        ql2300 - ok
21:04:45.0920 1444        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:04:45.0936 1444        ql40xx - ok
21:04:45.0982 1444        QWAVE          (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
21:04:46.0014 1444        QWAVE - ok
21:04:46.0045 1444        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:04:46.0060 1444        QWAVEdrv - ok
21:04:46.0170 1444        RapiMgr        (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
21:04:46.0185 1444        RapiMgr - ok
21:04:46.0357 1444        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:04:46.0404 1444        RasAcd - ok
21:04:46.0435 1444        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:04:46.0482 1444        RasAgileVpn - ok
21:04:46.0497 1444        RasAuto        (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
21:04:46.0513 1444        RasAuto - ok
21:04:46.0544 1444        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:04:46.0575 1444        Rasl2tp - ok
21:04:46.0622 1444        RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
21:04:46.0669 1444        RasMan - ok
21:04:46.0684 1444        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:04:46.0716 1444        RasPppoe - ok
21:04:46.0747 1444        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:04:46.0778 1444        RasSstp - ok
21:04:46.0809 1444        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:04:46.0856 1444        rdbss - ok
21:04:46.0872 1444        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:04:46.0903 1444        rdpbus - ok
21:04:46.0934 1444        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:04:46.0950 1444        RDPCDD - ok
21:04:46.0981 1444        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:04:47.0012 1444        RDPENCDD - ok
21:04:47.0028 1444        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:04:47.0059 1444        RDPREFMP - ok
21:04:47.0090 1444        RDPWD          (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
21:04:47.0121 1444        RDPWD - ok
21:04:47.0168 1444        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:04:47.0184 1444        rdyboost - ok
21:04:47.0215 1444        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
21:04:47.0246 1444        RemoteAccess - ok
21:04:47.0308 1444        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
21:04:47.0371 1444        RemoteRegistry - ok
21:04:47.0480 1444        RichVideo      (616f6e52cae254727a886ba8eda1beea) C:\Program Files\CyberLink\Shared files\RichVideo.exe
21:04:47.0496 1444        RichVideo - ok
21:04:47.0542 1444        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
21:04:47.0574 1444        RpcEptMapper - ok
21:04:47.0589 1444        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
21:04:47.0605 1444        RpcLocator - ok
21:04:47.0667 1444        RpcSs          (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:04:47.0683 1444        RpcSs - ok
21:04:47.0730 1444        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:04:47.0761 1444        rspndr - ok
21:04:47.0776 1444        SamSs          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:04:47.0792 1444        SamSs - ok
21:04:47.0854 1444        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:04:47.0870 1444        sbp2port - ok
21:04:47.0917 1444        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
21:04:47.0948 1444        SCardSvr - ok
21:04:47.0995 1444        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:04:48.0026 1444        scfilter - ok
21:04:48.0073 1444        Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
21:04:48.0120 1444        Schedule - ok
21:04:48.0135 1444        SCPolicySvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:04:48.0151 1444        SCPolicySvc - ok
21:04:48.0198 1444        SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
21:04:48.0229 1444        SDRSVC - ok
21:04:48.0276 1444        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:04:48.0307 1444        secdrv - ok
21:04:48.0338 1444        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
21:04:48.0385 1444        seclogon - ok
21:04:48.0416 1444        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
21:04:48.0447 1444        SENS - ok
21:04:48.0463 1444        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
21:04:48.0494 1444        SensrSvc - ok
21:04:48.0541 1444        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:04:48.0556 1444        Serenum - ok
21:04:48.0588 1444        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:04:48.0603 1444        Serial - ok
21:04:48.0619 1444        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:04:48.0634 1444        sermouse - ok
21:04:48.0666 1444        SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
21:04:48.0712 1444        SessionEnv - ok
21:04:48.0728 1444        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:04:48.0759 1444        sffdisk - ok
21:04:48.0775 1444        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:04:48.0790 1444        sffp_mmc - ok
21:04:48.0806 1444        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:04:48.0822 1444        sffp_sd - ok
21:04:48.0853 1444        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:04:48.0868 1444        sfloppy - ok
21:04:48.0900 1444        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
21:04:48.0946 1444        SharedAccess - ok
21:04:48.0993 1444        ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
21:04:49.0024 1444        ShellHWDetection - ok
21:04:49.0024 1444        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:04:49.0040 1444        sisagp - ok
21:04:49.0087 1444        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:04:49.0102 1444        SiSRaid2 - ok
21:04:49.0118 1444        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:04:49.0134 1444        SiSRaid4 - ok
21:04:49.0290 1444        SkypeUpdate    (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files\Skype\Updater\Updater.exe
21:04:49.0305 1444        SkypeUpdate - ok
21:04:49.0336 1444        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:04:49.0352 1444        Smb - ok
21:04:49.0399 1444        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
21:04:49.0414 1444        SNMPTRAP - ok
21:04:49.0414 1444        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:04:49.0430 1444        spldr - ok
21:04:49.0461 1444        Spooler        (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
21:04:49.0492 1444        Spooler - ok
21:04:49.0680 1444        sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
21:04:49.0758 1444        sppsvc - ok
21:04:49.0945 1444        sppuinotify    (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
21:04:49.0976 1444        sppuinotify - ok
21:04:50.0024 1444        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:04:50.0071 1444        srv - ok
21:04:50.0102 1444        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:04:50.0133 1444        srv2 - ok
21:04:50.0149 1444        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:04:50.0164 1444        srvnet - ok
21:04:50.0195 1444        SSDPSRV        (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
21:04:50.0211 1444        SSDPSRV - ok
21:04:50.0242 1444        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
21:04:50.0258 1444        ssmdrv - ok
21:04:50.0273 1444        SstpSvc        (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
21:04:50.0289 1444        SstpSvc - ok
