Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojan.Win32.Hosts2.gen (https://www.trojaner-board.de/132357-trojan-win32-hosts2-gen.html)

DerDiscDoc 17.03.2013 16:21
Trojan.Win32.Hosts2.gen
 
Hallo an alle "Trojaner-Boarder"!

Ich hoffe sehr, dass Ihr mir helfen könnt!

Gestern bekam ich von Zone Alarm die Meldung, dass ein Virus namens "Trojan.Win32.Hosts2.gen" auf meinem Rechner vorhanden sei. Zone Alarm war leider nicht im Stande, diesen zu eliminieren. Der Rechner fuhr anschließend mehrmals runter und hoch mit zwischenzeitlichen "Black-Screens" (max. 1 Min.), nach dem Hochfahren war eine Nutzung aber zwischenzeitlich immer möglich, bis Zone Alarm wieder auf den angeblichen Virus reagiert hat. Antivir hat zwischenzeitlich "Hosts" blockiert!?! Am erschreckendsten waren die Phasen, in denen ALLE Programme als "Kein Windows Programm" bezeichnet wurden und daher nicht gestartet werden konnten.
(Hinweis: In den letzten Monaten brauchte der Rechner 10 Min. für das Hochfahren!)

Eine Internetrecherche ergab...
a) sehr wenig Informationen, teilweise allerdings Hinweise, dass eine schwere Infektion des Rechners vorliegen könnte oder
b) dass die Möglichkeit besteht, dass Zone Alarm eine Falschmeldung gibt.
Teils wird behauptet, kein Programm könne den Trojaner erkennen!?!

Ich habe Folgendes getan:
a) Zone Alarm deinstalliert und Comodo installiert. Lag es wirklich nur an Zone Alarm???
Seit dem funktioniert alles (scheinbar) sehr gut.
b) Quickscans von Malwarebytes Anti-Malware und SuperAntiSpyware, kompletter Scan mit Avira Antivir. Alles ohne Ergebnis bzgl. des "Trojan.Win32.Hosts2.gen".

Kann mir jemand sagen, ob mein Rechner nun doch infiziert ist oder nicht??? :crazy:

cosinus 18.03.2013 12:28
Hallo,

Zitat:
a) Zone Alarm deinstalliert und Comodo installiert. Lag es wirklich nur an Zone Alarm???
Programme wie ZoneAlarm oder COMODO sind eher Problembeschaffungsmaßnahmen, ich kann sowas nie weiterempfehlen, belass es bei einem reinen Virenscanner wie zB Avast oder MSE und der Windows-Firewall.

DerDiscDoc 24.03.2013 16:45
Danke für Deinen Kommentar...

Aber kann mir niemand beim eigentlichen "Kernproblem" helfen???

Seit einer Woche läuft alles problemlos, aber ich weiß immer noch nicht, ob mein Rechner infiziert ist oder nicht!?!

Leider kann ich nirgends finden, ob Avira Antivir, Malwarebytes Anti-Malware oder SUPERAntiSpyware den "Trojan.Win32.Hosts2.gen" finden (würden).

cosinus 24.03.2013 17:24
Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

DerDiscDoc 24.03.2013 17:54
Danke für die Antwort!

Hier die Logs... Ich habe allerdings letzte Woche schon mehrfache Scans gemacht.

SUPERAntiSpyware hatte Funde, die aber vermutlich uninteressant sind!?
Anti-Malware war komplett unauffällig.
Interessant sind eventuell die Ereignisse von Antivir!? Zumindest taucht dort auch der Begriff "Hosts" auf. Ist das ein Zeichen dafür, dass Antivir von ZoneAlarm blockiert wurde? "Funde" gab es bei Antivir aber auch nicht.

cosinus 24.03.2013 17:56
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

DerDiscDoc 24.03.2013 18:06
Sorry. Ich wusste, dass das so sein muss, aber hatte keine Anleitung gefunden.

Noch mal zu den "Hosts-Meldungen": Die Fehlermeldung wurde mir auch immer von Antivir angezeigt. Anschließend wurde jedes Programm, das ich starten wollte, als "keine Windows-Anwendung" bezeichnet und konnte nicht gestartet werden.

Code:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.23.07

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
Snoopy :: SNOOPY-PC [Administrator]

16.03.2013 15:44:08
mbam-log-2013-03-16 (15-44-08).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 200636
Laufzeit: 4 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.16.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Snoopy :: SNOOPY-PC [Administrator]

16.03.2013 18:38:24
mbam-log-2013-03-16 (18-38-24).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 209846
Laufzeit: 9 Minute(n),

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.16.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Snoopy :: SNOOPY-PC [Administrator]

17.03.2013 15:47:51
mbam-log-2013-03-17 (15-47-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 375384
Laufzeit: 1 Stunde(n), 53 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/16/2013 at 03:43 PM

Application Version : 5.6.1014

Core Rules Database Version : 9459
Trace Rules Database Version: 7271

Scan type      : Quick Scan
Total Scan Time : 00:06:39

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned      : 281
Memory threats detected  : 0
Registry items scanned    : 30622
Registry threats detected : 0
File items scanned        : 7820
File threats detected    : 39

Adware.Tracking Cookie
        C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\AT0TW1MI.txt [ /www.zanox-affiliate.de ]
        C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\8WUPZ2N5.txt [ /zanox-affiliate.de ]
        C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\CQMEC7IJ.txt [ /harrenmedianetwork.com ]
        C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\5JV44RHE.txt [ /zanox.com ]
        C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\GZX0CRJR.txt [ /ad2.adfarm1.adition.com ]
        C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\AGYQVMWC.txt [ /2o7.net ]
        C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\BPTOI6IX.txt [ /adfarm1.adition.com ]
        C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\S415ZZEK.txt [ /perf.overture.com ]
        C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\8YZQI8MK.txt [ /imrworldwide.com ]
        C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\M02YV5FP.txt [ /ad.zanox.com ]
        C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\Q0L9S0SS.txt [ /adformdsp.net ]
        C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\RJ7HTHEX.txt [ /im.banner.t-online.de ]
        C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\9AOBJ4HE.txt [ /server.adformdsp.net ]
        C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\0ZKISRZD.txt [ /ads.adk2.com ]
        C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\QSVVGX02.txt [ /ad.360yield.com ]
        C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\VY7I0HSR.txt [ /smartadserver.com ]
        C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\42ODKEHC.txt [ /ad1.adfarm1.adition.com ]
        C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\G86PUPQ3.txt [ /track.adform.net ]
        C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\6Z822TH7.txt [ /serving-sys.com ]
        C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\IWOV74KI.txt [ /adform.net ]
        C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\LQ0CGRN7.txt [ /ad.yieldmanager.com ]
        C:\USERS\SNOOPY\Cookies\AT0TW1MI.txt [ Cookie:snoopy@www.zanox-affiliate.de/ ]
        C:\USERS\SNOOPY\Cookies\8WUPZ2N5.txt [ Cookie:snoopy@zanox-affiliate.de/ ]
        C:\USERS\SNOOPY\Cookies\CQMEC7IJ.txt [ Cookie:snoopy@harrenmedianetwork.com/ ]
        C:\USERS\SNOOPY\Cookies\5JV44RHE.txt [ Cookie:snoopy@zanox.com/ ]
        C:\USERS\SNOOPY\Cookies\GZX0CRJR.txt [ Cookie:snoopy@ad2.adfarm1.adition.com/ ]
        C:\USERS\SNOOPY\Cookies\AGYQVMWC.txt [ Cookie:snoopy@2o7.net/ ]
        C:\USERS\SNOOPY\Cookies\BPTOI6IX.txt [ Cookie:snoopy@adfarm1.adition.com/ ]
        C:\USERS\SNOOPY\Cookies\S415ZZEK.txt [ Cookie:snoopy@perf.overture.com/ ]
        C:\USERS\SNOOPY\Cookies\8YZQI8MK.txt [ Cookie:snoopy@imrworldwide.com/cgi-bin ]
        C:\USERS\SNOOPY\Cookies\M02YV5FP.txt [ Cookie:snoopy@ad.zanox.com/ ]
        C:\USERS\SNOOPY\Cookies\Q0L9S0SS.txt [ Cookie:snoopy@adformdsp.net/ ]
        C:\USERS\SNOOPY\Cookies\RJ7HTHEX.txt [ Cookie:snoopy@im.banner.t-online.de/ ]
        C:\USERS\SNOOPY\Cookies\9AOBJ4HE.txt [ Cookie:snoopy@server.adformdsp.net/ ]
        C:\USERS\SNOOPY\Cookies\VY7I0HSR.txt [ Cookie:snoopy@smartadserver.com/ ]
        C:\USERS\SNOOPY\Cookies\42ODKEHC.txt [ Cookie:snoopy@ad1.adfarm1.adition.com/ ]
        C:\USERS\SNOOPY\Cookies\6Z822TH7.txt [ Cookie:snoopy@serving-sys.com/ ]
        C:\USERS\SNOOPY\Cookies\IWOV74KI.txt [ Cookie:snoopy@adform.net/ ]
        C:\USERS\SNOOPY\Cookies\LQ0CGRN7.txt [ Cookie:snoopy@ad.yieldmanager.com/ ]
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/16/2013 at 04:29 PM

Application Version : 5.6.1014

Core Rules Database Version : 10141
Trace Rules Database Version: 7953

Scan type      : Quick Scan
Total Scan Time : 00:07:53

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned      : 787
Memory threats detected  : 0
Registry items scanned    : 30637
Registry threats detected : 0
File items scanned        : 7828
File threats detected    : 0
Code:
Exportierte Ereignisse:

18.03.2013 14:25 [Updater] Update nicht ausgeführt
      Das Update von Computer SNOOPY-PC (127.0.0.1) von
      "hxxp://perspeak.avira-update.com/update" ist fehlgeschlagen.
      Während des Herunterladens ist ein Fehler aufgetreten.
      Es wurden keine neuen Dateien geladen.

17.03.2013 15:46 [Echtzeit-Scanner] Hosts-Datei blockiert
      Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Hosts-Datei
      blockiert.

16.03.2013 17:27 [Updater] Update nicht ausgeführt
      Das Update von Computer SNOOPY-PC (127.0.0.1) von
      "hxxp://perspeak.avira-update.com/update" ist fehlgeschlagen.
      Während des Herunterladens ist ein Fehler aufgetreten.
      Es wurden keine neuen Dateien geladen.

16.03.2013 16:07 [Echtzeit-Scanner] Hosts-Datei blockiert
      Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Hosts-Datei
      blockiert.

16.03.2013 16:04 [Echtzeit-Scanner] Hosts-Datei blockiert
      Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Hosts-Datei
      blockiert.

16.03.2013 16:00 [Echtzeit-Scanner] Hosts-Datei blockiert
      Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Hosts-Datei
      blockiert.

16.03.2013 15:58 [Echtzeit-Scanner] Hosts-Datei blockiert
      Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Hosts-Datei
      blockiert.

16.03.2013 15:54 [Echtzeit-Scanner] Hosts-Datei blockiert
      Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Hosts-Datei
      blockiert.

16.03.2013 14:54 [Echtzeit-Scanner] Hosts-Datei blockiert
      Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Hosts-Datei
      blockiert.

16.03.2013 14:48 [Echtzeit-Scanner] Hosts-Datei blockiert
      Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Hosts-Datei
      blockiert.

16.03.2013 14:42 [Echtzeit-Scanner] Hosts-Datei blockiert
      Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Hosts-Datei
      blockiert.

16.03.2013 14:40 [Echtzeit-Scanner] Hosts-Datei blockiert
      Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Hosts-Datei
      blockiert.

16.03.2013 14:35 [Echtzeit-Scanner] Hosts-Datei blockiert
      Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Hosts-Datei
      blockiert.

16.03.2013 12:32 [Echtzeit-Scanner] Hosts-Datei blockiert
      Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Hosts-Datei
      blockiert.

16.03.2013 12:26 [Echtzeit-Scanner] Hosts-Datei blockiert
      Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Hosts-Datei
      blockiert.

16.03.2013 11:23 [Echtzeit-Scanner] Hosts-Datei blockiert
      Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Hosts-Datei
      blockiert.

cosinus 25.03.2013 12:54
Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

DerDiscDoc 26.03.2013 09:53
Hallo! Hier die Log-Files. Einige Dinge darin machen mich skeptisch, z.B. das Auflisten merkwürdiger ".com"-Internetseiten... :balla:

OTL Logfile:
Code:
OTL logfile created on: 26.03.2013 09:29:57 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Snoopy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 48,97% Memory free
4,23 Gb Paging File | 2,75 Gb Available in Paging File | 65,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,51 Gb Total Space | 26,92 Gb Free Space | 26,27% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 5,70 Gb Free Space | 14,59% Space Free | Partition Type: NTFS
Drive E: | 7,48 Gb Total Space | 1,61 Gb Free Space | 21,49% Space Free | Partition Type: NTFS
 
Computer Name: SNOOPY-PC | User Name: Snoopy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Snoopy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Comodo\Dragon\dragon_updater.exe ()
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Comodo\GeekBuddy\unit_manager.exe (Comodo Security Solutions, Inc.)
PRC - C:\Programme\Comodo\GeekBuddy\unit.exe (Comodo Security Solutions, Inc.)
PRC - C:\Programme\Common Files\COMODO\launcher_service.exe (Comodo Security Solutions Inc.)
PRC - C:\Programme\Comodo\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Programme\Comodo\COMODO Internet Security\cis.exe (COMODO)
PRC - C:\Programme\Comodo\COMODO Internet Security\CisTray.exe (COMODO)
PRC - C:\Programme\Comodo\COMODO Internet Security\cavwp.exe (COMODO)
PRC - C:\Programme\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
PRC - C:\WINDOWS\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\WINDOWS\HCWemMON.exe (eMPIA Technology, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (DragonUpdater) -- C:\Programme\Comodo\Dragon\dragon_updater.exe ()
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (CLPSLauncher) -- C:\Programme\Common Files\COMODO\launcher_service.exe (Comodo Security Solutions Inc.)
SRV - (cmdAgent) -- C:\Programme\Comodo\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (cmdvirth) -- C:\Programme\Comodo\COMODO Internet Security\cmdvirth.exe (COMODO)
SRV - (GeekBuddyRSP) -- C:\Programme\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (CLSched) -- C:\Programme\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (vsdatant7) -- System32\drivers\vsdatant.win7.sys File not found
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP2\WNt500x86\Sandra.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\WINDOWS\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (inspect) -- C:\WINDOWS\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\System32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\WINDOWS\System32\drivers\cmdguard.sys (COMODO)
DRV - (cmderd) -- C:\WINDOWS\System32\drivers\cmderd.sys (COMODO)
DRV - (CFRMD) -- C:\WINDOWS\System32\drivers\CFRMD.sys (Windows (R) Win 7 DDK provider)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (UsbserFilt) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\System32\drivers\ccdcmb.sys (Nokia)
DRV - (epmntdrv) -- C:\WINDOWS\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\System32\EuGdiDrv.sys ()
DRV - (cpuz135) -- C:\WINDOWS\System32\drivers\cpuz135_x32.sys (CPUID)
DRV - (smserial) -- C:\WINDOWS\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETw5v32) -- C:\WINDOWS\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (NETw4v32) -- C:\WINDOWS\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC)
DRV - (eabfiltr) -- C:\WINDOWS\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (Afc) -- C:\WINDOWS\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (USB28xxBGA) -- C:\WINDOWS\System32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM) -- C:\WINDOWS\System32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{39686D2C-1405-42DF-B949-F5EC317602A1}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\SearchScopes,DefaultScope = {F61F5D9B-DBC6-4C46-AFF0-FB5B955A1936}
IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\SearchScopes\{39686D2C-1405-42DF-B949-F5EC317602A1}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\SearchScopes\{F61F5D9B-DBC6-4C46-AFF0-FB5B955A1936}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?fr=ffbr-nb&p="
FF - prefs.js..browser.search.order.1: "Search By ZoneAlarm"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "hxxp://mt-online.de/"
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.265.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..keyword.URL: "hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=de&gu=fb84af95d67d41a9becb47a6df5d442f&tu=10G90006f1B000v&sku=&tstsId=&ver=&&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 21:02:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 21:02:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.07.17 14:38:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 21:02:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 21:02:40 | 000,000,000 | ---D | M]
 
