Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows Verschlüsselungs Trojaner -.-

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 07.05.2012, 13:58   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Verschlüsselungs Trojaner -.- - Standard

Windows Verschlüsselungs Trojaner -.-



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.05.2012, 15:26   #17
Sayri
 
Windows Verschlüsselungs Trojaner -.- - Standard

Windows Verschlüsselungs Trojaner -.-



So OTL ist durch, hier das Ergebniss:

Code:
ATTFilter
OTL logfile created on: 07.05.2012 15:51:14 - Run 1
OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\dagmar\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,51% Memory free
6,18 Gb Paging File | 5,19 Gb Available in Paging File | 83,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,32 Gb Total Space | 122,13 Gb Free Space | 43,88% Space Free | Partition Type: NTFS
Drive D: | 19,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: FAT32
 
Computer Name: MAMA-PC | User Name: dagmar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2012.04.25 10:48:57 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.03.12 19:02:26 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
PRC - [2012.02.09 12:59:08 | 001,529,152 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2012.02.09 12:59:08 | 001,220,928 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2009.05.15 21:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
PRC - [2009.03.23 12:09:26 | 000,603,904 | ---- | M] (TuneUp Software GmbH) -- C:\Windows\System32\TUProgSt.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.29 20:11:42 | 003,202,344 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\VITAKEY\PwdBank.exe
PRC - [2008.08.29 20:11:40 | 002,303,272 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\VITAKEY\PdtWzd.exe
PRC - [2008.08.29 20:11:38 | 002,436,392 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\VITAKEY\CompPtcVUI.exe
PRC - [2008.08.29 20:11:38 | 002,180,392 | ---- | M] () -- C:\Program Files\EgisTec\VITAKEY\BASVC.exe
PRC - [2008.08.04 16:45:56 | 000,304,688 | ---- | M] (EgisTec Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2008.08.04 16:45:54 | 000,334,384 | ---- | M] (EgisTec Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlNotifyIcon.exe
PRC - [2008.08.04 16:45:52 | 000,326,192 | ---- | M] (EgisTec Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2008.07.24 18:16:02 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.28 18:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
PRC - [2008.01.21 04:23:52 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.25 10:48:57 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008.09.16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.04.25 10:48:58 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.12 19:02:26 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2012.02.09 12:59:08 | 001,529,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009.05.15 21:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
SRV - [2009.03.23 12:09:26 | 000,603,904 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009.03.23 12:09:21 | 000,362,752 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.11.07 12:37:38 | 000,027,904 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.09.02 14:24:44 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2008.08.29 20:11:38 | 002,180,392 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\VITAKEY\BASVC.exe -- (IGBASVC)
SRV - [2008.08.04 16:45:56 | 000,304,688 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2008.02.28 18:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wtsmpflt.sys -- (WtSmpFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wtsmpadap.sys -- (wtsmpadap)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\KUSBusByTCPMasterBus.sys -- (KUSBusByTCPMasterBus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.02.09 12:48:24 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2008.08.28 14:27:57 | 000,066,856 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\FPWinIo.sys -- (FPWinIo)
DRV - [2008.08.28 14:27:45 | 000,026,920 | ---- | M] (LTT) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\FPSensor.sys -- (FPSensor) LTT-Corp Fingerprint Reader Driver (FPSensor.sys)
DRV - [2008.08.08 04:15:00 | 007,555,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.08.06 16:26:08 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.08.06 00:59:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.08.04 16:46:06 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008.08.04 16:46:04 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008.08.04 16:46:04 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008.07.10 11:12:56 | 001,753,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008.06.18 17:04:34 | 000,026,760 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008.04.28 06:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.03.17 11:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.07.31 11:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2007.03.10 03:33:50 | 000,882,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mosuport.sys -- (mosuport)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul = 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={7F78FFAE-8F3D-4E7C-BD38-57542C0788A8}&mid=0ad1e0af5fe847d1a9b264b9e522cff8-244949e3879da9d0fd68234c09e98073b34560dc&lang=de&ds=tt015&pr=sa&d=2012-03-09 12:20:46&v=8.0.0.34&sap=hp
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul = 
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA_deDE301
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={7F78FFAE-8F3D-4E7C-BD38-57542C0788A8}&mid=0ad1e0af5fe847d1a9b264b9e522cff8-244949e3879da9d0fd68234c09e98073b34560dc&lang=de&ds=tt015&pr=sa&d=2012-03-09 12:20:46&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.25 10:48:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.04 02:52:38 | 000,000,000 | ---D | M]
 
[2008.11.17 23:31:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dagmar\AppData\Roaming\mozilla\Extensions
[2012.05.06 22:34:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions
[2011.05.28 13:04:03 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com
[2011.11.12 16:46:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008.12.11 17:25:57 | 000,000,000 | ---D | M] (PDFCreator Toolbar) -- C:\PROGRAM FILES\PDFCREATOR TOOLBAR\V3.3.0.1\FIREFOX
[2012.05.07 02:04:55 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\DAGMAR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R3O3IEEY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.04.25 10:48:58 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.24 16:47:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.12 19:02:22 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.02.24 16:47:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.24 16:47:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.24 16:47:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.24 16:47:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.24 16:47:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.05.03 04:28:38 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files\EgisTec\VITAKEY\PdtWzd.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe (Egis Technology Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..Trusted Ranges: GD ([http] in Lokales Intranet)
O15 - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..Trusted Ranges: Range1 ([https] in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..Trusted Ranges: Range2 ([https] in Vertrauenswürdige Sites)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://juwelvpn.dyndns.org/XTSAC.cab (XTSAC Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{228BBEBE-E967-411B-B950-8E7B8C6843A4}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D0C0C1F-7C8A-4A90-A61C-AD06E31C043E}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\dagmar\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\dagmar\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner Finder.lnk -  - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - D:\Program Files\WinZip\WZQKPICK.EXE - (WinZip Computing, S.L.)
MsConfig - StartUpFolder: C:^Users^dagmar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: BullGuard - hkey= - key= -  File not found
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
MsConfig - StartUpReg: MobileDocuments - hkey= - key= - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - D:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: toolbar_eula_launcher - hkey= - key= - C:\Program Files\GoogleEULA\EULALauncher.exe ( )
MsConfig - StartUpReg: tsnp2uvc - hkey= - key= - C:\Windows\tsnp2uvc.exe ()
MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: vProt - hkey= - key= - C:\Program Files\AVG Secure Search\vprot.exe ()
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.07 15:18:13 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\dagmar\Desktop\OTL.exe
[2012.05.06 20:57:17 | 000,000,000 | ---D | C] -- C:\Users\dagmar\Desktop\Neuer Ordner
[2012.05.04 19:47:00 | 000,000,000 | ---D | C] -- C:\Users\dagmar\AppData\Roaming\Reviversoft
[2012.05.04 19:46:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reviversoft
[2012.05.04 19:46:48 | 000,017,224 | ---- | C] (ReviverSoft) -- C:\Windows\System32\roboot.exe
[2012.05.04 19:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\Reviversoft
[2012.05.03 02:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.02 21:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.02 21:43:10 | 000,000,000 | ---D | C] -- C:\Users\dagmar\AppData\Roaming\Malwarebytes
[2012.05.02 21:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.02 21:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.02 21:39:42 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.30 19:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.04.30 19:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.04.30 16:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\ABUS Security-Center
[2012.04.30 16:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABUS Security-Center
[2012.04.25 10:49:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.04.25 10:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.07 15:55:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2012.05.07 15:51:36 | 000,628,730 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.07 15:51:36 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.07 15:51:36 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.07 15:51:36 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.07 15:47:46 | 000,000,502 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.05.07 15:47:45 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.07 15:45:18 | 000,042,654 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.05.07 15:45:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.07 15:45:14 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.07 15:45:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.07 15:21:59 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.05.07 15:18:24 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\dagmar\Desktop\OTL.exe
[2012.05.07 15:12:23 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.07 10:26:10 | 000,027,136 | ---- | M] () -- C:\Users\dagmar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.07 02:09:45 | 000,268,427 | ---- | M] () -- C:\Users\dagmar\Documents\Scan0001.pdf
[2012.05.07 02:09:28 | 000,306,345 | ---- | M] () -- C:\Users\dagmar\Documents\Bewerbung Rosalie Resl.pdf
[2012.05.07 02:09:28 | 000,253,774 | ---- | M] () -- C:\Users\dagmar\Documents\Dennis Kruse2.jpg
[2012.05.07 02:09:27 | 000,234,096 | ---- | M] () -- C:\Users\dagmar\Documents\Anfahrt.jpg
[2012.05.02 17:39:12 | 000,268,427 | ---- | M] () -- C:\Users\dagmar\Documents\locked-Scan0001.pdf.xdrz
[2012.05.02 17:38:39 | 000,253,774 | ---- | M] () -- C:\Users\dagmar\Documents\locked-Dennis Kruse2.jpg.dtfz
[2012.05.02 17:38:33 | 000,306,345 | ---- | M] () -- C:\Users\dagmar\Documents\locked-Bewerbung Rosalie Resl.pdf.kfyc
[2012.05.02 17:38:33 | 000,234,096 | ---- | M] () -- C:\Users\dagmar\Documents\locked-Anfahrt.jpg.onjs
[2012.05.02 17:32:33 | 000,042,654 | ---- | M] () -- C:\ProgramData\locked-nvModes.001.hmld
[2012.05.02 17:22:35 | 000,042,654 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.04.30 19:10:41 | 000,001,409 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.04.30 19:01:50 | 309,324,901 | ---- | M] () -- C:\Windows\MEMORY.DMP
 
========== Files Created - No Company Name ==========
 
[2012.05.06 22:40:19 | 000,268,427 | ---- | C] () -- C:\Users\dagmar\Documents\Scan0001.pdf
[2012.05.06 22:40:02 | 000,253,774 | ---- | C] () -- C:\Users\dagmar\Documents\Dennis Kruse2.jpg
[2012.05.06 22:40:01 | 000,306,345 | ---- | C] () -- C:\Users\dagmar\Documents\Bewerbung Rosalie Resl.pdf
[2012.05.06 22:40:01 | 000,234,096 | ---- | C] () -- C:\Users\dagmar\Documents\Anfahrt.jpg
[2012.05.02 17:45:04 | 000,042,654 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012.04.30 19:10:41 | 000,001,409 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.04.18 10:31:27 | 309,324,901 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.10.14 18:34:17 | 000,882,432 | ---- | C] () -- C:\Windows\System32\drivers\mosuport.sys
[2011.10.14 18:34:17 | 000,278,528 | ---- | C] () -- C:\Windows\System32\MosUsbSerial.exe
[2011.10.14 18:34:17 | 000,262,144 | ---- | C] () -- C:\Windows\System32\MosUnst.exe
[2011.10.14 18:34:17 | 000,225,280 | ---- | C] () -- C:\Windows\System32\MosUSBParallel.exe
[2011.10.14 18:34:17 | 000,057,344 | ---- | C] () -- C:\Windows\System32\MosUSBSerPropPage.dll
[2011.10.14 18:34:17 | 000,053,248 | ---- | C] () -- C:\Windows\System32\MosUSBParPropPage.dll
[2011.10.14 18:34:17 | 000,028,672 | ---- | C] () -- C:\Windows\System32\dbgmsgcfg.dll
[2011.09.08 23:03:59 | 000,000,000 | ---- | C] () -- C:\Users\dagmar\AppData\Local\{8FAF1DC2-324B-4AF2-82C5-CF35492BC72C}
[2011.09.08 23:01:58 | 000,000,000 | ---- | C] () -- C:\Users\dagmar\AppData\Local\{1BF95C17-1E8B-437A-856E-3638C7E6FAEE}
[2011.07.13 07:47:36 | 000,000,000 | ---- | C] () -- C:\Users\dagmar\AppData\Local\{E474D4A3-F08A-4D4E-8AD6-CFC429808E2E}
[2011.07.13 07:40:20 | 000,000,000 | ---- | C] () -- C:\Users\dagmar\AppData\Local\{0DA4FE39-CAAF-4DA3-ABDE-EAFB9154A010}
 
