Claro Search Virus

zatjana · 03.11.2012, 17:46

Hallo,
gestern hat sich die Claro Search-Suchmaschine in meinem Internet Explorer und auch in Firefox installiert. Ich habe Claro Search dann sowohl in der Systemsteuerung als auch in den Add-ons des Explorers entfernt, leider ohne Erfolg. In anderen Beiträgen dieses Forums habe ich gelesen, dass es sich dabei um einen Virus handelt. Ich wäre sehr froh, wenn mir jemand hier helfen könnte! Vielen Dank schonmal dafür... Liebe Grüße!

Hier mein OTL.txt:

OTL logfile created on: 03.11.2012 11:51:39 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tatjana\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 44,70% Memory free
6,18 Gb Paging File | 4,48 Gb Available in Paging File | 72,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,32 Gb Total Space | 133,68 Gb Free Space | 48,03% Space Free | Partition Type: NTFS
Drive D: | 19,76 Gb Total Space | 7,21 Gb Free Space | 36,49% Space Free | Partition Type: FAT32
Drive E: | 7,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: TATJANA-PC | User Name: Tatjana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.11.03 11:46:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tatjana\Desktop\OTL.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.10.16 08:48:00 | 002,360,864 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
PRC - [2012.10.05 20:15:32 | 001,459,848 | ---- | M] (1und1 Mail und Media GmbH) -- C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
PRC - [2012.09.12 12:17:12 | 000,445,624 | ---- | M] (Sony) -- C:\Programme\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2012.08.09 06:04:08 | 000,468,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avscan.exe
PRC - [2012.08.09 06:04:08 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 07:56:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 07:56:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 07:56:38 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2011.09.02 01:15:40 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2011.08.04 16:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011.03.14 18:09:00 | 002,565,520 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2011.01.15 15:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Programme\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.08.12 12:40:58 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.06.16 07:09:46 | 001,336,680 | ---- | M] () -- C:\Programme\uniFLOW_Client\momclnt.exe
PRC - [2010.02.11 12:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010.01.12 19:51:14 | 000,008,192 | ---- | M] () -- C:\Programme\DVRMSToolbox\DTBFWService.exe
PRC - [2009.11.17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.01.26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009.01.09 20:14:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2009.01.09 20:14:42 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2008.08.29 19:11:40 | 002,303,272 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\VITAKEY\PdtWzd.exe
PRC - [2008.08.29 19:11:38 | 002,436,392 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\VITAKEY\CompPtcVUI.exe
PRC - [2008.08.29 19:11:38 | 002,180,392 | ---- | M] () -- C:\Programme\EgisTec\VITAKEY\BASVC.exe
PRC - [2008.08.28 14:03:22 | 000,233,472 | ---- | M] () -- C:\Windows\tsnp2uvc.exe
PRC - [2008.08.04 15:45:56 | 000,304,688 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2008.08.04 15:45:54 | 000,334,384 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\mwlNotifyIcon.exe
PRC - [2008.08.04 15:45:52 | 000,326,192 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2008.07.24 17:16:02 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.28 17:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 03:24:43 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007.04.25 13:18:48 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxbvcoms.exe
PRC - [2007.02.09 19:51:34 | 000,071,216 | ---- | M] (Cyberlink Corp.) -- C:\Programme\HomeCinema\PowerDVD\PDVDServ.exe
PRC - [2007.02.04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
PRC - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe

========== Modules (No Company Name) ==========

MOD - [2012.10.16 08:48:00 | 002,360,864 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
MOD - [2012.10.16 08:47:12 | 002,075,680 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll
MOD - [2012.05.24 11:50:32 | 000,203,776 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\MExplorer.dll
MOD - [2012.04.30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2012.04.30 11:57:42 | 000,039,936 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2012.04.04 13:33:24 | 000,139,776 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\CAgdLNotes.dll
MOD - [2012.03.16 11:51:02 | 000,188,416 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\CAgdOutlook.dll
MOD - [2012.02.13 08:53:50 | 000,086,016 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\CalEngine.dll
MOD - [2011.11.01 18:32:48 | 000,573,100 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\sqlite3.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.07.07 13:54:36 | 000,233,984 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\Report.dll
MOD - [2011.01.05 14:01:12 | 000,053,248 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\PimNotes.dll
MOD - [2010.09.14 14:01:00 | 000,212,992 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\VistaCalendar.dll
MOD - [2010.08.04 19:21:11 | 000,034,816 | ---- | M] () -- C:\Programme\Google\Google Desktop Search\gzlib.dll
MOD - [2010.06.16 07:09:46 | 001,336,680 | ---- | M] () -- C:\Programme\uniFLOW_Client\momclnt.exe
MOD - [2010.01.11 16:44:54 | 000,053,248 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\VObject.dll
MOD - [2008.08.28 14:03:22 | 000,233,472 | ---- | M] () -- C:\Windows\tsnp2uvc.exe
MOD - [2008.07.29 13:55:14 | 000,969,728 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.10.16 08:48:00 | 002,360,864 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe -- (Browser Manager)
SRV - [2012.09.29 15:24:33 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 07:56:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 07:56:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.02.11 12:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.01.12 19:51:14 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Programme\DVRMSToolbox\DTBFWService.exe -- (DTBService)
SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.11.17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.08.29 19:11:38 | 002,180,392 | ---- | M] () [Auto | Running] -- C:\Programme\EgisTec\VITAKEY\BASVC.exe -- (IGBASVC)
SRV - [2008.08.04 15:45:56 | 000,304,688 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2008.02.28 17:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007.04.25 13:18:48 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbvcoms.exe -- (lxbv_device)
SRV - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.05.08 07:56:38 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 07:56:38 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.16 15:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2009.11.17 12:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009.10.08 15:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic)
DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus)
DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5)
DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.08.28 13:27:57 | 000,066,856 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\FPWinIo.sys -- (FPWinIo)
DRV - [2008.08.28 13:27:45 | 000,026,920 | ---- | M] (LTT) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\FPSensor.sys -- (FPSensor)
DRV - [2008.08.08 03:15:00 | 007,555,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.08.06 15:26:08 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.08.05 23:59:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.08.04 15:46:06 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008.08.04 15:46:04 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008.08.04 15:46:04 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008.07.10 10:12:56 | 001,753,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2008.04.28 05:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2007.07.31 10:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2007.06.19 08:51:20 | 000,107,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816mdm.sys -- (s816mdm)
DRV - [2007.06.19 08:51:18 | 000,099,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816mgmt.sys -- (s816mgmt)
DRV - [2007.06.19 08:51:18 | 000,097,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816unic.sys -- (s816unic)
DRV - [2007.06.19 08:51:18 | 000,097,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816obex.sys -- (s816obex)
DRV - [2007.06.19 08:51:18 | 000,021,928 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816nd5.sys -- (s816nd5)
DRV - [2007.06.19 08:51:18 | 000,013,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816mdfl.sys -- (s816mdfl)
DRV - [2007.06.19 08:51:16 | 000,081,832 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816bus.sys -- (s816bus)
DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.30 14:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 09:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul =
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=114508&tt=4412_4&babsrc=HP_clro&mntrId=b2971a310000000000000015affcb035
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Tatjana\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul =
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_deDE508
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=sBw1by4Ny01L7OhL4ygWnrRhogQ?q={searchTerms}
IE - HKCU\..\SearchScopes\{EEED1E69-B1A4-4E1A-9620-0CE6DF8B9DC5}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Claro Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.claro-search.com/?affID=114508&tt=4412_4&babsrc=HP_clro&mntrId=b2971a310000000000000015affcb035"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.7
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: {ec9032c7-c20a-464f-7b0e-13a3a9e97385}:1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Tatjana\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.08 13:33:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.02 17:50:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.12 12:41:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.27 09:59:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2012.11.02 13:24:02 | 000,000,000 | ---D | M]

[2010.10.03 18:31:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tatjana\AppData\Roaming\mozilla\Extensions
[2010.10.03 18:31:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tatjana\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.11.03 11:34:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tatjana\AppData\Roaming\mozilla\Firefox\Profiles\x6fg3595.default\extensions
[2009.08.07 23:44:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tatjana\AppData\Roaming\mozilla\Firefox\Profiles\x6fg3595.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.31 10:31:29 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Tatjana\AppData\Roaming\mozilla\Firefox\Profiles\x6fg3595.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.12.19 18:40:49 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Tatjana\AppData\Roaming\mozilla\Firefox\Profiles\x6fg3595.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.21 08:21:40 | 000,000,000 | ---D | M] (.) -- C:\Users\Tatjana\AppData\Roaming\mozilla\Firefox\Profiles\x6fg3595.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}
[2012.11.02 13:24:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tatjana\AppData\Roaming\mozilla\Firefox\Profiles\x6fg3595.default\extensions\ffxtlbr@babylon.com
[2012.11.02 18:59:35 | 000,000,950 | ---- | M] () -- C:\Users\Tatjana\AppData\Roaming\mozilla\firefox\profiles\x6fg3595.default\searchplugins\icqplugin-1.xml
[2009.12.02 13:28:00 | 000,000,950 | ---- | M] () -- C:\Users\Tatjana\AppData\Roaming\mozilla\firefox\profiles\x6fg3595.default\searchplugins\icqplugin-2.xml
[2010.03.28 10:18:46 | 000,000,950 | ---- | M] () -- C:\Users\Tatjana\AppData\Roaming\mozilla\firefox\profiles\x6fg3595.default\searchplugins\icqplugin-3.xml
[2010.08.13 14:42:25 | 000,000,950 | ---- | M] () -- C:\Users\Tatjana\AppData\Roaming\mozilla\firefox\profiles\x6fg3595.default\searchplugins\icqplugin-4.xml
[2010.06.21 16:35:24 | 000,001,042 | ---- | M] () -- C:\Users\Tatjana\AppData\Roaming\mozilla\firefox\profiles\x6fg3595.default\searchplugins\icqplugin.xml
[2011.12.04 18:57:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.03.18 09:29:28 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.11.08 12:24:54 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.03.08 13:33:15 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video&gt

-- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2008.06.19 19:46:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\mozilla firefox\plugins\MyCamera.dll
[2008.06.19 19:46:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Program Files\mozilla firefox\plugins\NPCIG.dll
[2010.08.12 12:41:05 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.02 13:24:45 | 000,006,522 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010.08.12 12:41:05 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.08.12 12:41:05 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.08.12 12:41:05 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.08.12 12:41:05 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage: hxxp://www.claro-search.com/?affID=114508&tt=4412_4&babsrc=HP_clro&mntrId=b2971a310000000000000015affcb035
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://www.claro-search.com/?affID=114508&tt=4412_4&babsrc=HP_clro&mntrId=b2971a310000000000000015affcb035
CHR - Extension: No name found = C:\Users\Tatjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\Tatjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Users\Tatjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474\
CHR - Extension: No name found = C:\Users\Tatjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: No name found = C:\Users\Tatjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: No name found = C:\Users\Tatjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" File not found
O4 - HKLM..\Run: [MailCheck IE Broker] C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [MOMCLIENT] C:\Programme\uniFLOW_Client\momclnt.exe ()
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray File not found
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Programme\EgisTec\VITAKEY\PdtWzd.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Upgrade] C:\Users\Tatjana\AppData\Roaming\Opera\{169B4B43-6CC9-4234-AFD9-E5E661A1E1DB}\Upgrade.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [RunCanonMsetUp] C:\Program Files\Canon\IJ_MSetup4\MCDCHK2.EXE File not found
O4 - Startup: C:\Users\Tatjana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Tatjana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tatjana\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\EgisTec\VITAKEY\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\EgisTec\VITAKEY\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{228BBEBE-E967-411B-B950-8E7B8C6843A4}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (Scanning HKEY_LOCAL_MACHINE AppInitDlls settings...) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Tatjana\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tatjana\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2000.03.01 21:46:39 | 000,171,520 | R--- | M] (InterActual Technologies, Inc.) - E:\autoplay.exe -- [ UDF ]
O32 - AutoRun File - [2000.03.01 21:46:39 | 000,000,085 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{32c8220d-0217-11e2-b87b-0015affcb035}\Shell - "" = AutoRun
O33 - MountPoints2\{32c8220d-0217-11e2-b87b-0015affcb035}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{5290bd61-a64e-11dd-bc69-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5290bd61-a64e-11dd-bc69-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTOPLAY.EXE id=10000015000011000006 ver=1.0.0.0
O33 - MountPoints2\{bb294c7d-db82-11e0-b05a-0015affcb035}\Shell - "" = AutoRun
O33 - MountPoints2\{bb294c7d-db82-11e0-b05a-0015affcb035}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\ClickMe.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.11.03 11:46:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tatjana\Desktop\OTL.exe
[2012.11.02 18:30:26 | 000,000,000 | ---D | C] -- C:\Users\Tatjana\AppData\Roaming\Malwarebytes
[2012.11.02 18:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.02 18:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.02 18:22:51 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.02 18:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.02 17:57:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.02 17:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.11.02 17:50:52 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.11.02 17:50:51 | 000,361,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.11.02 17:50:40 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.11.02 17:50:39 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.11.02 17:50:35 | 000,738,504 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.11.02 17:50:30 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.11.02 17:49:48 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.11.02 17:49:46 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.11.02 17:49:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.11.02 17:49:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.11.02 17:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.11.02 17:33:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012.11.02 16:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.11.02 16:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.11.02 13:33:54 | 000,000,000 | ---D | C] -- C:\Users\Tatjana\AppData\Roaming\Iggels
[2012.11.02 13:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.11.02 13:24:18 | 000,000,000 | ---D | C] -- C:\Users\Tatjana\AppData\Roaming\Babylon
[2012.11.02 13:24:09 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
[2012.11.02 13:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012.10.18 10:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\DesktopIcons
[2012.10.18 10:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck
[2012.10.18 10:26:24 | 000,000,000 | ---D | C] -- C:\ProgramData\1&1 Mail & Media GmbH
[2012.10.18 10:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE MailCheck
[2012.10.18 10:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb
[2 C:\Users\Tatjana\Documents\*.tmp files -> C:\Users\Tatjana\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.11.03 12:05:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2012.11.03 12:00:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.03 11:46:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tatjana\Desktop\OTL.exe
[2012.11.03 11:45:18 | 000,000,000 | ---- | M] () -- C:\Users\Tatjana\defogger_reenable
[2012.11.03 11:44:48 | 000,050,477 | ---- | M] () -- C:\Users\Tatjana\Desktop\Defogger.exe
[2012.11.03 11:26:29 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.03 11:22:11 | 000,628,914 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.03 11:22:11 | 000,596,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.03 11:22:11 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.03 11:22:11 | 000,104,242 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.03 11:18:28 | 000,085,095 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.11.03 11:15:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.03 11:15:18 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.03 11:13:22 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.03 11:13:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.03 11:12:55 | 3215,855,616 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.03 11:12:53 | 426,122,341 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.11.02 18:22:55 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.02 17:50:54 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.11.02 17:50:30 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.11.02 16:55:12 | 000,001,195 | ---- | M] () -- C:\Users\Tatjana\Desktop\Free YouTube to MP3 Converter.lnk
[2012.11.02 13:53:04 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.10.30 20:10:40 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012.10.26 10:10:32 | 000,002,545 | ---- | M] () -- C:\Users\Tatjana\Desktop\VPN Client.lnk
[2012.10.26 09:46:33 | 000,002,617 | ---- | M] () -- C:\Users\Tatjana\Desktop\Microsoft Word 2010.lnk
[2012.10.18 10:26:25 | 000,002,031 | ---- | M] () -- C:\Users\Tatjana\Desktop\Amazon.lnk
[2012.10.18 10:26:25 | 000,002,029 | ---- | M] () -- C:\Users\Tatjana\Desktop\WEB.DE.lnk
[2012.10.18 10:26:25 | 000,002,023 | ---- | M] () -- C:\Users\Tatjana\Desktop\eBay.lnk
[2012.10.16 15:25:35 | 000,000,680 | ---- | M] () -- C:\Users\Tatjana\AppData\Local\d3d9caps.dat
[2012.10.16 08:41:35 | 000,000,145 | -H-- | M] () -- C:\Windows\Spiel des Lebens Statistik
[2012.10.16 08:41:35 | 000,000,013 | ---- | M] () -- C:\Windows\Spiel des Lebens Prefs
[2012.10.16 08:40:33 | 000,069,632 | ---- | M] () -- C:\Windows\System32\realbap1.dll
[2 C:\Users\Tatjana\Documents\*.tmp files -> C:\Users\Tatjana\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.11.03 11:45:18 | 000,000,000 | ---- | C] () -- C:\Users\Tatjana\defogger_reenable
[2012.11.03 11:41:04 | 000,050,477 | ---- | C] () -- C:\Users\Tatjana\Desktop\Defogger.exe
[2012.11.02 18:22:55 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.02 17:50:54 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.11.02 16:55:12 | 000,001,195 | ---- | C] () -- C:\Users\Tatjana\Desktop\Free YouTube to MP3 Converter.lnk
[2012.10.18 10:26:25 | 000,002,031 | ---- | C] () -- C:\Users\Tatjana\Desktop\Amazon.lnk
[2012.10.18 10:26:25 | 000,002,029 | ---- | C] () -- C:\Users\Tatjana\Desktop\WEB.DE.lnk
[2012.10.18 10:26:25 | 000,002,023 | ---- | C] () -- C:\Users\Tatjana\Desktop\eBay.lnk
[2012.10.16 08:38:15 | 000,000,145 | -H-- | C] () -- C:\Windows\Spiel des Lebens Statistik
[2012.10.16 08:38:15 | 000,000,013 | ---- | C] () -- C:\Windows\Spiel des Lebens Prefs
[2012.10.16 08:37:32 | 000,069,632 | ---- | C] () -- C:\Windows\System32\realbap1.dll
[2011.12.05 19:23:37 | 000,000,898 | ---- | C] () -- C:\Users\Tatjana\.recently-used.xbel
[2011.09.28 14:11:51 | 000,000,016 | -H-- | C] () -- C:\Users\Tatjana\SyncToy_f13327f0-749a-4f0c-b406-b7f28b3762e4.dat
[2011.07.03 10:03:50 | 000,000,000 | ---- | C] () -- C:\Users\Tatjana\AppData\Local\{D0721B12-13E7-424C-B8C4-48BFD37F355C}
[2009.12.13 12:45:44 | 000,000,680 | ---- | C] () -- C:\Users\Tatjana\AppData\Local\d3d9caps.dat
[2009.07.25 13:18:09 | 000,000,071 | ---- | C] () -- C:\Users\Tatjana\AppData\Roaming\default.pls
[2008.11.18 21:34:44 | 000,888,617 | ---- | C] () -- C:\Users\Tatjana\AppData\Roaming\mdbu.bin
[2008.10.30 12:12:05 | 000,092,672 | ---- | C] () -- C:\Users\Tatjana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.30 09:49:04 | 000,000,830 | ---- | C] () -- C:\Users\Tatjana\AppData\Roaming\wklnhst.dat
[2008.08.28 05:28:06 | 000,085,095 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.08.28 05:22:57 | 000,085,095 | ---- | C] () -- C:\ProgramData\nvModes.dat