[2009.04.18 19:14:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Extensions
[2013.03.16 16:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Firefox\Profiles\ex9yldm4.default\extensions
[2012.11.30 21:01:38 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Firefox\Profiles\ex9yldm4.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010.07.08 20:30:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Firefox\Profiles\ex9yldm4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.10.13 10:07:30 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Firefox\Profiles\ex9yldm4.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2009.12.20 14:49:41 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Firefox\Profiles\ex9yldm4.default\extensions\firefox@tvunetworks.com
[2013.02.17 20:18:03 | 000,001,488 | ---- | M] () -- C:\Users\Snoopy\AppData\Roaming\mozilla\firefox\profiles\ex9yldm4.default\searchplugins\zonealarm.xml
[2013.03.08 21:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.08 21:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.03.08 21:02:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.03.08 21:02:51 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.01.20 12:21:07 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.20 12:21:07 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.01.20 12:21:07 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.20 12:21:07 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.20 12:21:07 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.20 12:21:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.07 21:11:43 | 000,433,931 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 14936 more lines...
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Programme\Comodo\COMODO Internet Security\CisTray.exe (COMODO)
O4 - HKLM..\Run: [emMON] C:\Windows\HCWemMON.exe (eMPIA Technology, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-983539813-1485151683-2393451822-1000..\Run: []  File not found
O4 - HKU\S-1-5-21-983539813-1485151683-2393451822-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-983539813-1485151683-2393451822-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88A1D3D2-DF7C-4E68-8DB4-042459EB3F3D}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.01.21 17:59:44 | 000,000,000 | ---D | M] - D:\Automatisch zu iTunes hinzufügen -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.26 09:27:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Snoopy\Desktop\OTL.exe
[2013.03.23 20:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.17 15:04:59 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\Desktop\Autokauf
[2013.03.16 19:40:42 | 000,000,000 | -H-D | C] -- C:\VTRoot
[2013.03.16 19:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\COMODO
[2013.03.16 19:11:43 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space
[2013.03.16 19:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2013.03.16 19:08:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2013.03.16 19:08:57 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\AppData\Local\Comodo
[2013.03.16 19:08:46 | 000,042,760 | ---- | C] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll
[2013.03.16 19:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2013.03.16 19:08:38 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2013.03.16 19:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2013.03.16 19:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2013.03.16 18:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.16 18:36:46 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.16 18:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.15 19:18:12 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.14 11:04:35 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.14 11:04:33 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.14 11:04:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.14 11:04:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.14 11:04:33 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.14 11:04:31 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.14 11:04:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.14 11:04:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.11 22:00:30 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\Desktop\Autoverkauf
[2013.03.08 21:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.03.02 17:35:08 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\AppData\Roaming\Avira
[2013.03.02 17:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.02 17:28:36 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.03.02 17:28:34 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.02 17:28:34 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.02 17:28:34 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.02 17:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.03.02 17:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.03.02 12:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.03.02 12:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.03.02 12:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.03.02 12:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.26 09:28:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Snoopy\Desktop\OTL.exe
[2013.03.26 09:15:57 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.26 09:15:57 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.26 09:15:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.26 07:47:34 | 000,000,148 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2013.03.26 07:47:22 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.26 07:47:02 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.03.26 07:47:01 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.26 07:47:00 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.25 20:56:27 | 000,697,056 | ---- | M] () -- C:\Users\Snoopy\Desktop\Förderantrag.odt
[2013.03.24 16:34:02 | 000,637,318 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.24 16:34:02 | 000,604,572 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.24 16:34:02 | 000,129,900 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.24 16:34:02 | 000,107,710 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.19 21:07:04 | 000,000,680 | ---- | M] () -- C:\Users\Snoopy\AppData\Local\d3d9caps.dat
[2013.03.17 15:45:03 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Snoopy\Desktop\rkill.com
[2013.03.16 19:33:59 | 000,001,920 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2013.03.16 19:08:46 | 000,042,760 | ---- | M] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll
[2013.03.16 19:08:38 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2013.03.16 18:36:51 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.03.15 21:21:58 | 000,005,049 | -H-- | M] () -- C:\Windows\System32\BTImages.dat
[2013.03.13 18:41:46 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.13 18:41:45 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.02 17:17:58 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.02 17:17:58 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.02 17:17:58 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.02 17:17:58 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.03.02 12:31:10 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.24 18:47:18 | 000,015,360 | ---- | M] () -- C:\Users\Snoopy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.20 22:30:35 | 000,697,056 | ---- | C] () -- C:\Users\Snoopy\Desktop\Förderantrag.odt
[2013.03.16 19:09:19 | 000,001,920 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2013.03.16 18:36:51 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.03.02 12:31:10 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.18 21:08:52 | 000,005,049 | -H-- | C] () -- C:\Windows\System32\BTImages.dat
[2011.07.21 19:29:47 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011.07.21 19:29:47 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.04.10 16:31:05 | 002,340,992 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011.04.10 16:31:05 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011.04.10 16:31:05 | 000,018,048 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011.04.10 16:31:05 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011.04.10 16:31:05 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011.03.22 18:26:19 | 000,000,680 | ---- | C] () -- C:\Users\Snoopy\AppData\Local\d3d9caps.dat
[2009.05.26 23:34:46 | 000,001,873 | ---- | C] () -- C:\Users\Snoopy\HP Hilfe und Support.lnk
[2009.04.22 19:58:05 | 000,027,430 | ---- | C] () -- C:\Users\Snoopy\AppData\Roaming\nvModes.001
[2009.04.21 20:31:46 | 000,027,430 | ---- | C] () -- C:\Users\Snoopy\AppData\Roaming\nvModes.dat
[2009.04.18 19:26:19 | 000,015,360 | ---- | C] () -- C:\Users\Snoopy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
--- --- ---


OTL Logfile:
Code:
OTL Extras logfile created on: 26.03.2013 09:29:57 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Snoopy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 48,97% Memory free
4,23 Gb Paging File | 2,75 Gb Available in Paging File | 65,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,51 Gb Total Space | 26,92 Gb Free Space | 26,27% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 5,70 Gb Free Space | 14,59% Space Free | Partition Type: NTFS
Drive E: | 7,48 Gb Total Space | 1,61 Gb Free Space | 21,49% Space Free | Partition Type: NTFS
 
Computer Name: SNOOPY-PC | User Name: Snoopy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-983539813-1485151683-2393451822-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{365537D5-C461-46AD-91AF-897CD74EA676}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B47EACD4-623D-4647-993E-AB1FA701240D}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp2\wnt500x86\rpcsandrasrv.exe |
"{DE5E1087-5193-4216-ACC7-0525AB5CA25B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0228A19E-6DF1-4086-A333-FFCACACF5C9A}" = protocol=6 | dir=in | app=c:\program files\common files\comodo\geekbuddyrsp.exe |
"{08389515-F3A0-4BF1-857A-135A820B3F4E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{19E288B8-7352-4821-8AEB-9FC03FF92D54}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{2785AEB8-DFB0-4524-B68E-23480B819D5E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3ABE46CA-218E-4A86-B472-1B42B276FE02}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{3E4A0641-DD67-4340-82F1-B0205382F223}" = protocol=17 | dir=in | app=f:\libneap.dll |
"{4C6FC659-ACD0-4307-8026-0AB179A7DA18}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{5550A339-863B-44C5-99C2-8E430F5FF2D9}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{578BC20F-67CE-4331-B376-2716A73C89D0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7AAF7E0F-2817-4E6D-924F-B9E12896949C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7C5B49C7-A467-4392-BF2D-A7381D52F5F2}" = protocol=17 | dir=in | app=f:\dwizard300.exe |
"{872A3F6C-F42F-42A6-8F06-970A542D7710}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{8DF8919C-7C82-4B68-B2B2-EAFF28112F39}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{904D6CF5-0DB2-4BA0-8E65-57AF59B0FD84}" = protocol=6 | dir=in | app=f:\dwizard300.exe |
"{95293639-9B15-4331-833D-B48EBB6E9104}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{9D55DE73-E554-4402-BBC5-B0EEE78E6CDB}" = protocol=6 | dir=in | app=f:\libneap.dll |
"{A52442A5-8C12-4729-9C2D-70EF6C2222ED}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B063581F-E7DC-4807-96A4-00F6C31EF999}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C1F9466C-9566-4FDB-9342-E101D2813CEA}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{EE8075DD-6B6D-4897-B5A2-DA616A920DB5}" = protocol=17 | dir=in | app=c:\program files\common files\comodo\geekbuddyrsp.exe |
"{F927BD2C-4D37-4A3D-9BB0-C2DC58AB1453}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0EABFEF6-6D10-4C12-8667-3029C481D355}" = Nokia Photos
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
"{194C14D5-3CB0-4977-8886-A79DFC00E820}" = MSCU for Microsoft Vista
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50D25574-2C48-4AEC-8FFC-32AEAD2EAEFF}" = Nokia Ovi Player
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{58A8CAD0-0FC7-4091-B73B-1D76552B0507}" = GeekBuddy
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70B31335-50EE-4834-8431-27412CDE62BD}" = Nokia_Multimedia_Common_Components_2_5
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7968EB30-5580-4955-8925-4A17CD625118}" = ESU for Microsoft Vista
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7D542452-84EB-47C0-97BA-735C523AB555}" = Garmin Training Center
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1430C24-93CF-4182-9252-B333A76F2CDD}" = Garmin Training Center
"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe  1.4.136.1
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{BCC0552D-76C0-4130-BFBD-49BE49ACC594}" = COMODO Internet Security
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}" = HP User Guides 0057
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}" = Presto! PageManager 7.15.11
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4DA4C73-026F-4D38-8C6B-85F0193E4B56}" = Garmin WebUpdater
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Comodo Dragon" = Comodo Dragon
"Corel Applications" = Corel Applications
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 8.0.1 Home Edition
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV Soft PVR" = Hauppauge WinTV Soft PVR
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 2.2" = Canon MP Navigator 2.2
"Nokia Ovi Suite" = Nokia Ovi Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Online Manuals for WinTV (German)" = Online Manuals for WinTV (German)
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SopCast" = SopCast 3.0.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVUPlayer" = TVUPlayer 2.4.5.1
"VLC media player" = VLC media player 1.1.4
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.03.2013 17:48:19 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25.03.2013 17:48:19 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3176711
 
Error - 25.03.2013 17:48:19 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3176711
 
Error - 26.03.2013 03:20:51 | Computer Name = Snoopy-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 19.0.2.4814, Zeitstempel
 0x5138a1d3, fehlerhaftes Modul xul.dll, Version 19.0.2.4814, Zeitstempel 0x5138a0ed,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00172818,  Prozess-ID 0x1128, Anwendungsstartzeit
 01ce29ef14c3a2c6.
 
Error - 26.03.2013 04:15:50 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 26.03.2013 04:15:50 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3287347
 
Error - 26.03.2013 04:15:50 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3287347
 
Error - 26.03.2013 04:15:55 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 26.03.2013 04:15:55 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3292464
 
Error - 26.03.2013 04:15:55 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3292464
 
[ OSession Events ]
Error - 14.10.2012 12:36:05 | Computer Name = Snoopy-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 24.03.2013 15:57:02 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 24.03.2013 15:57:15 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 24.03.2013 15:57:15 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 25.03.2013 12:46:19 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 25.03.2013 12:47:48 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 25.03.2013 12:47:49 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 25.03.2013 15:48:07 | Computer Name = Snoopy-PC | Source = bowser | ID = 8003
Description =
 
Error - 26.03.2013 02:47:34 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 26.03.2013 02:48:41 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 26.03.2013 02:48:42 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7001
Description =
 
 
< End of report >
--- --- ---

cosinus 26.03.2013 12:17
Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

DerDiscDoc 29.03.2013 15:19
Hallo!

Die Ergebnisse von GMER kann ich nicht beurteilen und die Datei ist so groß, dass ich sie noch nicht mal anfügen kann. Wie soll ich sie übermitteln? Zippen?

MBAR hat nichts gefunden!
Hier die Ergebnisse...

Code:
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.29.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Snoopy :: SNOOPY-PC [administrator]

29.03.2013 15:08:07
mbar-log-2013-03-29 (15-08-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28108
Time elapsed: 15 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

cosinus 30.03.2013 01:21
Ja, zu große Logs bitte zippen und hier anhängen

DerDiscDoc 30.03.2013 13:15
Hallo!

Hier die fehlende Datei / der gezippte Log von GMER...

cosinus 30.03.2013 15:59
aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

DerDiscDoc 30.03.2013 21:53
Hat alles funktioniert. Habe aber den aswMBR-Scan wiederholt, da der erste nicht als Admin ausgeführt war.