========== LOP Check ==========
 
[2008.11.13 12:58:41 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Buhl Data Service GmbH
[2012.03.13 01:11:28 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\DataDesign
[2011.08.31 20:46:47 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\NASNaviator2
[2010.06.10 21:47:55 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\OpenOffice.org
[2012.05.04 19:47:00 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Reviversoft
[2009.04.07 13:35:25 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Sierra Wireless
[2009.02.04 09:06:47 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Template
[2012.05.06 22:35:07 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\TuneAid
[2012.03.09 13:19:54 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\TuneUp Software
[2012.05.07 10:28:07 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\UseNeXT
[2009.03.05 19:07:46 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\WebCompiler2
[2011.08.10 12:53:46 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\WindSolutions
[2012.05.07 15:47:46 | 000,000,502 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2012.05.07 15:22:01 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.05.07 15:55:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.11.13 11:46:10 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Adobe
[2012.03.13 01:24:50 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Apple Computer
[2008.11.13 12:58:41 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Buhl Data Service GmbH
[2009.04.29 07:14:58 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Corel
[2009.03.15 16:24:23 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\CyberLink
[2012.03.13 01:11:28 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\DataDesign
[2008.11.12 23:03:45 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Google
[2011.06.19 14:06:32 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\HpUpdate
[2008.11.12 11:10:49 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Identities
[2008.11.13 01:12:13 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Macromedia
[2012.05.02 21:43:10 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Media Center Programs
[2011.08.08 20:22:09 | 000,000,000 | --SD | M] -- C:\Users\dagmar\AppData\Roaming\Microsoft
[2008.11.17 23:31:58 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Mozilla
[2011.08.31 20:46:47 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\NASNaviator2
[2009.02.18 18:43:32 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Nero
[2010.06.10 21:47:55 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\OpenOffice.org
[2012.05.04 19:47:00 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Reviversoft
[2009.04.07 13:35:25 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Sierra Wireless
[2009.02.04 09:06:47 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Template
[2012.05.06 22:35:07 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\TuneAid
[2012.03.09 13:19:54 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\TuneUp Software
[2012.05.07 10:28:07 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\UseNeXT
[2012.05.06 22:35:08 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\vlc
[2009.03.05 19:07:46 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\WebCompiler2
[2011.08.10 12:53:46 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\WindSolutions
[2009.02.18 18:45:29 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.05.07 02:04:43 | 000,010,398 | ---- | M] () -- C:\Users\dagmar\AppData\Roaming\Microsoft\Installer\{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}\_6FA99008F6BBB97A091E2D.exe
[2012.05.07 02:04:43 | 000,025,214 | ---- | M] () -- C:\Users\dagmar\AppData\Roaming\Microsoft\Installer\{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}\_E38944F26F8D876B004311.exe
[2011.08.10 12:22:31 | 007,128,264 | ---- | M] (WindSolutions) -- C:\Users\dagmar\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTrans.exe
[2011.08.10 12:20:58 | 003,461,672 | ---- | M] (WindSolutions) -- C:\Users\dagmar\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe
[2011.08.10 12:28:53 | 007,665,928 | ---- | M] (WindSolutions) -- C:\Users\dagmar\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransManager.exe
[2011.08.10 12:53:40 | 006,480,904 | ---- | M] (WindSolutions) -- C:\Users\dagmar\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransPhoto.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.08.13 13:05:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2008.08.13 13:05:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.08.13 13:05:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.08.13 13:05:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 21:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:24051EFF

< End of report >
         
Es gab noch ein 2tes logfile, Extras.Txt ist das auch relevant

Code:
ATTFilter
OTL Extras logfile created on: 07.05.2012 15:51:14 - Run 1
OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\dagmar\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,51% Memory free
6,18 Gb Paging File | 5,19 Gb Available in Paging File | 83,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,32 Gb Total Space | 122,13 Gb Free Space | 43,88% Space Free | Partition Type: NTFS
Drive D: | 19,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: FAT32
 
Computer Name: MAMA-PC | User Name: dagmar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{072BADE7-E429-43FE-9632-ED8119CE21AD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{09E01168-DA8D-46D0-8EFD-C6E9083FC886}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{107D0A42-F4BA-412D-9029-16163429C935}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe | 
"{12FC471E-B764-4859-8FEA-994D1C51962A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{16580E1A-8D8B-433B-B34C-65EBE21F8EE4}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{1898FFB9-B7C1-49D5-8E40-20A42EF93F8F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1B09A108-22A1-4FE2-8FAB-FB8CE335F740}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{1BE36594-6ADC-4202-913F-5F749C81337A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1DE35918-D31B-45BE-8D16-9C45DCF6BF6E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2350A216-2946-493D-A29E-33B1EDC82162}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{25E21EE2-7560-4474-91C7-C44508DC6489}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2DFAD5C0-C566-4F61-AD19-525886803112}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{30E4A4FF-9E33-499F-B798-6A06F2E3E9D8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3191DECA-417D-496A-96E7-02FEF02CFEFF}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{37A67E49-16A2-4AA4-B483-A04C5F07AC75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{39BA89BA-5E33-47BA-8848-ACB49C572B2E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{3C77367C-B142-4B4F-9343-0CA4D6459332}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{5503186A-1591-40C3-85F0-7D9A5BC9A93B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5E8A0030-0D36-4994-AC3B-1893BEE04794}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{64B06681-9A1C-47EB-A743-D2204BC730EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{776BEAB3-FDA1-46A4-90DA-8B6DCB3706A6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{78C098D2-3236-4208-9D54-0C010F77A004}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8AAD5D66-4F82-499A-9331-0BD43DD2AD08}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8F2EF8C8-FDD2-4682-94D1-B5D4770F5D3F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A4EB2E77-D18E-4E07-8F7D-72C40E556E4E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{AB35FD29-C819-4EBD-B954-63A5BB8A7741}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{AEED3589-EE54-4D38-80A0-A0FD6BBEE827}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B100CB64-BCF7-442B-93A4-5AFE17A56603}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B800D73E-0396-4E6D-BDA6-D5D7A84ADA2D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B838CFCA-84E9-4CB0-A27B-B1504B9BEFCA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CF21D257-A7FD-48E5-8A21-E5E4CB0E5702}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CFC551D5-7442-41F2-ADF9-A61C70D3A89C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D5375A35-82EE-4FD0-B983-D0FEEA98E25F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D9074FF1-D1C0-430F-92B1-6C44AE88A44B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EA2C2A43-E142-4B23-943F-710440FD9CFD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{EA319ABF-05EE-4D32-B53A-46B7CCB3D10C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EEDCD9E0-81A0-4689-8060-018F689F528B}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe | 
"{F046B3A2-66D7-4970-B531-637807A9DD0F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F36D0674-9292-4E9C-A993-7AB57DE2F9C3}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10E8C456-0210-4E73-9472-4CD35799A79D}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 
"{11963E22-D3FE-496F-B11F-233178653710}" = protocol=6 | dir=out | app=system | 
"{1272C230-B63C-46F1-8ECA-1DF57EDF3BC3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{247C9EBC-C3AF-45FF-9884-040D30047C33}" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 
"{28391B67-FDC6-4A4A-801E-F7124E8FFE10}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 
"{2E25BF11-24F1-4485-90FF-5C9EDEC477AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{33EC455F-2EFE-41DC-95FB-56CFFE7DF70A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{350076D4-693F-41B8-BD90-A4B6F6115FE6}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe | 
"{363B42AB-E3C9-4696-B3C3-B1217C66CCB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3DC48DDD-4051-4111-BBBB-B6C39424525A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5682B6E3-4375-4741-B791-6FD1FAD13D9B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5A30A4F1-1B8D-4A7C-8AC5-52340E33DE87}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{5AA83A82-8265-41C6-B6EF-8C3862D11B09}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{61E9D938-C4B4-47F7-913B-66796D781DFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{63784E9D-FD24-4581-A97F-C3955134D42B}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe | 
"{6E5D556C-4E80-4907-9EAD-1EBF44A77099}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6E92F78E-C7CB-4FC7-9E0F-57970BA652D9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{714D7EB7-FE58-4FC8-B460-647B353CBADD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{76060410-9C04-4622-9CBA-04056B76FE3D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{78380F14-117A-4524-A57A-14973C030903}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"{7F12D708-E9D3-44CB-A2F3-F205FECD04D4}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{86E887C7-8A68-450A-87FA-4C222710B361}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8CE86474-D536-460A-B95E-A313F2D1520F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8E61314E-0629-489A-BC91-18BE94AA8A04}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{944FC150-6A9B-4A53-B29E-D48889CAF127}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9BD81D42-DB56-43F2-812C-F4CDB1A9FE2C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{9FA08E23-060E-4DF9-90AF-D3930F5E0F35}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A06754D5-078E-4E7D-8406-2B1C57977B3E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{A8841B5F-B5AC-4C80-8592-5FF2F79D9678}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AF54A96A-D584-4EC8-8B2E-2F6B9A85F50D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B36A40E3-B27B-452A-AF45-52DA8E110142}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B43B1CCB-5D98-40A6-95FB-C38F7D7455B0}" = protocol=6 | dir=in | app=c:\program files\unlimited connection manager\unlimited connection manager.exe | 
"{B73F2DBB-A331-4D55-A03C-AAC21C5F6F73}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B968BE4F-BD65-4877-B105-F76F317B84F9}" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 
"{B99B9C4A-8C79-4267-96DB-19D72DED4F2D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C3D36FB7-6922-41E6-96C3-A0B658A5578B}" = protocol=17 | dir=in | app=c:\program files\unlimited connection manager\unlimited connection manager.exe | 
"{C7CD8410-D29F-45F6-AD00-6BF36B9195AB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CC9C1220-4F21-4A2A-A776-8D16A72204A4}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"{CFBDF621-2C22-45F8-81DF-C9DB0EE8CFD6}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 
"{D8CAEFF8-0CEE-4015-A755-7D319E768EA4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D8FB8F8D-8F98-43A6-B850-E2A6A4E0B283}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 
"{E29CCEC6-577E-4D6B-9DC3-3012CA1A41E2}" = dir=in | app=d:\program files\itunes\itunes.exe | 
"{E719ADE9-BA03-4D6F-BB65-6314D0093DDD}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe | 
"{EE538957-909D-4EFC-A085-B929A39B048C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{F84A0EAD-AFBE-49AC-BD25-9F26D2A3E73F}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe | 
"{FBA59B54-C69C-426B-9966-B55F12E2094F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FE9892ED-1298-4C3D-AFDD-C09E6F9D63CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FF3F1D4A-93D0-4CA3-AFAD-C537458E08B2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"TCP Query User{1084484C-BC64-460A-8853-54AAEA1E5825}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{149D4CFE-B018-4FD1-AC82-9F5EBDEC1629}C:\program files\buffalo\nasnavi\nasnavi.exe" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 
"TCP Query User{5A3E0E37-CD92-4BFA-8BC6-EB04C475C83D}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"TCP Query User{88039DB5-A764-4A9D-8E9B-BFD87728A560}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=6 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe | 
"TCP Query User{990B1384-F106-44AE-8305-F66B4771C731}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=6 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe | 
"TCP Query User{9E8FB15F-2F0A-43BA-A172-CB92F5F49756}C:\program files\abus security-center\installationsassistent 2\iw2.exe" = protocol=6 | dir=in | app=c:\program files\abus security-center\installationsassistent 2\iw2.exe | 
"TCP Query User{E264E4D9-FDE6-43E7-BA1C-43160AE55B08}C:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=6 | dir=in | app=c:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe | 
"UDP Query User{2554715F-8C9F-42CE-93B5-EBC0B851717D}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=17 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe | 
"UDP Query User{2A46460A-95E7-49C1-AE87-96F93D60DD5D}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{455AAC0F-D976-4D18-ADE8-3B3EEE00C2AE}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=17 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe | 
"UDP Query User{4835702D-D30C-4E7D-84E0-70708198B8D9}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"UDP Query User{557BA70D-592B-426C-AC23-60FA3C617B26}C:\program files\abus security-center\installationsassistent 2\iw2.exe" = protocol=17 | dir=in | app=c:\program files\abus security-center\installationsassistent 2\iw2.exe | 
"UDP Query User{72A5BD2A-C6A5-4032-9ADA-E1115D0844CD}C:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=17 | dir=in | app=c:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe | 
"UDP Query User{C1DFAC81-009A-404C-8B4C-C6B675E475CF}C:\program files\buffalo\nasnavi\nasnavi.exe" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Hilfe
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Foxlink Webcam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45015CD6-4E70-4D1F-811E-2906B23BF27F}" = Studie zur Verbesserung von HP Officejet 6500 E710n-z Produkten
"{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6414E7C5-C329-4C99-A223-FCCDB499E3E9}" = D-Link AirPlus Xtreme G AP Manager for DWL-2100AP
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker 3
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75674E4C-CDE5-4E64-8014-FDF6D9204C4B}" = HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{924DAFFB-CA84-43a3-8205-A6E94461EC79}_is1" = Registry Reviver
"{9428A68A-9B43-473D-9771-FDA1D15B4C0D}" = VITAKEY
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B5C193AA-3BCE-483D-B9E7-97138248EB8B}" = ABUS IP-Installer
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5DECB40-7801-11D4-AFAE-0050DA073284}" = T-Concept X320 Xi320 Xi520
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AVG Secure Search" = AVG Security Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"File Recover_is1" = File Recover 7.5
"Google Desktop" = Google Desktop
"Installationsassistent2" = Installationsassistent2
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{9428A68A-9B43-473D-9771-FDA1D15B4C0D}" = VITAKEY
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"PDFCreator Toolbar" = PDFCreator Toolbar
"PROGNOS für Windows_is1" = PfW 4.7.2.3
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"TuneAid_is1" = TuneAid 3.76
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"UN060501" = BUFFALO NAS Navigator2
"UN090928" = BUFFALO LinkStation(LX-WXL) Setup Guide
"Unlimited Connection Manager" = Unlimited Connection Manager
"USB Compound Device" = USB Compound Device
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"X10Hardware" = X10 Hardware(TM)
"ZoomPlayer" = Zoom Player (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"GoToMeeting" = GoToMeeting 5.1.0.874
 