21:04:50.0320 1444        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:04:50.0320 1444        stexstor - ok
21:04:50.0383 1444        StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
21:04:50.0414 1444        StiSvc - ok
21:04:50.0445 1444        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:04:50.0445 1444        swenum - ok
21:04:50.0476 1444        swprv          (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
21:04:50.0523 1444        swprv - ok
21:04:50.0617 1444        SysMain        (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
21:04:50.0663 1444        SysMain - ok
21:04:50.0679 1444        TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
21:04:50.0726 1444        TabletInputService - ok
21:04:50.0757 1444        TapiSrv        (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
21:04:50.0804 1444        TapiSrv - ok
21:04:50.0819 1444        TBS            (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
21:04:50.0851 1444        TBS - ok
21:04:51.0101 1444        Tcpip          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
21:04:51.0148 1444        Tcpip - ok
21:04:51.0320 1444        TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
21:04:51.0351 1444        TCPIP6 - ok
21:04:51.0413 1444        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:04:51.0429 1444        tcpipreg - ok
21:04:51.0476 1444        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:04:51.0491 1444        TDPIPE - ok
21:04:51.0507 1444        TDTCP          (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
21:04:51.0522 1444        TDTCP - ok
21:04:51.0554 1444        tdx            (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:04:51.0585 1444        tdx - ok
21:04:51.0632 1444        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
21:04:51.0632 1444        TermDD - ok
21:04:51.0678 1444        TermService    (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
21:04:51.0725 1444        TermService - ok
21:04:51.0741 1444        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
21:04:51.0756 1444        Themes - ok
21:04:51.0788 1444        THREADORDER    (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:04:51.0803 1444        THREADORDER - ok
21:04:51.0834 1444        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
21:04:51.0866 1444        TrkWks - ok
21:04:51.0881 1444        TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
21:04:51.0912 1444        TrustedInstaller - ok
21:04:51.0944 1444        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:04:51.0975 1444        tssecsrv - ok
21:04:51.0990 1444        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:04:52.0038 1444        TsUsbFlt - ok
21:04:52.0069 1444        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:04:52.0116 1444        tunnel - ok
21:04:52.0147 1444        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:04:52.0163 1444        uagp35 - ok
21:04:52.0210 1444        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:04:52.0257 1444        udfs - ok
21:04:52.0272 1444        UI0Detect      (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
21:04:52.0288 1444        UI0Detect - ok
21:04:52.0303 1444        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:04:52.0319 1444        uliagpkx - ok
21:04:52.0350 1444        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
21:04:52.0366 1444        umbus - ok
21:04:52.0397 1444        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:04:52.0428 1444        UmPass - ok
21:04:52.0553 1444        UMVPFSrv        (927754abf077aeb5504be4e0f2c60c1b) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
21:04:52.0569 1444        UMVPFSrv - ok
21:04:52.0600 1444        upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
21:04:52.0615 1444        upnphost - ok
21:04:52.0678 1444        USBAAPL        (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
21:04:52.0725 1444        USBAAPL - ok
21:04:52.0740 1444        usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
21:04:52.0771 1444        usbaudio - ok
21:04:52.0818 1444        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
21:04:52.0865 1444        usbccgp - ok
21:04:52.0896 1444        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:04:52.0927 1444        usbcir - ok
21:04:52.0959 1444        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
21:04:52.0974 1444        usbehci - ok
21:04:53.0005 1444        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
21:04:53.0037 1444        usbhub - ok
21:04:53.0068 1444        usbohci        (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
21:04:53.0068 1444        usbohci - ok
21:04:53.0115 1444        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:04:53.0130 1444        usbprint - ok
21:04:53.0161 1444        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
21:04:53.0193 1444        usbscan - ok
21:04:53.0208 1444        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:04:53.0224 1444        USBSTOR - ok
21:04:53.0255 1444        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:04:53.0271 1444        usbuhci - ok
21:04:53.0302 1444        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
21:04:53.0302 1444        usbvideo - ok
21:04:53.0349 1444        UxSms          (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
21:04:53.0380 1444        UxSms - ok
21:04:53.0411 1444        VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:04:53.0411 1444        VaultSvc - ok
21:04:53.0473 1444        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:04:53.0473 1444        vdrvroot - ok
21:04:53.0520 1444        vds            (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
21:04:53.0567 1444        vds - ok
21:04:53.0583 1444        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:04:53.0614 1444        vga - ok
21:04:53.0629 1444        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:04:53.0676 1444        VgaSave - ok
21:04:53.0692 1444        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:04:53.0707 1444        vhdmp - ok
21:04:53.0739 1444        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:04:53.0754 1444        viaagp - ok
21:04:53.0770 1444        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:04:53.0785 1444        ViaC7 - ok
21:04:53.0817 1444        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:04:53.0817 1444        viaide - ok
21:04:53.0832 1444        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:04:53.0848 1444        volmgr - ok
21:04:53.0863 1444        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:04:53.0879 1444        volmgrx - ok
21:04:53.0910 1444        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:04:53.0926 1444        volsnap - ok
21:04:53.0941 1444        vpnva - ok
21:04:53.0988 1444        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:04:54.0004 1444        vsmraid - ok
21:04:54.0066 1444        VSS            (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
21:04:54.0113 1444        VSS - ok
21:04:54.0129 1444        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
21:04:54.0129 1444        vwifibus - ok
21:04:54.0160 1444        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
21:04:54.0191 1444        vwififlt - ok
21:04:54.0222 1444        vwifimp        (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
21:04:54.0238 1444        vwifimp - ok
21:04:54.0269 1444        W32Time        (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