Code:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-30 20:22:24
-----------------------------
20:22:24.072    OS Version: Windows 6.0.6002 Service Pack 2
20:22:24.072    Number of processors: 2 586 0xF0A
20:22:24.072    ComputerName: SNOOPY-PC  UserName: Snoopy
20:22:25.476    Initialize success
20:23:52.271    AVAST engine defs: 13033000
20:25:15.996    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:25:15.996    Disk 0 Vendor: WDC_WD16 04.0 Size: 152627MB BusType: 3
20:25:16.199    Disk 0 MBR read successfully
20:25:16.214    Disk 0 MBR scan
20:25:16.230    Disk 0 unknown MBR code
20:25:16.245    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      104969 MB offset 63
20:25:16.261    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        39999 MB offset 214978560
20:25:16.292    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        7655 MB offset 296897265
20:25:16.308    Disk 0 scanning sectors +312576705
20:25:16.448    Disk 0 scanning C:\Windows\system32\drivers
20:25:29.505    Service scanning
20:25:59.879    Modules scanning
20:26:37.053    Disk 0 trace - called modules:
20:26:37.631    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
20:26:37.646    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865334e0]
20:26:37.646    3 CLASSPNP.SYS[88faa8b3] -> nt!IofCallDriver -> [0x85a0ff08]
20:26:37.662    5 acpi.sys[8329e6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85a20030]
20:26:38.520    AVAST engine scan C:\Windows
20:26:41.406    AVAST engine scan C:\Windows\system32
20:30:12.552    AVAST engine scan C:\Windows\system32\drivers
20:30:26.919    AVAST engine scan C:\Users\Snoopy
20:46:34.681    AVAST engine scan C:\ProgramData
20:48:13.944    Scan finished successfully
20:49:11.679    Disk 0 MBR has been saved successfully to "C:\Users\Snoopy\Desktop\MBR.dat"
20:49:11.695    The log file has been saved successfully to "C:\Users\Snoopy\Desktop\aswMBR.txt"
Code:
20:57:23.0831 5432  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:57:24.0371 5432  ============================================================
20:57:24.0371 5432  Current date / time: 2013/03/30 20:57:24.0371
20:57:24.0371 5432  SystemInfo:
20:57:24.0371 5432 
20:57:24.0371 5432  OS Version: 6.0.6002 ServicePack: 2.0
20:57:24.0371 5432  Product type: Workstation
20:57:24.0371 5432  ComputerName: SNOOPY-PC
20:57:24.0371 5432  UserName: Snoopy
20:57:24.0371 5432  Windows directory: C:\Windows
20:57:24.0371 5432  System windows directory: C:\Windows
20:57:24.0371 5432  Processor architecture: Intel x86
20:57:24.0371 5432  Number of processors: 2
20:57:24.0371 5432  Page size: 0x1000
20:57:24.0371 5432  Boot type: Normal boot
20:57:24.0371 5432  ============================================================
20:57:25.0308 5432  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:57:25.0311 5432  ============================================================
20:57:25.0311 5432  \Device\Harddisk0\DR0:
20:57:25.0316 5432  MBR partitions:
20:57:25.0316 5432  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xCD04AB2
20:57:25.0316 5432  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xCD05000, BlocksNum 0x4E1F800
20:57:25.0316 5432  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x11B24AF1, BlocksNum 0xEF3FD0
20:57:25.0316 5432  ============================================================
20:57:25.0396 5432  C: <-> \Device\Harddisk0\DR0\Partition1
20:57:25.0450 5432  D: <-> \Device\Harddisk0\DR0\Partition2
20:57:25.0492 5432  E: <-> \Device\Harddisk0\DR0\Partition3
20:57:25.0493 5432  ============================================================
20:57:25.0493 5432  Initialize success
20:57:25.0493 5432  ============================================================
20:59:22.0763 1444  ============================================================
20:59:22.0763 1444  Scan started
20:59:22.0763 1444  Mode: Manual; SigCheck; TDLFS;
20:59:22.0763 1444  ============================================================
20:59:23.0246 1444  ================ Scan system memory ========================
20:59:23.0246 1444  System memory - ok
20:59:23.0246 1444  ================ Scan services =============================
20:59:23.0387 1444  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:59:23.0527 1444  !SASCORE - ok
20:59:23.0636 1444  [ 769DB4F484957CC98153B3C1B5D1162F ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
20:59:23.0668 1444  ACDaemon - ok
20:59:24.0432 1444  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
20:59:24.0479 1444  ACPI - ok
20:59:24.0557 1444  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:59:24.0588 1444  AdobeARMservice - ok
20:59:24.0682 1444  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:59:24.0697 1444  AdobeFlashPlayerUpdateSvc - ok
20:59:24.0760 1444  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
20:59:24.0791 1444  adp94xx - ok
20:59:24.0853 1444  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci        C:\Windows\system32\drivers\adpahci.sys
20:59:24.0884 1444  adpahci - ok
20:59:24.0916 1444  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
20:59:24.0947 1444  adpu160m - ok
20:59:25.0009 1444  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320        C:\Windows\system32\drivers\adpu320.sys
20:59:25.0040 1444  adpu320 - ok
20:59:25.0118 1444  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
20:59:25.0274 1444  AeLookupSvc - ok
20:59:25.0290 1444  [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc            C:\Windows\system32\drivers\Afc.sys
20:59:25.0306 1444  Afc - ok
20:59:25.0399 1444  [ 3911B972B55FEA0478476B2E777B29FA ] AFD            C:\Windows\system32\drivers\afd.sys
20:59:25.0493 1444  AFD - ok
20:59:25.0555 1444  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:59:25.0571 1444  agp440 - ok
20:59:25.0602 1444  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
20:59:25.0618 1444  aic78xx - ok
20:59:25.0649 1444  [ A1545B731579895D8CC44FC0481C1192 ] ALG            C:\Windows\System32\alg.exe
20:59:25.0852 1444  ALG - ok
20:59:25.0867 1444  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:59:25.0883 1444  aliide - ok
20:59:25.0883 1444  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
20:59:25.0898 1444  amdagp - ok
20:59:25.0930 1444  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
20:59:25.0945 1444  amdide - ok
20:59:25.0961 1444  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7          C:\Windows\system32\drivers\amdk7.sys
20:59:26.0148 1444  AmdK7 - ok
20:59:26.0179 1444  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
20:59:26.0257 1444  AmdK8 - ok
20:59:26.0382 1444  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:59:26.0398 1444  AntiVirSchedulerService - ok
20:59:26.0460 1444  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:59:26.0476 1444  AntiVirService - ok
20:59:26.0522 1444  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo        C:\Windows\System32\appinfo.dll
20:59:26.0632 1444  Appinfo - ok
20:59:26.0678 1444  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:59:26.0710 1444  Apple Mobile Device - ok
20:59:26.0725 1444  [ 5F673180268BB1FDB69C99B6619FE379 ] arc            C:\Windows\system32\drivers\arc.sys
20:59:26.0741 1444  arc - ok
20:59:26.0772 1444  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:59:26.0803 1444  arcsas - ok
20:59:26.0834 1444  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:59:26.0928 1444  AsyncMac - ok
20:59:26.0959 1444  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi          C:\Windows\system32\drivers\atapi.sys
20:59:26.0990 1444  atapi - ok
20:59:27.0037 1444  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:59:27.0084 1444  AudioEndpointBuilder - ok
20:59:27.0115 1444  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
20:59:27.0146 1444  Audiosrv - ok
20:59:27.0178 1444  [ 87425709A251386064C99B684BF96F72 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
20:59:27.0193 1444  avgntflt - ok
20:59:27.0240 1444  [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
20:59:27.0256 1444  avipbb - ok
20:59:27.0287 1444  [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
20:59:27.0318 1444  avkmgr - ok
20:59:27.0380 1444  [ CF6A67C90951E3E763D2135DEDE44B85 ] BCM43XV        C:\Windows\system32\DRIVERS\bcmwl6.sys
20:59:27.0474 1444  BCM43XV - ok
20:59:27.0505 1444  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:59:27.0552 1444  Beep - ok
20:59:27.0630 1444  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE            C:\Windows\System32\bfe.dll
20:59:27.0677 1444  BFE - ok
20:59:27.0802 1444  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
20:59:27.0848 1444  BITS - ok
20:59:27.0848 1444  blbdrive - ok
20:59:27.0973 1444  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:59:28.0004 1444  Bonjour Service - ok
20:59:28.0051 1444  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:59:28.0114 1444  bowser - ok
20:59:28.0145 1444  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
20:59:28.0192 1444  BrFiltLo - ok
20:59:28.0207 1444  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
20:59:28.0285 1444  BrFiltUp - ok
20:59:28.0332 1444  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser        C:\Windows\System32\browser.dll
20:59:28.0379 1444  Browser - ok
20:59:28.0441 1444  [ B304E75CFF293029EDDF094246747113 ] Brserid        C:\Windows\system32\drivers\brserid.sys
20:59:28.0519 1444  Brserid - ok
20:59:28.0550 1444  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
20:59:28.0628 1444  BrSerWdm - ok
20:59:28.0644 1444  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
20:59:28.0738 1444  BrUsbMdm - ok
20:59:28.0769 1444  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
20:59:28.0831 1444  BrUsbSer - ok
20:59:28.0862 1444  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:59:28.0940 1444  BTHMODEM - ok
20:59:29.0003 1444  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:59:29.0096 1444  cdfs - ok
20:59:29.0128 1444  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
20:59:29.0221 1444  cdrom - ok
20:59:29.0268 1444  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc    C:\Windows\System32\certprop.dll
20:59:29.0362 1444  CertPropSvc - ok
20:59:29.0408 1444  [ 2A3A6EEF9E5479CF662B088EEBEDE8D8 ] CFRMD          C:\Windows\system32\DRIVERS\CFRMD.sys
20:59:29.0440 1444  CFRMD - ok
20:59:29.0518 1444  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
20:59:29.0596 1444  circlass - ok
20:59:29.0845 1444  [ DBAFC6734C054FEEF9087754BD80F847 ] CLCapSvc        C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
20:59:29.0876 1444  CLCapSvc ( UnsignedFile.Multi.Generic ) - warning
20:59:29.0876 1444  CLCapSvc - detected UnsignedFile.Multi.Generic (1)
20:59:29.0939 1444  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
20:59:29.0954 1444  CLFS - ok
20:59:30.0032 1444  [ D7180E73D13AC5DE22D8F5C3A4713E4B ] CLPSLauncher    C:\Program Files\Common Files\COMODO\launcher_service.exe
20:59:30.0064 1444  CLPSLauncher - ok
20:59:30.0360 1444  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:59:30.0376 1444  clr_optimization_v2.0.50727_32 - ok
20:59:30.0485 1444  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:59:30.0532 1444  clr_optimization_v4.0.30319_32 - ok
20:59:30.0563 1444  [ E67F8F036FD882E4AB62501C0D45B536 ] CLSched        C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
20:59:30.0594 1444  CLSched ( UnsignedFile.Multi.Generic ) - warning
20:59:30.0594 1444  CLSched - detected UnsignedFile.Multi.Generic (1)
20:59:30.0625 1444  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:59:30.0672 1444  CmBatt - ok
20:59:31.0046 1444  [ DAA199690ED70FFE5765FBC3BCB48E7C ] cmdAgent        C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
20:59:31.0218 1444  cmdAgent - ok
20:59:31.0265 1444  [ E6B8CB3C452F3F227ADD2AD63EABEB04 ] cmderd          C:\Windows\system32\DRIVERS\cmderd.sys
20:59:31.0280 1444  cmderd - ok
20:59:31.0405 1444  [ F4F95399BDB9D416AA68114C378766C4 ] cmdGuard        C:\Windows\system32\DRIVERS\cmdguard.sys
20:59:31.0452 1444  cmdGuard - ok
20:59:31.0499 1444  [ 22230B68EB5B6B713197BC868187CC91 ] cmdHlp          C:\Windows\system32\DRIVERS\cmdhlp.sys
20:59:31.0530 1444  cmdHlp - ok
20:59:31.0546 1444  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:59:31.0561 1444  cmdide - ok
20:59:31.0592 1444  [ 2BB9FB821D508758916CF4C78E68694A ] cmdvirth        C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
20:59:31.0608 1444  cmdvirth - ok
20:59:31.0655 1444  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:59:31.0670 1444  Compbatt - ok
20:59:31.0670 1444  COMSysApp - ok
20:59:31.0702 1444  [ C2EB4539A4F6AB6EDD01BDC191619975 ] cpuz135        C:\Windows\system32\drivers\cpuz135_x32.sys
20:59:31.0717 1444  cpuz135 - ok
20:59:31.0717 1444  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
20:59:31.0733 1444  crcdisk - ok
20:59:31.0764 1444  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
20:59:31.0811 1444  Crusoe - ok
20:59:31.0889 1444  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:59:31.0936 1444  CryptSvc - ok
20:59:32.0107 1444  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:59:32.0170 1444  DcomLaunch - ok
20:59:32.0232 1444  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:59:32.0341 1444  DfsC - ok
20:59:32.0466 1444  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
20:59:32.0731 1444  DFSR - ok
20:59:32.0794 1444  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
20:59:32.0825 1444  Dhcp - ok
20:59:32.0856 1444  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
20:59:32.0872 1444  disk - ok
20:59:32.0903 1444  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:59:32.0965 1444  Dnscache - ok
20:59:33.0012 1444  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc        C:\Windows\System32\dot3svc.dll
20:59:33.0043 1444  dot3svc - ok
20:59:33.0137 1444  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS            C:\Windows\system32\dps.dll
20:59:33.0168 1444  DPS - ok
20:59:33.0402 1444  [ 770AC17FBF274FB1773F5C49EE15B3DD ] DragonUpdater  C:\Program Files\Comodo\Dragon\dragon_updater.exe
20:59:33.0558 1444  DragonUpdater - ok
20:59:33.0605 1444  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
20:59:33.0652 1444  drmkaud - ok
20:59:33.0776 1444  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
20:59:33.0823 1444  DXGKrnl - ok
20:59:33.0886 1444  [ C0B00E55CF82D122D25983C7A6A53DEA ] E100B          C:\Windows\system32\DRIVERS\e100b325.sys
20:59:33.0964 1444  E100B - ok
20:59:33.0995 1444  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60          C:\Windows\system32\DRIVERS\E1G60I32.sys
20:59:34.0073 1444  E1G60 - ok
20:59:34.0120 1444  [ E88B0CFCECF745211BBA87F44F85D0DD ] eabfiltr        C:\Windows\system32\DRIVERS\eabfiltr.sys
20:59:34.0182 1444  eabfiltr - ok
20:59:34.0229 1444  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost        C:\Windows\System32\eapsvc.dll
20:59:34.0244 1444  EapHost - ok
20:59:34.0385 1444  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
20:59:34.0416 1444  Ecache - ok
20:59:34.0494 1444  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
20:59:34.0541 1444  ehRecvr - ok
20:59:34.0572 1444  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched        C:\Windows\ehome\ehsched.exe
20:59:34.0666 1444  ehSched - ok
20:59:34.0681 1444  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart        C:\Windows\ehome\ehstart.dll
20:59:34.0712 1444  ehstart - ok
20:59:34.0775 1444  [ E8F3F21A71720C84BCF423B80028359F ] elxstor        C:\Windows\system32\drivers\elxstor.sys
20:59:34.0806 1444  elxstor - ok
20:59:34.0962 1444  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt        C:\Windows\system32\emdmgmt.dll
20:59:35.0071 1444  EMDMgmt - ok
20:59:35.0149 1444  [ 539CA34FBC74EC366A0D751028C32A08 ] epmntdrv        C:\Windows\system32\epmntdrv.sys
20:59:35.0180 1444  epmntdrv ( UnsignedFile.Multi.Generic ) - warning
20:59:35.0180 1444  epmntdrv - detected UnsignedFile.Multi.Generic (1)
20:59:35.0212 1444  [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv        C:\Windows\system32\EuGdiDrv.sys
20:59:35.0243 1444  EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
20:59:35.0243 1444  EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
20:59:35.0290 1444  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem    C:\Windows\system32\es.dll
20:59:35.0336 1444  EventSystem - ok
20:59:35.0383 1444  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat          C:\Windows\system32\drivers\exfat.sys
20:59:35.0477 1444  exfat - ok
20:59:35.0524 1444  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
20:59:35.0570 1444  fastfat - ok
20:59:35.0602 1444  [ 63BDADA84951B9C03E641800E176898A ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
20:59:35.0680 1444  fdc - ok
20:59:35.0711 1444  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost        C:\Windows\system32\fdPHost.dll
20:59:35.0789 1444  fdPHost - ok
20:59:35.0836 1444  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:59:35.0898 1444  FDResPub - ok
20:59:35.0945 1444  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:59:35.0976 1444  FileInfo - ok
20:59:36.0007 1444  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
20:59:36.0070 1444  Filetrace - ok
20:59:36.0101 1444  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:59:36.0163 1444  flpydisk - ok
20:59:36.0319 1444  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:59:36.0335 1444  FltMgr - ok
20:59:36.0444 1444  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache      C:\Windows\system32\FntCache.dll
20:59:36.0553 1444  FontCache - ok
20:59:36.0694 1444  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:59:36.0725 1444  FontCache3.0.0.0 - ok
20:59:36.0756 1444  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:59:36.0818 1444  Fs_Rec - ok
20:59:36.0865 1444  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:59:36.0896 1444  gagp30kx - ok
20:59:36.0928 1444  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:59:36.0943 1444  GEARAspiWDM - ok
20:59:37.0115 1444  [ AE63D0DB96C07CAE5DC4CDB2B2A719A0 ] GeekBuddyRSP    C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
20:59:37.0255 1444  GeekBuddyRSP - ok
20:59:37.0333 1444  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc          C:\Windows\System32\gpsvc.dll
20:59:37.0411 1444  gpsvc - ok
20:59:37.0474 1444  [ D956358054E99E6FFAC69CD87E893A89 ] grmnusb        C:\Windows\system32\drivers\grmnusb.sys
20:59:37.0520 1444  grmnusb - ok
20:59:37.0630 1444  [ F02A533F517EB38333CB12A9E8963773 ] gupdate        C:\Program Files\Google\Update\GoogleUpdate.exe
20:59:37.0645 1444  gupdate - ok
20:59:37.0645 1444  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
20:59:37.0661 1444  gupdatem - ok
20:59:37.0708 1444  [ DE15777902A5D9121857D155873A1D1B ] HBtnKey        C:\Windows\system32\DRIVERS\cpqbttn.sys
20:59:37.0739 1444  HBtnKey - ok
20:59:37.0786 1444  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:59:37.0848 1444  HdAudAddService - ok
20:59:37.0957 1444  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:59:38.0051 1444  HDAudBus - ok
20:59:38.0066 1444  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:59:38.0176 1444  HidBth - ok
20:59:38.0176 1444  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr          C:\Windows\system32\drivers\hidir.sys
20:59:38.0285 1444  HidIr - ok
20:59:38.0316 1444  [ 84067081F3318162797385E11A8F0582 ] hidserv        C:\Windows\system32\hidserv.dll
20:59:38.0394 1444  hidserv - ok
20:59:38.0425 1444  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:59:38.0488 1444  HidUsb - ok
20:59:38.0519 1444  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:59:38.0566 1444  hkmsvc - ok
20:59:38.0659 1444  [ 2CEEB349216FEBD91A907013D4ABCFF7 ] HP Health Check Service C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
20:59:38.0690 1444  HP Health Check Service - ok
20:59:38.0722 1444  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs        C:\Windows\system32\drivers\hpcisss.sys
20:59:38.0753 1444  HpCISSs - ok