========== Last 10 Event Log Errors ==========
 
Error: Unable to start EventLog service!
 
< End of report >
         

oh entschuldigung i.wie doppelt gepostet Oo
__________________


Alt 07.05.2012, 15:28   #18
Sayri
 
Windows Verschlüsselungs Trojaner -.- - Standard

Windows Verschlüsselungs Trojaner -.-



Es gab noch ein 2tes logfile, Extras.Txt ist das auch relevant

Code:
ATTFilter
OTL Extras logfile created on: 07.05.2012 15:51:14 - Run 1
OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\dagmar\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,51% Memory free
6,18 Gb Paging File | 5,19 Gb Available in Paging File | 83,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,32 Gb Total Space | 122,13 Gb Free Space | 43,88% Space Free | Partition Type: NTFS
Drive D: | 19,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: FAT32
 
Computer Name: MAMA-PC | User Name: dagmar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{072BADE7-E429-43FE-9632-ED8119CE21AD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{09E01168-DA8D-46D0-8EFD-C6E9083FC886}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{107D0A42-F4BA-412D-9029-16163429C935}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe | 
"{12FC471E-B764-4859-8FEA-994D1C51962A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{16580E1A-8D8B-433B-B34C-65EBE21F8EE4}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{1898FFB9-B7C1-49D5-8E40-20A42EF93F8F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1B09A108-22A1-4FE2-8FAB-FB8CE335F740}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{1BE36594-6ADC-4202-913F-5F749C81337A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1DE35918-D31B-45BE-8D16-9C45DCF6BF6E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2350A216-2946-493D-A29E-33B1EDC82162}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{25E21EE2-7560-4474-91C7-C44508DC6489}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2DFAD5C0-C566-4F61-AD19-525886803112}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{30E4A4FF-9E33-499F-B798-6A06F2E3E9D8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3191DECA-417D-496A-96E7-02FEF02CFEFF}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{37A67E49-16A2-4AA4-B483-A04C5F07AC75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{39BA89BA-5E33-47BA-8848-ACB49C572B2E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{3C77367C-B142-4B4F-9343-0CA4D6459332}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{5503186A-1591-40C3-85F0-7D9A5BC9A93B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5E8A0030-0D36-4994-AC3B-1893BEE04794}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{64B06681-9A1C-47EB-A743-D2204BC730EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{776BEAB3-FDA1-46A4-90DA-8B6DCB3706A6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{78C098D2-3236-4208-9D54-0C010F77A004}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8AAD5D66-4F82-499A-9331-0BD43DD2AD08}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8F2EF8C8-FDD2-4682-94D1-B5D4770F5D3F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A4EB2E77-D18E-4E07-8F7D-72C40E556E4E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{AB35FD29-C819-4EBD-B954-63A5BB8A7741}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{AEED3589-EE54-4D38-80A0-A0FD6BBEE827}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B100CB64-BCF7-442B-93A4-5AFE17A56603}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B800D73E-0396-4E6D-BDA6-D5D7A84ADA2D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B838CFCA-84E9-4CB0-A27B-B1504B9BEFCA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CF21D257-A7FD-48E5-8A21-E5E4CB0E5702}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CFC551D5-7442-41F2-ADF9-A61C70D3A89C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D5375A35-82EE-4FD0-B983-D0FEEA98E25F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D9074FF1-D1C0-430F-92B1-6C44AE88A44B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EA2C2A43-E142-4B23-943F-710440FD9CFD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{EA319ABF-05EE-4D32-B53A-46B7CCB3D10C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EEDCD9E0-81A0-4689-8060-018F689F528B}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe | 
"{F046B3A2-66D7-4970-B531-637807A9DD0F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F36D0674-9292-4E9C-A993-7AB57DE2F9C3}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10E8C456-0210-4E73-9472-4CD35799A79D}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 
"{11963E22-D3FE-496F-B11F-233178653710}" = protocol=6 | dir=out | app=system | 
"{1272C230-B63C-46F1-8ECA-1DF57EDF3BC3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{247C9EBC-C3AF-45FF-9884-040D30047C33}" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 
"{28391B67-FDC6-4A4A-801E-F7124E8FFE10}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 
"{2E25BF11-24F1-4485-90FF-5C9EDEC477AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{33EC455F-2EFE-41DC-95FB-56CFFE7DF70A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{350076D4-693F-41B8-BD90-A4B6F6115FE6}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe | 
"{363B42AB-E3C9-4696-B3C3-B1217C66CCB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3DC48DDD-4051-4111-BBBB-B6C39424525A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5682B6E3-4375-4741-B791-6FD1FAD13D9B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5A30A4F1-1B8D-4A7C-8AC5-52340E33DE87}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{5AA83A82-8265-41C6-B6EF-8C3862D11B09}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{61E9D938-C4B4-47F7-913B-66796D781DFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{63784E9D-FD24-4581-A97F-C3955134D42B}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe | 
"{6E5D556C-4E80-4907-9EAD-1EBF44A77099}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6E92F78E-C7CB-4FC7-9E0F-57970BA652D9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{714D7EB7-FE58-4FC8-B460-647B353CBADD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{76060410-9C04-4622-9CBA-04056B76FE3D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{78380F14-117A-4524-A57A-14973C030903}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"{7F12D708-E9D3-44CB-A2F3-F205FECD04D4}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{86E887C7-8A68-450A-87FA-4C222710B361}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8CE86474-D536-460A-B95E-A313F2D1520F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8E61314E-0629-489A-BC91-18BE94AA8A04}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{944FC150-6A9B-4A53-B29E-D48889CAF127}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9BD81D42-DB56-43F2-812C-F4CDB1A9FE2C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{9FA08E23-060E-4DF9-90AF-D3930F5E0F35}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A06754D5-078E-4E7D-8406-2B1C57977B3E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{A8841B5F-B5AC-4C80-8592-5FF2F79D9678}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AF54A96A-D584-4EC8-8B2E-2F6B9A85F50D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B36A40E3-B27B-452A-AF45-52DA8E110142}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B43B1CCB-5D98-40A6-95FB-C38F7D7455B0}" = protocol=6 | dir=in | app=c:\program files\unlimited connection manager\unlimited connection manager.exe | 
"{B73F2DBB-A331-4D55-A03C-AAC21C5F6F73}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B968BE4F-BD65-4877-B105-F76F317B84F9}" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 
"{B99B9C4A-8C79-4267-96DB-19D72DED4F2D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C3D36FB7-6922-41E6-96C3-A0B658A5578B}" = protocol=17 | dir=in | app=c:\program files\unlimited connection manager\unlimited connection manager.exe | 
"{C7CD8410-D29F-45F6-AD00-6BF36B9195AB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CC9C1220-4F21-4A2A-A776-8D16A72204A4}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"{CFBDF621-2C22-45F8-81DF-C9DB0EE8CFD6}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 
"{D8CAEFF8-0CEE-4015-A755-7D319E768EA4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D8FB8F8D-8F98-43A6-B850-E2A6A4E0B283}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 
"{E29CCEC6-577E-4D6B-9DC3-3012CA1A41E2}" = dir=in | app=d:\program files\itunes\itunes.exe | 
"{E719ADE9-BA03-4D6F-BB65-6314D0093DDD}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe | 
"{EE538957-909D-4EFC-A085-B929A39B048C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{F84A0EAD-AFBE-49AC-BD25-9F26D2A3E73F}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe | 
"{FBA59B54-C69C-426B-9966-B55F12E2094F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FE9892ED-1298-4C3D-AFDD-C09E6F9D63CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FF3F1D4A-93D0-4CA3-AFAD-C537458E08B2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"TCP Query User{1084484C-BC64-460A-8853-54AAEA1E5825}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{149D4CFE-B018-4FD1-AC82-9F5EBDEC1629}C:\program files\buffalo\nasnavi\nasnavi.exe" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 
"TCP Query User{5A3E0E37-CD92-4BFA-8BC6-EB04C475C83D}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"TCP Query User{88039DB5-A764-4A9D-8E9B-BFD87728A560}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=6 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe | 
"TCP Query User{990B1384-F106-44AE-8305-F66B4771C731}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=6 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe | 
"TCP Query User{9E8FB15F-2F0A-43BA-A172-CB92F5F49756}C:\program files\abus security-center\installationsassistent 2\iw2.exe" = protocol=6 | dir=in | app=c:\program files\abus security-center\installationsassistent 2\iw2.exe | 
"TCP Query User{E264E4D9-FDE6-43E7-BA1C-43160AE55B08}C:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=6 | dir=in | app=c:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe | 
"UDP Query User{2554715F-8C9F-42CE-93B5-EBC0B851717D}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=17 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe | 
"UDP Query User{2A46460A-95E7-49C1-AE87-96F93D60DD5D}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{455AAC0F-D976-4D18-ADE8-3B3EEE00C2AE}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=17 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe | 
"UDP Query User{4835702D-D30C-4E7D-84E0-70708198B8D9}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"UDP Query User{557BA70D-592B-426C-AC23-60FA3C617B26}C:\program files\abus security-center\installationsassistent 2\iw2.exe" = protocol=17 | dir=in | app=c:\program files\abus security-center\installationsassistent 2\iw2.exe | 
"UDP Query User{72A5BD2A-C6A5-4032-9ADA-E1115D0844CD}C:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=17 | dir=in | app=c:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe | 
"UDP Query User{C1DFAC81-009A-404C-8B4C-C6B675E475CF}C:\program files\buffalo\nasnavi\nasnavi.exe" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Hilfe
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Foxlink Webcam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45015CD6-4E70-4D1F-811E-2906B23BF27F}" = Studie zur Verbesserung von HP Officejet 6500 E710n-z Produkten
"{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6414E7C5-C329-4C99-A223-FCCDB499E3E9}" = D-Link AirPlus Xtreme G AP Manager for DWL-2100AP
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker 3
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75674E4C-CDE5-4E64-8014-FDF6D9204C4B}" = HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{924DAFFB-CA84-43a3-8205-A6E94461EC79}_is1" = Registry Reviver
"{9428A68A-9B43-473D-9771-FDA1D15B4C0D}" = VITAKEY
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B5C193AA-3BCE-483D-B9E7-97138248EB8B}" = ABUS IP-Installer
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5DECB40-7801-11D4-AFAE-0050DA073284}" = T-Concept X320 Xi320 Xi520
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AVG Secure Search" = AVG Security Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"File Recover_is1" = File Recover 7.5
"Google Desktop" = Google Desktop
"Installationsassistent2" = Installationsassistent2
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{9428A68A-9B43-473D-9771-FDA1D15B4C0D}" = VITAKEY
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"PDFCreator Toolbar" = PDFCreator Toolbar
"PROGNOS für Windows_is1" = PfW 4.7.2.3
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"TuneAid_is1" = TuneAid 3.76
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"UN060501" = BUFFALO NAS Navigator2
"UN090928" = BUFFALO LinkStation(LX-WXL) Setup Guide
"Unlimited Connection Manager" = Unlimited Connection Manager
"USB Compound Device" = USB Compound Device
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"X10Hardware" = X10 Hardware(TM)
"ZoomPlayer" = Zoom Player (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"GoToMeeting" = GoToMeeting 5.1.0.874
 