21:04:54.0316 1444        W32Time - ok
21:04:54.0331 1444        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:04:54.0347 1444        WacomPen - ok
21:04:54.0378 1444        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:04:54.0409 1444        WANARP - ok
21:04:54.0409 1444        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:04:54.0425 1444        Wanarpv6 - ok
21:04:54.0503 1444        wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
21:04:54.0550 1444        wbengine - ok
21:04:54.0565 1444        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
21:04:54.0597 1444        WbioSrvc - ok
21:04:54.0675 1444        WcesComm        (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
21:04:54.0690 1444        WcesComm - ok
21:04:54.0737 1444        wcncsvc        (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
21:04:54.0753 1444        wcncsvc - ok
21:04:54.0768 1444        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
21:04:54.0799 1444        WcsPlugInService - ok
21:04:54.0846 1444        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:04:54.0862 1444        Wd - ok
21:04:54.0909 1444        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:04:54.0924 1444        Wdf01000 - ok
21:04:54.0940 1444        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:04:55.0018 1444        WdiServiceHost - ok
21:04:55.0018 1444        WdiSystemHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:04:55.0033 1444        WdiSystemHost - ok
21:04:55.0080 1444        WebClient      (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
21:04:55.0111 1444        WebClient - ok
21:04:55.0127 1444        Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
21:04:55.0189 1444        Wecsvc - ok
21:04:55.0189 1444        wercplsupport  (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
21:04:55.0236 1444        wercplsupport - ok
21:04:55.0252 1444        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
21:04:55.0283 1444        WerSvc - ok
21:04:55.0314 1444        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:04:55.0345 1444        WfpLwf - ok
21:04:55.0345 1444        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:04:55.0361 1444        WIMMount - ok
21:04:55.0439 1444        WinDefend      (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
21:04:55.0470 1444        WinDefend - ok
21:04:55.0470 1444        WinHttpAutoProxySvc - ok
21:04:55.0564 1444        Winmgmt        (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
21:04:55.0595 1444        Winmgmt - ok
21:04:55.0704 1444        WinRM          (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
21:04:55.0782 1444        WinRM - ok
21:04:55.0860 1444        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
21:04:55.0876 1444        WinUsb - ok
21:04:55.0938 1444        Wlansvc        (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
21:04:55.0969 1444        Wlansvc - ok
21:04:55.0985 1444        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:04:56.0016 1444        WmiAcpi - ok
21:04:56.0063 1444        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
21:04:56.0094 1444        wmiApSrv - ok
21:04:56.0203 1444        WMPNetworkSvc  (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:04:56.0266 1444        WMPNetworkSvc - ok
21:04:56.0344 1444        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
21:04:56.0359 1444        WPCSvc - ok
21:04:56.0391 1444        WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
21:04:56.0422 1444        WPDBusEnum - ok
21:04:56.0500 1444        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:04:56.0531 1444        ws2ifsl - ok
21:04:56.0547 1444        wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
21:04:56.0593 1444        wscsvc - ok
21:04:56.0593 1444        WSearch - ok
21:04:56.0749 1444        wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
21:04:56.0843 1444        wuauserv - ok
21:04:57.0015 1444        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:04:57.0030 1444        WudfPf - ok
21:04:57.0077 1444        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:04:57.0108 1444        WUDFRd - ok
21:04:57.0171 1444        wudfsvc        (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
21:04:57.0202 1444        wudfsvc - ok
21:04:57.0280 1444        WwanSvc        (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
21:04:57.0311 1444        WwanSvc - ok
21:04:57.0389 1444        X10Hid          (1f93fcb5bab3a921ecba522f63586f4a) C:\Windows\System32\Drivers\x10hid.sys
21:04:57.0389 1444        X10Hid - ok
21:04:57.0451 1444        x10nets        (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
21:04:57.0483 1444        x10nets ( UnsignedFile.Multi.Generic ) - warning
21:04:57.0483 1444        x10nets - detected UnsignedFile.Multi.Generic (1)
21:04:57.0514 1444        XUIF            (378dc1b0b1f62a7488ee8d31a3c6e949) C:\Windows\system32\Drivers\x10ufx2.sys
21:04:57.0514 1444        XUIF - ok
21:04:57.0639 1444        {B154377D-700F-42cc-9474-23858FBDF4BD} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD9\000.fcl
21:04:57.0654 1444        {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
21:04:57.0685 1444        MBR (0x1B8)    (8a1c59e4dfef87510470928550466632) \Device\Harddisk0\DR0
21:05:00.0665 1444        \Device\Harddisk0\DR0 - ok
21:05:00.0743 1444        Boot (0x1200)  (8ad828de918c42e830c0962d9840217b) \Device\Harddisk0\DR0\Partition0
21:05:00.0743 1444        \Device\Harddisk0\DR0\Partition0 - ok
21:05:00.0743 1444        Boot (0x1200)  (4f6c05a284900ce0a89d402782e3a3f0) \Device\Harddisk0\DR0\Partition1
21:05:00.0759 1444        \Device\Harddisk0\DR0\Partition1 - ok
21:05:00.0868 1444        Boot (0x1200)  (a474f720315e5c469854c11cae2a90fe) \Device\Harddisk0\DR0\Partition2
21:05:00.0868 1444        \Device\Harddisk0\DR0\Partition2 - ok
21:05:00.0868 1444        ============================================================
21:05:00.0868 1444        Scan finished
21:05:00.0868 1444        ============================================================
21:05:00.0868 0572        Detected object count: 7
21:05:00.0868 0572        Actual detected object count: 7
21:05:32.0193 0572        hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:32.0193 0572        hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:32.0193 0572        hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:32.0193 0572        hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:32.0193 0572        HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:32.0193 0572        HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:32.0193 0572        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:32.0193 0572        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:32.0193 0572        NPF_devolo ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:32.0193 0572        NPF_devolo ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:32.0193 0572        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:32.0193 0572        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:32.0193 0572        x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:32.0193 0572        x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
Wieso kann ich Avira nicht mehr aufrufen?
C:\Windows\WinSxS\x86_....\COMCTL32.dll ist entweder nicht für die Ausführung unter Windows vorgesehen oder enthält einen Fehler. Installieren Sie das Programm mit den Originalinstallationsmedien erneut, oder wenden Sie sich an den Systemadministrator....