20:59:38.0800 1444  [ 04C1DCBB226C6AE647B794833CE3CEB6 ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
20:59:38.0815 1444  hpqwmiex ( UnsignedFile.Multi.Generic ) - warning
20:59:38.0815 1444  hpqwmiex - detected UnsignedFile.Multi.Generic (1)
20:59:38.0862 1444  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
20:59:38.0924 1444  HSFHWAZL - ok
20:59:39.0065 1444  [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV        C:\Windows\system32\DRIVERS\VSTDPV3.SYS
20:59:39.0190 1444  HSF_DPV - ok
20:59:39.0268 1444  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:59:39.0377 1444  HTTP - ok
20:59:39.0424 1444  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp          C:\Windows\system32\drivers\i2omp.sys
20:59:39.0439 1444  i2omp - ok
20:59:39.0502 1444  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:59:39.0548 1444  i8042prt - ok
20:59:39.0626 1444  [ 582F2D900A3AC34C98FBDC2C0ABEF6B9 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
20:59:39.0658 1444  IAANTMON - ok
20:59:39.0736 1444  [ 496DB78E6A0C4C44023D9A92B4A7AC31 ] ialm            C:\Windows\system32\DRIVERS\igdkmd32.sys
20:59:39.0907 1444  ialm - ok
20:59:39.0938 1444  [ FD7F9D74C2B35DBDA400804A3F5ED5D8 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
20:59:39.0970 1444  iaStor - ok
20:59:40.0032 1444  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV        C:\Windows\system32\drivers\iastorv.sys
20:59:40.0063 1444  iaStorV - ok
20:59:40.0126 1444  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:59:40.0157 1444  IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:59:40.0157 1444  IDriverT - detected UnsignedFile.Multi.Generic (1)
20:59:40.0235 1444  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:59:40.0313 1444  idsvc - ok
20:59:40.0344 1444  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
20:59:40.0375 1444  iirsp - ok
20:59:40.0469 1444  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
20:59:40.0531 1444  IKEEXT - ok
20:59:40.0562 1444  [ 409AC6C4F9F61F41532B702E3A0B3257 ] inspect        C:\Windows\system32\DRIVERS\inspect.sys
20:59:40.0594 1444  inspect - ok
20:59:40.0687 1444  [ 8D7EB1FD498FD0A34C95A298685EC1C7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:59:40.0843 1444  IntcAzAudAddService - ok
20:59:40.0890 1444  [ 97469037714070E45194ED318D636401 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:59:40.0921 1444  intelide - ok
20:59:40.0952 1444  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:59:40.0999 1444  intelppm - ok
20:59:41.0030 1444  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
20:59:41.0093 1444  IPBusEnum - ok
20:59:41.0124 1444  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:59:41.0186 1444  IpFilterDriver - ok
20:59:41.0249 1444  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:59:41.0311 1444  iphlpsvc - ok
20:59:41.0311 1444  IpInIp - ok
20:59:41.0342 1444  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV        C:\Windows\system32\drivers\ipmidrv.sys
20:59:41.0405 1444  IPMIDRV - ok
20:59:41.0436 1444  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT          C:\Windows\system32\DRIVERS\ipnat.sys
20:59:41.0467 1444  IPNAT - ok
20:59:41.0608 1444  [ E46B17060D3962A384AE484094614788 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:59:41.0670 1444  iPod Service - ok
20:59:41.0701 1444  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:59:41.0764 1444  IRENUM - ok
20:59:41.0810 1444  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:59:41.0842 1444  isapnp - ok
20:59:41.0873 1444  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
20:59:41.0904 1444  iScsiPrt - ok
20:59:41.0920 1444  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
20:59:41.0935 1444  iteatapi - ok
20:59:41.0951 1444  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid        C:\Windows\system32\drivers\iteraid.sys
20:59:41.0966 1444  iteraid - ok
20:59:42.0013 1444  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:59:42.0029 1444  kbdclass - ok
20:59:42.0076 1444  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:59:42.0122 1444  kbdhid - ok
20:59:42.0169 1444  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
20:59:42.0232 1444  KeyIso - ok
20:59:42.0310 1444  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:59:42.0325 1444  KSecDD - ok
20:59:42.0372 1444  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm          C:\Windows\system32\msdtckrm.dll
20:59:42.0419 1444  KtmRm - ok
20:59:42.0450 1444  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:59:42.0528 1444  LanmanServer - ok
20:59:42.0575 1444  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:59:42.0637 1444  LanmanWorkstation - ok
20:59:42.0715 1444  [ 559C9B7800FAC92FC515CD0003D7C631 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
20:59:42.0746 1444  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:59:42.0746 1444  LightScribeService - detected UnsignedFile.Multi.Generic (1)
20:59:42.0778 1444  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:59:42.0840 1444  lltdio - ok
20:59:42.0902 1444  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
20:59:42.0980 1444  lltdsvc - ok
20:59:43.0027 1444  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts        C:\Windows\System32\lmhsvc.dll
20:59:43.0105 1444  lmhosts - ok
20:59:43.0168 1444  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:59:43.0199 1444  LSI_FC - ok
20:59:43.0214 1444  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
20:59:43.0246 1444  LSI_SAS - ok
20:59:43.0261 1444  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:59:43.0277 1444  LSI_SCSI - ok
20:59:43.0308 1444  [ 8F5C7426567798E62A3B3614965D62CC ] luafv          C:\Windows\system32\drivers\luafv.sys
20:59:43.0370 1444  luafv - ok
20:59:43.0417 1444  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
20:59:43.0464 1444  Mcx2Svc - ok
20:59:43.0495 1444  [ D153B14FC6598EAE8422A2037553ADCE ] megasas        C:\Windows\system32\drivers\megasas.sys
20:59:43.0511 1444  megasas - ok
20:59:43.0542 1444  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS          C:\Windows\system32\mmcss.dll
20:59:43.0573 1444  MMCSS - ok
20:59:43.0604 1444  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem          C:\Windows\system32\drivers\modem.sys
20:59:43.0651 1444  Modem - ok
20:59:43.0682 1444  [ CBB59C41F19EFEA1A000793E08070A62 ] MODEMCSA        C:\Windows\system32\drivers\MODEMCSA.sys
20:59:43.0729 1444  MODEMCSA - ok
20:59:43.0776 1444  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
20:59:43.0807 1444  monitor - ok
20:59:43.0838 1444  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:59:43.0854 1444  mouclass - ok
20:59:43.0901 1444  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:59:43.0932 1444  mouhid - ok
20:59:43.0963 1444  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
20:59:43.0979 1444  MountMgr - ok
20:59:44.0041 1444  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:59:44.0072 1444  MozillaMaintenance - ok
20:59:44.0119 1444  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:59:44.0135 1444  mpio - ok
20:59:44.0182 1444  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:59:44.0213 1444  mpsdrv - ok
20:59:44.0275 1444  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:59:44.0353 1444  MpsSvc - ok
20:59:44.0384 1444  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
20:59:44.0400 1444  Mraid35x - ok
20:59:44.0447 1444  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:59:44.0494 1444  MRxDAV - ok
20:59:44.0525 1444  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:59:44.0572 1444  mrxsmb - ok
20:59:44.0618 1444  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:59:44.0665 1444  mrxsmb10 - ok
20:59:44.0696 1444  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:59:44.0728 1444  mrxsmb20 - ok
20:59:44.0759 1444  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:59:44.0774 1444  msahci - ok
20:59:44.0806 1444  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
20:59:44.0821 1444  msdsm - ok
20:59:44.0884 1444  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC          C:\Windows\System32\msdtc.exe
20:59:44.0962 1444  MSDTC - ok
20:59:45.0008 1444  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:59:45.0055 1444  Msfs - ok
20:59:45.0102 1444  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:59:45.0118 1444  msisadrv - ok
20:59:45.0149 1444  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
20:59:45.0180 1444  MSiSCSI - ok
20:59:45.0196 1444  msiserver - ok
20:59:45.0227 1444  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
20:59:45.0274 1444  MSKSSRV - ok
20:59:45.0320 1444  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:59:45.0367 1444  MSPCLOCK - ok
20:59:45.0414 1444  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
20:59:45.0430 1444  MSPQM - ok
20:59:45.0523 1444  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
20:59:45.0554 1444  MsRPC - ok
20:59:45.0586 1444  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:59:45.0601 1444  mssmbios - ok
20:59:45.0632 1444  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
20:59:45.0695 1444  MSTEE - ok
20:59:45.0710 1444  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup            C:\Windows\system32\Drivers\mup.sys
20:59:45.0726 1444  Mup - ok
20:59:45.0773 1444  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
20:59:45.0835 1444  napagent - ok
20:59:45.0882 1444  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
20:59:45.0913 1444  NativeWifiP - ok
20:59:45.0960 1444  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:59:45.0991 1444  NDIS - ok
20:59:46.0022 1444  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:59:46.0085 1444  NdisTapi - ok
20:59:46.0132 1444  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
20:59:46.0178 1444  Ndisuio - ok
20:59:46.0225 1444  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
20:59:46.0288 1444  NdisWan - ok
20:59:46.0319 1444  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
20:59:46.0350 1444  NDProxy - ok
20:59:46.0366 1444  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
20:59:46.0428 1444  NetBIOS - ok
20:59:46.0459 1444  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt          C:\Windows\system32\DRIVERS\netbt.sys
20:59:46.0506 1444  netbt - ok
20:59:46.0537 1444  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
20:59:46.0568 1444  Netlogon - ok
20:59:46.0631 1444  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
20:59:46.0709 1444  Netman - ok
20:59:46.0756 1444  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
20:59:46.0787 1444  netprofm - ok
20:59:46.0849 1444  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:59:46.0865 1444  NetTcpPortSharing - ok
20:59:47.0286 1444  [ 1D73499A6664B4DA05D750FF83FDB274 ] NETw4v32        C:\Windows\system32\DRIVERS\NETw4v32.sys
20:59:47.0489 1444  NETw4v32 - ok
20:59:48.0440 1444  [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32        C:\Windows\system32\DRIVERS\NETw5v32.sys
20:59:49.0064 1444  NETw5v32 - ok
20:59:49.0111 1444  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
20:59:49.0142 1444  nfrd960 - ok
20:59:49.0189 1444  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:59:49.0220 1444  NlaSvc - ok
20:59:49.0267 1444  [ CFE3462A9E94A57DCD9676F6B7FE7F67 ] nmwcd          C:\Windows\system32\drivers\ccdcmb.sys
20:59:49.0330 1444  nmwcd - ok
20:59:49.0361 1444  [ 8F2A94F991F8C73CEC26B4B5620D1EDC ] nmwcdc          C:\Windows\system32\drivers\ccdcmbo.sys
20:59:49.0408 1444  nmwcdc - ok
20:59:49.0439 1444  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:59:49.0470 1444  Npfs - ok
20:59:49.0501 1444  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi            C:\Windows\system32\nsisvc.dll
20:59:49.0532 1444  nsi - ok
20:59:49.0564 1444  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:59:49.0595 1444  nsiproxy - ok
20:59:49.0782 1444  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:59:49.0844 1444  Ntfs - ok
20:59:49.0891 1444  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi      C:\Windows\system32\drivers\ntrigdigi.sys
20:59:49.0969 1444  ntrigdigi - ok
20:59:50.0000 1444  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
20:59:50.0047 1444  Null - ok
20:59:51.0654 1444  [ 24000B817CC84AC1555F41929879AF5A ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:59:52.0309 1444  nvlddmkm - ok
20:59:52.0356 1444  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:59:52.0387 1444  nvraid - ok
20:59:52.0403 1444  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:59:52.0418 1444  nvstor - ok
20:59:52.0481 1444  [ C4D17F11526F87BC762F31DA5BD2580B ] nvsvc          C:\Windows\system32\nvvsvc.exe
20:59:52.0496 1444  nvsvc - ok
20:59:52.0512 1444  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:59:52.0528 1444  nv_agp - ok
20:59:52.0528 1444  NwlnkFlt - ok
20:59:52.0543 1444  NwlnkFwd - ok
20:59:52.0746 1444  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:59:52.0777 1444  odserv - ok
20:59:52.0824 1444  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
20:59:52.0840 1444  ohci1394 - ok
20:59:52.0886 1444  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:59:52.0902 1444  ose - ok
20:59:52.0964 1444  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
20:59:53.0105 1444  p2pimsvc - ok
20:59:53.0120 1444  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:59:53.0167 1444  p2psvc - ok
20:59:53.0198 1444  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport        C:\Windows\system32\drivers\parport.sys
20:59:53.0276 1444  Parport - ok
20:59:53.0323 1444  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
20:59:53.0339 1444  partmgr - ok
20:59:53.0370 1444  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
20:59:53.0464 1444  Parvdm - ok
20:59:53.0526 1444  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:59:53.0588 1444  PcaSvc - ok
20:59:53.0635 1444  [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
20:59:53.0729 1444  pccsmcfd - ok
20:59:53.0900 1444  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci            C:\Windows\system32\drivers\pci.sys
20:59:53.0916 1444  pci - ok
20:59:53.0932 1444  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
20:59:53.0963 1444  pciide - ok
20:59:53.0994 1444  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:59:54.0010 1444  pcmcia - ok
20:59:54.0072 1444  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:59:54.0181 1444  PEAUTH - ok
20:59:54.0415 1444  [ B1689DF169143F57053F795390C99DB3 ] pla            C:\Windows\system32\pla.dll
20:59:54.0540 1444  pla - ok
20:59:54.0602 1444  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:59:54.0665 1444  PlugPlay - ok
20:59:54.0712 1444  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg    C:\Windows\system32\p2psvc.dll
20:59:54.0774 1444  PNRPAutoReg - ok
20:59:54.0852 1444  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc        C:\Windows\system32\p2psvc.dll
20:59:54.0899 1444  PNRPsvc - ok
20:59:54.0977 1444  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
20:59:55.0055 1444  PolicyAgent - ok
20:59:55.0102 1444  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:59:55.0164 1444  PptpMiniport - ok
20:59:55.0195 1444  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor      C:\Windows\system32\drivers\processr.sys
20:59:55.0242 1444  Processor - ok
20:59:55.0273 1444  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc        C:\Windows\system32\profsvc.dll
20:59:55.0304 1444  ProfSvc - ok
20:59:55.0320 1444  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
20:59:55.0336 1444  ProtectedStorage - ok
20:59:55.0398 1444  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
20:59:55.0445 1444  PSched - ok
20:59:55.0460 1444  [ D86B4A68565E444D76457F14172C875A ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
20:59:55.0476 1444  PxHelp20 - ok
20:59:55.0538 1444  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:59:55.0632 1444  ql2300 - ok
20:59:55.0648 1444  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:59:55.0663 1444  ql40xx - ok
20:59:55.0710 1444  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE          C:\Windows\system32\qwave.dll
20:59:55.0757 1444  QWAVE - ok
20:59:55.0772 1444  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:59:55.0788 1444  QWAVEdrv - ok
20:59:55.0819 1444  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:59:55.0866 1444  RasAcd - ok
20:59:55.0913 1444  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto        C:\Windows\System32\rasauto.dll
20:59:55.0975 1444  RasAuto - ok
20:59:56.0162 1444  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
20:59:56.0209 1444  Rasl2tp - ok
20:59:56.0256 1444  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
20:59:56.0318 1444  RasMan - ok
20:59:56.0350 1444  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:59:56.0412 1444  RasPppoe - ok
20:59:56.0459 1444  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
20:59:56.0506 1444  RasSstp - ok
20:59:56.0552 1444  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
20:59:56.0568 1444  rdbss - ok
20:59:56.0599 1444  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:59:56.0662 1444  RDPCDD - ok
20:59:56.0708 1444  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr          C:\Windows\system32\drivers\rdpdr.sys
20:59:56.0755 1444  rdpdr - ok
20:59:56.0771 1444  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:59:56.0833 1444  RDPENCDD - ok
20:59:56.0911 1444  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
20:59:56.0974 1444  RDPWD - ok
20:59:57.0005 1444  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:59:57.0052 1444  RemoteAccess - ok
20:59:57.0098 1444  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:59:57.0161 1444  RemoteRegistry - ok
20:59:57.0208 1444  [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
20:59:57.0270 1444  rimmptsk - ok
20:59:57.0301 1444  [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
20:59:57.0348 1444  rimsptsk - ok
20:59:57.0379 1444  [ C663AF77E2F4EABF8EB08B388D2F1F36 ] rismxdp        C:\Windows\system32\DRIVERS\rixdptsk.sys
20:59:57.0410 1444  rismxdp - ok
20:59:57.0582 1444  [ 08FB7D968805001C7ADCBB14B0651FA2 ] RoxMediaDB9    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
20:59:57.0660 1444  RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - warning
20:59:57.0660 1444  RoxMediaDB9 - detected UnsignedFile.Multi.Generic (1)
20:59:57.0691 1444  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
20:59:57.0769 1444  RpcLocator - ok
20:59:57.0832 1444  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs          C:\Windows\system32\rpcss.dll
20:59:57.0878 1444  RpcSs - ok
20:59:57.0910 1444  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:59:57.0972 1444  rspndr - ok
20:59:58.0003 1444  [ 71B7026D61293C1E91145BDAD11C53BF ] RTL8169        C:\Windows\system32\DRIVERS\Rtlh86.sys
20:59:58.0050 1444  RTL8169 - ok
20:59:58.0081 1444  [ A3E186B4B935905B829219502557314E ] SamSs          C:\Windows\system32\lsass.exe
20:59:58.0097 1444  SamSs - ok
20:59:58.0128 1444  SANDRA - ok
20:59:58.0206 1444  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:59:58.0222 1444  SASDIFSV - ok
20:59:58.0253 1444  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:59:58.0268 1444  SASKUTIL - ok
20:59:58.0300 1444  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:59:58.0315 1444  sbp2port - ok
20:59:58.0362 1444  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:59:58.0409 1444  SCardSvr - ok
20:59:58.0721 1444  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
20:59:58.0814 1444  Schedule - ok
20:59:58.0861 1444  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc    C:\Windows\System32\certprop.dll
20:59:58.0877 1444  SCPolicySvc - ok
20:59:59.0033 1444  [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus          C:\Windows\system32\DRIVERS\sdbus.sys
20:59:59.0080 1444  sdbus - ok
20:59:59.0142 1444  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:59:59.0251 1444  SDRSVC - ok
20:59:59.0298 1444  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:59:59.0392 1444  secdrv - ok