========== Last 10 Event Log Errors ==========
 
Error: Unable to start EventLog service!
 
< End of report >
         
__________________

Alt 07.05.2012, 18:37   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Verschlüsselungs Trojaner -.- - Standard

Windows Verschlüsselungs Trojaner -.-



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul = 
IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = http://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
[2011.05.28 13:04:03 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:24051EFF
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.05.2012, 12:17   #20
Sayri
 
Windows Verschlüsselungs Trojaner -.- - Standard

Windows Verschlüsselungs Trojaner -.-



So der OTL fix ist auch durch hier das LOG:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ deleted successfully.
C:\Program Files\Softonic_Deutsch\tbSoft.dll moved successfully.
HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Internet Explorer\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}\ deleted successfully.
C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}\ deleted successfully.
C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Program Files\Softonic_Deutsch\tbSoft.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}\ deleted successfully.
C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found.
File C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Program Files\Softonic_Deutsch\tbSoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{eec0f710-38b5-4aba-99bf-ec87564a4e13} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eec0f710-38b5-4aba-99bf-ec87564a4e13}\ deleted successfully.
File C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll not found.
Registry value HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found.
File C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}\ not found.
File C:\Program Files\Softonic_Deutsch\tbSoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
D:\AUTOEXEC.BAT moved successfully.
ADS C:\ProgramData\Temp:24051EFF deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: dagmar
->Temp folder emptied: 6258338 bytes
->Temporary Internet Files folder emptied: 194433655 bytes
->Java cache emptied: 2597569 bytes
->FireFox cache emptied: 169292027 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 102965 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2861268 bytes
RecycleBin emptied: 9853266451 bytes
 
Total Files Cleaned = 9.755,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: dagmar
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.42.3 log created on 05082012_122544

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\JET94FE.tmp not found!

Registry entries deleted on Reboot...
         


Alt 08.05.2012, 14:28   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Verschlüsselungs Trojaner -.- - Standard

Windows Verschlüsselungs Trojaner -.-



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
--> Windows Verschlüsselungs Trojaner -.-

Alt 08.05.2012, 15:29   #22
Sayri
 
Windows Verschlüsselungs Trojaner -.- - Standard

Windows Verschlüsselungs Trojaner -.-



Alles klar habe ich gemacht, hier der Report, und bis hier hin schonmal danke, viele Dank für deine Mühe.