cosinus 02.08.2012 14:36
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Kleineunifee 02.08.2012 16:04
Hier der Combofix-Logfile
Code:
ComboFix 12-07-31.03 - Nicole 02.08.2012  16:47:53.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3070.2026 [GMT 2:00]
ausgeführt von:: c:\users\Nicole\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-07-02 bis 2012-08-02  ))))))))))))))))))))))))))))))
.
.
2012-08-02 14:54 . 2012-08-02 14:54        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-07-31 19:18 . 2012-07-31 19:18        --------        d-----w-        C:\_OTL
2012-07-31 04:38 . 2012-07-16 00:41        6891424        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{57800DD0-8F48-43BC-93BB-DADAC61A25D3}\mpengine.dll
2012-07-30 13:13 . 2012-07-30 13:13        770384        ----a-w-        c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-30 13:13 . 2012-07-30 13:13        421200        ----a-w-        c:\program files\Mozilla Firefox\msvcp100.dll
2012-07-25 12:42 . 2012-07-25 12:42        --------        d-----w-        c:\program files\ESET
2012-07-24 16:48 . 2012-06-12 02:40        2345984        ----a-w-        c:\windows\system32\win32k.sys
2012-07-24 16:41 . 2012-06-06 05:05        143360        ----a-w-        c:\program files\Common Files\System\ado\msjro.dll
2012-07-19 09:43 . 2012-07-19 10:32        --------        d-----w-        c:\users\Nicole\blue rays muxed
2012-07-19 09:43 . 2012-07-19 09:45        --------        d-----w-        c:\users\Nicole\blue rays
2012-07-18 10:41 . 2012-07-18 10:41        --------        d-----w-        c:\users\Nicole\AppData\Roaming\AVS4YOU
2012-07-18 10:40 . 2012-07-18 10:41        --------        d-----w-        c:\programdata\AVS4YOU
2012-07-18 10:16 . 2012-07-18 10:16        --------        d-----w-        c:\users\Nicole\AppData\Roaming\NVIDIA
2012-07-18 10:16 . 2012-07-19 09:10        --------        d-----w-        c:\users\Nicole\AppData\Roaming\Vso
2012-07-18 10:16 . 2012-07-18 10:16        47360        ----a-w-        c:\users\Nicole\AppData\Roaming\pcouffin.sys
2012-07-18 10:16 . 2012-07-18 10:16        --------        d-----w-        c:\program files\vso
2012-07-18 10:04 . 2004-07-01 23:00        327749        ----a-w-        c:\windows\system32\drvc.dll
2012-07-18 10:03 . 2012-07-18 10:11        --------        d-----w-        c:\program files\eRightSoft
2012-07-04 16:58 . 2012-07-04 16:58        --------        d-----w-        c:\users\Nicole\AppData\Local\Macromedia
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-28 17:38 . 2012-03-30 07:21        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-07-28 17:38 . 2011-08-30 15:37        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 11:46 . 2012-04-14 06:53        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-25 14:04 . 2012-06-25 14:04        1394248        ----a-w-        c:\windows\system32\msxml4.dll
2012-06-02 22:19 . 2012-06-22 13:52        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 13:52        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 13:52        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 13:52        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 13:52        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 13:52        2422272        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 13:52        88576        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 13:52        171904        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-22 13:52        33792        ----a-w-        c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2010-05-12 07:21        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-05-18 10:17 . 2011-11-29 13:49        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-18 10:17 . 2011-11-29 13:49        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-07-14 09:31 . 2011-11-02 14:20        1456640        ----a-w-        c:\program files\Common Files\Falk Navi-Manager.msi
2012-07-31 19:24 . 2011-05-01 15:49        136672        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"AnyDVD"="c:\program files\Any DVD\AnyDVD\AnyDVDtray.exe" [2011-12-08 5529208]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-10 284696]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-07 8555040]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-01-19 75048]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-18 348624]
"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-12-21 229376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 IAMT03;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMT03.sys [x]
R3 IAMTV;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTV.sys [x]
R3 IAMTXP;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTXP.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/05/12 00:54];c:\program files\CyberLink\PowerDVD9\000.fcl [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 3xHybrid;CTX SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [x]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
HPService        REG_MULTI_SZ          HPSLPSVC
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\s5ke6d7e.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-BsScanner
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-08-02  16:56:47
ComboFix-quarantined-files.txt  2012-08-02 14:56
.
Vor Suchlauf: 7 Verzeichnis(se), 332.274.864.128 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 332.172.472.320 Bytes frei
.
- - End Of File - - 413F11C853110D9509380CA51578CDE3