========== ZeroAccess Check ==========

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.10.18 10:26:25 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\1&1 Mail & Media GmbH
[2012.05.26 12:55:11 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Aggeo
[2012.05.26 12:55:11 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Agsou
[2011.10.10 14:51:22 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Aipersun333
[2011.05.26 12:08:25 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Amazon
[2010.04.24 16:43:49 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Audacity
[2012.11.02 13:24:18 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Babylon
[2012.09.15 13:27:13 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Canon
[2012.05.21 08:22:10 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Ciet
[2012.05.14 08:17:55 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Doek
[2012.05.13 21:47:38 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Dropbox
[2012.05.21 08:22:10 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Dudyv
[2012.05.13 20:27:10 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Duusu
[2012.11.02 16:55:20 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\DVDVideoSoft
[2011.12.19 18:40:47 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.21 08:24:03 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Folocy
[2009.11.07 15:42:22 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\gtk-2.0
[2012.05.13 21:47:46 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\ICQ
[2012.11.02 13:33:54 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Iggels
[2012.05.14 08:18:29 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Ilyg
[2012.05.14 08:18:29 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Ivki
[2010.09.13 16:01:17 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\JAlbum
[2012.05.15 08:31:23 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Kaetm
[2010.12.27 10:15:21 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Leadertech
[2012.05.15 08:31:23 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Moipuc
[2012.05.15 08:30:52 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Muehar
[2009.02.07 07:38:45 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\OpenOffice.org
[2012.05.14 12:53:42 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Opera
[2012.05.14 08:17:55 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Orac
[2012.05.21 12:38:38 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Qagusi
[2009.01.05 19:22:16 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\ScanSoft
[2012.09.29 15:43:06 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Sony
[2012.05.14 12:51:56 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\TeamViewer
[2009.02.03 18:17:02 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Template
[2010.10.03 18:31:25 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\TomTom
[2012.05.13 20:32:57 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Udzo
[2012.05.21 08:21:39 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Upatte
[2012.05.15 08:30:51 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Uqeza
[2012.05.21 12:38:40 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Vuqe
[2012.05.13 21:46:06 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Windows Desktop Search
[2010.06.18 15:44:37 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Windows Live Writer
[2012.05.21 08:21:39 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Ylmasu
[2012.05.26 13:02:53 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Ypady
[2012.05.26 13:02:53 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Ypma

========== Purity Check ==========

< End of report >

cosinus · 03.11.2012, 18:48

Zitat:

PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.08.09 06:04:08 | 000,468,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avscan.exe

Warum Avira und Avast gleichzeitig? Sowas macht man nicht die kommen sich irgendwann in die Quere!

Bitte beachten => http://www.trojaner-board.de/125889-...tml#post941520

Die Logs bitte NICHT anhängen!!

Sie müssen nur dann in den Anhang (als eine ZIP-Datei mit allen Logdateien), wenn sie zu groß sind um direkt gepostet zu werden!

Ansonsten bitte alles nach Möglichkeit hier in CODE-Tags posten. Das ist einfacher, übersichtlicher und man spart sich ne Menge Rumklickerei!

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

zatjana · 03.11.2012, 23:18

Okay, alles klar!

Code:

ATTFilter

 Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.02.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Tatjana :: TATJANA-PC [Administrator]

03.11.2012 18:23:41
mbam-log-2012-11-03 (21-32-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 435279
Laufzeit: 2 Stunde(n), 56 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt.

Infizierte Dateien: 1
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Keine Aktion durchgeführt.

(Ende)

Avira:

Code:

ATTFilter

 Exportierte Ereignisse:

31.10.2012 16:25 [System Scanner] Malware gefunden
      Die Datei 'C:\Users\Tatjana\AppData\Local\Microsoft\Windows\Temporary Internet 
      Files\Low\Content.IE5\LX2MYREW\e77f5[1].pdf'
      enthielt einen Virus oder unerwünschtes Programm 'EXP/Pidief.dld' [exploit].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56abed7f.qua' 
      verschoben!

31.10.2012 16:23 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\Tatjana\AppData\Local\Microsoft\Windows\Temporary 
      Internet Files\Low\Content.IE5\LX2MYREW\e77f5[1].pdf'
      wurde ein Virus oder unerwünschtes Programm 'EXP/Pidief.dld' [exploit] gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

31.10.2012 16:23 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\Tatjana\AppData\Local\Microsoft\Windows\Temporary 
      Internet Files\Low\Content.IE5\LX2MYREW\e77f5[1].pdf'
      wurde ein Virus oder unerwünschtes Programm 'EXP/Pidief.dld' [exploit] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

31.10.2012 16:23 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\Tatjana\AppData\Local\Microsoft\Windows\Temporary 
      Internet Files\Low\Content.IE5\LX2MYREW\e77f5[1].pdf'
      wurde ein Virus oder unerwünschtes Programm 'EXP/Pidief.dld' [exploit] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

13.10.2012 12:51 [System Scanner] Malware gefunden
      Die Datei 
      'C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\7eb6be90-270
      d09cb'
      enthielt einen Virus oder unerwünschtes Programm 'JAVA/Inject.AU' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5505c508.qua' 
      verschoben!

cosinus · 04.11.2012, 02:07

Hast du schon einen der Virenscanner (Avast oder AntiVir) deinstalliert?

zatjana · 04.11.2012, 10:56

Ja, habe avast deinstalliert! Liebe Grüße, zatjana

cosinus · 04.11.2012, 17:04

Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus.

aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

zatjana · 05.11.2012, 15:57

Hallo cosinus,

der gmer.txt ist zu lang und befindet sich gezippt im Anhang!

aswMBR: nach Absturz des Programmes habe ich, wie beschrieben, den AV scan (none) ausgewählt!

Code:

ATTFilter

 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-05 11:38:48
-----------------------------
11:38:48.574    OS Version: Windows 6.0.6002 Service Pack 2
11:38:48.574    Number of processors: 2 586 0x1706
11:38:48.575    ComputerName: TATJANA-PC  UserName: Tatjana
11:38:50.693    Initialize success
11:38:59.362    AVAST engine defs: 12110500
11:39:06.348    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:39:06.350    Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 3
11:39:06.364    Disk 0 MBR read successfully
11:39:06.366    Disk 0 MBR scan
11:39:06.511    Disk 0 Windows VISTA default MBR code
11:39:06.524    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       285001 MB offset 2048
11:39:06.557    Disk 0 Partition 2 00     0C    FAT32 LBA MSWIN4.1    20242 MB offset 583684096
11:39:06.565    Disk 0 scanning sectors +625139712
11:39:06.700    Disk 0 scanning C:\Windows\system32\drivers
11:39:28.058    Service scanning
11:40:03.042    Modules scanning
11:40:20.048    Disk 0 trace - called modules:
11:40:20.077    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS 
11:40:20.412    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d85780]
11:40:20.417    3 CLASSPNP.SYS[8abba8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84d408a0]
11:40:20.423    Scan finished successfully
11:42:11.951    Disk 0 MBR has been saved successfully to "C:\Users\Tatjana\Desktop\MBR.dat"
11:42:11.991    The log file has been saved successfully to "C:\Users\Tatjana\Desktop\aswMBR.txt"

Liebe Grüße, zatjana

cosinus · 06.11.2012, 10:21

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

zatjana · 06.11.2012, 17:52

Code:

ATTFilter

 
17:49:03.0344 4164  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:49:03.0438 4164  ============================================================
17:49:03.0438 4164  Current date / time: 2012/11/06 17:49:03.0438
17:49:03.0438 4164  SystemInfo:
17:49:03.0438 4164  
17:49:03.0438 4164  OS Version: 6.0.6002 ServicePack: 2.0
17:49:03.0438 4164  Product type: Workstation
17:49:03.0438 4164  ComputerName: TATJANA-PC
17:49:03.0439 4164  UserName: Tatjana
17:49:03.0439 4164  Windows directory: C:\Windows
17:49:03.0439 4164  System windows directory: C:\Windows
17:49:03.0439 4164  Processor architecture: Intel x86
17:49:03.0439 4164  Number of processors: 2
17:49:03.0439 4164  Page size: 0x1000
17:49:03.0439 4164  Boot type: Normal boot
17:49:03.0439 4164  ============================================================
17:49:04.0702 4164  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:49:04.0714 4164  ============================================================
17:49:04.0714 4164  \Device\Harddisk0\DR0:
17:49:04.0714 4164  MBR partitions:
17:49:04.0714 4164  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x22CA4800
17:49:04.0714 4164  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x22CA5000, BlocksNum 0x2789000
17:49:04.0714 4164  ============================================================
17:49:04.0746 4164  C: <-> \Device\Harddisk0\DR0\Partition1
17:49:04.0773 4164  D: <-> \Device\Harddisk0\DR0\Partition2
17:49:04.0774 4164  ============================================================
17:49:04.0774 4164  Initialize success
17:49:04.0774 4164  ============================================================
17:49:13.0956 6032  ============================================================
17:49:13.0956 6032  Scan started
17:49:13.0956 6032  Mode: Manual; SigCheck; TDLFS; 
17:49:13.0956 6032  ============================================================
17:49:16.0209 6032  ================ Scan system memory ========================
17:49:16.0209 6032  System memory - ok
17:49:16.0210 6032  ================ Scan services =============================
17:49:16.0444 6032  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
17:49:16.0579 6032  ACPI - ok
17:49:17.0268 6032  [ F3CD7B20B27D1772C946DF993FF3635C ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:49:17.0286 6032  AdobeFlashPlayerUpdateSvc - ok
17:49:17.0365 6032  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:49:17.0396 6032  adp94xx - ok
17:49:17.0445 6032  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:49:17.0471 6032  adpahci - ok
17:49:17.0520 6032  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
17:49:17.0539 6032  adpu160m - ok
17:49:17.0547 6032  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:49:17.0567 6032  adpu320 - ok
17:49:17.0612 6032  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:49:17.0739 6032  AeLookupSvc - ok
17:49:17.0793 6032  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
17:49:17.0860 6032  AFD - ok
17:49:17.0895 6032  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:49:17.0913 6032  agp440 - ok
17:49:17.0932 6032  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
17:49:17.0951 6032  aic78xx - ok
17:49:17.0980 6032  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
17:49:18.0125 6032  ALG - ok
17:49:18.0144 6032  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:49:18.0161 6032  aliide - ok
17:49:18.0181 6032  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
17:49:18.0199 6032  amdagp - ok
17:49:18.0211 6032  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
17:49:18.0229 6032  amdide - ok
17:49:18.0234 6032  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
17:49:18.0281 6032  AmdK7 - ok
17:49:18.0294 6032  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:49:18.0335 6032  AmdK8 - ok
17:49:18.0699 6032  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:49:18.0719 6032  AntiVirSchedulerService - ok
17:49:18.0890 6032  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:49:18.0907 6032  AntiVirService - ok
17:49:18.0964 6032  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
17:49:19.0152 6032  Appinfo - ok
17:49:19.0180 6032  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
17:49:19.0199 6032  arc - ok
17:49:19.0228 6032  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:49:19.0278 6032  arcsas - ok
17:49:19.0310 6032  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:49:19.0364 6032  AsyncMac - ok
17:49:19.0421 6032  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
17:49:19.0438 6032  atapi - ok
17:49:19.0534 6032  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:49:19.0572 6032  AudioEndpointBuilder - ok
17:49:19.0634 6032  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
17:49:19.0662 6032  Audiosrv - ok
17:49:19.0766 6032  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
17:49:19.0787 6032  avgntflt - ok
17:49:19.0841 6032  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
17:49:19.0859 6032  avipbb - ok
17:49:19.0928 6032  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
17:49:19.0943 6032  avkmgr - ok
17:49:20.0015 6032  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:49:20.0081 6032  Beep - ok
17:49:20.0174 6032  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
17:49:20.0213 6032  BFE - ok
17:49:20.0305 6032  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
17:49:20.0388 6032  BITS - ok
17:49:20.0449 6032  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
17:49:20.0480 6032  blbdrive - ok
17:49:20.0542 6032  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:49:20.0583 6032  bowser - ok
17:49:20.0642 6032  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
17:49:20.0689 6032  BrFiltLo - ok
17:49:20.0718 6032  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
17:49:20.0777 6032  BrFiltUp - ok
17:49:20.0811 6032  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
17:49:20.0885 6032  Browser - ok
17:49:20.0912 6032  Browser Manager - ok
17:49:20.0926 6032  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
17:49:21.0158 6032  Brserid - ok
17:49:21.0165 6032  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
17:49:21.0215 6032  BrSerWdm - ok
17:49:21.0229 6032  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
17:49:21.0308 6032  BrUsbMdm - ok
17:49:21.0325 6032  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
17:49:21.0399 6032  BrUsbSer - ok
17:49:21.0471 6032  [ 6D39C954799B63BA866910234CF7D726 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
17:49:21.0535 6032  BthEnum - ok
17:49:21.0596 6032  [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:49:21.0653 6032  BTHMODEM - ok
17:49:21.0696 6032  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
17:49:21.0742 6032  BthPan - ok
17:49:21.0801 6032  [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
17:49:21.0887 6032  BTHPORT - ok
17:49:21.0933 6032  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ         C:\Windows\System32\bthserv.dll
17:49:21.0992 6032  BthServ - ok
17:49:22.0008 6032  [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
17:49:22.0048 6032  BTHUSB - ok
17:49:22.0099 6032  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:49:22.0138 6032  cdfs - ok
17:49:22.0185 6032  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:49:22.0230 6032  cdrom - ok
17:49:22.0314 6032  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
17:49:22.0379 6032  CertPropSvc - ok
17:49:22.0402 6032  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
17:49:22.0432 6032  circlass - ok
17:49:22.0479 6032  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
17:49:22.0503 6032  CLFS - ok
17:49:22.0565 6032  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:49:22.0583 6032  clr_optimization_v2.0.50727_32 - ok
17:49:23.0253 6032  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:49:23.0309 6032  clr_optimization_v4.0.30319_32 - ok
17:49:23.0371 6032  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:49:23.0411 6032  CmBatt - ok
17:49:23.0435 6032  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:49:23.0452 6032  cmdide - ok
17:49:23.0467 6032  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:49:23.0484 6032  Compbatt - ok
17:49:23.0489 6032  COMSysApp - ok
17:49:23.0495 6032  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:49:23.0513 6032  crcdisk - ok
17:49:23.0525 6032  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
17:49:23.0577 6032  Crusoe - ok
17:49:23.0644 6032  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:49:23.0690 6032  CryptSvc - ok
17:49:23.0752 6032  [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA.sys
17:49:23.0806 6032  CVirtA - ok
17:49:23.0931 6032  [ D4A26B0926171DC4F969955D157D1311 ] CVPND           C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
17:49:24.0044 6032  CVPND - ok
17:49:24.0110 6032  [ C23025AC5AE45A105D63BD6E2408EDD4 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
17:49:24.0127 6032  CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
17:49:24.0127 6032  CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
17:49:24.0451 6032  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:49:24.0607 6032  DcomLaunch - ok
17:49:24.0647 6032  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:49:24.0693 6032  DfsC - ok
17:49:24.0775 6032  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
17:49:24.0926 6032  DFSR - ok
17:49:25.0004 6032  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
17:49:25.0048 6032  Dhcp - ok
17:49:25.0095 6032  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
17:49:25.0112 6032  disk - ok
17:49:25.0170 6032  [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE             C:\Windows\system32\DRIVERS\dne2000.sys
17:49:25.0201 6032  DNE - ok
17:49:25.0265 6032  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:49:25.0316 6032  Dnscache - ok
17:49:25.0415 6032  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:49:25.0458 6032  dot3svc - ok
17:49:25.0530 6032  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
17:49:25.0562 6032  DPS - ok
17:49:25.0617 6032  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:49:25.0665 6032  drmkaud - ok
17:49:25.0782 6032  [ CCB871711E7FE3CB4410550D1478FEB8 ] DTBService      C:\Program Files\DVRMSToolbox\DTBFWService.exe
17:49:25.0800 6032  DTBService ( UnsignedFile.Multi.Generic ) - warning
17:49:25.0800 6032  DTBService - detected UnsignedFile.Multi.Generic (1)
17:49:25.0875 6032  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:49:25.0928 6032  DXGKrnl - ok
17:49:25.0980 6032  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
17:49:26.0026 6032  E1G60 - ok
17:49:26.0073 6032  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
17:49:26.0116 6032  EapHost - ok
17:49:26.0181 6032  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
17:49:26.0201 6032  Ecache - ok
17:49:26.0258 6032  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:49:26.0339 6032  ehRecvr - ok
17:49:26.0352 6032  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
17:49:26.0405 6032  ehSched - ok
17:49:26.0412 6032  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
17:49:26.0443 6032  ehstart - ok
17:49:26.0501 6032  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:49:26.0528 6032  elxstor - ok
17:49:26.0586 6032  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
17:49:26.0688 6032  EMDMgmt - ok
17:49:26.0751 6032  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:49:26.0831 6032  ErrDev - ok
17:49:26.0871 6032  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
17:49:26.0908 6032  EventSystem - ok
17:49:26.0956 6032  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
17:49:27.0041 6032  exfat - ok
17:49:27.0086 6032  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:49:27.0129 6032  fastfat - ok
17:49:27.0185 6032  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:49:27.0223 6032  fdc - ok
17:49:27.0237 6032  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:49:27.0290 6032  fdPHost - ok
17:49:27.0319 6032  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:49:27.0366 6032  FDResPub - ok
17:49:27.0417 6032  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:49:27.0434 6032  FileInfo - ok
17:49:27.0458 6032  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:49:27.0501 6032  Filetrace - ok
17:49:27.0522 6032  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:49:27.0567 6032  flpydisk - ok
17:49:27.0615 6032  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:49:27.0637 6032  FltMgr - ok