Code:
ATTFilter
16:25:30.0311 0276	TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18
16:25:30.0820 0276	============================================================
16:25:30.0820 0276	Current date / time: 2012/05/08 16:25:30.0820
16:25:30.0820 0276	SystemInfo:
16:25:30.0820 0276	
16:25:30.0820 0276	OS Version: 6.0.6001 ServicePack: 1.0
16:25:30.0820 0276	Product type: Workstation
16:25:30.0821 0276	ComputerName: MAMA-PC
16:25:30.0821 0276	UserName: dagmar
16:25:30.0821 0276	Windows directory: C:\Windows
16:25:30.0821 0276	System windows directory: C:\Windows
16:25:30.0821 0276	Processor architecture: Intel x86
16:25:30.0821 0276	Number of processors: 2
16:25:30.0821 0276	Page size: 0x1000
16:25:30.0821 0276	Boot type: Normal boot
16:25:30.0821 0276	============================================================
16:25:32.0359 0276	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:25:32.0370 0276	============================================================
16:25:32.0370 0276	\Device\Harddisk0\DR0:
16:25:32.0370 0276	MBR partitions:
16:25:32.0370 0276	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x22CA4800
16:25:32.0370 0276	\Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x22CA5000, BlocksNum 0x2789000
16:25:32.0370 0276	============================================================
16:25:32.0406 0276	C: <-> \Device\Harddisk0\DR0\Partition0
16:25:32.0434 0276	D: <-> \Device\Harddisk0\DR0\Partition1
16:25:32.0434 0276	============================================================
16:25:32.0434 0276	Initialize success
16:25:32.0434 0276	============================================================
16:27:08.0703 3352	============================================================
16:27:08.0703 3352	Scan started
16:27:08.0703 3352	Mode: Manual; SigCheck; TDLFS; 
16:27:08.0703 3352	============================================================
16:27:09.0450 3352	ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
16:27:09.0544 3352	ACPI - ok
16:27:09.0593 3352	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:27:09.0623 3352	adp94xx - ok
16:27:09.0673 3352	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:27:09.0697 3352	adpahci - ok
16:27:09.0731 3352	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:27:09.0756 3352	adpu160m - ok
16:27:09.0781 3352	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:27:09.0802 3352	adpu320 - ok
16:27:09.0834 3352	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
16:27:09.0947 3352	AeLookupSvc - ok
16:27:10.0020 3352	AFD             (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
16:27:10.0076 3352	AFD - ok
16:27:10.0093 3352	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:27:10.0103 3352	agp440 - ok
16:27:10.0128 3352	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:27:10.0140 3352	aic78xx - ok
16:27:10.0173 3352	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
16:27:10.0222 3352	ALG - ok
16:27:10.0245 3352	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:27:10.0254 3352	aliide - ok
16:27:10.0278 3352	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:27:10.0288 3352	amdagp - ok
16:27:10.0333 3352	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:27:10.0342 3352	amdide - ok
16:27:10.0372 3352	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:27:10.0408 3352	AmdK7 - ok
16:27:10.0429 3352	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:27:10.0474 3352	AmdK8 - ok
16:27:10.0488 3352	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
16:27:10.0523 3352	Appinfo - ok
16:27:10.0713 3352	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:27:10.0723 3352	Apple Mobile Device - ok
16:27:10.0745 3352	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:27:10.0756 3352	arc - ok
16:27:10.0778 3352	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:27:10.0788 3352	arcsas - ok
16:27:10.0813 3352	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:27:10.0868 3352	AsyncMac - ok
16:27:10.0890 3352	atapi           (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
16:27:10.0898 3352	atapi - ok
16:27:10.0987 3352	AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
16:27:11.0028 3352	AudioEndpointBuilder - ok
16:27:11.0033 3352	Audiosrv        (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
16:27:11.0061 3352	Audiosrv - ok
16:27:11.0078 3352	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:27:11.0116 3352	Beep - ok
16:27:11.0161 3352	BFE             (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
16:27:11.0219 3352	BFE - ok
16:27:11.0359 3352	BITS            (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll
16:27:11.0450 3352	BITS - ok
16:27:11.0483 3352	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:27:11.0524 3352	blbdrive - ok
16:27:11.0678 3352	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
16:27:11.0695 3352	Bonjour Service - ok
16:27:11.0766 3352	bowser          (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
16:27:11.0823 3352	bowser - ok
16:27:11.0836 3352	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:27:11.0914 3352	BrFiltLo - ok
16:27:11.0943 3352	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:27:11.0974 3352	BrFiltUp - ok
16:27:12.0008 3352	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
16:27:12.0052 3352	Browser - ok
16:27:12.0080 3352	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:27:12.0140 3352	Brserid - ok
16:27:12.0337 3352	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:27:12.0402 3352	BrSerWdm - ok
16:27:12.0424 3352	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:27:12.0476 3352	BrUsbMdm - ok
16:27:12.0491 3352	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:27:12.0534 3352	BrUsbSer - ok
16:27:12.0584 3352	BthEnum         (ae19cfbbba41800f3d5343e21d2ca09f) C:\Windows\system32\DRIVERS\BthEnum.sys
16:27:12.0619 3352	BthEnum - ok
16:27:12.0642 3352	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:27:12.0712 3352	BTHMODEM - ok
16:27:12.0752 3352	BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
16:27:12.0792 3352	BthPan - ok
16:27:12.0876 3352	BTHPORT         (75f19df0bc62992d05fdd8a32d968531) C:\Windows\system32\Drivers\BTHport.sys
16:27:12.0982 3352	BTHPORT - ok
16:27:13.0017 3352	BthServ         (fc930b47a83f5f61dfadc64a0719de43) C:\Windows\System32\bthserv.dll
16:27:13.0062 3352	BthServ - ok
16:27:13.0104 3352	BTHUSB          (4ce2a25c5936bc515357d60fee73f221) C:\Windows\system32\Drivers\BTHUSB.sys
16:27:13.0117 3352	BTHUSB - ok
16:27:13.0146 3352	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:27:13.0181 3352	cdfs - ok
16:27:13.0207 3352	cdrom           (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
16:27:13.0233 3352	cdrom - ok
16:27:13.0260 3352	CertPropSvc     (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
16:27:13.0285 3352	CertPropSvc - ok
16:27:13.0300 3352	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:27:13.0325 3352	circlass - ok
16:27:13.0375 3352	CLFS            (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
16:27:13.0402 3352	CLFS - ok
16:27:13.0509 3352	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:27:13.0520 3352	clr_optimization_v2.0.50727_32 - ok
16:27:13.0631 3352	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:27:13.0652 3352	clr_optimization_v4.0.30319_32 - ok
16:27:13.0681 3352	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:27:13.0727 3352	CmBatt - ok
16:27:13.0758 3352	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:27:13.0767 3352	cmdide - ok
16:27:13.0788 3352	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:27:13.0797 3352	Compbatt - ok
16:27:13.0800 3352	COMSysApp - ok
16:27:13.0808 3352	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:27:13.0818 3352	crcdisk - ok
16:27:13.0838 3352	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:27:13.0888 3352	Crusoe - ok
16:27:13.0933 3352	CryptSvc        (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
16:27:13.0994 3352	CryptSvc - ok
16:27:14.0092 3352	DcomLaunch      (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
16:27:14.0131 3352	DcomLaunch - ok
16:27:14.0189 3352	DfsC            (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
16:27:14.0245 3352	DfsC - ok
16:27:14.0453 3352	DFSR            (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
16:27:14.0596 3352	DFSR - ok
16:27:14.0754 3352	Dhcp            (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
16:27:14.0786 3352	Dhcp - ok
16:27:14.0836 3352	disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
16:27:14.0846 3352	disk - ok
16:27:14.0903 3352	Dnscache        (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
16:27:14.0941 3352	Dnscache - ok
16:27:14.0980 3352	dot3svc         (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
16:27:15.0068 3352	dot3svc - ok
16:27:15.0109 3352	Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
16:27:15.0167 3352	Dot4 - ok
16:27:15.0219 3352	Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:27:15.0256 3352	Dot4Print - ok
16:27:15.0349 3352	dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
16:27:15.0392 3352	dot4usb - ok
16:27:15.0430 3352	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
16:27:15.0479 3352	DPS - ok
16:27:15.0518 3352	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:27:15.0545 3352	drmkaud - ok
16:27:15.0633 3352	DXGKrnl         (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
16:27:15.0693 3352	DXGKrnl - ok
16:27:15.0751 3352	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:27:15.0797 3352	E1G60 - ok
16:27:15.0829 3352	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
16:27:15.0864 3352	EapHost - ok
16:27:15.0897 3352	Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
16:27:15.0918 3352	Ecache - ok
16:27:16.0028 3352	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
16:27:16.0051 3352	ehRecvr - ok
16:27:16.0074 3352	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
16:27:16.0112 3352	ehSched - ok
16:27:16.0147 3352	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
16:27:16.0171 3352	ehstart - ok
16:27:16.0233 3352	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:27:16.0256 3352	elxstor - ok
16:27:16.0354 3352	EMDMgmt         (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
16:27:16.0399 3352	EMDMgmt - ok
16:27:16.0427 3352	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:27:16.0482 3352	ErrDev - ok
16:27:16.0536 3352	EventSystem     (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
16:27:16.0561 3352	EventSystem - ok
16:27:16.0600 3352	exfat           (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
16:27:16.0655 3352	exfat - ok
16:27:16.0689 3352	fastfat         (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
16:27:16.0744 3352	fastfat - ok
16:27:16.0770 3352	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:27:16.0795 3352	fdc - ok
16:27:16.0827 3352	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
16:27:16.0868 3352	fdPHost - ok
16:27:16.0894 3352	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
16:27:16.0953 3352	FDResPub - ok
16:27:16.0984 3352	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:27:16.0995 3352	FileInfo - ok
16:27:17.0021 3352	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:27:17.0063 3352	Filetrace - ok
16:27:17.0085 3352	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:27:17.0110 3352	flpydisk - ok
16:27:17.0128 3352	FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
16:27:17.0142 3352	FltMgr - ok
16:27:17.0257 3352	FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:27:17.0265 3352	FontCache3.0.0.0 - ok
16:27:17.0295 3352	FPSensor        (78c108c807afdc45d7867b96d01aa8f2) C:\Windows\system32\Drivers\FPSensor.sys
16:27:17.0302 3352	FPSensor - ok
16:27:17.0311 3352	FPWinIo         (4eff8408dd280f2468c39d0f4a2cec0d) C:\Windows\system32\DRIVERS\FPWinIo.sys
16:27:17.0319 3352	FPWinIo - ok
16:27:17.0329 3352	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:27:17.0368 3352	Fs_Rec - ok
16:27:17.0401 3352	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:27:17.0411 3352	gagp30kx - ok
16:27:17.0444 3352	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:27:17.0450 3352	GEARAspiWDM - ok
16:27:17.0536 3352	GoogleDesktopManager (33efd5039ea1bfa623d8bb9fb787cb0f) C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
16:27:17.0554 3352	GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - warning
16:27:17.0554 3352	GoogleDesktopManager - detected UnsignedFile.Multi.Generic (1)
16:27:17.0631 3352	gpsvc           (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
16:27:17.0676 3352	gpsvc - ok
16:27:17.0731 3352	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:27:17.0752 3352	gusvc - ok
16:27:17.0817 3352	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:27:17.0903 3352	HdAudAddService - ok
16:27:17.0959 3352	HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:27:17.0984 3352	HDAudBus - ok
16:27:17.0996 3352	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:27:18.0060 3352	HidBth - ok
16:27:18.0083 3352	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:27:18.0127 3352	HidIr - ok
16:27:18.0169 3352	hidserv         (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
16:27:18.0244 3352	hidserv - ok
16:27:18.0270 3352	HidUsb          (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
16:27:18.0288 3352	HidUsb - ok
16:27:18.0309 3352	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
16:27:18.0353 3352	hkmsvc - ok
16:27:18.0372 3352	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:27:18.0382 3352	HpCISSs - ok
16:27:18.0482 3352	HTTP            (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
16:27:18.0598 3352	HTTP - ok
16:27:18.0660 3352	hwdatacard      (19e6885a061011d8dabe8f64498423fa) C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:27:18.0687 3352	hwdatacard - ok
16:27:18.0712 3352	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:27:18.0721 3352	i2omp - ok
16:27:18.0741 3352	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:27:18.0760 3352	i8042prt - ok
16:27:18.0797 3352	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:27:18.0825 3352	iaStorV - ok
16:27:18.0958 3352	IDriverT        (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
16:27:18.0978 3352	IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:27:18.0979 3352	IDriverT - detected UnsignedFile.Multi.Generic (1)
16:27:19.0165 3352	idsvc           (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:27:19.0221 3352	idsvc - ok
16:27:19.0446 3352	IGBASVC         (be449d6218d34d93a95c1d2873dd8a5d) C:\Program Files\EgisTec\VITAKEY\BASVC.exe
16:27:19.0544 3352	IGBASVC - ok
16:27:19.0728 3352	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:27:19.0737 3352	iirsp - ok
16:27:19.0806 3352	IKEEXT          (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
16:27:19.0882 3352	IKEEXT - ok
16:27:20.0140 3352	IntcAzAudAddService (c3c499a704a2d7958d9d7e5a9db60ce4) C:\Windows\system32\drivers\RTKVHDA.sys
16:27:20.0215 3352	IntcAzAudAddService - ok
16:27:20.0386 3352	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:27:20.0395 3352	intelide - ok
16:27:20.0426 3352	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:27:20.0464 3352	intelppm - ok
16:27:20.0492 3352	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
16:27:20.0537 3352	IPBusEnum - ok
16:27:20.0560 3352	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:27:20.0601 3352	IpFilterDriver - ok
16:27:20.0660 3352	iphlpsvc        (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
16:27:20.0712 3352	iphlpsvc - ok
16:27:20.0716 3352	IpInIp - ok
16:27:20.0742 3352	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
16:27:20.0768 3352	IPMIDRV - ok
16:27:20.0790 3352	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:27:20.0817 3352	IPNAT - ok
16:27:21.0018 3352	iPod Service    (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
16:27:21.0071 3352	iPod Service - ok
16:27:21.0112 3352	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:27:21.0137 3352	IRENUM - ok
16:27:21.0173 3352	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
16:27:21.0183 3352	isapnp - ok
16:27:21.0213 3352	iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