20:59:59.0470 1444  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
20:59:59.0563 1444  seclogon - ok
20:59:59.0610 1444  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
20:59:59.0672 1444  SENS - ok
20:59:59.0688 1444  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum        C:\Windows\system32\drivers\serenum.sys
20:59:59.0782 1444  Serenum - ok
20:59:59.0797 1444  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
20:59:59.0875 1444  Serial - ok
20:59:59.0953 1444  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:59:59.0969 1444  sermouse - ok
21:00:00.0437 1444  [ 8C1F87F5FDD92229D1754B98F073913F ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:00:00.0546 1444  ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
21:00:00.0546 1444  ServiceLayer - detected UnsignedFile.Multi.Generic (1)
21:00:00.0608 1444  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:00:00.0686 1444  SessionEnv - ok
21:00:00.0718 1444  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk        C:\Windows\system32\DRIVERS\sffdisk.sys
21:00:00.0780 1444  sffdisk - ok
21:00:00.0811 1444  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:00:00.0905 1444  sffp_mmc - ok
21:00:00.0983 1444  [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd        C:\Windows\system32\DRIVERS\sffp_sd.sys
21:00:00.0998 1444  sffp_sd - ok
21:00:01.0123 1444  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
21:00:01.0232 1444  sfloppy - ok
21:00:01.0279 1444  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:00:01.0342 1444  SharedAccess - ok
21:00:01.0388 1444  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:00:01.0451 1444  ShellHWDetection - ok
21:00:01.0482 1444  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
21:00:01.0498 1444  sisagp - ok
21:00:01.0513 1444  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
21:00:01.0544 1444  SiSRaid2 - ok
21:00:01.0576 1444  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:00:01.0591 1444  SiSRaid4 - ok
21:00:01.0778 1444  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc          C:\Windows\system32\SLsvc.exe
21:00:01.0981 1444  slsvc - ok
21:00:02.0012 1444  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
21:00:02.0059 1444  SLUINotify - ok
21:00:02.0106 1444  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
21:00:02.0153 1444  Smb - ok
21:00:02.0340 1444  [ 859E3ADC59D1C89A66AA6492C14D379E ] smserial        C:\Windows\system32\DRIVERS\smserial.sys
21:00:02.0465 1444  smserial - ok
21:00:02.0512 1444  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:00:02.0543 1444  SNMPTRAP - ok
21:00:02.0574 1444  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr          C:\Windows\system32\drivers\spldr.sys
21:00:02.0590 1444  spldr - ok
21:00:02.0636 1444  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler        C:\Windows\System32\spoolsv.exe
21:00:02.0699 1444  Spooler - ok
21:00:02.0746 1444  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv            C:\Windows\system32\DRIVERS\srv.sys
21:00:02.0824 1444  srv - ok
21:00:02.0886 1444  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:00:02.0948 1444  srv2 - ok
21:00:02.0980 1444  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:00:03.0026 1444  srvnet - ok
21:00:03.0073 1444  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
21:00:03.0136 1444  SSDPSRV - ok
21:00:03.0167 1444  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
21:00:03.0182 1444  ssmdrv - ok
21:00:03.0245 1444  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
21:00:03.0292 1444  SstpSvc - ok
21:00:03.0354 1444  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
21:00:03.0401 1444  stisvc - ok
21:00:03.0479 1444  [ A9A23C8AF361F7A93FD632E91A8C346F ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
21:00:03.0494 1444  stllssvr - ok
21:00:03.0572 1444  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:00:03.0604 1444  swenum - ok
21:00:03.0635 1444  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv          C:\Windows\System32\swprv.dll
21:00:03.0697 1444  swprv - ok
21:00:03.0728 1444  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx        C:\Windows\system32\drivers\symc8xx.sys
21:00:03.0744 1444  Symc8xx - ok
21:00:03.0760 1444  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
21:00:03.0775 1444  Sym_hi - ok
21:00:03.0791 1444  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
21:00:03.0806 1444  Sym_u3 - ok
21:00:03.0853 1444  [ 067CB9D745407A8C1B26E89A6A2CE152 ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
21:00:03.0869 1444  SynTP - ok
21:00:03.0994 1444  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain        C:\Windows\system32\sysmain.dll
21:00:04.0087 1444  SysMain - ok
21:00:04.0150 1444  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:00:04.0196 1444  TabletInputService - ok
21:00:04.0243 1444  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv        C:\Windows\System32\tapisrv.dll
21:00:04.0306 1444  TapiSrv - ok
21:00:04.0352 1444  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS            C:\Windows\System32\tbssvc.dll
21:00:04.0399 1444  TBS - ok
21:00:04.0477 1444  [ 3535CD93F944C00F098E73E12EE7FEB6 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
21:00:04.0540 1444  Tcpip - ok
21:00:04.0586 1444  [ 3535CD93F944C00F098E73E12EE7FEB6 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
21:00:04.0649 1444  Tcpip6 - ok
21:00:04.0664 1444  [ CD21572F83F7EC6E2C20C465967BEDD9 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:00:04.0711 1444  tcpipreg - ok
21:00:04.0742 1444  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:00:04.0789 1444  TDPIPE - ok
21:00:04.0789 1444  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
21:00:04.0852 1444  TDTCP - ok
21:00:04.0883 1444  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
21:00:04.0930 1444  tdx - ok
21:00:04.0945 1444  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:00:04.0961 1444  TermDD - ok
21:00:05.0008 1444  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService    C:\Windows\System32\termsrv.dll
21:00:05.0039 1444  TermService - ok
21:00:05.0086 1444  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
21:00:05.0101 1444  Themes - ok
21:00:05.0132 1444  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER    C:\Windows\system32\mmcss.dll
21:00:05.0164 1444  THREADORDER - ok
21:00:05.0179 1444  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
21:00:05.0242 1444  TrkWks - ok
21:00:05.0304 1444  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:00:05.0351 1444  TrustedInstaller - ok
21:00:05.0382 1444  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:00:05.0444 1444  tssecsrv - ok
21:00:05.0491 1444  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp          C:\Windows\system32\DRIVERS\tunmp.sys
21:00:05.0522 1444  tunmp - ok
21:00:05.0569 1444  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:00:05.0600 1444  tunnel - ok
21:00:05.0632 1444  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:00:05.0663 1444  uagp35 - ok
21:00:05.0694 1444  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:00:05.0741 1444  udfs - ok
21:00:05.0772 1444  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
21:00:05.0834 1444  UI0Detect - ok
21:00:05.0881 1444  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:00:05.0912 1444  uliagpkx - ok
21:00:05.0928 1444  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci        C:\Windows\system32\drivers\uliahci.sys
21:00:05.0959 1444  uliahci - ok
21:00:05.0975 1444  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
21:00:05.0990 1444  UlSata - ok
21:00:06.0022 1444  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2        C:\Windows\system32\drivers\ulsata2.sys
21:00:06.0037 1444  ulsata2 - ok
21:00:06.0068 1444  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
21:00:06.0100 1444  umbus - ok
21:00:06.0162 1444  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
21:00:06.0224 1444  upnphost - ok
21:00:06.0271 1444  [ EC01DA44B090D2651FC032C8B9257232 ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
21:00:06.0302 1444  upperdev - ok
21:00:06.0349 1444  [ 68A00F7BD18BC3AF2D98A75142E1C74E ] USB28xxBGA      C:\Windows\system32\DRIVERS\emBDA.sys
21:00:06.0412 1444  USB28xxBGA - ok
21:00:06.0427 1444  [ 77926A55D9C8258E679A817E48829EB0 ] USB28xxOEM      C:\Windows\system32\DRIVERS\emOEM.sys
21:00:06.0458 1444  USB28xxOEM - ok
21:00:06.0505 1444  [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL        C:\Windows\system32\Drivers\usbaapl.sys
21:00:06.0568 1444  USBAAPL - ok
21:00:06.0599 1444  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
21:00:06.0646 1444  usbccgp - ok
21:00:06.0708 1444  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:00:06.0770 1444  usbcir - ok
21:00:06.0833 1444  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
21:00:06.0864 1444  usbehci - ok
21:00:06.0880 1444  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:00:06.0911 1444  usbhub - ok
21:00:06.0926 1444  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci        C:\Windows\system32\drivers\usbohci.sys
21:00:07.0004 1444  usbohci - ok
21:00:07.0036 1444  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:00:07.0114 1444  usbprint - ok
21:00:07.0160 1444  [ A508C9BD8724980512136B039BBA65E9 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
21:00:07.0223 1444  usbscan - ok
21:00:07.0285 1444  [ D575246188F63DE0ACCF6EAC5FB59E6A ] usbser          C:\Windows\system32\drivers\usbser.sys
21:00:07.0332 1444  usbser - ok
21:00:07.0379 1444  [ 4ABD37CFBD710E64F01F9DA8710C73F7 ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
21:00:07.0426 1444  UsbserFilt - ok
21:00:07.0472 1444  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:00:07.0519 1444  USBSTOR - ok
21:00:07.0550 1444  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
21:00:07.0582 1444  usbuhci - ok
21:00:07.0644 1444  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
21:00:07.0660 1444  usbvideo - ok
21:00:07.0706 1444  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms          C:\Windows\System32\uxsms.dll
21:00:07.0753 1444  UxSms - ok
21:00:07.0816 1444  [ CD88D1B7776DC17A119049742EC07EB4 ] vds            C:\Windows\System32\vds.exe
21:00:07.0862 1444  vds - ok
21:00:07.0925 1444  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
21:00:07.0972 1444  vga - ok
21:00:08.0003 1444  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave        C:\Windows\System32\drivers\vga.sys
21:00:08.0050 1444  VgaSave - ok
21:00:08.0096 1444  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
21:00:08.0112 1444  viaagp - ok
21:00:08.0128 1444  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7          C:\Windows\system32\drivers\viac7.sys
21:00:08.0190 1444  ViaC7 - ok
21:00:08.0221 1444  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
21:00:08.0237 1444  viaide - ok
21:00:08.0284 1444  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:00:08.0315 1444  volmgr - ok
21:00:08.0362 1444  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
21:00:08.0377 1444  volmgrx - ok
21:00:08.0424 1444  [ 786DB5771F05EF300390399F626BF30A ] volsnap        C:\Windows\system32\drivers\volsnap.sys
21:00:08.0471 1444  volsnap - ok
21:00:08.0471 1444  vsdatant7 - ok
21:00:08.0518 1444  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
21:00:08.0533 1444  vsmraid - ok
21:00:08.0674 1444  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS            C:\Windows\system32\vssvc.exe
21:00:08.0767 1444  VSS - ok
21:00:08.0845 1444  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time        C:\Windows\system32\w32time.dll
21:00:08.0892 1444  W32Time - ok
21:00:08.0939 1444  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:00:09.0017 1444  WacomPen - ok
21:00:09.0048 1444  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
21:00:09.0110 1444  Wanarp - ok
21:00:09.0110 1444  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:00:09.0142 1444  Wanarpv6 - ok
21:00:09.0173 1444  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc        C:\Windows\System32\wcncsvc.dll
21:00:09.0220 1444  wcncsvc - ok
21:00:09.0266 1444  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:00:09.0313 1444  WcsPlugInService - ok
21:00:09.0344 1444  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
21:00:09.0360 1444  Wd - ok
21:00:09.0422 1444  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:00:09.0485 1444  Wdf01000 - ok
21:00:09.0532 1444  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:00:09.0594 1444  WdiServiceHost - ok
21:00:09.0594 1444  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
21:00:09.0641 1444  WdiSystemHost - ok
21:00:09.0656 1444  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient      C:\Windows\System32\webclnt.dll
21:00:09.0719 1444  WebClient - ok
21:00:09.0766 1444  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:00:09.0859 1444  Wecsvc - ok
21:00:09.0890 1444  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
21:00:09.0968 1444  wercplsupport - ok
21:00:10.0000 1444  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:00:10.0046 1444  WerSvc - ok
21:00:10.0078 1444  [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf        C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:00:10.0124 1444  winachsf - ok
21:00:10.0187 1444  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
21:00:10.0202 1444  WinDefend - ok
21:00:10.0218 1444  WinHttpAutoProxySvc - ok
21:00:10.0343 1444  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
21:00:10.0374 1444  Winmgmt - ok
21:00:10.0514 1444  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM          C:\Windows\system32\WsmSvc.dll
21:00:10.0592 1444  WinRM - ok
21:00:10.0655 1444  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc        C:\Windows\System32\wlansvc.dll
21:00:10.0717 1444  Wlansvc - ok
21:00:10.0748 1444  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
21:00:10.0764 1444  WmiAcpi - ok
21:00:10.0826 1444  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:00:10.0858 1444  wmiApSrv - ok
21:00:11.0060 1444  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
21:00:11.0170 1444  WMPNetworkSvc - ok
21:00:11.0232 1444  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:00:11.0294 1444  WPCSvc - ok
21:00:11.0310 1444  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:00:11.0372 1444  WPDBusEnum - ok
21:00:11.0404 1444  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
21:00:11.0419 1444  WpdUsb - ok
21:00:11.0575 1444  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:00:11.0622 1444  WPFFontCache_v0400 - ok
21:00:11.0653 1444  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
21:00:11.0716 1444  ws2ifsl - ok
21:00:11.0747 1444  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
21:00:11.0778 1444  wscsvc - ok
21:00:11.0778 1444  WSearch - ok
21:00:11.0965 1444  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
21:00:12.0152 1444  wuauserv - ok
21:00:12.0230 1444  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:00:12.0308 1444  WudfPf - ok
21:00:12.0355 1444  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:00:12.0402 1444  WUDFRd - ok
21:00:12.0449 1444  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
21:00:12.0496 1444  wudfsvc - ok
21:00:12.0542 1444  ================ Scan global ===============================
21:00:12.0574 1444  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
21:00:12.0620 1444  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:00:12.0652 1444  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:00:12.0698 1444  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
21:00:12.0714 1444  [Global] - ok
21:00:12.0714 1444  ================ Scan MBR ==================================
21:00:12.0730 1444  [ 1A1A06F62E891045814007163C1C76C3 ] \Device\Harddisk0\DR0
21:00:14.0758 1444  \Device\Harddisk0\DR0 - ok
21:00:14.0758 1444  ================ Scan VBR ==================================
21:00:14.0773 1444  [ 423B2363B09BA4B732EFA936EF1DA00A ] \Device\Harddisk0\DR0\Partition1
21:00:14.0789 1444  \Device\Harddisk0\DR0\Partition1 - ok
21:00:14.0804 1444  [ 3A65B55C25C9312F013D5C943F225457 ] \Device\Harddisk0\DR0\Partition2
21:00:14.0820 1444  \Device\Harddisk0\DR0\Partition2 - ok
21:00:14.0836 1444  [ E481C827EFA0B2B7FBEFFDE5206A0658 ] \Device\Harddisk0\DR0\Partition3
21:00:14.0836 1444  \Device\Harddisk0\DR0\Partition3 - ok
21:00:14.0836 1444  ============================================================
21:00:14.0836 1444  Scan finished
21:00:14.0836 1444  ============================================================
21:00:14.0851 2064  Detected object count: 9
21:00:14.0851 2064  Actual detected object count: 9
21:00:37.0268 2064  CLCapSvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:00:37.0268 2064  CLCapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:00:37.0268 2064  CLSched ( UnsignedFile.Multi.Generic ) - skipped by user
21:00:37.0268 2064  CLSched ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:00:37.0284 2064  epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:00:37.0284 2064  epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:00:37.0284 2064  EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:00:37.0284 2064  EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:00:37.0284 2064  hpqwmiex ( UnsignedFile.Multi.Generic ) - skipped by user
21:00:37.0284 2064  hpqwmiex ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:00:37.0284 2064  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:00:37.0284 2064  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:00:37.0284 2064  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
21:00:37.0284 2064  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:00:37.0284 2064  RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - skipped by user
21:00:37.0284 2064  RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:00:37.0300 2064  ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
21:00:37.0300 2064  ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:00:46.0363 3996  Deinitialize success
Code:
swMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-30 21:01:49
-----------------------------
21:01:49.689    OS Version: Windows 6.0.6002 Service Pack 2
21:01:49.689    Number of processors: 2 586 0xF0A
21:01:49.689    ComputerName: SNOOPY-PC  UserName: Snoopy
21:01:50.781    Initialize success
21:02:00.796    AVAST engine defs: 13033000
21:02:11.576    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:02:11.576    Disk 0 Vendor: WDC_WD16 04.0 Size: 152627MB BusType: 3
21:02:12.091    Disk 0 MBR read successfully
21:02:12.091    Disk 0 MBR scan
21:02:12.169    Disk 0 unknown MBR code
21:02:12.169    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      104969 MB offset 63
21:02:12.216    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        39999 MB offset 214978560
21:02:12.247    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        7655 MB offset 296897265
21:02:12.325    Disk 0 scanning sectors +312576705
21:02:12.777    Disk 0 scanning C:\Windows\system32\drivers
21:02:37.222    Service scanning
21:03:05.724    Modules scanning
21:04:02.648    Disk 0 trace - called modules:
21:04:02.726    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
21:04:02.742    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865334e0]
21:04:02.742    3 CLASSPNP.SYS[88faa8b3] -> nt!IofCallDriver -> [0x85a0ff08]
21:04:02.742    5 acpi.sys[8329e6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85a20030]
21:04:03.537    AVAST engine scan C:\Windows
21:04:17.718    AVAST engine scan C:\Windows\system32
21:11:03.023    AVAST engine scan C:\Windows\system32\drivers
21:11:53.864    AVAST engine scan C:\Users\Snoopy
21:40:20.473    AVAST engine scan C:\ProgramData
21:43:22.168    Scan finished successfully
21:44:44.009    Disk 0 MBR has been saved successfully to "C:\Users\Snoopy\Desktop\MBR.dat"
21:44:44.025    The log file has been saved successfully to "C:\Users\Snoopy\Desktop\aswMBR2.txt"