17:49:27.0713 6032  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
17:49:27.0816 6032  FontCache - ok
17:49:28.0080 6032  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:49:28.0095 6032  FontCache3.0.0.0 - ok
17:49:28.0133 6032  [ 78C108C807AFDC45D7867B96D01AA8F2 ] FPSensor        C:\Windows\system32\Drivers\FPSensor.sys
17:49:28.0146 6032  FPSensor - ok
17:49:28.0178 6032  [ 4EFF8408DD280F2468C39D0F4A2CEC0D ] FPWinIo         C:\Windows\system32\DRIVERS\FPWinIo.sys
17:49:28.0192 6032  FPWinIo - ok
17:49:28.0235 6032  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:49:28.0291 6032  Fs_Rec - ok
17:49:28.0313 6032  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:49:28.0330 6032  gagp30kx - ok
17:49:28.0496 6032  [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
17:49:28.0510 6032  GoogleDesktopManager-051210-111108 - ok
17:49:28.0590 6032  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:49:28.0652 6032  gpsvc - ok
17:49:29.0009 6032  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
17:49:29.0023 6032  gupdate - ok
17:49:29.0076 6032  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
17:49:29.0091 6032  gupdatem - ok
17:49:29.0209 6032  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:49:29.0224 6032  gusvc - ok
17:49:29.0253 6032  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:49:29.0318 6032  HdAudAddService - ok
17:49:29.0379 6032  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:49:29.0487 6032  HDAudBus - ok
17:49:29.0543 6032  [ FCB3F4BE408F72C1BD81BCABA87FC22F ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:49:29.0610 6032  HidBth - ok
17:49:29.0752 6032  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
17:49:29.0831 6032  HidIr - ok
17:49:29.0949 6032  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
17:49:30.0048 6032  hidserv - ok
17:49:30.0085 6032  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:49:30.0136 6032  HidUsb - ok
17:49:30.0191 6032  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:49:30.0235 6032  hkmsvc - ok
17:49:30.0268 6032  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
17:49:30.0285 6032  HpCISSs - ok
17:49:30.0412 6032  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:49:30.0519 6032  HTTP - ok
17:49:30.0571 6032  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
17:49:30.0587 6032  i2omp - ok
17:49:30.0653 6032  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:49:30.0695 6032  i8042prt - ok
17:49:30.0726 6032  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
17:49:30.0748 6032  iaStorV - ok
17:49:30.0904 6032  [ B1A28FA1AFDE10B95FF9354B15701D70 ] ICQ Service     C:\Program Files\ICQ6Toolbar\ICQ Service.exe
17:49:30.0920 6032  ICQ Service - ok
17:49:31.0094 6032  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:49:31.0166 6032  idsvc - ok
17:49:31.0273 6032  [ BE449D6218D34D93A95C1D2873DD8A5D ] IGBASVC         C:\Program Files\EgisTec\VITAKEY\BASVC.exe
17:49:31.0378 6032  IGBASVC - ok
17:49:31.0413 6032  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:49:31.0428 6032  iirsp - ok
17:49:31.0601 6032  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
17:49:31.0652 6032  IKEEXT - ok
17:49:31.0741 6032  [ C3C499A704A2D7958D9D7E5A9DB60CE4 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:49:31.0861 6032  IntcAzAudAddService - ok
17:49:31.0909 6032  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:49:31.0925 6032  intelide - ok
17:49:31.0950 6032  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:49:31.0991 6032  intelppm - ok
17:49:32.0026 6032  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:49:32.0067 6032  IPBusEnum - ok
17:49:32.0079 6032  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:49:32.0120 6032  IpFilterDriver - ok
17:49:32.0177 6032  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:49:32.0243 6032  iphlpsvc - ok
17:49:32.0248 6032  IpInIp - ok
17:49:32.0267 6032  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
17:49:32.0306 6032  IPMIDRV - ok
17:49:32.0322 6032  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
17:49:32.0352 6032  IPNAT - ok
17:49:32.0365 6032  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:49:32.0393 6032  IRENUM - ok
17:49:32.0406 6032  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:49:32.0423 6032  isapnp - ok
17:49:32.0481 6032  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
17:49:32.0501 6032  iScsiPrt - ok
17:49:32.0516 6032  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
17:49:32.0531 6032  iteatapi - ok
17:49:32.0537 6032  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
17:49:32.0552 6032  iteraid - ok
17:49:32.0567 6032  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:49:32.0583 6032  kbdclass - ok
17:49:32.0637 6032  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:49:32.0667 6032  kbdhid - ok
17:49:32.0715 6032  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
17:49:32.0752 6032  KeyIso - ok
17:49:32.0838 6032  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:49:32.0869 6032  KSecDD - ok
17:49:32.0916 6032  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:49:32.0998 6032  KtmRm - ok
17:49:33.0081 6032  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:49:33.0157 6032  LanmanServer - ok
17:49:33.0209 6032  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:49:33.0269 6032  LanmanWorkstation - ok
17:49:33.0305 6032  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:49:33.0393 6032  lltdio - ok
17:49:33.0446 6032  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:49:33.0514 6032  lltdsvc - ok
17:49:33.0544 6032  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:49:33.0591 6032  lmhosts - ok
17:49:33.0617 6032  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:49:33.0636 6032  LSI_FC - ok
17:49:33.0641 6032  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:49:33.0659 6032  LSI_SAS - ok
17:49:33.0692 6032  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:49:33.0711 6032  LSI_SCSI - ok
17:49:33.0728 6032  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
17:49:33.0770 6032  luafv - ok
17:49:33.0790 6032  lxbv_device - ok
17:49:33.0811 6032  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:49:33.0843 6032  Mcx2Svc - ok
17:49:34.0441 6032  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
17:49:34.0459 6032  MDM - ok
17:49:34.0504 6032  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
17:49:34.0521 6032  megasas - ok
17:49:34.0536 6032  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
17:49:34.0564 6032  MegaSR - ok
17:49:34.0594 6032  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
17:49:34.0641 6032  MMCSS - ok
17:49:34.0655 6032  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
17:49:34.0700 6032  Modem - ok
17:49:34.0714 6032  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:49:34.0745 6032  monitor - ok
17:49:34.0761 6032  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:49:34.0780 6032  mouclass - ok
17:49:34.0798 6032  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:49:34.0851 6032  mouhid - ok
17:49:34.0875 6032  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
17:49:34.0892 6032  MountMgr - ok
17:49:34.0919 6032  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:49:34.0938 6032  mpio - ok
17:49:34.0953 6032  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:49:35.0007 6032  mpsdrv - ok
17:49:35.0077 6032  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:49:35.0140 6032  MpsSvc - ok
17:49:35.0281 6032  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
17:49:35.0332 6032  Mraid35x - ok
17:49:35.0466 6032  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:49:35.0544 6032  MRxDAV - ok
17:49:35.0592 6032  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:49:35.0642 6032  mrxsmb - ok
17:49:35.0681 6032  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:49:35.0703 6032  mrxsmb10 - ok
17:49:35.0711 6032  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:49:35.0729 6032  mrxsmb20 - ok
17:49:35.0793 6032  [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:49:35.0810 6032  msahci - ok
17:49:35.0855 6032  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:49:35.0873 6032  msdsm - ok
17:49:35.0889 6032  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
17:49:35.0964 6032  MSDTC - ok
17:49:35.0993 6032  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:49:36.0031 6032  Msfs - ok
17:49:36.0050 6032  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:49:36.0068 6032  msisadrv - ok
17:49:36.0096 6032  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:49:36.0143 6032  MSiSCSI - ok
17:49:36.0148 6032  msiserver - ok
17:49:36.0188 6032  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:49:36.0233 6032  MSKSSRV - ok
17:49:36.0256 6032  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:49:36.0330 6032  MSPCLOCK - ok
17:49:36.0351 6032  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:49:36.0380 6032  MSPQM - ok
17:49:36.0444 6032  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:49:36.0464 6032  MsRPC - ok
17:49:36.0471 6032  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:49:36.0487 6032  mssmbios - ok
17:49:36.0518 6032  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:49:36.0548 6032  MSTEE - ok
17:49:36.0593 6032  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
17:49:36.0612 6032  Mup - ok
17:49:36.0651 6032  [ 62D3C8E2E75ABD9FC3DEE1B0E5B437E0 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
17:49:36.0664 6032  mwlPSDFilter - ok
17:49:36.0683 6032  [ 3963DB3D50D60D17CE7A5EB7D4DA2E7D ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
17:49:36.0697 6032  mwlPSDNServ - ok
17:49:36.0710 6032  [ C6DE675CE2F2B6E4F78BF7E8187FC1EC ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
17:49:36.0725 6032  mwlPSDVDisk - ok
17:49:36.0801 6032  [ 3FD2D2F48C05C9E8EC0A8D61BCE12BFA ] MWLService      C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
17:49:36.0818 6032  MWLService - ok
17:49:37.0047 6032  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
17:49:37.0101 6032  napagent - ok
17:49:37.0153 6032  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:49:37.0223 6032  NativeWifiP - ok
17:49:37.0274 6032  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:49:37.0302 6032  NDIS - ok
17:49:37.0328 6032  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:49:37.0368 6032  NdisTapi - ok
17:49:37.0388 6032  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:49:37.0443 6032  Ndisuio - ok
17:49:37.0513 6032  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:49:37.0550 6032  NdisWan - ok
17:49:37.0592 6032  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:49:37.0616 6032  NDProxy - ok
17:49:37.0841 6032  [ 2AAE889742376EDC5C3203DFB74F28FD ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
17:49:37.0916 6032  Nero BackItUp Scheduler 3 - ok
17:49:37.0931 6032  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:49:37.0979 6032  NetBIOS - ok
17:49:38.0032 6032  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
17:49:38.0098 6032  netbt - ok
17:49:38.0118 6032  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
17:49:38.0135 6032  Netlogon - ok
17:49:38.0162 6032  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
17:49:38.0212 6032  Netman - ok
17:49:38.0229 6032  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
17:49:38.0273 6032  netprofm - ok
17:49:38.0316 6032  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:49:38.0332 6032  NetTcpPortSharing - ok
17:49:38.0460 6032  [ E559EA9138C77B5D1FDA8C558764A25F ] NETw5v32        C:\Windows\system32\DRIVERS\NETw5v32.sys
17:49:38.0714 6032  NETw5v32 - ok
17:49:38.0733 6032  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:49:38.0749 6032  nfrd960 - ok
17:49:38.0788 6032  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:49:38.0820 6032  NlaSvc - ok
17:49:38.0910 6032  [ CB992AE1506985D9167E85883B4C3240 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
17:49:38.0963 6032  NMIndexingService - ok
17:49:39.0005 6032  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:49:39.0051 6032  Npfs - ok
17:49:39.0094 6032  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
17:49:39.0137 6032  nsi - ok
17:49:39.0177 6032  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:49:39.0243 6032  nsiproxy - ok
17:49:39.0402 6032  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:49:39.0481 6032  Ntfs - ok
17:49:39.0509 6032  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
17:49:39.0557 6032  ntrigdigi - ok