cosinus 03.08.2012 15:12
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Kleineunifee 03.08.2012 19:20
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-03 18:52:28
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0
Running: hyqi66rr.exe; Driver: C:\Users\Nicole\AppData\Local\Temp\kxriqpog.sys


---- System - GMER 1.0.15 ----

SSDT            91288876                                                                                                                                                                                        ZwCreateSection
SSDT            91288880                                                                                                                                                                                        ZwRequestWaitReplyPort
SSDT            9128887B                                                                                                                                                                                        ZwSetContextThread
SSDT            91288885                                                                                                                                                                                        ZwSetSecurityObject
SSDT            9128888A                                                                                                                                                                                        ZwSystemDebugControl
SSDT            91288817                                                                                                                                                                                        ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                                                                                        82E913C9 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                                                          82ECAD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                                                                                              82ED1EAC 4 Bytes  [76, 88, 28, 91]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                                                                                              82ED2208 4 Bytes  [80, 88, 28, 91]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                                                                                              82ED224C 4 Bytes  [7B, 88, 28, 91]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                                                                                                              82ED22C8 4 Bytes  [85, 88, 28, 91]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                                                                                                              82ED231C 4 Bytes  [8A, 88, 28, 91]
.text          ...                                                                                                                                                                                             
.text          C:\Program Files\CyberLink\PowerDVD9\000.fcl                                                                                                                                                    section is writeable [0x82380000, 0x2892, 0xE8000020]
.vmp2          C:\Program Files\CyberLink\PowerDVD9\000.fcl                                                                                                                                                    entry point in ".vmp2" section [0x823A3050]

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                                                                                  [739B24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                                                                            [7399562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                                                                            [739956EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                                                                                  [739B2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                                                                                        [739A85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                                                                          [739A4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                                                                          [739A5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                                                                                        [739A51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                                                                                                [739A6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                                                                          [739A8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                                                                                    [739A8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                                                                                  [739A90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                                                                                        [739AE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                                                                            [739A4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\iaStor \Device\Ide\iaStor0                                                                                                                                                              AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                                                                                                                    AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-1                                                                                                                                                    AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                                                                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                                                                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                                                                                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004b                                                                                                                                                                halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume9                                                                                                                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Nicole\AppData\Local\Logitech\xae Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe  1

---- EOF - GMER 1.0.15 ----
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:04:42 on 03.08.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 14.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\Windows\System32\Drivers\AnyDVD.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\Nicole\AppData\Local\Temp\catchme.sys  (File not found)
"Cisco AnyConnect VPN Virtual Miniport Adapter for Windows" (vpnva) - ? - C:\Windows\System32\DRIVERS\vpnva.sys  (File not found)
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"kxriqpog" (kxriqpog) - ? - C:\Users\Nicole\AppData\Local\Temp\kxriqpog.sys  (Hidden registry entry, rootkit activity | File not found)
"NetGroup Packet Filter Driver (devolo)" (NPF_devolo) - "CACE Technologies" - C:\Windows\system32\drivers\npf_devolo.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\MLSHEXT.DLL
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AnyDVD" - "SlySoft, Inc." - C:\Program Files\Any DVD\AnyDVD\AnyDVDtray.exe
"ApplePhotoStreams" - "Apple Inc." - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
"iCloudServices" - "Apple Inc." - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
"MobileDocuments" - "Apple Inc." - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
"OfficeSyncProcess" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BCSSync" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"BDRegion" - "cyberlink" - C:\Program Files\Cyberlink\Shared files\brs.exe
"CLMLServer" - "CyberLink" - "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
"Family Tree Builder Update" - "MyHeritage" - C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"hpqSRMon" - "Hewlett-Packard" - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
"IAStorIcon" - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LWS" - "Logitech Inc." - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"GEngine Port Monitor" - ? - C:\Windows\system32\gengpmon.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"BBUpdate" (BBUpdate) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared files\RichVideo.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe
"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-03 20:00:04
-----------------------------
20:00:04.101    OS Version: Windows 6.1.7601 Service Pack 1
20:00:04.101    Number of processors: 2 586 0xF0B
20:00:04.101    ComputerName: NICOLE-PC  UserName: Nicole
20:00:05.411    Initialize success
20:00:09.483    AVAST engine defs: 12080300
20:00:17.033    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:00:17.033    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
20:00:17.096    Disk 0 MBR read successfully
20:00:17.096    Disk 0 MBR scan
20:00:17.096    Disk 0 unknown MBR code
20:00:17.174    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
20:00:17.236    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      445094 MB offset 206848
20:00:17.330    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        30720 MB offset 911759360
20:00:17.455    Disk 0 Partition 4 00    12  Compaq diag NTFS        1024 MB offset 974673920
20:00:17.564    Disk 0 scanning sectors +976771120
20:00:18.547    Disk 0 scanning C:\Windows\system32\drivers
20:03:41.124    Service scanning
20:03:59.690    Modules scanning
20:09:18.651    Disk 0 trace - called modules:
20:09:18.792    ntkrnlpa.exe CLASSPNP.SYS disk.sys AnyDVD.sys iaStor.sys halmacpi.dll
20:09:18.792    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87dc7720]
20:09:18.807    3 CLASSPNP.SYS[8b9ab59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85edc028]
20:09:18.807    Scan finished successfully
20:11:09.599    Disk 0 MBR has been saved successfully to "C:\Users\Nicole\Downloads\MBR.dat"
20:11:09.599    The log file has been saved successfully to "C:\Users\Nicole\Downloads\aswMBR.txt"