16:27:21.0224 3352	iScsiPrt - ok
16:27:21.0242 3352	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:27:21.0251 3352	iteatapi - ok
16:27:21.0270 3352	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:27:21.0279 3352	iteraid - ok
16:27:21.0317 3352	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:27:21.0325 3352	kbdclass - ok
16:27:21.0342 3352	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
16:27:21.0366 3352	kbdhid - ok
16:27:21.0388 3352	KeyIso          (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
16:27:21.0427 3352	KeyIso - ok
16:27:21.0477 3352	KSecDD          (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
16:27:21.0506 3352	KSecDD - ok
16:27:21.0566 3352	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
16:27:21.0647 3352	KtmRm - ok
16:27:21.0650 3352	KUSBusByTCPMasterBus - ok
16:27:21.0707 3352	LanmanServer    (1925e63c91cf1610ae41bfd539062079) C:\Windows\system32\srvsvc.dll
16:27:21.0722 3352	LanmanServer - ok
16:27:21.0792 3352	LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
16:27:21.0816 3352	LanmanWorkstation - ok
16:27:21.0841 3352	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:27:21.0889 3352	lltdio - ok
16:27:21.0956 3352	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
16:27:22.0039 3352	lltdsvc - ok
16:27:22.0057 3352	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
16:27:22.0112 3352	lmhosts - ok
16:27:22.0134 3352	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
16:27:22.0145 3352	LSI_FC - ok
16:27:22.0164 3352	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
16:27:22.0176 3352	LSI_SAS - ok
16:27:22.0200 3352	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
16:27:22.0211 3352	LSI_SCSI - ok
16:27:22.0238 3352	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:27:22.0264 3352	luafv - ok
16:27:22.0276 3352	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
16:27:22.0288 3352	Mcx2Svc - ok
16:27:22.0306 3352	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
16:27:22.0316 3352	megasas - ok
16:27:22.0370 3352	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
16:27:22.0454 3352	MegaSR - ok
16:27:22.0716 3352	Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
16:27:22.0726 3352	Microsoft Office Groove Audit Service - ok
16:27:22.0748 3352	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
16:27:22.0773 3352	MMCSS - ok
16:27:22.0784 3352	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:27:22.0814 3352	Modem - ok
16:27:22.0832 3352	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:27:22.0871 3352	monitor - ok
16:27:22.0993 3352	mosuport        (cfdcf35739762dc51a431ac0524a0efb) C:\Windows\system32\DRIVERS\mosuport.sys
16:27:23.0068 3352	mosuport ( UnsignedFile.Multi.Generic ) - warning
16:27:23.0068 3352	mosuport - detected UnsignedFile.Multi.Generic (1)
16:27:23.0090 3352	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:27:23.0098 3352	mouclass - ok
16:27:23.0110 3352	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:27:23.0136 3352	mouhid - ok
16:27:23.0149 3352	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:27:23.0159 3352	MountMgr - ok
16:27:23.0237 3352	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:27:23.0261 3352	MozillaMaintenance - ok
16:27:23.0291 3352	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
16:27:23.0318 3352	mpio - ok
16:27:23.0342 3352	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:27:23.0379 3352	mpsdrv - ok
16:27:23.0442 3352	MpsSvc          (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
16:27:23.0504 3352	MpsSvc - ok
16:27:23.0524 3352	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:27:23.0534 3352	Mraid35x - ok
16:27:23.0566 3352	MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
16:27:23.0599 3352	MRxDAV - ok
16:27:23.0665 3352	mrxsmb          (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:27:23.0710 3352	mrxsmb - ok
16:27:23.0779 3352	mrxsmb10        (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:27:23.0798 3352	mrxsmb10 - ok
16:27:23.0817 3352	mrxsmb20        (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:27:23.0831 3352	mrxsmb20 - ok
16:27:23.0863 3352	msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
16:27:23.0871 3352	msahci - ok
16:27:23.0892 3352	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
16:27:23.0904 3352	msdsm - ok
16:27:23.0934 3352	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
16:27:23.0973 3352	MSDTC - ok
16:27:23.0990 3352	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:27:24.0024 3352	Msfs - ok
16:27:24.0038 3352	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:27:24.0047 3352	msisadrv - ok
16:27:24.0091 3352	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
16:27:24.0135 3352	MSiSCSI - ok
16:27:24.0138 3352	msiserver - ok
16:27:24.0166 3352	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:27:24.0202 3352	MSKSSRV - ok
16:27:24.0236 3352	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:27:24.0260 3352	MSPCLOCK - ok
16:27:24.0277 3352	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:27:24.0302 3352	MSPQM - ok
16:27:24.0330 3352	MsRPC           (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
16:27:24.0343 3352	MsRPC - ok
16:27:24.0364 3352	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:27:24.0373 3352	mssmbios - ok
16:27:24.0387 3352	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:27:24.0411 3352	MSTEE - ok
16:27:24.0444 3352	Mup             (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
16:27:24.0454 3352	Mup - ok
16:27:24.0470 3352	mwlPSDFilter    (62d3c8e2e75abd9fc3dee1b0e5b437e0) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
16:27:24.0495 3352	mwlPSDFilter - ok
16:27:24.0514 3352	mwlPSDNServ     (3963db3d50d60d17ce7a5eb7d4da2e7d) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
16:27:24.0520 3352	mwlPSDNServ - ok
16:27:24.0535 3352	mwlPSDVDisk     (c6de675ce2f2b6e4f78bf7e8187fc1ec) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
16:27:24.0542 3352	mwlPSDVDisk - ok
16:27:24.0722 3352	MWLService      (3fd2d2f48c05c9e8ec0a8d61bce12bfa) C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
16:27:24.0738 3352	MWLService - ok
16:27:24.0789 3352	napagent        (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
16:27:24.0831 3352	napagent - ok
16:27:24.0889 3352	NasPmService - ok
16:27:24.0936 3352	NativeWifiP     (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
16:27:24.0971 3352	NativeWifiP - ok
16:27:25.0070 3352	NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
16:27:25.0131 3352	NDIS - ok
16:27:25.0180 3352	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:27:25.0214 3352	NdisTapi - ok
16:27:25.0228 3352	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:27:25.0273 3352	Ndisuio - ok
16:27:25.0328 3352	NdisWan         (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
16:27:25.0365 3352	NdisWan - ok
16:27:25.0373 3352	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:27:25.0393 3352	NDProxy - ok
16:27:25.0540 3352	Nero BackItUp Scheduler 3 (40d7d0a208ee863bca8d89e299216f15) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
16:27:25.0566 3352	Nero BackItUp Scheduler 3 - ok
16:27:25.0591 3352	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:27:25.0626 3352	NetBIOS - ok
16:27:25.0653 3352	netbt           (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
16:27:25.0698 3352	netbt - ok
16:27:25.0742 3352	Netlogon        (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
16:27:25.0756 3352	Netlogon - ok
16:27:25.0805 3352	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
16:27:25.0848 3352	Netman - ok
16:27:25.0880 3352	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
16:27:25.0920 3352	netprofm - ok
16:27:26.0020 3352	NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:27:26.0042 3352	NetTcpPortSharing - ok
16:27:26.0379 3352	NETw5v32        (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
16:27:26.0628 3352	NETw5v32 - ok
16:27:26.0793 3352	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:27:26.0804 3352	nfrd960 - ok
16:27:26.0862 3352	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
16:27:26.0936 3352	NlaSvc - ok
16:27:27.0070 3352	NMIndexingService (eba1b4bf2e2375abdadedb649f283541) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
16:27:27.0105 3352	NMIndexingService - ok
16:27:27.0159 3352	Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
16:27:27.0201 3352	Npfs - ok
16:27:27.0218 3352	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
16:27:27.0251 3352	nsi - ok
16:27:27.0260 3352	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:27:27.0308 3352	nsiproxy - ok
16:27:27.0420 3352	Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
16:27:27.0505 3352	Ntfs - ok
16:27:27.0535 3352	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:27:27.0589 3352	ntrigdigi - ok
16:27:27.0629 3352	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:27:27.0653 3352	Null - ok
16:27:27.0688 3352	NVHDA           (a103162c62c336c2cb3c5e1e2773d17b) C:\Windows\system32\drivers\nvhda32v.sys
16:27:27.0696 3352	NVHDA - ok
16:27:28.0677 3352	nvlddmkm        (692bd7ae273b8fd16d1ef1677394dd84) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:27:29.0300 3352	nvlddmkm - ok
16:27:29.0453 3352	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
16:27:29.0478 3352	nvraid - ok
16:27:29.0507 3352	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
16:27:29.0518 3352	nvstor - ok
16:27:29.0565 3352	nvsvc           (7708f81cc3c92e107da01caa67dfdb0a) C:\Windows\system32\nvvsvc.exe
16:27:29.0583 3352	nvsvc - ok
16:27:29.0613 3352	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
16:27:29.0627 3352	nv_agp - ok
16:27:29.0631 3352	NwlnkFlt - ok
16:27:29.0635 3352	NwlnkFwd - ok
16:27:29.0805 3352	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:27:29.0833 3352	odserv - ok
16:27:29.0859 3352	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
16:27:29.0917 3352	ohci1394 - ok
16:27:29.0951 3352	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:27:29.0971 3352	ose - ok
16:27:30.0052 3352	p2pimsvc        (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
16:27:30.0112 3352	p2pimsvc - ok
16:27:30.0119 3352	p2psvc          (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
16:27:30.0177 3352	p2psvc - ok
16:27:30.0228 3352	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:27:30.0284 3352	Parport - ok
16:27:30.0315 3352	partmgr         (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
16:27:30.0325 3352	partmgr - ok
16:27:30.0342 3352	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:27:30.0386 3352	Parvdm - ok
16:27:30.0404 3352	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
16:27:30.0436 3352	PcaSvc - ok
16:27:30.0552 3352	pci             (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
16:27:30.0565 3352	pci - ok
16:27:30.0588 3352	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
16:27:30.0597 3352	pciide - ok
16:27:30.0634 3352	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:27:30.0653 3352	pcmcia - ok
16:27:30.0746 3352	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:27:30.0838 3352	PEAUTH - ok
16:27:30.0986 3352	PhilCap         (f433b5aa6dbac3c8626eefaf134e4763) C:\Windows\system32\DRIVERS\PhilCap.sys
16:27:31.0047 3352	PhilCap - ok
16:27:31.0261 3352	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
16:27:31.0384 3352	pla - ok
16:27:31.0544 3352	PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe
16:27:31.0583 3352	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
16:27:31.0583 3352	PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
16:27:31.0630 3352	PlugPlay        (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
16:27:31.0711 3352	PlugPlay - ok
16:27:31.0810 3352	PNRPAutoReg     (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
16:27:31.0858 3352	PNRPAutoReg - ok
16:27:31.0865 3352	PNRPsvc         (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
16:27:31.0915 3352	PNRPsvc - ok
16:27:32.0010 3352	PolicyAgent     (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
16:27:32.0074 3352	PolicyAgent - ok
16:27:32.0152 3352	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:27:32.0194 3352	PptpMiniport - ok
16:27:32.0233 3352	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
16:27:32.0259 3352	Processor - ok
16:27:32.0301 3352	ProfSvc         (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
16:27:32.0341 3352	ProfSvc - ok
16:27:32.0380 3352	ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
16:27:32.0391 3352	ProtectedStorage - ok
16:27:32.0435 3352	ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\Windows\system32\PSIService.exe
16:27:32.0446 3352	ProtexisLicensing - ok
16:27:32.0474 3352	PSched          (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
16:27:32.0512 3352	PSched - ok
16:27:32.0624 3352	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
16:27:32.0740 3352	ql2300 - ok
16:27:32.0857 3352	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:27:32.0886 3352	ql40xx - ok
16:27:33.0057 3352	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
16:27:33.0086 3352	QWAVE - ok
16:27:33.0105 3352	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:27:33.0133 3352	QWAVEdrv - ok
16:27:33.0148 3352	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:27:33.0173 3352	RasAcd - ok
16:27:33.0197 3352	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
16:27:33.0244 3352	RasAuto - ok
16:27:33.0272 3352	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:27:33.0298 3352	Rasl2tp - ok
16:27:33.0338 3352	RasMan          (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
16:27:33.0379 3352	RasMan - ok
16:27:33.0386 3352	RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
16:27:33.0411 3352	RasPppoe - ok
16:27:33.0428 3352	RasSstp         (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
16:27:33.0459 3352	RasSstp - ok
16:27:33.0509 3352	rdbss           (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
16:27:33.0548 3352	rdbss - ok
16:27:33.0568 3352	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:27:33.0602 3352	RDPCDD - ok
16:27:33.0650 3352	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
16:27:33.0692 3352	rdpdr - ok
16:27:33.0697 3352	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:27:33.0746 3352	RDPENCDD - ok
16:27:33.0773 3352	RDPWD           (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
16:27:33.0814 3352	RDPWD - ok
16:27:33.0857 3352	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
16:27:33.0883 3352	RemoteAccess - ok
16:27:33.0925 3352	RemoteRegistry  (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
16:27:33.0964 3352	RemoteRegistry - ok
16:27:34.0015 3352	RFCOMM          (23f486726da7a9b2f3ec7326421a9c36) C:\Windows\system32\DRIVERS\rfcomm.sys
16:27:34.0037 3352	RFCOMM - ok
16:27:34.0148 3352	RichVideo       (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
16:27:34.0182 3352	RichVideo ( UnsignedFile.Multi.Generic ) - warning
16:27:34.0183 3352	RichVideo - detected UnsignedFile.Multi.Generic (1)
16:27:34.0225 3352	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
16:27:34.0237 3352	RpcLocator - ok
16:27:34.0327 3352	RpcSs           (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
16:27:34.0348 3352	RpcSs - ok
16:27:34.0368 3352	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:27:34.0393 3352	rspndr - ok
16:27:34.0425 3352	RTL8169         (174b9514cd1a0c33ce4bbc02a3c81a62) C:\Windows\system32\DRIVERS\Rtlh86.sys
16:27:34.0510 3352	RTL8169 - ok
16:27:34.0561 3352	RTSTOR          (9ea88492b1dab90dce43a6f2c0e133bd) C:\Windows\system32\drivers\RTSTOR.SYS
16:27:34.0602 3352	RTSTOR - ok
16:27:34.0616 3352	SamSs           (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
16:27:34.0629 3352	SamSs - ok
16:27:34.0662 3352	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:27:34.0673 3352	sbp2port - ok
16:27:34.0715 3352	SCardSvr        (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
16:27:34.0749 3352	SCardSvr - ok
16:27:34.0853 3352	Schedule        (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
16:27:34.0878 3352	Schedule - ok