17:49:39.0571 6032  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
17:49:39.0611 6032  Null - ok
17:49:39.0769 6032  [ A103162C62C336C2CB3C5E1E2773D17B ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
17:49:39.0784 6032  NVHDA - ok
17:49:40.0005 6032  [ 692BD7AE273B8FD16D1EF1677394DD84 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:49:40.0471 6032  nvlddmkm - ok
17:49:40.0522 6032  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:49:40.0541 6032  nvraid - ok
17:49:40.0644 6032  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:49:40.0662 6032  nvstor - ok
17:49:40.0832 6032  [ 7708F81CC3C92E107DA01CAA67DFDB0A ] nvsvc           C:\Windows\system32\nvvsvc.exe
17:49:40.0904 6032  nvsvc - ok
17:49:40.0984 6032  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:49:41.0038 6032  nv_agp - ok
17:49:41.0042 6032  NwlnkFlt - ok
17:49:41.0047 6032  NwlnkFwd - ok
17:49:41.0093 6032  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:49:41.0156 6032  ohci1394 - ok
17:49:41.0230 6032  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:49:41.0248 6032  ose - ok
17:49:41.0499 6032  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:49:41.0756 6032  osppsvc - ok
17:49:41.0823 6032  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
17:49:41.0881 6032  p2pimsvc - ok
17:49:41.0893 6032  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:49:41.0921 6032  p2psvc - ok
17:49:41.0950 6032  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
17:49:41.0999 6032  Parport - ok
17:49:42.0046 6032  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:49:42.0063 6032  partmgr - ok
17:49:42.0081 6032  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
17:49:42.0142 6032  Parvdm - ok
17:49:42.0152 6032  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:49:42.0207 6032  PcaSvc - ok
17:49:42.0252 6032  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
17:49:42.0272 6032  pci - ok
17:49:42.0284 6032  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
17:49:42.0301 6032  pciide - ok
17:49:42.0317 6032  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:49:42.0336 6032  pcmcia - ok
17:49:42.0382 6032  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:49:42.0503 6032  PEAUTH - ok
17:49:42.0549 6032  [ F433B5AA6DBAC3C8626EEFAF134E4763 ] PhilCap         C:\Windows\system32\DRIVERS\PhilCap.sys
17:49:42.0695 6032  PhilCap - ok
17:49:42.0789 6032  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
17:49:42.0923 6032  pla - ok
17:49:43.0034 6032  [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
17:49:43.0052 6032  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
17:49:43.0052 6032  PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
17:49:43.0123 6032  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:49:43.0149 6032  PlugPlay - ok
17:49:43.0212 6032  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
17:49:43.0242 6032  PNRPAutoReg - ok
17:49:43.0290 6032  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
17:49:43.0319 6032  PNRPsvc - ok
17:49:43.0412 6032  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:49:43.0495 6032  PolicyAgent - ok
17:49:43.0546 6032  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:49:43.0634 6032  PptpMiniport - ok
17:49:43.0676 6032  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
17:49:43.0705 6032  Processor - ok
17:49:43.0761 6032  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:49:43.0787 6032  ProfSvc - ok
17:49:43.0811 6032  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
17:49:43.0828 6032  ProtectedStorage - ok
17:49:44.0180 6032  [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\system32\PSIService.exe
17:49:44.0197 6032  ProtexisLicensing - ok
17:49:44.0437 6032  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
17:49:44.0499 6032  PSched - ok
17:49:44.0563 6032  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:49:44.0732 6032  ql2300 - ok
17:49:44.0779 6032  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:49:44.0795 6032  ql40xx - ok
17:49:44.0905 6032  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
17:49:44.0972 6032  QWAVE - ok
17:49:45.0083 6032  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:49:45.0119 6032  QWAVEdrv - ok
17:49:45.0150 6032  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:49:45.0179 6032  RasAcd - ok
17:49:45.0225 6032  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
17:49:45.0273 6032  RasAuto - ok
17:49:45.0299 6032  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:49:45.0366 6032  Rasl2tp - ok
17:49:45.0443 6032  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
17:49:45.0509 6032  RasMan - ok
17:49:45.0578 6032  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:49:45.0613 6032  RasPppoe - ok
17:49:45.0784 6032  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:49:45.0802 6032  RasSstp - ok
17:49:45.0847 6032  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:49:45.0877 6032  rdbss - ok
17:49:45.0943 6032  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:49:45.0984 6032  RDPCDD - ok
17:49:46.0004 6032  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
17:49:46.0039 6032  rdpdr - ok
17:49:46.0100 6032  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:49:46.0153 6032  RDPENCDD - ok
17:49:46.0219 6032  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:49:46.0267 6032  RDPWD - ok
17:49:46.0320 6032  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:49:46.0350 6032  RemoteAccess - ok
17:49:46.0429 6032  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:49:46.0482 6032  RemoteRegistry - ok
17:49:46.0569 6032  [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
17:49:46.0595 6032  RFCOMM - ok
17:49:46.0652 6032  [ 805AE1F90C64758D19AAA001CF8CBA12 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
17:49:46.0710 6032  RichVideo ( UnsignedFile.Multi.Generic ) - warning
17:49:46.0710 6032  RichVideo - detected UnsignedFile.Multi.Generic (1)
17:49:46.0744 6032  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
17:49:46.0799 6032  RpcLocator - ok
17:49:46.0826 6032  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
17:49:46.0859 6032  RpcSs - ok
17:49:46.0909 6032  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:49:46.0976 6032  rspndr - ok
17:49:47.0011 6032  [ 174B9514CD1A0C33CE4BBC02A3C81A62 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
17:49:47.0107 6032  RTL8169 - ok
17:49:47.0137 6032  [ 9EA88492B1DAB90DCE43A6F2C0E133BD ] RTSTOR          C:\Windows\system32\drivers\RTSTOR.SYS
17:49:47.0188 6032  RTSTOR - ok
17:49:47.0259 6032  [ 594FF5620661D1386475406E78CB6F2F ] s0017bus        C:\Windows\system32\DRIVERS\s0017bus.sys
17:49:47.0304 6032  s0017bus - ok
17:49:47.0352 6032  [ 7258F550419D543BC5C8E80C578A5D54 ] s0017mdfl       C:\Windows\system32\DRIVERS\s0017mdfl.sys
17:49:47.0365 6032  s0017mdfl - ok
17:49:47.0403 6032  [ 1DE4F6607FEB17A15DBD4F1B139E6D2F ] s0017mdm        C:\Windows\system32\DRIVERS\s0017mdm.sys
17:49:47.0418 6032  s0017mdm - ok
17:49:47.0468 6032  [ 9814E6BACC06D2526CD52981C7EEEDF0 ] s0017mgmt       C:\Windows\system32\DRIVERS\s0017mgmt.sys
17:49:47.0482 6032  s0017mgmt - ok
17:49:47.0530 6032  [ 2C62CD58225973F26682CD4F783DDEDE ] s0017nd5        C:\Windows\system32\DRIVERS\s0017nd5.sys
17:49:47.0543 6032  s0017nd5 - ok
17:49:47.0566 6032  [ F87C3422E84B2FB1B43E0A26247AD5A5 ] s0017obex       C:\Windows\system32\DRIVERS\s0017obex.sys
17:49:47.0581 6032  s0017obex - ok
17:49:47.0686 6032  [ DF5E7360A0AFA5956BF75DA683D0679F ] s0017unic       C:\Windows\system32\DRIVERS\s0017unic.sys
17:49:47.0702 6032  s0017unic - ok
17:49:47.0762 6032  [ 8C156E6B568AA927EB5DEADEB870BDD2 ] s816bus         C:\Windows\system32\DRIVERS\s816bus.sys
17:49:47.0777 6032  s816bus - ok
17:49:47.0803 6032  [ D4ED429953A2B8B09C702805813A26C8 ] s816mdfl        C:\Windows\system32\DRIVERS\s816mdfl.sys
17:49:47.0817 6032  s816mdfl - ok
17:49:47.0827 6032  [ 94306F371A6FF8B690BEA81157111B3B ] s816mdm         C:\Windows\system32\DRIVERS\s816mdm.sys
17:49:47.0841 6032  s816mdm - ok
17:49:47.0912 6032  [ FAFDD00ABAD1B6029BF7F4067764AB41 ] s816mgmt        C:\Windows\system32\DRIVERS\s816mgmt.sys
17:49:47.0927 6032  s816mgmt - ok
17:49:47.0968 6032  [ FD0D1E39CB22558D79BFF59B66A5874A ] s816nd5         C:\Windows\system32\DRIVERS\s816nd5.sys
17:49:47.0981 6032  s816nd5 - ok
17:49:48.0044 6032  [ 8EACD5E46764463E75F171D9BF305348 ] s816obex        C:\Windows\system32\DRIVERS\s816obex.sys
17:49:48.0059 6032  s816obex - ok
17:49:48.0111 6032  [ E2090B041B935430ABC8E184B7D6CD75 ] s816unic        C:\Windows\system32\DRIVERS\s816unic.sys
17:49:48.0126 6032  s816unic - ok
17:49:48.0158 6032  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
17:49:48.0176 6032  SamSs - ok
17:49:48.0187 6032  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:49:48.0204 6032  sbp2port - ok
17:49:48.0489 6032  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
17:49:48.0585 6032  SBSDWSCService - ok
17:49:48.0651 6032  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:49:48.0676 6032  SCardSvr - ok
17:49:49.0183 6032  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
17:49:49.0272 6032  Schedule - ok
17:49:49.0420 6032  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:49:49.0444 6032  SCPolicySvc - ok
17:49:49.0492 6032  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:49:49.0574 6032  SDRSVC - ok
17:49:49.0624 6032  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:49:49.0706 6032  secdrv - ok
17:49:49.0734 6032  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
17:49:49.0766 6032  seclogon - ok
17:49:49.0778 6032  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
17:49:49.0819 6032  SENS - ok
17:49:49.0834 6032  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
17:49:49.0928 6032  Serenum - ok
17:49:49.0954 6032  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
17:49:50.0012 6032  Serial - ok
17:49:50.0028 6032  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:49:50.0057 6032  sermouse - ok
17:49:50.0090 6032  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:49:50.0125 6032  SessionEnv - ok
17:49:50.0147 6032  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:49:50.0203 6032  sffdisk - ok
17:49:50.0225 6032  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:49:50.0254 6032  sffp_mmc - ok
17:49:50.0271 6032  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:49:50.0299 6032  sffp_sd - ok
17:49:50.0321 6032  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:49:50.0371 6032  sfloppy - ok
17:49:50.0424 6032  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:49:50.0479 6032  SharedAccess - ok
17:49:50.0524 6032  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:49:50.0584 6032  ShellHWDetection - ok
17:49:50.0764 6032  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
17:49:50.0781 6032  sisagp - ok
17:49:50.0815 6032  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
17:49:50.0832 6032  SiSRaid2 - ok
17:49:50.0852 6032  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:49:50.0869 6032  SiSRaid4 - ok
17:49:50.0939 6032  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
17:49:50.0956 6032  SkypeUpdate - ok
17:49:51.0079 6032  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
17:49:51.0579 6032  slsvc - ok
17:49:51.0668 6032  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
17:49:51.0705 6032  SLUINotify - ok
17:49:51.0756 6032  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:49:51.0810 6032  Smb - ok
17:49:52.0109 6032  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:49:52.0128 6032  SNMPTRAP - ok
17:49:52.0263 6032  [ 913D2CE973ED904FE54DE9DB38FCEFF2 ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
17:49:52.0388 6032  SNP2UVC - ok
17:49:52.0625 6032  [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
17:49:52.0639 6032  Sony PC Companion - ok
17:49:52.0757 6032  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
17:49:52.0774 6032  spldr - ok
17:49:52.0850 6032  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
17:49:52.0912 6032  Spooler - ok
17:49:53.0048 6032  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:49:53.0089 6032  srv - ok
17:49:53.0139 6032  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:49:53.0181 6032  srv2 - ok
17:49:53.0290 6032  [ 71DB619F4068D7C70D447D73617CDFAC ] srvcPVR         C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
17:49:53.0362 6032  srvcPVR ( UnsignedFile.Multi.Generic ) - warning
17:49:53.0362 6032  srvcPVR - detected UnsignedFile.Multi.Generic (1)
17:49:53.0399 6032  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:49:53.0418 6032  srvnet - ok