cosinus 03.08.2012 20:57
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

Kleineunifee 04.08.2012 08:11
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-04 09:09:26
-----------------------------
09:09:26.405    OS Version: Windows 6.1.7601 Service Pack 1
09:09:26.405    Number of processors: 2 586 0xF0B
09:09:26.405    ComputerName: NICOLE-PC  UserName: Nicole
09:09:27.185    Initialize success
09:09:31.195    AVAST engine defs: 12080300
09:09:37.313    Verifying
09:09:47.329    Disk 0 Windows 601 MBR fixed successfully
09:09:55.597    Disk 0 MBR has been saved successfully to "C:\Users\Nicole\Downloads\MBR.dat"
09:09:55.597    The log file has been saved successfully to "C:\Users\Nicole\Downloads\aswMBR.txt"

cosinus 04.08.2012 14:17
Du solltest einen neuen Scan mit aswMBR machen, das ist nur das MBR-Fixlog!

Kleineunifee 04.08.2012 14:43
ups, das habe ich übersehen...
here it is:

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-04 15:38:41
-----------------------------
15:38:41.998    OS Version: Windows 6.1.7601 Service Pack 1
15:38:41.998    Number of processors: 2 586 0xF0B
15:38:41.998    ComputerName: NICOLE-PC  UserName: Nicole
15:38:44.900    Initialize success
15:38:48.909    AVAST engine defs: 12080300
15:38:53.745    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:38:53.745    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
15:38:53.761    Disk 0 MBR read successfully
15:38:53.761    Disk 0 MBR scan
15:38:53.761    Disk 0 Windows 7 default MBR code
15:38:53.823    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
15:38:53.839    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      445094 MB offset 206848
15:38:53.901    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        30720 MB offset 911759360
15:38:53.917    Disk 0 Partition 4 00    12  Compaq diag NTFS        1024 MB offset 974673920
15:38:53.917    Disk 0 scanning sectors +976771120
15:38:53.979    Disk 0 scanning C:\Windows\system32\drivers
15:39:08.940    Service scanning
15:39:28.971    Modules scanning
15:39:34.402    Disk 0 trace - called modules:
15:39:34.417    ntkrnlpa.exe CLASSPNP.SYS disk.sys AnyDVD.sys iaStor.sys halmacpi.dll
15:39:34.417    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87dc7758]
15:39:34.433    3 CLASSPNP.SYS[8b9a459e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85edc028]
15:39:34.433    Scan finished successfully
15:39:43.533    Disk 0 MBR has been saved successfully to "C:\Users\Nicole\Downloads\MBR.dat"
15:39:43.533    The log file has been saved successfully to "C:\Users\Nicole\Downloads\aswMBR.txt"

cosinus 04.08.2012 18:29
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Kleineunifee 04.08.2012 21:54
Wow, was für ein Scan...ich bin beeindruckt!
Hoffe, es ist aber nicht dramatisch ??

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/04/2012 at 10:48 PM

Application Version : 5.5.1012

Core Rules Database Version : 9012
Trace Rules Database Version: 6824

Scan type      : Complete Scan
Total Scan Time : 01:35:16

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 863
Memory threats detected  : 0
Registry items scanned    : 36342
Registry threats detected : 0
File items scanned        : 196316
File threats detected    : 411