cosinus 30.03.2013 22:16
Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

DerDiscDoc 30.03.2013 23:19
Erledigt!
Datei ist zu groß, daher als Zip angehängt.

Ein Neustart war übrigens nötig. Es kam die von Dir vermutete Fehlermeldung!

...Hast Du eigentlich einen bestimmten Verdacht oder schließen wir "nur" Schritt für Schritt alle möglichen Probleme aus?

cosinus 31.03.2013 00:56
JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

DerDiscDoc 31.03.2013 12:37
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.8 (03.31.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Snoopy on 31.03.2013 at 12:11:07,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-983539813-1485151683-2393451822-1000\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.eb_explorerbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.eb_explorerbar.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.fh_hookeventsink
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.fh_hookeventsink.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.ipm_printlistitem
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.ipm_printlistitem.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.pm_dialogeventshandler
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.pm_dialogeventshandler.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.pm_launcher
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.pm_launcher.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.pm_printmanager
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.pm_printmanager.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.pr_bindstatuscallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.pr_bindstatuscallback.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.pr_cancelbuttoneventhandler
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.pr_cancelbuttoneventhandler.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.pr_printdialogcallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.pr_printdialogcallback.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.tbtoolband
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.tbtoolband.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.useroptions
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.useroptions.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2613550
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Snoopy\appdata\locallow\conduit"



~~~ FireFox

Successfully deleted: [File] C:\Users\Snoopy\AppData\Roaming\mozilla\firefox\profiles\ex9yldm4.default\user.js
Successfully deleted: [Folder] C:\Users\Snoopy\AppData\Roaming\mozilla\firefox\profiles\ex9yldm4.default\conduitcommon
Successfully deleted the following from C:\Users\Snoopy\AppData\Roaming\mozilla\firefox\profiles\ex9yldm4.default\prefs.js

user_pref("CT2613550..clientLogIsEnabled", false);
user_pref("CT2613550..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2613550..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2613550.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2613550.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2613550.CTID", "ct2613550");
user_pref("CT2613550.CurrentServerDate", "25-6-2012");
user_pref("CT2613550.DialogsAlignMode", "LTR");
user_pref("CT2613550.DialogsGetterLastCheckTime", "Mon Jun 25 2012 17:34:33 GMT+0200");
user_pref("CT2613550.DownloadReferralCookieData", "");
user_pref("CT2613550.EMailNotifierPollDate", "Sat Aug 14 2010 21:13:39 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602533", "Sat Aug 14 2010 21:13:37 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602539", "Sat Aug 14 2010 21:13:37 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602545", "Sat Aug 14 2010 21:13:37 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602551", "Sat Aug 14 2010 21:13:37 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602557", "Sat Aug 14 2010 21:13:38 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602563", "Sat Aug 14 2010 21:13:38 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602569", "Sat Aug 14 2010 21:13:38 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602575", "Sat Aug 14 2010 21:13:38 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602581", "Sat Aug 14 2010 21:13:38 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602587", "Sat Aug 14 2010 21:13:38 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602593", "Sat Aug 14 2010 21:13:38 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602599", "Sat Aug 14 2010 21:13:38 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602605", "Sat Aug 14 2010 21:13:38 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602611", "Sat Aug 14 2010 21:13:38 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602617", "Sat Aug 14 2010 21:13:38 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602623", "Sat Aug 14 2010 21:13:39 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602629", "Sat Aug 14 2010 21:13:39 GMT+0200");
user_pref("CT2613550.FeedTTL129254982599602545", 5);
user_pref("CT2613550.FeedTTL129254982599602551", 5);
user_pref("CT2613550.FeedTTL129254982599602575", 2);
user_pref("CT2613550.FeedTTL129254982599602605", 5);
user_pref("CT2613550.FeedTTL129254982599602617", 30);
user_pref("CT2613550.FirstServerDate", "14-8-2010");
user_pref("CT2613550.FirstTime", true);
user_pref("CT2613550.FirstTimeFF3", true);
user_pref("CT2613550.FirstTimeSettingsDone", true);
user_pref("CT2613550.FixPageNotFoundErrors", true);
user_pref("CT2613550.GroupingServerCheckInterval", 1440);
user_pref("CT2613550.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2613550.HasUserGlobalKeys", true);
user_pref("CT2613550.Initialize", true);
user_pref("CT2613550.InitializeCommonPrefs", true);
user_pref("CT2613550.InstallationAndCookieDataSentCount", 3);
user_pref("CT2613550.InstallationType", "UnknownIntegration");
user_pref("CT2613550.InstalledDate", "Sat Aug 14 2010 21:13:08 GMT+0200");
user_pref("CT2613550.IsGrouping", false);
user_pref("CT2613550.IsMulticommunity", false);
user_pref("CT2613550.IsOpenThankYouPage", false);
user_pref("CT2613550.IsOpenUninstallPage", true);
user_pref("CT2613550.LanguagePackLastCheckTime", "Sat Aug 14 2010 21:13:38 GMT+0200");
user_pref("CT2613550.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2613550.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2613550.LastLogin_2.6.0.15", "Sat Aug 14 2010 21:13:38 GMT+0200");
user_pref("CT2613550.LastLogin_3.12.0.7", "Wed Apr 25 2012 16:21:57 GMT+0200");
user_pref("CT2613550.LastLogin_3.12.2.3", "Wed May 30 2012 17:59:06 GMT+0200");
user_pref("CT2613550.LastLogin_3.13.0.6", "Mon Jun 25 2012 17:34:30 GMT+0200");
user_pref("CT2613550.LatestVersion", "3.13.0.6");
user_pref("CT2613550.Locale", "de-de");
user_pref("CT2613550.LoginCache", 4);
user_pref("CT2613550.MCDetectTooltipHeight", "83");
user_pref("CT2613550.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2613550.MCDetectTooltipWidth", "295");
user_pref("CT2613550.MyStuffEnabledAtInstallation", true);
user_pref("CT2613550.RadioIsPodcast", false);
user_pref("CT2613550.RadioMediaID", "8546");
user_pref("CT2613550.RadioMediaType", "Media Player");
user_pref("CT2613550.RadioMenuSelectedID", "EBRadioMenu_CT26135508546");
user_pref("CT2613550.RadioStationName", "Radio%208");
user_pref("CT2613550.RadioStationURL", "hxxp://stream.radio8.de:8000/live.m3u");
user_pref("CT2613550.SHRINK_TOOLBAR", 1);
user_pref("CT2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=ct2613550&octid=EB_ORIGINAL_CTID&SearchSource=1");
user_pref("CT2613550.SearchFromAddressBarIsInit", true);
user_pref("CT2613550.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&q=");
user_pref("CT2613550.SearchInNewTabEnabled", true);
user_pref("CT2613550.SearchInNewTabIntervalMM", 1440);
user_pref("CT2613550.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2613550.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT2613550.ServiceMapLastCheckTime", "Mon Jun 25 2012 17:58:36 GMT+0200");
user_pref("CT2613550.SettingsCheckIntervalMin", 120);
user_pref("CT2613550.SettingsLastCheckTime", "Sat Aug 14 2010 21:13:08 GMT+0200");
user_pref("CT2613550.SettingsLastUpdate", "1281567207");
user_pref("CT2613550.ThirdPartyComponentsInterval", 504);
user_pref("CT2613550.ThirdPartyComponentsLastCheck", "Sat Aug 14 2010 21:13:03 GMT+0200");
user_pref("CT2613550.ThirdPartyComponentsLastUpdate", "1255348257");
user_pref("CT2613550.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2613550");
user_pref("CT2613550.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2613550.UserID", "UN40071043949495782");
user_pref("CT2613550.WeatherNetwork", "");
user_pref("CT2613550.WeatherPollDate", "Sat Aug 14 2010 21:13:38 GMT+0200");
user_pref("CT2613550.WeatherUnit", "C");
user_pref("CT2613550.alertChannelId", "1006347");
user_pref("CT2613550.clientLogIsEnabled", false);
user_pref("CT2613550.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2613550.components.1000082", true);
user_pref("CT2613550.components.1000234", true);
user_pref("CT2613550.ct2613550.DialogsAlignMode", "LTR");
user_pref("CT2613550.ct2613550.FeedLastCount3082739963941193807", 374);
user_pref("CT2613550.ct2613550.FirstTimeSettingsDone", true);
user_pref("CT2613550.ct2613550.InvalidateCache", false);
user_pref("CT2613550.ct2613550.LanguagePackLastCheckTime", "Sun Jun 24 2012 20:13:27 GMT+0200");
user_pref("CT2613550.ct2613550.Locale", "de-de");
user_pref("CT2613550.ct2613550.RadioLastCheckTime", "Sat Aug 14 2010 21:13:37 GMT+0200");
user_pref("CT2613550.ct2613550.RadioLastUpdateIPServer", "3");
user_pref("CT2613550.ct2613550.RadioLastUpdateServer", "0");
user_pref("CT2613550.ct2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2613550&octid=EB_ORIGINAL_CTID&SearchSource=1");
user_pref("CT2613550.ct2613550.SearchInNewTabLastCheckTime", "Sun Jun 24 2012 20:13:25 GMT+0200");
user_pref("CT2613550.ct2613550.SettingsCheckIntervalMin", 120);
user_pref("CT2613550.ct2613550.SettingsLastCheckTime", "Mon Jun 25 2012 17:34:18 GMT+0200");
user_pref("CT2613550.ct2613550.SettingsLastUpdate", "1337169810");
user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastCheck", "Sat Aug 14 2010 21:13:36 GMT+0200");
user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastUpdate", "1255348257");
user_pref("CT2613550.ct2613550.toolbarAppMetaDataLastCheckTime", "Sun Jun 24 2012 20:13:27 GMT+0200");
user_pref("CT2613550.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT2613550.homepageProtectorEnableByLogin", true);
user_pref("CT2613550.initDone", true);
user_pref("CT2613550.myStuffEnabled", true);
user_pref("CT2613550.myStuffPublihserMinWidth", 400);
user_pref("CT2613550.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2613550.myStuffServiceIntervalMM", 1440);
user_pref("CT2613550.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2613550.revertSettingsEnabled", true);
user_pref("CT2613550.searchProtectorDialogDelayInSec", 10);
user_pref("CT2613550.searchProtectorEnableByLogin", true);
user_pref("CT2613550.testingCtid", "");
user_pref("CT2613550.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2613550.usagesFlag", 2);
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2613550/CT2613550", "\"2807e408f5757591aa14689b75d39e791\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2613550", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"803651ba7facb1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"807dc126dd28cc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2613550", "\"84df7a85bec3b2a3dd055a4bedea5adc\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/50/261/CT2613550/Images/634084971246361250.png", "\"462e8b16c4eaca1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"5efe83b96acb0439b16a83e166b1f7ff\"");
user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
user_pref("CommunityToolbar.IsEngineShown", true);
user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?fr=ffbr-nb&p=");
user_pref("CommunityToolbar.ToolbarsList", "CT2613550,ConduitEngine");
user_pref("CommunityToolbar.ToolbarsList2", "CT2613550");
user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri May 06 2011 19:42:38 GMT+0200");
user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 22 2011 19:35:19 GMT+0200");
user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.alert.locale", "en");
user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 22 2011 19:35:11 GMT+0200");
user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.alert.showTrayIcon", false);
user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.alert.userId", "01b710ef-dfee-42f3-8c4c-ac0b53ce030c");
user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Aug 14 2010 21:13:38 GMT+0200");
user_pref("CommunityToolbar.globalUserId", "753e3dfc-a740-4707-baf1-9b02e847a211");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sat Jun 18 2011 10:15:45 GMT+0200");
user_pref("ConduitEngine.CTID", "ConduitEngine");
user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Mon Jun 20 2011 17:28:06 GMT+0200");
user_pref("ConduitEngine.FirstServerDate", "05/06/2011 20");
user_pref("ConduitEngine.FirstTime", true);
user_pref("ConduitEngine.FirstTimeFF3", true);
user_pref("ConduitEngine.HasUserGlobalKeys", true);
user_pref("ConduitEngine.Initialize", true);
user_pref("ConduitEngine.InitializeCommonPrefs", true);
user_pref("ConduitEngine.InstalledDate", "Fri May 06 2011 19:42:41 GMT+0200");
user_pref("ConduitEngine.IsMulticommunity", false);
user_pref("ConduitEngine.IsOpenThankYouPage", false);
user_pref("ConduitEngine.IsOpenUninstallPage", true);
user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Jun 22 2011 19:35:12 GMT+0200");
user_pref("ConduitEngine.LastLogin_3.3.3.2", "Wed Jun 22 2011 19:35:12 GMT+0200");
user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Jun 22 2011 19:35:12 GMT+0200");
user_pref("ConduitEngine.UserID", "UN88716286718011458");
user_pref("ConduitEngine.componentAlertEnabled", false);
user_pref("ConduitEngine.engineLocale", "de");
user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Jun 22 2011 19:35:12 GMT+0200");
user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Wed Jun 22 2011 19:35:12 GMT+0200");
user_pref("ConduitEngine.initDone", true);
user_pref("ConduitEngine.isAppTrackingManagerOn", true);
user_pref("ConduitEngine.usagesFlag", 2);
Emptied folder: C:\Users\Snoopy\AppData\Roaming\mozilla\firefox\profiles\ex9yldm4.default\minidumps [112 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.03.2013 at 12:18:59,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner Logfile:
Code:
# AdwCleaner v2.115 - Datei am 31/03/2013 um 13:02:06 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Snoopy - SNOOPY-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Snoopy\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Snoopy\AppData\Roaming\Mozilla\Firefox\Profiles\ex9yldm4.default\searchplugins\zonealarm.xml

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\SOFTWARE\Software

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Snoopy\AppData\Roaming\Mozilla\Firefox\Profiles\ex9yldm4.default\prefs.js

Gelöscht : user_pref("CT2613550.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2613550/CT2613550[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2613550", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2613550",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/50/261/CT2613550/Images/6340849712463612[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]

*************************

AdwCleaner[S1].txt - [2707 octets] - [31/03/2013 13:02:06]

########## EOF - C:\AdwCleaner[S1].txt - [2767 octets] ##########
--- --- ---


OTL Logfile:
Code:
OTL logfile created on: 31.03.2013 13:17:56 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Snoopy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 47,89% Memory free
4,23 Gb Paging File | 2,79 Gb Available in Paging File | 65,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,51 Gb Total Space | 28,26 Gb Free Space | 27,57% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 5,54 Gb Free Space | 14,19% Space Free | Partition Type: NTFS
Drive E: | 7,48 Gb Total Space | 1,61 Gb Free Space | 21,48% Space Free | Partition Type: NTFS
 
Computer Name: SNOOPY-PC | User Name: Snoopy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Comodo\Dragon\dragon_updater.exe ()
PRC - C:\Users\Snoopy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Comodo\GeekBuddy\unit_manager.exe (Comodo Security Solutions, Inc.)
PRC - C:\Programme\Comodo\GeekBuddy\unit.exe (Comodo Security Solutions, Inc.)
PRC - C:\Programme\Common Files\COMODO\launcher_service.exe (Comodo Security Solutions Inc.)
PRC - C:\Programme\Comodo\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Programme\Comodo\COMODO Internet Security\cis.exe (COMODO)
PRC - C:\Programme\Comodo\COMODO Internet Security\CisTray.exe (COMODO)
PRC - C:\Programme\Comodo\COMODO Internet Security\cavwp.exe (COMODO)
PRC - C:\Programme\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
PRC - C:\WINDOWS\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\WINDOWS\HCWemMON.exe (eMPIA Technology, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\System32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()
MOD - C:\WINDOWS\System32\hauppauge\hauppaugemcmpgdec.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (DragonUpdater) -- C:\Programme\Comodo\Dragon\dragon_updater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (CLPSLauncher) -- C:\Programme\Common Files\COMODO\launcher_service.exe (Comodo Security Solutions Inc.)
SRV - (cmdAgent) -- C:\Programme\Comodo\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (cmdvirth) -- C:\Programme\Comodo\COMODO Internet Security\cmdvirth.exe (COMODO)
SRV - (GeekBuddyRSP) -- C:\Programme\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (CLSched) -- C:\Programme\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (vsdatant7) -- System32\drivers\vsdatant.win7.sys File not found
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP2\WNt500x86\Sandra.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Snoopy\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\WINDOWS\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (inspect) -- C:\WINDOWS\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\System32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\WINDOWS\System32\drivers\cmdguard.sys (COMODO)
DRV - (cmderd) -- C:\WINDOWS\System32\drivers\cmderd.sys (COMODO)
DRV - (CFRMD) -- C:\WINDOWS\System32\drivers\CFRMD.sys (Windows (R) Win 7 DDK provider)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (UsbserFilt) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\System32\drivers\ccdcmb.sys (Nokia)
DRV - (epmntdrv) -- C:\WINDOWS\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\System32\EuGdiDrv.sys ()
DRV - (cpuz135) -- C:\WINDOWS\System32\drivers\cpuz135_x32.sys (CPUID)
DRV - (smserial) -- C:\WINDOWS\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETw5v32) -- C:\WINDOWS\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (NETw4v32) -- C:\WINDOWS\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC)
DRV - (eabfiltr) -- C:\WINDOWS\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (Afc) -- C:\WINDOWS\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (USB28xxBGA) -- C:\WINDOWS\System32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM) -- C:\WINDOWS\System32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{39686D2C-1405-42DF-B949-F5EC317602A1}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\SearchScopes\{39686D2C-1405-42DF-B949-F5EC317602A1}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\SearchScopes\{F61F5D9B-DBC6-4C46-AFF0-FB5B955A1936}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Search By ZoneAlarm"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "hxxp://mt-online.de/"