17:49:53.0455 6032  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:49:53.0498 6032  SSDPSRV - ok
17:49:53.0536 6032  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
17:49:53.0550 6032  ssmdrv - ok
17:49:53.0559 6032  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:49:53.0582 6032  SstpSvc - ok
17:49:53.0639 6032  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
17:49:53.0714 6032  stisvc - ok
17:49:53.0747 6032  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:49:53.0763 6032  swenum - ok
17:49:53.0823 6032  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
17:49:53.0877 6032  swprv - ok
17:49:53.0898 6032  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
17:49:53.0914 6032  Symc8xx - ok
17:49:53.0930 6032  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
17:49:53.0946 6032  Sym_hi - ok
17:49:53.0958 6032  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
17:49:53.0973 6032  Sym_u3 - ok
17:49:54.0040 6032  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
17:49:54.0118 6032  SysMain - ok
17:49:54.0193 6032  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:49:54.0214 6032  TabletInputService - ok
17:49:54.0273 6032  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:49:54.0344 6032  TapiSrv - ok
17:49:54.0372 6032  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
17:49:54.0403 6032  TBS - ok
17:49:54.0464 6032  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:49:54.0542 6032  Tcpip - ok
17:49:54.0580 6032  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
17:49:54.0642 6032  Tcpip6 - ok
17:49:54.0687 6032  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:49:54.0740 6032  tcpipreg - ok
17:49:54.0764 6032  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:49:54.0803 6032  TDPIPE - ok
17:49:54.0819 6032  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:49:54.0848 6032  TDTCP - ok
17:49:54.0901 6032  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:49:54.0934 6032  tdx - ok
17:49:55.0035 6032  [ D827A50CEC8A16180EEC4F1951B7A842 ] TeamViewer5     C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
17:49:55.0050 6032  TeamViewer5 - ok
17:49:55.0086 6032  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:49:55.0104 6032  TermDD - ok
17:49:55.0159 6032  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
17:49:55.0273 6032  TermService - ok
17:49:55.0309 6032  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
17:49:55.0329 6032  Themes - ok
17:49:55.0374 6032  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
17:49:55.0403 6032  THREADORDER - ok
17:49:55.0487 6032  [ EFEF22B9577E5051057FDE1AE381B50C ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
17:49:55.0501 6032  TomTomHOMEService - ok
17:49:55.0533 6032  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
17:49:55.0564 6032  TrkWks - ok
17:49:56.0047 6032  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:49:56.0111 6032  TrustedInstaller - ok
17:49:56.0173 6032  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:49:56.0221 6032  tssecsrv - ok
17:49:56.0264 6032  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
17:49:56.0295 6032  tunmp - ok
17:49:56.0387 6032  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:49:56.0404 6032  tunnel - ok
17:49:56.0414 6032  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:49:56.0432 6032  uagp35 - ok
17:49:56.0550 6032  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:49:56.0578 6032  udfs - ok
17:49:56.0735 6032  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:49:56.0793 6032  UI0Detect - ok
17:49:56.0858 6032  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:49:56.0898 6032  uliagpkx - ok
17:49:57.0009 6032  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
17:49:57.0030 6032  uliahci - ok
17:49:57.0057 6032  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
17:49:57.0075 6032  UlSata - ok
17:49:57.0096 6032  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
17:49:57.0114 6032  ulsata2 - ok
17:49:57.0133 6032  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:49:57.0178 6032  umbus - ok
17:49:57.0205 6032  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
17:49:57.0240 6032  upnphost - ok
17:49:57.0291 6032  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:49:57.0325 6032  usbccgp - ok
17:49:57.0345 6032  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:49:57.0404 6032  usbcir - ok
17:49:57.0473 6032  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:49:57.0530 6032  usbehci - ok
17:49:57.0554 6032  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:49:57.0593 6032  usbhub - ok
17:49:57.0612 6032  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:49:57.0659 6032  usbohci - ok
17:49:57.0710 6032  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:49:57.0738 6032  usbprint - ok
17:49:57.0789 6032  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:49:57.0850 6032  usbscan - ok
17:49:57.0888 6032  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:49:57.0956 6032  USBSTOR - ok
17:49:57.0981 6032  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:49:58.0005 6032  usbuhci - ok
17:49:58.0037 6032  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
17:49:58.0082 6032  usbvideo - ok
17:49:58.0140 6032  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
17:49:58.0203 6032  UxSms - ok
17:49:58.0247 6032  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
17:49:58.0315 6032  vds - ok
17:49:58.0390 6032  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:49:58.0419 6032  vga - ok
17:49:58.0441 6032  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:49:58.0481 6032  VgaSave - ok
17:49:58.0503 6032  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
17:49:58.0520 6032  viaagp - ok
17:49:58.0552 6032  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
17:49:58.0582 6032  ViaC7 - ok
17:49:58.0597 6032  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
17:49:58.0613 6032  viaide - ok
17:49:58.0629 6032  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:49:58.0647 6032  volmgr - ok
17:49:58.0708 6032  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:49:58.0732 6032  volmgrx - ok
17:49:58.0785 6032  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:49:58.0808 6032  volsnap - ok
17:49:58.0840 6032  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:49:58.0860 6032  vsmraid - ok
17:49:58.0929 6032  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
17:49:59.0041 6032  VSS - ok
17:49:59.0244 6032  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
17:49:59.0273 6032  W32Time - ok
17:49:59.0317 6032  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:49:59.0389 6032  WacomPen - ok
17:49:59.0501 6032  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
17:49:59.0554 6032  Wanarp - ok
17:49:59.0558 6032  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:49:59.0582 6032  Wanarpv6 - ok
17:49:59.0630 6032  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:49:59.0658 6032  wcncsvc - ok
17:49:59.0685 6032  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:49:59.0725 6032  WcsPlugInService - ok
17:49:59.0763 6032  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
17:49:59.0780 6032  Wd - ok
17:49:59.0800 6032  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:49:59.0831 6032  Wdf01000 - ok
17:49:59.0844 6032  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:49:59.0885 6032  WdiServiceHost - ok
17:49:59.0889 6032  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:49:59.0922 6032  WdiSystemHost - ok
17:49:59.0977 6032  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
17:50:00.0029 6032  WebClient - ok
17:50:00.0219 6032  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:50:00.0260 6032  Wecsvc - ok
17:50:00.0281 6032  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:50:00.0321 6032  wercplsupport - ok
17:50:00.0416 6032  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:50:00.0442 6032  WerSvc - ok
17:50:00.0640 6032  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
17:50:00.0659 6032  WinDefend - ok
17:50:00.0665 6032  WinHttpAutoProxySvc - ok
17:50:01.0141 6032  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:50:01.0166 6032  Winmgmt - ok
17:50:01.0459 6032  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
17:50:01.0593 6032  WinRM - ok
17:50:01.0687 6032  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:50:01.0753 6032  Wlansvc - ok
17:50:01.0808 6032  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
17:50:01.0831 6032  WmiAcpi - ok
17:50:01.0946 6032  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:50:02.0015 6032  wmiApSrv - ok
17:50:02.0157 6032  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
17:50:02.0239 6032  WMPNetworkSvc - ok
17:50:02.0289 6032  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:50:02.0371 6032  WPCSvc - ok
17:50:02.0418 6032  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:50:02.0450 6032  WPDBusEnum - ok
17:50:02.0505 6032  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
17:50:02.0523 6032  WpdUsb - ok
17:50:03.0453 6032  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:50:03.0520 6032  WPFFontCache_v0400 - ok
17:50:03.0587 6032  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:50:03.0657 6032  ws2ifsl - ok
17:50:03.0710 6032  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
17:50:03.0768 6032  wscsvc - ok
17:50:03.0772 6032  WSearch - ok
17:50:03.0868 6032  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
17:50:04.0021 6032  wuauserv - ok
17:50:04.0078 6032  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:50:04.0164 6032  WUDFRd - ok
17:50:04.0207 6032  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:50:04.0255 6032  wudfsvc - ok
17:50:04.0286 6032  [ AB2D77BF7222B007717ABB61B15F9AE2 ] X10Hid          C:\Windows\system32\Drivers\x10hid.sys
17:50:04.0300 6032  X10Hid - ok
17:50:04.0351 6032  [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets         C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
17:50:04.0376 6032  x10nets ( UnsignedFile.Multi.Generic ) - warning
17:50:04.0376 6032  x10nets - detected UnsignedFile.Multi.Generic (1)
17:50:04.0455 6032  [ 6BBF7A3BAB8FFDCCF82057FA2AAE2B7B ] XUIF            C:\Windows\system32\Drivers\x10ufx2.sys
17:50:04.0469 6032  XUIF - ok
17:50:04.0548 6032  ================ Scan global ===============================
17:50:04.0571 6032  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
17:50:04.0633 6032  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
17:50:04.0655 6032  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
17:50:04.0738 6032  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
17:50:04.0742 6032  [Global] - ok
17:50:04.0742 6032  ================ Scan MBR ==================================
17:50:04.0751 6032  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:50:06.0412 6032  \Device\Harddisk0\DR0 - ok
17:50:06.0413 6032  ================ Scan VBR ==================================
17:50:06.0446 6032  [ D388FB9CCF230EC959D1A647C421C6B8 ] \Device\Harddisk0\DR0\Partition1
17:50:06.0448 6032  \Device\Harddisk0\DR0\Partition1 - ok
17:50:07.0068 6032  [ 67B7211282F2238755B7AAFA2742806F ] \Device\Harddisk0\DR0\Partition2
17:50:07.0069 6032  \Device\Harddisk0\DR0\Partition2 - ok
17:50:07.0069 6032  ============================================================
17:50:07.0069 6032  Scan finished
17:50:07.0069 6032  ============================================================
17:50:07.0080 3944  Detected object count: 6
17:50:07.0080 3944  Actual detected object count: 6
17:50:24.0512 3944  CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
17:50:24.0512 3944  CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:50:24.0514 3944  DTBService ( UnsignedFile.Multi.Generic ) - skipped by user
17:50:24.0514 3944  DTBService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:50:24.0515 3944  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:50:24.0515 3944  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:50:24.0517 3944  RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
17:50:24.0517 3944  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:50:24.0518 3944  srvcPVR ( UnsignedFile.Multi.Generic ) - skipped by user
17:50:24.0518 3944  srvcPVR ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:50:24.0520 3944  x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
17:50:24.0520 3944  x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 06.11.2012, 19:46