Adware.Tracking Cookie
        C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\nicole@adx.chip[2].txt [ /adx.chip ]
        C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\nicole@imrworldwide[2].txt [ /imrworldwide ]
        C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\8P9BI0G0.txt [ /ad.zanox.com ]
        C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\60SH2F0W.txt [ /doubleclick.net ]
        C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\VSRDAR5A.txt [ /ad.dyntracker.de ]
        C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\TWJTDDFW.txt [ /serving-sys.com ]
        C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\E0L4WO85.txt [ /c.atdmt.com ]
        C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\A8OM5A1T.txt [ /ad1.adfarm1.adition.com ]
        C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\24DTWQED.txt [ /tracking.quisma.com ]
        C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\841Z571N.txt [ /adform.net ]
        C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\ZNHEJ0EL.txt [ /bs.serving-sys.com ]
        C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\ZVELLOVG.txt [ /ad3.adfarm1.adition.com ]
        C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\26TNSA4F.txt [ /fastclick.net ]
        C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\ZLF15XX4.txt [ /mediaplex.com ]
        C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\81QG2L2D.txt [ /zanox.com ]
        C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\KYGH54H5.txt [ /www.zanox-affiliate.de ]
        C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\0L5LMGU9.txt [ /apmebf.com ]
        C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\AUCF79XK.txt [ /ad2.adfarm1.adition.com ]
        C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\1K790PUS.txt [ /atdmt.com ]
        C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\72NEHIPR.txt [ /unitymedia.de ]
        C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\5TV8XT7Y.txt [ /eyewonder.com ]
        C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\28YCDNYM.txt [ /smartadserver.com ]
        C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\20UE0Y1V.txt [ /adfarm1.adition.com ]
        C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\NYE1GTVE.txt [ /track.adform.net ]
        C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Cookies\QPONT58Z.txt [ /zanox-affiliate.de ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\2UFCVUKX.txt [ Cookie:nicole@deutschepostag.112.2o7.net/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\6RIJL4RD.txt [ Cookie:nicole@ad.zanox.com/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\70G8ONFE.txt [ Cookie:nicole@doubleclick.net/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\nicole@xiti[1].txt [ Cookie:nicole@xiti.com/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\02R1CT3V.txt [ Cookie:nicole@serving-sys.com/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\MOKS2XKQ.txt [ Cookie:nicole@stats.paypal.com/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\L63G5J99.txt [ Cookie:nicole@ad.adserver01.de/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\UCENVBCA.txt [ Cookie:nicole@tracking.quisma.com/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\nicole@hansenet.122.2o7[1].txt [ Cookie:nicole@hansenet.122.2o7.net/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\8C5G268C.txt [ Cookie:nicole@tracking.mlsat02.de/tmobile/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\8U5AKIVU.txt [ Cookie:nicole@adform.net/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\8ZW6XLWX.txt [ Cookie:nicole@in.getclicky.com/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\F10S281I.txt [ Cookie:nicole@paypal.112.2o7.net/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\FFYG7MW8.txt [ Cookie:nicole@traffictrack.de/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\9XMZEHDE.txt [ Cookie:nicole@mediaplex.com/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\2ZUZGEZK.txt [ Cookie:nicole@zanox.com/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\QB9J9P9X.txt [ Cookie:nicole@adtech.de/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\DEZHYSUM.txt [ Cookie:nicole@ad.yieldmanager.com/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q9BD8AF4.txt [ Cookie:nicole@ad2.adfarm1.adition.com/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\KG2J7CRT.txt [ Cookie:nicole@atdmt.com/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\J3MPEOE0.txt [ Cookie:nicole@unitymedia.de/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\6A6Y57N0.txt [ Cookie:nicole@tradedoubler.com/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\nicole@equestionnaire[1].txt [ Cookie:nicole@equestionnaire.de/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\nicole@content.yieldmanager[1].txt [ Cookie:nicole@content.yieldmanager.com/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\9VH1LDJJ.txt [ Cookie:nicole@adfarm1.adition.com/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\9ZZQWDK8.txt [ Cookie:nicole@a.revenuemax.de/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\6IH21NCC.txt [ Cookie:nicole@overture.com/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\14OYHLGJ.txt [ Cookie:nicole@collective-media.net/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\5MZJX837.txt [ Cookie:nicole@invitemedia.com/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\4JPNTWXP.txt [ Cookie:nicole@track.adform.net/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\9Y283NE0.txt [ Cookie:nicole@amazon-adsystem.com/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\YFA9V6NG.txt [ Cookie:nicole@www.etracker.de/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\0A61QHGU.txt [ Cookie:nicole@zanox-affiliate.de/ ]
        C:\USERS\NICOLE\AppData\Roaming\Microsoft\Windows\Cookies\Low\FYGCVA45.txt [ Cookie:nicole@imrworldwide.com/cgi-bin ]
        C:\USERS\NICOLE\Cookies\8P9BI0G0.txt [ Cookie:nicole@ad.zanox.com/ ]
        C:\USERS\NICOLE\Cookies\60SH2F0W.txt [ Cookie:nicole@doubleclick.net/ ]
        C:\USERS\NICOLE\Cookies\VSRDAR5A.txt [ Cookie:nicole@ad.dyntracker.de/ ]
        C:\USERS\NICOLE\Cookies\TWJTDDFW.txt [ Cookie:nicole@serving-sys.com/ ]
        C:\USERS\NICOLE\Cookies\E0L4WO85.txt [ Cookie:nicole@c.atdmt.com/ ]
        C:\USERS\NICOLE\Cookies\24DTWQED.txt [ Cookie:nicole@tracking.quisma.com/ ]
        C:\USERS\NICOLE\Cookies\841Z571N.txt [ Cookie:nicole@adform.net/ ]
        C:\USERS\NICOLE\Cookies\ZVELLOVG.txt [ Cookie:nicole@ad3.adfarm1.adition.com/ ]
        C:\USERS\NICOLE\Cookies\ZLF15XX4.txt [ Cookie:nicole@mediaplex.com/ ]
        C:\USERS\NICOLE\Cookies\81QG2L2D.txt [ Cookie:nicole@zanox.com/ ]
        C:\USERS\NICOLE\Cookies\KYGH54H5.txt [ Cookie:nicole@www.zanox-affiliate.de/ ]
        C:\USERS\NICOLE\Cookies\AUCF79XK.txt [ Cookie:nicole@ad2.adfarm1.adition.com/ ]
        C:\USERS\NICOLE\Cookies\1K790PUS.txt [ Cookie:nicole@atdmt.com/ ]
        C:\USERS\NICOLE\Cookies\72NEHIPR.txt [ Cookie:nicole@unitymedia.de/ ]
        C:\USERS\NICOLE\Cookies\5TV8XT7Y.txt [ Cookie:nicole@eyewonder.com/ ]
        C:\USERS\NICOLE\Cookies\20UE0Y1V.txt [ Cookie:nicole@adfarm1.adition.com/ ]
        C:\USERS\NICOLE\Cookies\NYE1GTVE.txt [ Cookie:nicole@track.adform.net/ ]
        C:\USERS\NICOLE\Cookies\QPONT58Z.txt [ Cookie:nicole@zanox-affiliate.de/ ]
        C:\USERS\NICOLE\Cookies\nicole@imrworldwide[2].txt [ Cookie:nicole@imrworldwide.com/cgi-bin ]
        C:\USERS\NICOLE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NICOLE@DE.AT.ATWOLA[1].TXT [ /DE.AT.ATWOLA ]
        C:\USERS\NICOLE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NICOLE@AD.360YIELD[2].TXT [ /AD.360YIELD ]
        C:\USERS\NICOLE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NICOLE@AD.AD-SRV[2].TXT [ /AD.AD-SRV ]