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.265.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..keyword.URL: "hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=de&gu=fb84af95d67d41a9becb47a6df5d442f&tu=10G90006f1B000v&sku=&tstsId=&ver=&&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 22:02:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 22:02:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.07.17 15:38:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 22:02:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 22:02:40 | 000,000,000 | ---D | M]
 
[2009.04.18 20:14:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Extensions
[2013.03.16 17:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Firefox\Profiles\ex9yldm4.default\extensions
[2012.11.30 22:01:38 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Firefox\Profiles\ex9yldm4.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010.07.08 21:30:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Firefox\Profiles\ex9yldm4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.10.13 11:07:30 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Firefox\Profiles\ex9yldm4.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2009.12.20 15:49:41 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Firefox\Profiles\ex9yldm4.default\extensions\firefox@tvunetworks.com
[2013.03.08 22:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.08 22:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.03.08 22:02:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.03.08 22:02:51 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.01.20 13:21:07 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.20 13:21:07 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.01.20 13:21:07 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.20 13:21:07 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.20 13:21:07 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.20 13:21:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.03.30 23:42:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Programme\Comodo\COMODO Internet Security\CisTray.exe (COMODO)
O4 - HKLM..\Run: [emMON] C:\Windows\HCWemMON.exe (eMPIA Technology, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKU\S-1-5-21-983539813-1485151683-2393451822-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-983539813-1485151683-2393451822-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88A1D3D2-DF7C-4E68-8DB4-042459EB3F3D}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.01.21 18:59:44 | 000,000,000 | ---D | M] - D:\Automatisch zu iTunes hinzufügen -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.31 12:10:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.31 12:10:14 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.31 12:09:00 | 000,550,772 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Snoopy\Desktop\JRT.exe
[2013.03.30 23:58:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.30 23:56:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.30 23:27:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.30 23:27:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.30 23:27:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.30 23:27:30 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.03.30 23:27:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.30 23:26:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.30 23:24:30 | 005,045,456 | R--- | C] (Swearware) -- C:\Users\Snoopy\Desktop\ComboFix.exe
[2013.03.30 21:55:34 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Snoopy\Desktop\tdsskiller.exe
[2013.03.30 21:18:31 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Snoopy\Desktop\aswMBR.exe
[2013.03.29 15:48:07 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\Desktop\mbar-1.01.0.1021
[2013.03.26 10:27:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Snoopy\Desktop\OTL.exe
[2013.03.23 21:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.17 16:04:59 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\Desktop\Autokauf
[2013.03.16 20:40:42 | 000,000,000 | ---D | C] -- C:\VTRoot
[2013.03.16 20:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\COMODO
[2013.03.16 20:11:43 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space
[2013.03.16 20:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2013.03.16 20:08:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2013.03.16 20:08:57 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\AppData\Local\Comodo
[2013.03.16 20:08:46 | 000,047,368 | ---- | C] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll
[2013.03.16 20:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2013.03.16 20:08:38 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2013.03.16 20:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2013.03.16 20:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2013.03.16 19:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.16 19:36:46 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.16 19:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.15 20:18:12 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.14 12:04:35 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.14 12:04:33 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.14 12:04:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.14 12:04:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.14 12:04:33 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.14 12:04:31 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.14 12:04:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.14 12:04:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.11 23:00:30 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\Desktop\Autoverkauf
[2013.03.08 22:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.03.02 18:35:08 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\AppData\Roaming\Avira
[2013.03.02 18:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.02 18:28:36 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.03.02 18:28:34 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.02 18:28:34 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.02 18:28:34 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.02 18:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.03.02 18:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.03.02 13:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.03.02 13:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.03.02 13:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.03.02 13:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.31 13:09:29 | 000,637,318 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.31 13:09:29 | 000,604,572 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.31 13:09:29 | 000,129,900 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.31 13:09:29 | 000,107,710 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.31 13:07:20 | 000,000,148 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2013.03.31 13:06:50 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.31 13:06:03 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.31 13:04:46 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.03.31 13:04:46 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.31 13:04:46 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.31 13:04:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.31 12:59:43 | 000,609,993 | ---- | M] () -- C:\Users\Snoopy\Desktop\adwcleaner.exe
[2013.03.31 12:41:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.31 12:09:02 | 000,550,772 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Snoopy\Desktop\JRT.exe
[2013.03.30 23:42:20 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.03.30 23:25:00 | 005,045,456 | R--- | M] (Swearware) -- C:\Users\Snoopy\Desktop\ComboFix.exe
[2013.03.30 21:55:40 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Snoopy\Desktop\tdsskiller.exe
[2013.03.30 21:20:14 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Snoopy\Desktop\aswMBR.exe
[2013.03.30 21:11:10 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.30 21:11:10 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.30 21:11:10 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.30 19:15:46 | 000,696,823 | ---- | M] () -- C:\Users\Snoopy\Desktop\Förderantrag II.odt
[2013.03.29 16:34:03 | 000,047,368 | ---- | M] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll
[2013.03.29 15:18:11 | 000,377,856 | ---- | M] () -- C:\Users\Snoopy\Desktop\gmer_2.1.19155.exe
[2013.03.26 10:28:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Snoopy\Desktop\OTL.exe
[2013.03.19 22:07:04 | 000,000,680 | ---- | M] () -- C:\Users\Snoopy\AppData\Local\d3d9caps.dat
[2013.03.17 16:45:03 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Snoopy\Desktop\rkill.com
[2013.03.16 20:33:59 | 000,001,920 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2013.03.16 20:08:38 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2013.03.16 19:36:51 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.03.15 22:21:58 | 000,005,049 | -H-- | M] () -- C:\Windows\System32\BTImages.dat
[2013.03.13 19:41:46 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.13 19:41:45 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.02 18:17:58 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.03.02 13:31:10 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
 
========== Files Created - No Company Name ==========
 
[2013.03.31 12:59:41 | 000,609,993 | ---- | C] () -- C:\Users\Snoopy\Desktop\adwcleaner.exe
[2013.03.30 23:27:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.30 23:27:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.30 23:27:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.30 23:27:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.30 23:27:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.29 17:43:43 | 000,696,823 | ---- | C] () -- C:\Users\Snoopy\Desktop\Förderantrag II.odt
[2013.03.29 15:18:06 | 000,377,856 | ---- | C] () -- C:\Users\Snoopy\Desktop\gmer_2.1.19155.exe
[2013.03.16 20:09:19 | 000,001,920 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2013.03.16 19:36:51 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.03.02 13:31:10 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.18 22:08:52 | 000,005,049 | -H-- | C] () -- C:\Windows\System32\BTImages.dat
[2011.07.21 20:29:47 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011.07.21 20:29:47 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.04.10 17:31:05 | 002,340,992 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011.04.10 17:31:05 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011.04.10 17:31:05 | 000,018,048 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011.04.10 17:31:05 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011.04.10 17:31:05 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011.03.22 19:26:19 | 000,000,680 | ---- | C] () -- C:\Users\Snoopy\AppData\Local\d3d9caps.dat
[2009.05.27 00:34:46 | 000,001,873 | ---- | C] () -- C:\Users\Snoopy\HP Hilfe und Support.lnk
[2009.04.22 20:58:05 | 000,027,430 | ---- | C] () -- C:\Users\Snoopy\AppData\Roaming\nvModes.001
[2009.04.21 21:31:46 | 000,027,430 | ---- | C] () -- C:\Users\Snoopy\AppData\Roaming\nvModes.dat
[2009.04.18 20:26:19 | 000,015,360 | ---- | C] () -- C:\Users\Snoopy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
--- --- ---


OTL Logfile:
Code:
OTL Extras logfile created on: 31.03.2013 13:17:56 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Snoopy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 47,89% Memory free
4,23 Gb Paging File | 2,79 Gb Available in Paging File | 65,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,51 Gb Total Space | 28,26 Gb Free Space | 27,57% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 5,54 Gb Free Space | 14,19% Space Free | Partition Type: NTFS
Drive E: | 7,48 Gb Total Space | 1,61 Gb Free Space | 21,48% Space Free | Partition Type: NTFS
 
Computer Name: SNOOPY-PC | User Name: Snoopy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-983539813-1485151683-2393451822-1000\SOFTWARE\Classes\<extension>]
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{365537D5-C461-46AD-91AF-897CD74EA676}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B47EACD4-623D-4647-993E-AB1FA701240D}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp2\wnt500x86\rpcsandrasrv.exe |
"{DE5E1087-5193-4216-ACC7-0525AB5CA25B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0228A19E-6DF1-4086-A333-FFCACACF5C9A}" = protocol=6 | dir=in | app=c:\program files\common files\comodo\geekbuddyrsp.exe |
"{08389515-F3A0-4BF1-857A-135A820B3F4E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{19E288B8-7352-4821-8AEB-9FC03FF92D54}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{2785AEB8-DFB0-4524-B68E-23480B819D5E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3ABE46CA-218E-4A86-B472-1B42B276FE02}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{3E4A0641-DD67-4340-82F1-B0205382F223}" = protocol=17 | dir=in | app=f:\libneap.dll |
"{4C6FC659-ACD0-4307-8026-0AB179A7DA18}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{5550A339-863B-44C5-99C2-8E430F5FF2D9}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{578BC20F-67CE-4331-B376-2716A73C89D0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7AAF7E0F-2817-4E6D-924F-B9E12896949C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7C5B49C7-A467-4392-BF2D-A7381D52F5F2}" = protocol=17 | dir=in | app=f:\dwizard300.exe |
"{872A3F6C-F42F-42A6-8F06-970A542D7710}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{8DF8919C-7C82-4B68-B2B2-EAFF28112F39}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{904D6CF5-0DB2-4BA0-8E65-57AF59B0FD84}" = protocol=6 | dir=in | app=f:\dwizard300.exe |
"{95293639-9B15-4331-833D-B48EBB6E9104}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{9D55DE73-E554-4402-BBC5-B0EEE78E6CDB}" = protocol=6 | dir=in | app=f:\libneap.dll |
"{A52442A5-8C12-4729-9C2D-70EF6C2222ED}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B063581F-E7DC-4807-96A4-00F6C31EF999}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C1F9466C-9566-4FDB-9342-E101D2813CEA}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{EE8075DD-6B6D-4897-B5A2-DA616A920DB5}" = protocol=17 | dir=in | app=c:\program files\common files\comodo\geekbuddyrsp.exe |
"{F927BD2C-4D37-4A3D-9BB0-C2DC58AB1453}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0EABFEF6-6D10-4C12-8667-3029C481D355}" = Nokia Photos
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
"{194C14D5-3CB0-4977-8886-A79DFC00E820}" = MSCU for Microsoft Vista
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50D25574-2C48-4AEC-8FFC-32AEAD2EAEFF}" = Nokia Ovi Player
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{58A8CAD0-0FC7-4091-B73B-1D76552B0507}" = GeekBuddy
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70B31335-50EE-4834-8431-27412CDE62BD}" = Nokia_Multimedia_Common_Components_2_5
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7968EB30-5580-4955-8925-4A17CD625118}" = ESU for Microsoft Vista
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7D542452-84EB-47C0-97BA-735C523AB555}" = Garmin Training Center
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1430C24-93CF-4182-9252-B333A76F2CDD}" = Garmin Training Center
"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe  1.4.136.1
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{BCC0552D-76C0-4130-BFBD-49BE49ACC594}" = COMODO Internet Security
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}" = HP User Guides 0057
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}" = Presto! PageManager 7.15.11
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4DA4C73-026F-4D38-8C6B-85F0193E4B56}" = Garmin WebUpdater
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Comodo Dragon" = Comodo Dragon
"Corel Applications" = Corel Applications
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 8.0.1 Home Edition
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV Soft PVR" = Hauppauge WinTV Soft PVR
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 2.2" = Canon MP Navigator 2.2
"Nokia Ovi Suite" = Nokia Ovi Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Online Manuals for WinTV (German)" = Online Manuals for WinTV (German)
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SopCast" = SopCast 3.0.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVUPlayer" = TVUPlayer 2.4.5.1
"VLC media player" = VLC media player 1.1.4
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 31.03.2013 06:50:58 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 31.03.2013 06:51:01 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 117453
 
Error - 31.03.2013 06:51:01 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 117453
 
Error - 31.03.2013 06:51:05 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 31.03.2013 06:51:05 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 123771
 
Error - 31.03.2013 06:51:05 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 123771
 
Error - 31.03.2013 06:57:09 | Computer Name = Snoopy-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 31.03.2013 06:57:10 | Computer Name = Snoopy-PC | Source = Windows Search Service | ID = 3013
Description =
 
[ OSession Events ]
Error - 14.10.2012 12:36:05 | Computer Name = Snoopy-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 31.03.2013 07:06:14 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 31.03.2013 07:06:36 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 31.03.2013 07:06:36 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7001
Description =
 
 
< End of report >
--- --- ---

cosinus 01.04.2013 14:06
Zitat:
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Comodo\COMODO Internet Security\cmdagent.exe (COMODO)
Ähm willst du dein Rechner in die Kniw zwingen? Zwei derartige Programme sind absolutut kkontraproduktiv, Internet Securities allein sind schon ziemlich überflüssig. Daher empfehle ich dir Comodo zu deinstallieren. Belass es bei einem reinen Virenscanner und der Windows-Firewall.

Mach nach der Deinstallation von Comodo bitte ein neues OTL-Log

DerDiscDoc 01.04.2013 15:41
OTL Logfile:
Code:
OTL logfile created on: 01.04.2013 16:25:29 - Run 5
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Snoopy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 60,27% Memory free
4,23 Gb Paging File | 3,25 Gb Available in Paging File | 76,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,51 Gb Total Space | 28,06 Gb Free Space | 27,37% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 5,38 Gb Free Space | 13,78% Space Free | Partition Type: NTFS
Drive E: | 7,48 Gb Total Space | 1,61 Gb Free Space | 21,47% Space Free | Partition Type: NTFS
 
Computer Name: SNOOPY-PC | User Name: Snoopy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Snoopy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
PRC - C:\WINDOWS\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\WINDOWS\HCWemMON.exe (eMPIA Technology, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (CLSched) -- C:\Programme\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (vsdatant7) -- System32\drivers\vsdatant.win7.sys File not found
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP2\WNt500x86\Sandra.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Snoopy\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\WINDOWS\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (UsbserFilt) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\System32\drivers\ccdcmb.sys (Nokia)