16:27:34.0907 3352	SCPolicySvc     (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
16:27:34.0932 3352	SCPolicySvc - ok
16:27:34.0951 3352	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
16:27:34.0986 3352	SDRSVC - ok
16:27:35.0019 3352	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:27:35.0075 3352	secdrv - ok
16:27:35.0086 3352	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
16:27:35.0113 3352	seclogon - ok
16:27:35.0125 3352	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
16:27:35.0163 3352	SENS - ok
16:27:35.0183 3352	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
16:27:35.0244 3352	Serenum - ok
16:27:35.0296 3352	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:27:35.0351 3352	Serial - ok
16:27:35.0370 3352	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:27:35.0396 3352	sermouse - ok
16:27:35.0436 3352	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
16:27:35.0464 3352	SessionEnv - ok
16:27:35.0476 3352	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
16:27:35.0495 3352	sffdisk - ok
16:27:35.0512 3352	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
16:27:35.0552 3352	sffp_mmc - ok
16:27:35.0564 3352	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
16:27:35.0601 3352	sffp_sd - ok
16:27:35.0612 3352	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:27:35.0656 3352	sfloppy - ok
16:27:35.0717 3352	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
16:27:35.0775 3352	SharedAccess - ok
16:27:35.0835 3352	ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
16:27:35.0871 3352	ShellHWDetection - ok
16:27:35.0896 3352	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
16:27:35.0909 3352	sisagp - ok
16:27:35.0922 3352	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
16:27:35.0935 3352	SiSRaid2 - ok
16:27:35.0967 3352	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
16:27:35.0981 3352	SiSRaid4 - ok
16:27:36.0236 3352	slsvc           (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
16:27:36.0405 3352	slsvc - ok
16:27:36.0587 3352	SLUINotify      (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
16:27:36.0615 3352	SLUINotify - ok
16:27:36.0656 3352	Smb             (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
16:27:36.0696 3352	Smb - ok
16:27:36.0719 3352	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
16:27:36.0732 3352	SNMPTRAP - ok
16:27:36.0908 3352	SNP2UVC         (913d2ce973ed904fe54de9db38fceff2) C:\Windows\system32\DRIVERS\snp2uvc.sys
16:27:37.0039 3352	SNP2UVC - ok
16:27:37.0204 3352	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:27:37.0214 3352	spldr - ok
16:27:37.0270 3352	Spooler         (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
16:27:37.0324 3352	Spooler - ok
16:27:37.0397 3352	srv             (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
16:27:37.0441 3352	srv - ok
16:27:37.0508 3352	srv2            (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
16:27:37.0540 3352	srv2 - ok
16:27:37.0807 3352	srvcPVR         (71db619f4068d7c70d447d73617cdfac) C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
16:27:37.0909 3352	srvcPVR ( UnsignedFile.Multi.Generic ) - warning
16:27:37.0909 3352	srvcPVR - detected UnsignedFile.Multi.Generic (1)
16:27:38.0265 3352	srvnet          (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
16:27:38.0307 3352	srvnet - ok
16:27:38.0348 3352	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
16:27:38.0388 3352	SSDPSRV - ok
16:27:38.0436 3352	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
16:27:38.0458 3352	SstpSvc - ok
16:27:38.0504 3352	StillCam        (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
16:27:38.0524 3352	StillCam - ok
16:27:38.0584 3352	stisvc          (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
16:27:38.0605 3352	stisvc - ok
16:27:38.0628 3352	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:27:38.0636 3352	swenum - ok
16:27:38.0674 3352	swmsflt         (57bbaef27dc790160245b43eb6dcd576) C:\Windows\System32\drivers\swmsflt.sys
16:27:38.0683 3352	swmsflt - ok
16:27:38.0741 3352	swprv           (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
16:27:38.0773 3352	swprv - ok
16:27:38.0803 3352	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:27:38.0812 3352	Symc8xx - ok
16:27:38.0841 3352	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:27:38.0850 3352	Sym_hi - ok
16:27:38.0875 3352	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:27:38.0884 3352	Sym_u3 - ok
16:27:38.0954 3352	SysMain         (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
16:27:38.0999 3352	SysMain - ok
16:27:39.0025 3352	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
16:27:39.0041 3352	TabletInputService - ok
16:27:39.0080 3352	TapiSrv         (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
16:27:39.0121 3352	TapiSrv - ok
16:27:39.0139 3352	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
16:27:39.0166 3352	TBS - ok
16:27:39.0289 3352	Tcpip           (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
16:27:39.0339 3352	Tcpip - ok
16:27:39.0350 3352	Tcpip6          (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
16:27:39.0393 3352	Tcpip6 - ok
16:27:39.0417 3352	tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
16:27:39.0458 3352	tcpipreg - ok
16:27:39.0479 3352	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:27:39.0526 3352	TDPIPE - ok
16:27:39.0548 3352	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:27:39.0573 3352	TDTCP - ok
16:27:39.0591 3352	tdx             (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
16:27:39.0634 3352	tdx - ok
16:27:39.0648 3352	TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
16:27:39.0657 3352	TermDD - ok
16:27:39.0729 3352	TermService     (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
16:27:39.0788 3352	TermService - ok
16:27:39.0876 3352	Themes          (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
16:27:39.0893 3352	Themes - ok
16:27:39.0914 3352	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
16:27:39.0940 3352	THREADORDER - ok
16:27:39.0953 3352	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
16:27:39.0979 3352	TrkWks - ok
16:27:40.0043 3352	TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
16:27:40.0084 3352	TrustedInstaller - ok
16:27:40.0108 3352	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:27:40.0155 3352	tssecsrv - ok
16:27:40.0175 3352	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:27:40.0187 3352	tunmp - ok
16:27:40.0217 3352	tunnel          (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
16:27:40.0230 3352	tunnel - ok
16:27:40.0265 3352	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
16:27:40.0276 3352	uagp35 - ok
16:27:40.0345 3352	udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
16:27:40.0376 3352	udfs - ok
16:27:40.0412 3352	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
16:27:40.0449 3352	UI0Detect - ok
16:27:40.0474 3352	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
16:27:40.0484 3352	uliagpkx - ok
16:27:40.0530 3352	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
16:27:40.0554 3352	uliahci - ok
16:27:40.0585 3352	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:27:40.0596 3352	UlSata - ok
16:27:40.0616 3352	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:27:40.0628 3352	ulsata2 - ok
16:27:40.0654 3352	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:27:40.0691 3352	umbus - ok
16:27:40.0699 3352	UMPass          (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
16:27:40.0732 3352	UMPass - ok
16:27:40.0771 3352	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
16:27:40.0813 3352	upnphost - ok
16:27:40.0857 3352	USBAAPL         (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
16:27:40.0884 3352	USBAAPL - ok
16:27:40.0927 3352	usbaudio        (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
16:27:40.0953 3352	usbaudio - ok
16:27:40.0999 3352	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:27:41.0038 3352	usbccgp - ok
16:27:41.0067 3352	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:27:41.0129 3352	usbcir - ok
16:27:41.0151 3352	usbehci         (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
16:27:41.0196 3352	usbehci - ok
16:27:41.0225 3352	usbhub          (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
16:27:41.0281 3352	usbhub - ok
16:27:41.0303 3352	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:27:41.0348 3352	usbohci - ok
16:27:41.0388 3352	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:27:41.0413 3352	usbprint - ok
16:27:41.0451 3352	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:27:41.0470 3352	usbscan - ok
16:27:41.0508 3352	USBSTOR         (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:27:41.0534 3352	USBSTOR - ok
16:27:41.0546 3352	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:27:41.0592 3352	usbuhci - ok
16:27:41.0643 3352	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
16:27:41.0743 3352	usbvideo - ok
16:27:41.0766 3352	UxSms           (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
16:27:41.0830 3352	UxSms - ok
16:27:41.0883 3352	vds             (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
16:27:41.0945 3352	vds - ok
16:27:42.0167 3352	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:27:42.0217 3352	vga - ok
16:27:42.0248 3352	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:27:42.0287 3352	VgaSave - ok
16:27:42.0315 3352	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
16:27:42.0328 3352	viaagp - ok
16:27:42.0378 3352	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
16:27:42.0403 3352	ViaC7 - ok
16:27:42.0423 3352	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
16:27:42.0432 3352	viaide - ok
16:27:42.0460 3352	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:27:42.0470 3352	volmgr - ok
16:27:42.0566 3352	volmgrx         (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
16:27:42.0596 3352	volmgrx - ok
16:27:42.0632 3352	volsnap         (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
16:27:42.0670 3352	volsnap - ok
16:27:42.0704 3352	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
16:27:42.0726 3352	vsmraid - ok
16:27:42.0938 3352	VSS             (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
16:27:43.0038 3352	VSS - ok
16:27:43.0107 3352	W32Time         (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
16:27:43.0159 3352	W32Time - ok
16:27:43.0257 3352	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:27:43.0301 3352	WacomPen - ok
16:27:43.0330 3352	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:27:43.0365 3352	Wanarp - ok
16:27:43.0380 3352	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:27:43.0400 3352	Wanarpv6 - ok
16:27:43.0590 3352	wcncsvc         (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
16:27:43.0634 3352	wcncsvc - ok
16:27:43.0685 3352	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
16:27:43.0719 3352	WcsPlugInService - ok
16:27:43.0815 3352	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:27:43.0824 3352	Wd - ok
16:27:44.0066 3352	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:27:44.0099 3352	Wdf01000 - ok
16:27:44.0120 3352	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
16:27:44.0162 3352	WdiServiceHost - ok
16:27:44.0165 3352	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
16:27:44.0192 3352	WdiSystemHost - ok
16:27:44.0225 3352	WebClient       (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
16:27:44.0255 3352	WebClient - ok
16:27:44.0317 3352	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
16:27:44.0350 3352	Wecsvc - ok
16:27:44.0373 3352	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
16:27:44.0412 3352	wercplsupport - ok
16:27:44.0466 3352	WerSvc          (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
16:27:44.0489 3352	WerSvc - ok
16:27:44.0572 3352	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
16:27:44.0597 3352	WinDefend - ok
16:27:44.0602 3352	WinHttpAutoProxySvc - ok
16:27:44.0685 3352	Winmgmt         (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
16:27:44.0724 3352	Winmgmt - ok
16:27:44.0901 3352	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
16:27:45.0008 3352	WinRM - ok
16:27:45.0133 3352	Wlansvc         (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
16:27:45.0181 3352	Wlansvc - ok
16:27:45.0230 3352	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:27:45.0249 3352	WmiAcpi - ok
16:27:45.0414 3352	wmiApSrv        (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
16:27:45.0458 3352	wmiApSrv - ok
16:27:45.0631 3352	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:27:45.0680 3352	WMPNetworkSvc - ok
16:27:45.0817 3352	WPCSvc          (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
16:27:45.0837 3352	WPCSvc - ok
16:27:45.0858 3352	WPDBusEnum      (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
16:27:45.0892 3352	WPDBusEnum - ok
16:27:45.0970 3352	WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
16:27:46.0008 3352	WpdUsb - ok
16:27:46.0338 3352	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:27:46.0385 3352	WPFFontCache_v0400 - ok
16:27:46.0411 3352	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:27:46.0473 3352	ws2ifsl - ok
16:27:46.0509 3352	wscsvc          (683dd16b590372f2c9661d277f35e49c) C:\Windows\System32\wscsvc.dll
16:27:46.0526 3352	wscsvc - ok
16:27:46.0539 3352	WSearch - ok
16:27:46.0548 3352	wtsmpadap - ok
16:27:46.0554 3352	WtSmpFlt - ok
16:27:46.0766 3352	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
16:27:46.0906 3352	wuauserv - ok
16:27:47.0038 3352	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:27:47.0076 3352	WUDFRd - ok
16:27:47.0105 3352	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
16:27:47.0144 3352	wudfsvc - ok
16:27:47.0169 3352	X10Hid          (ab2d77bf7222b007717abb61b15f9ae2) C:\Windows\system32\Drivers\x10hid.sys
16:27:47.0177 3352	X10Hid - ok
16:27:47.0264 3352	x10nets         (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
16:27:47.0279 3352	x10nets ( UnsignedFile.Multi.Generic ) - warning
16:27:47.0279 3352	x10nets - detected UnsignedFile.Multi.Generic (1)
16:27:47.0312 3352	XUIF            (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys
16:27:47.0319 3352	XUIF - ok
16:27:47.0333 3352	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:27:47.0484 3352	\Device\Harddisk0\DR0 - ok
16:27:47.0487 3352	Boot (0x1200)   (d388fb9ccf230ec959d1a647c421c6b8) \Device\Harddisk0\DR0\Partition0
16:27:47.0489 3352	\Device\Harddisk0\DR0\Partition0 - ok
16:27:47.0507 3352	Boot (0x1200)   (bd23f3459bb4a4a6ef4d891f1def3ff1) \Device\Harddisk0\DR0\Partition1
16:27:47.0508 3352	\Device\Harddisk0\DR0\Partition1 - ok
16:27:47.0508 3352	============================================================
16:27:47.0508 3352	Scan finished
16:27:47.0508 3352	============================================================
16:27:47.0520 0788	Detected object count: 7
16:27:47.0520 0788	Actual detected object count: 7
16:27:55.0293 0788	GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - skipped by user
16:27:55.0293 0788	GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:27:55.0295 0788	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:27:55.0295 0788	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:27:55.0297 0788	mosuport ( UnsignedFile.Multi.Generic ) - skipped by user
16:27:55.0297 0788	mosuport ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:27:55.0299 0788	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:27:55.0299 0788	PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:27:55.0300 0788	RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
16:27:55.0301 0788	RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:27:55.0302 0788	srvcPVR ( UnsignedFile.Multi.Generic ) - skipped by user
16:27:55.0302 0788	srvcPVR ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:27:55.0304 0788	x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
16:27:55.0304 0788	x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 08.05.2012, 17:42   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Verschlüsselungs Trojaner -.- - Standard