        .amazon-adsystem.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .msnportal.112.2o7.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .interclick.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .interclick.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        banner.testberichte.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .deutschepostag.112.2o7.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .microsoftsto.112.2o7.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        track.webtrekk.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjliqodzelq.stats.esomniture.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        tracking.tchibo.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .a.revenuemax.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .loyaltypartner.122.2o7.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        dztadserver.dx-work.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        wstat.wibiya.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        eas4.emediate.eu [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        tracking.klicktel.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        tracking.klicktel.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        adserver1.mokono.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        partneradserver.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        int.sitestat.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        int.sitestat.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        track.webtrekk.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .c.atdmt.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .htc.122.2o7.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .lfstmedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .oracle.112.2o7.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        emediate.apmmedia.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        www.backcountryguide.eu [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        ads.backcountryguide.eu [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        www.backcountryguide.eu [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .gps-tracks.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        adserver.yopi.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .nextag.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .kontera.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .lfstmedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        webcount.feratel.at [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .paypal.112.2o7.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .adserver.adtechus.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        tracking.mobile.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .eurobilltracker.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        tracker.pegsanalytics.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        delivery.atkmedia.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .taucherdiscount.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .taucherdiscount.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .stats.ebay.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        partners.webmasterplan.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        ad.adserver01.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        tracking.dc-storm.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        tracking.dc-storm.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .de.at.atwola.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        secure.img-cdn.mediaplex.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        zbox.zanox.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        medianac.nacamar.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .webstats4u.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        adserver.gb5.motorpresse.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        www.adserver.wl-agentur.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .nuon.112.2o7.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .skydeutschland.122.2o7.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .eurobilltracker.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        de.eurobilltracker.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .112.2o7.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        eas4.emediate.eu [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        in.getclicky.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        stat.vattenfall.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        tracking.dc-storm.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        tracking.dc-storm.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .at.atwola.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .lfstmedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        ad.adserver01.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        track.zalando.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .clicksor.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .clicksor.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .myroitracking.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .clicksor.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .clicksor.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        www.mediavideoconverter.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        www.mediavideoconverter.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        www.mediavideoconverter.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .xmedia-recode.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .xmedia-recode.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        media.gan-online.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .c.atdmt.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .c.atdmt.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .dealtime.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        stat.dealtime.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        banner.slashcam.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        teufel-media.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        partners.webmasterplan.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        adfarm1.adition.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        ads2.borkum.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        ad.dyntracker.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .tracker.vinsight.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        tomtailor.dyntracker.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        banner.testberichte.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        clicks.pangora.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        clicks.pangora.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        clicks.pangora.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        clicks.pangora.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        clicks.pangora.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        ww251.smartadserver.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        banner.testberichte.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        tracking.fahrrad.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .c1.atdmt.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        ad1.adfarm1.adition.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        counter.adcourier.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\COOKIES.SQLITE ]
Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.04.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Nicole :: NICOLE-PC [Administrator]

04.08.2012 19:38:35
mbam-log-2012-08-04 (19-38-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 419071
Laufzeit: 53 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 05.08.2012 14:12
Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Kleineunifee 05.08.2012 14:44
Hallo Arne,
vielen Dank für deine Hilfe:dankeschoen:

Nach vielen Vorläufen und Halbfinalen ist das Finale erreicht und ich verleihe dir die GOLDmedaille.:bussi:

Danke auch für die hilfreichen Tipps zum Schluss, das werde ich umsetzen.
Sonst läuft mein System stabil und macht was es soll.

Und ich werde mit Sicherheit eine Überweisung tätigen.
Schön, dass es euch gibt.
DANKE
Nicole

cosinus 05.08.2012 16:34
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Kleineunifee 05.08.2012 17:46
Hallo Arne,

vielen Dank für die letzen Tipps....Secunia PSI find ich Klasse...schönes Programm...
und Spende ist unterwegs...

Danke
Nicole


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:09 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131