DRV - (epmntdrv) -- C:\WINDOWS\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\System32\EuGdiDrv.sys ()
DRV - (cpuz135) -- C:\WINDOWS\System32\drivers\cpuz135_x32.sys (CPUID)
DRV - (smserial) -- C:\WINDOWS\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETw5v32) -- C:\WINDOWS\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (NETw4v32) -- C:\WINDOWS\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC)
DRV - (eabfiltr) -- C:\WINDOWS\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (Afc) -- C:\WINDOWS\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (USB28xxBGA) -- C:\WINDOWS\System32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM) -- C:\WINDOWS\System32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{39686D2C-1405-42DF-B949-F5EC317602A1}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\SearchScopes\{39686D2C-1405-42DF-B949-F5EC317602A1}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\SearchScopes\{F61F5D9B-DBC6-4C46-AFF0-FB5B955A1936}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Search By ZoneAlarm"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "hxxp://mt-online.de/"
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.265.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..keyword.URL: "hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=de&gu=fb84af95d67d41a9becb47a6df5d442f&tu=10G90006f1B000v&sku=&tstsId=&ver=&&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 22:02:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 22:02:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.07.17 15:38:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 22:02:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 22:02:40 | 000,000,000 | ---D | M]
 
[2009.04.18 20:14:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Extensions
[2013.04.01 16:11:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Firefox\Profiles\ex9yldm4.default\extensions
[2012.11.30 22:01:38 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Firefox\Profiles\ex9yldm4.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010.07.08 21:30:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Firefox\Profiles\ex9yldm4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.10.13 11:07:30 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Firefox\Profiles\ex9yldm4.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2013.03.08 22:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.08 22:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.03.08 22:02:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.03.08 22:02:51 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.01.20 13:21:07 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.20 13:21:07 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.01.20 13:21:07 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.20 13:21:07 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.20 13:21:07 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.20 13:21:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.03.30 23:42:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] "C:\Users\Snoopy\AppData\Local\Temp\cis1825.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82} File not found
O4 - HKLM..\Run: [emMON] C:\Windows\HCWemMON.exe (eMPIA Technology, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKU\S-1-5-21-983539813-1485151683-2393451822-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-983539813-1485151683-2393451822-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88A1D3D2-DF7C-4E68-8DB4-042459EB3F3D}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.01.21 18:59:44 | 000,000,000 | ---D | M] - D:\Automatisch zu iTunes hinzufügen -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.31 12:10:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.31 12:10:14 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.31 12:09:00 | 000,550,772 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Snoopy\Desktop\JRT.exe
[2013.03.30 23:58:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.30 23:56:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.30 23:27:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.30 23:27:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.30 23:27:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.30 23:27:30 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.03.30 23:27:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.30 23:26:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.30 23:24:30 | 005,045,456 | R--- | C] (Swearware) -- C:\Users\Snoopy\Desktop\ComboFix.exe
[2013.03.30 21:55:34 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Snoopy\Desktop\tdsskiller.exe
[2013.03.30 21:18:31 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Snoopy\Desktop\aswMBR.exe
[2013.03.29 15:48:07 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\Desktop\mbar-1.01.0.1021
[2013.03.26 10:27:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Snoopy\Desktop\OTL.exe
[2013.03.17 16:04:59 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\Desktop\Autokauf
[2013.03.16 20:40:42 | 000,000,000 | ---D | C] -- C:\VTRoot
[2013.03.16 20:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2013.03.16 20:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2013.03.16 20:08:38 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2013.03.16 20:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2013.03.16 20:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2013.03.16 19:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.16 19:36:46 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.16 19:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.15 20:18:12 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.14 12:04:35 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.14 12:04:33 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.14 12:04:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.14 12:04:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.14 12:04:33 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.14 12:04:31 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.14 12:04:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.14 12:04:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.11 23:00:30 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\Desktop\Autoverkauf
[2013.03.08 22:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.03.02 18:35:08 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\AppData\Roaming\Avira
[2013.03.02 18:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.02 18:28:36 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.03.02 18:28:34 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.02 18:28:34 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.02 18:28:34 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.02 18:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.03.02 18:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.01 16:29:05 | 000,637,318 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.01 16:29:05 | 000,604,572 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.01 16:29:05 | 000,129,900 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.01 16:29:05 | 000,107,710 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.01 16:21:54 | 000,000,148 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2013.04.01 16:21:36 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.01 16:21:22 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.04.01 16:21:22 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.01 16:21:22 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.01 16:21:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.01 16:18:00 | 000,031,774 | ---- | M] () -- C:\Windows\Irremote.ini
[2013.04.01 16:06:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.01 15:41:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.31 12:59:43 | 000,609,993 | ---- | M] () -- C:\Users\Snoopy\Desktop\adwcleaner.exe
[2013.03.31 12:09:02 | 000,550,772 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Snoopy\Desktop\JRT.exe
[2013.03.30 23:42:20 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.03.30 23:25:00 | 005,045,456 | R--- | M] (Swearware) -- C:\Users\Snoopy\Desktop\ComboFix.exe
[2013.03.30 21:55:40 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Snoopy\Desktop\tdsskiller.exe
[2013.03.30 21:20:14 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Snoopy\Desktop\aswMBR.exe
[2013.03.30 21:11:10 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.30 21:11:10 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.30 21:11:10 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.30 19:15:46 | 000,696,823 | ---- | M] () -- C:\Users\Snoopy\Desktop\Förderantrag II.odt
[2013.03.29 15:18:11 | 000,377,856 | ---- | M] () -- C:\Users\Snoopy\Desktop\gmer_2.1.19155.exe
[2013.03.26 10:28:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Snoopy\Desktop\OTL.exe
[2013.03.19 22:07:04 | 000,000,680 | ---- | M] () -- C:\Users\Snoopy\AppData\Local\d3d9caps.dat
[2013.03.17 16:45:03 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Snoopy\Desktop\rkill.com
[2013.03.16 20:08:38 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2013.03.16 19:36:51 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.03.15 22:21:58 | 000,005,049 | -H-- | M] () -- C:\Windows\System32\BTImages.dat
[2013.03.13 19:41:46 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.13 19:41:45 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.02 18:17:58 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
 
========== Files Created - No Company Name ==========
 
[2013.03.31 12:59:41 | 000,609,993 | ---- | C] () -- C:\Users\Snoopy\Desktop\adwcleaner.exe
[2013.03.30 23:27:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.30 23:27:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.30 23:27:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.30 23:27:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.30 23:27:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.29 17:43:43 | 000,696,823 | ---- | C] () -- C:\Users\Snoopy\Desktop\Förderantrag II.odt
[2013.03.29 15:18:06 | 000,377,856 | ---- | C] () -- C:\Users\Snoopy\Desktop\gmer_2.1.19155.exe
[2013.03.16 19:36:51 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.18 22:08:52 | 000,005,049 | -H-- | C] () -- C:\Windows\System32\BTImages.dat
[2011.07.21 20:29:47 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011.07.21 20:29:47 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.04.10 17:31:05 | 002,340,992 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011.04.10 17:31:05 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011.04.10 17:31:05 | 000,018,048 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011.04.10 17:31:05 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011.04.10 17:31:05 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011.03.22 19:26:19 | 000,000,680 | ---- | C] () -- C:\Users\Snoopy\AppData\Local\d3d9caps.dat
[2009.05.27 00:34:46 | 000,001,873 | ---- | C] () -- C:\Users\Snoopy\HP Hilfe und Support.lnk
[2009.04.22 20:58:05 | 000,027,430 | ---- | C] () -- C:\Users\Snoopy\AppData\Roaming\nvModes.001
[2009.04.21 21:31:46 | 000,027,430 | ---- | C] () -- C:\Users\Snoopy\AppData\Roaming\nvModes.dat
[2009.04.18 20:26:19 | 000,015,360 | ---- | C] () -- C:\Users\Snoopy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
--- --- ---


OTL Logfile:
Code:
OTL Extras logfile created on: 01.04.2013 16:25:29 - Run 5
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Snoopy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 60,27% Memory free
4,23 Gb Paging File | 3,25 Gb Available in Paging File | 76,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,51 Gb Total Space | 28,06 Gb Free Space | 27,37% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 5,38 Gb Free Space | 13,78% Space Free | Partition Type: NTFS
Drive E: | 7,48 Gb Total Space | 1,61 Gb Free Space | 21,47% Space Free | Partition Type: NTFS
 
Computer Name: SNOOPY-PC | User Name: Snoopy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-983539813-1485151683-2393451822-1000\SOFTWARE\Classes\<extension>]
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{365537D5-C461-46AD-91AF-897CD74EA676}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B47EACD4-623D-4647-993E-AB1FA701240D}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp2\wnt500x86\rpcsandrasrv.exe |
"{DE5E1087-5193-4216-ACC7-0525AB5CA25B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08389515-F3A0-4BF1-857A-135A820B3F4E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{19E288B8-7352-4821-8AEB-9FC03FF92D54}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{2785AEB8-DFB0-4524-B68E-23480B819D5E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3E4A0641-DD67-4340-82F1-B0205382F223}" = protocol=17 | dir=in | app=f:\libneap.dll |
"{4C6FC659-ACD0-4307-8026-0AB179A7DA18}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{5550A339-863B-44C5-99C2-8E430F5FF2D9}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{578BC20F-67CE-4331-B376-2716A73C89D0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7AAF7E0F-2817-4E6D-924F-B9E12896949C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7C5B49C7-A467-4392-BF2D-A7381D52F5F2}" = protocol=17 | dir=in | app=f:\dwizard300.exe |
"{872A3F6C-F42F-42A6-8F06-970A542D7710}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{8DF8919C-7C82-4B68-B2B2-EAFF28112F39}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{904D6CF5-0DB2-4BA0-8E65-57AF59B0FD84}" = protocol=6 | dir=in | app=f:\dwizard300.exe |
"{95293639-9B15-4331-833D-B48EBB6E9104}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{9D55DE73-E554-4402-BBC5-B0EEE78E6CDB}" = protocol=6 | dir=in | app=f:\libneap.dll |
"{A52442A5-8C12-4729-9C2D-70EF6C2222ED}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B063581F-E7DC-4807-96A4-00F6C31EF999}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F927BD2C-4D37-4A3D-9BB0-C2DC58AB1453}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0EABFEF6-6D10-4C12-8667-3029C481D355}" = Nokia Photos
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
"{194C14D5-3CB0-4977-8886-A79DFC00E820}" = MSCU for Microsoft Vista
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50D25574-2C48-4AEC-8FFC-32AEAD2EAEFF}" = Nokia Ovi Player
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70B31335-50EE-4834-8431-27412CDE62BD}" = Nokia_Multimedia_Common_Components_2_5
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7968EB30-5580-4955-8925-4A17CD625118}" = ESU for Microsoft Vista
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7D542452-84EB-47C0-97BA-735C523AB555}" = Garmin Training Center
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1430C24-93CF-4182-9252-B333A76F2CDD}" = Garmin Training Center
"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe  1.4.136.1
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}" = HP User Guides 0057
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}" = Presto! PageManager 7.15.11
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4DA4C73-026F-4D38-8C6B-85F0193E4B56}" = Garmin WebUpdater
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Corel Applications" = Corel Applications
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 8.0.1 Home Edition
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 2.2" = Canon MP Navigator 2.2
"Nokia Ovi Suite" = Nokia Ovi Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Online Manuals for WinTV (German)" = Online Manuals for WinTV (German)
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SopCast" = SopCast 3.0.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 31.03.2013 08:34:11 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 31.03.2013 08:34:11 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2946750
 
Error - 31.03.2013 08:34:11 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2946750
 
Error - 31.03.2013 08:34:15 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 31.03.2013 08:34:15 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2950931
 
Error - 31.03.2013 08:34:15 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2950931
 
Error - 31.03.2013 08:34:17 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 31.03.2013 08:34:17 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2952600
 
Error - 31.03.2013 08:34:17 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2952600
 
Error - 01.04.2013 10:15:01 | Computer Name = Snoopy-PC | Source = VSS | ID = 8194
Description =
 
[ OSession Events ]
Error - 14.10.2012 12:36:05 | Computer Name = Snoopy-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 01.04.2013 08:29:51 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 01.04.2013 09:29:08 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 01.04.2013 09:30:21 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 01.04.2013 09:30:21 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 01.04.2013 09:43:15 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 01.04.2013 09:44:35 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 01.04.2013 09:44:35 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 01.04.2013 10:21:50 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 01.04.2013 10:23:13 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 01.04.2013 10:23:15 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7001
Description =
 
 
< End of report >
--- --- ---

cosinus 01.04.2013 23:01
Von SASW und der ZoneAlarm Toolbar kannst du dich ebenfalls trennen :)

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


DerDiscDoc 03.04.2013 15:25
Hallo!

So, ich hab die Punkte abgearbeitet:
- Die ZoneAlarm Toolbar kann ich mir nicht erklären. Die hatte ich damals nach der Installation sofort deaktiviert und jetzt finde ich weder in der Systemsteuerung noch bei den Add-ons von Firefox Spuren von Zone Alarm!?
- Die Scans waren scheinbar ohne Ergebnis. Der ESET-Scan hat aber ewig gedauert.

Der Rechner läuft mittlerweile übrigens wieder spürbar etwas schneller.

Aber nochmals meine Frage: Lag denn nun eine Infektion vor? Scheinbar haben wir doch nur alle möglichen Tests gemacht, um eine Infektion ausschließen zu können, richtig?


Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.04.02.12

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Snoopy :: SNOOPY-PC [Administrator]

02.04.2013 21:32:53
mbam-log-2013-04-02 (21-32-53).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 214759
Laufzeit: 5 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=db6e43c1009b2e419b542d53fc7817e0
# engine=13533
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-03 01:45:56
# local_time=2013-04-03 03:45:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 97 26934 135624861 16905 0
# compatibility_mode=5892 16776573 100 100 22581 202486284 0 0
# scanned=291138
# found=0
# cleaned=0
# scan_time=21535

cosinus 03.04.2013 19:37
Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

DerDiscDoc 06.04.2013 14:12
Das automatische Löschen der Cookies habe ich bei Firefox aktiviert. Eingeloggt habe ich mich sowieso schon immer jedes Mal neu...
Kann ich mir dann die anderen Programme oder Programmerweiterungen zum Thema Cookies sparen?

Sonst läuft alles bestens. Auch schneller als vor der "Reinigungsaktion".

VIELEN DANK!!!

cosinus 06.04.2013 17:00
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:19 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132