Windows Verschlüsselungs Trojaner -.-



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.05.2012, 20:55   #24
Sayri
 
Windows Verschlüsselungs Trojaner -.- - Standard

Windows Verschlüsselungs Trojaner -.-



Soo und hier die CF.txt

Code:
ATTFilter
ComboFix 12-05-08.02 - dagmar 08.05.2012  21:42:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3066.2006 [GMT 2:00]
ausgeführt von:: c:\users\dagmar\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\abmeldung.doc.rkhv
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\ALDI Blumen Service.url.fbja
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\ALDI Fotoservice.url.vrih
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\anmeldung.doc.qaxl
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\antrag 05.doc.fvgu
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\antrag 05.doc.joqj
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\antrag 05.xml
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\Antrag neubau.rtf.yycy
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\briefbogenbw.doc.nhib
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\BullGuard Internet Security.url.lpal
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\Currenta Bewerbungsbogen.pdf.jnwp
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\Einladung_Medenspiel_Sommer.doc.nbgu
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\göckemeyer.doc.yycy
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\GiroBetriebs10-11.xls.qnwm
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\GiroVerein 12.xls.pkmw
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\HOTHotel Maritim Bonn.URL.vcyf
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\MEDION Games.url.vqms
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\MEDION Homepage.url.ynja
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\Namentliche_Meldung_Kreismeisterschaften_2012BlauWeiß Leichlingen.doc.nqon
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\Sommerplan 2011.xlsx.hinp
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\Trainigskosten SS 2011.xlsx.dtfn
c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\www.bahn.de - Ihr Mobilitätsportal für Reisen, Bahn, Urlaub, Hotels, Städtereisen und Mietwagen.URL.gtln
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-08 bis 2012-05-08  ))))))))))))))))))))))))))))))
.
.
2012-05-08 19:49 . 2012-05-08 19:49	--------	d-----w-	c:\users\dagmar\AppData\Local\temp
2012-05-08 19:49 . 2012-05-08 19:49	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-05-08 10:25 . 2012-05-08 10:25	--------	d-----w-	C:\_OTL
2012-05-08 10:08 . 2012-04-13 07:36	6734704	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{9F285FC0-BD01-4B42-8492-E12866761F47}\mpengine.dll	ERROR(0x00000005)
2012-05-06 20:16 . 2012-05-08 14:56	1152760	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll	ERROR(0x00000005)
2012-05-03 00:00 . 2012-05-03 00:00	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-05-02 19:43 . 2012-05-02 19:43	--------	d-----w-	c:\users\dagmar\AppData\Roaming\Malwarebytes
2012-05-02 19:39 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-30 17:09 . 2012-04-30 17:09	--------	d-----w-	c:\program files\iPod
2012-04-30 14:41 . 2012-04-30 14:41	--------	d-----w-	c:\program files\ABUS Security-Center
2012-04-25 08:49 . 2012-04-25 08:49	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2012-04-25 08:48 . 2012-04-25 08:48	157352	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 08:48 . 2012-04-25 08:48	129976	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 07:36 . 2008-08-28 02:31	6734704	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll	ERROR(0x00000005)
2012-02-23 08:18 . 2009-10-03 10:08	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-15 10:01 . 2012-02-15 10:01	4547944	----a-w-	c:\windows\system32\usbaaplrc.dll
2012-02-15 10:01 . 2012-02-15 10:01	43520	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2012-04-25 08:48 . 2011-05-26 15:41	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-08-04 14:45	40496	----a-w-	c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-08 13548064]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-24 6265376]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2008-08-04 326192]
"VitaKeyPdtWzd"="c:\program files\EgisTec\VITAKEY\PdtWzd.exe" [2008-08-29 2303272]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	c:\program files\EgisTec\VITAKEY\PwdFilter
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner Finder.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk
backup=c:\windows\pss\Scanner Finder.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^dagmar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 20:28	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-09-02 12:24	220160	----a-w-	c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36	30040	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 20:17	52256	----a-w-	c:\program files\HomeCinema\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]
2012-02-23 11:30	59240	----a-w-	c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 12:28	421888	----a-w-	d:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-02-09 18:51	71216	----a-w-	c:\program files\HomeCinema\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-25 11:38	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
2007-02-09 20:54	16896	----a-w-	c:\program files\GoogleEULA\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2uvc]
2008-08-28 13:03	233472	----a-w-	c:\windows\tsnp2uvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2008-06-13 16:11	210216	------w-	c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25	202240	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"ehTray.exe"=c:\windows\ehome\ehTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-08 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2011-06-16 04:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://isearch.avg.com/?cid={7F78FFAE-8F3D-4E7C-BD38-57542C0788A8}&mid=0ad1e0af5fe847d1a9b264b9e522cff8-244949e3879da9d0fd68234c09e98073b34560dc&lang=de&ds=tt015&pr=sa&d=2012-03-09 12:20&v=8.0.0.34&sap=hp
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\r3o3ieey.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
MSConfigStartUp-BullGuard - c:\program files\BullGuard Ltd\BullGuard\bullguard.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-08 21:49
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(680)
c:\program files\EgisTec\VITAKEY\PwdFilter.dll
.
Zeit der Fertigstellung: 2012-05-08  21:53:09
ComboFix-quarantined-files.txt  2012-05-08 19:52
.
Vor Suchlauf: 10 Verzeichnis(se), 149.309.288.448 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 149.279.653.888 Bytes frei
.
- - End Of File - - 510ADED92F5B59506D0E8CA93F8CFDBF
         

Alt 11.05.2012, 09:55   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Verschlüsselungs Trojaner -.- - Standard

Windows Verschlüsselungs Trojaner -.-



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Windows Verschlüsselungs Trojaner -.-
anhang, arten, avg secure search, avg security toolbar, beim starten, bezahlen, bingbar, brauch, conduit, direkt, dubiose, durchlauf, e-mail, erhalte, erhalten, geld, geschieht, hoffe, lange, laptop, laufen, locker, mywinlocker, natürlich, plug-in, remote user, schonmal, secure search, sierra, softonic, softonic deutsch toolbar, starte, starten, super, troja, trojaner, verschlüsselungs, version=1.0, vtoolbarupdater, windows




Ähnliche Themen: Windows Verschlüsselungs Trojaner -.-


  1. Verschlüsselungs Trojaner Windows XP
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (1)
  2. Windows-Verschlüsselungs-Trojaner unter Windows 7 auf einem MAC
    Log-Analyse und Auswertung - 14.06.2012 (3)
  3. Windows Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (1)
  4. (2x) Windows Verschlüsselungs Trojaner
    Mülltonne - 08.06.2012 (1)
  5. Willkomen bei Windows Update, Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 06.06.2012 (1)
  6. Windows Verschlüsselungs Trojaner
    Log-Analyse und Auswertung - 06.06.2012 (3)
  7. Windows Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 06.06.2012 (45)
  8. Windows Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (3)
  9. Windows Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.05.2012 (1)
  10. Windows Verschlüsselungs Trojaner
    Log-Analyse und Auswertung - 07.05.2012 (1)
  11. Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (19)
  12. Infiziert mit Windows-Verschlüsselungs Trojaner -Mail mit Telefonrechnung - windows vista
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (12)
  13. Windows verschlüsselungs trojaner
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (11)
  14. Windows Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 04.05.2012 (1)
  15. Windows-Verschlüsselungs Trojaner
    Log-Analyse und Auswertung - 28.04.2012 (3)
  16. "Willkommen bei Windows Update Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 27.04.2012 (3)
  17. Windows Verschlüsselungs Trojaner
    Log-Analyse und Auswertung - 27.04.2012 (3)

Zum Thema Windows Verschlüsselungs Trojaner -.- - Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code: - Windows Verschlüsselungs Trojaner -.-...
Archiv
Du betrachtest: Windows Verschlüsselungs Trojaner -.- auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.