Mach bitte einen CustomScan mit OTL . Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

zatjana · 06.11.2012, 20:28

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 06.11.2012 20:10:49 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tatjana\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,47% Memory free
6,19 Gb Paging File | 4,60 Gb Available in Paging File | 74,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,32 Gb Total Space | 134,36 Gb Free Space | 48,27% Space Free | Partition Type: NTFS
Drive D: | 19,76 Gb Total Space | 7,21 Gb Free Space | 36,49% Space Free | Partition Type: FAT32
 
Computer Name: TATJANA-PC | User Name: Tatjana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.06 20:09:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tatjana\Desktop\OTL.exe
PRC - [2012.11.02 20:00:42 | 002,400,800 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
PRC - [2012.10.05 20:15:32 | 001,459,848 | ---- | M] (1und1 Mail und Media GmbH) -- C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
PRC - [2012.09.12 12:17:12 | 000,445,624 | ---- | M] (Sony) -- C:\Programme\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2012.08.09 06:04:08 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 07:56:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 07:56:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 07:56:38 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2011.09.02 01:15:40 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2011.08.04 16:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011.03.14 18:09:00 | 002,565,520 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2011.01.15 15:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Programme\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010.09.13 14:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmplayer.exe
PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.06.16 07:09:46 | 001,336,680 | ---- | M] () -- C:\Programme\uniFLOW_Client\momclnt.exe
PRC - [2010.02.11 12:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010.01.12 19:51:14 | 000,008,192 | ---- | M] () -- C:\Programme\DVRMSToolbox\DTBFWService.exe
PRC - [2009.11.17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.01.26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009.01.09 20:14:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2009.01.09 20:14:42 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2008.08.29 19:11:40 | 002,303,272 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\VITAKEY\PdtWzd.exe
PRC - [2008.08.29 19:11:38 | 002,436,392 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\VITAKEY\CompPtcVUI.exe
PRC - [2008.08.29 19:11:38 | 002,180,392 | ---- | M] () -- C:\Programme\EgisTec\VITAKEY\BASVC.exe
PRC - [2008.08.28 14:03:22 | 000,233,472 | ---- | M] () -- C:\Windows\tsnp2uvc.exe
PRC - [2008.08.04 15:45:56 | 000,304,688 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2008.08.04 15:45:54 | 000,334,384 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\mwlNotifyIcon.exe
PRC - [2008.08.04 15:45:52 | 000,326,192 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2008.07.24 17:16:02 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.28 17:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007.04.25 13:18:48 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxbvcoms.exe
PRC - [2007.02.09 19:51:34 | 000,071,216 | ---- | M] (Cyberlink Corp.) -- C:\Programme\HomeCinema\PowerDVD\PDVDServ.exe
PRC - [2007.02.04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
PRC - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.02 20:00:42 | 002,400,800 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
MOD - [2012.11.02 19:59:20 | 002,139,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll
MOD - [2012.05.24 11:50:32 | 000,203,776 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\MExplorer.dll
MOD - [2012.04.30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2012.04.30 11:57:42 | 000,039,936 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2012.04.04 13:33:24 | 000,139,776 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\CAgdLNotes.dll
MOD - [2012.03.16 11:51:02 | 000,188,416 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\CAgdOutlook.dll
MOD - [2012.02.13 08:53:50 | 000,086,016 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\CalEngine.dll
MOD - [2011.11.01 18:32:48 | 000,573,100 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\sqlite3.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.07.07 13:54:36 | 000,233,984 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\Report.dll
MOD - [2011.01.05 14:01:12 | 000,053,248 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\PimNotes.dll
MOD - [2010.09.14 14:01:00 | 000,212,992 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\VistaCalendar.dll
MOD - [2010.08.04 19:21:11 | 000,034,816 | ---- | M] () -- C:\Programme\Google\Google Desktop Search\gzlib.dll
MOD - [2010.06.16 07:09:46 | 001,336,680 | ---- | M] () -- C:\Programme\uniFLOW_Client\momclnt.exe
MOD - [2010.01.11 16:44:54 | 000,053,248 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\VObject.dll
MOD - [2008.08.28 14:03:22 | 000,233,472 | ---- | M] () -- C:\Windows\tsnp2uvc.exe
MOD - [2008.07.29 13:55:14 | 000,969,728 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012.11.02 20:00:42 | 002,400,800 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe -- (Browser Manager)
SRV - [2012.09.29 15:24:33 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 07:56:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 07:56:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.02.11 12:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.01.12 19:51:14 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Programme\DVRMSToolbox\DTBFWService.exe -- (DTBService)
SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.11.17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.08.29 19:11:38 | 002,180,392 | ---- | M] () [Auto | Running] -- C:\Programme\EgisTec\VITAKEY\BASVC.exe -- (IGBASVC)
SRV - [2008.08.04 15:45:56 | 000,304,688 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2008.02.28 17:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007.04.25 13:18:48 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbvcoms.exe -- (lxbv_device)
SRV - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.05.08 07:56:38 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 07:56:38 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.16 15:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2009.11.17 12:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009.10.08 15:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic)
DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus)
DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5)
DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.08.28 13:27:57 | 000,066,856 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\FPWinIo.sys -- (FPWinIo)
DRV - [2008.08.28 13:27:45 | 000,026,920 | ---- | M] (LTT) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\FPSensor.sys -- (FPSensor)
DRV - [2008.08.08 03:15:00 | 007,555,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.08.06 15:26:08 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.08.05 23:59:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.08.04 15:46:06 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008.08.04 15:46:04 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008.08.04 15:46:04 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008.07.10 10:12:56 | 001,753,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2008.04.28 05:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2007.07.31 10:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2007.06.19 08:51:20 | 000,107,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816mdm.sys -- (s816mdm)
DRV - [2007.06.19 08:51:18 | 000,099,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816mgmt.sys -- (s816mgmt)
DRV - [2007.06.19 08:51:18 | 000,097,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816unic.sys -- (s816unic)
DRV - [2007.06.19 08:51:18 | 000,097,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816obex.sys -- (s816obex)
DRV - [2007.06.19 08:51:18 | 000,021,928 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816nd5.sys -- (s816nd5)
DRV - [2007.06.19 08:51:18 | 000,013,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816mdfl.sys -- (s816mdfl)
DRV - [2007.06.19 08:51:16 | 000,081,832 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s816bus.sys -- (s816bus)
DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.30 14:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 09:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul = 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3458879187-3836919629-484233890-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=114508&tt=4412_4&babsrc=HP_clro&mntrId=b2971a310000000000000015affcb035
IE - HKU\S-1-5-21-3458879187-3836919629-484233890-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Tatjana\Desktop
IE - HKU\S-1-5-21-3458879187-3836919629-484233890-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\S-1-5-21-3458879187-3836919629-484233890-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3458879187-3836919629-484233890-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3458879187-3836919629-484233890-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3458879187-3836919629-484233890-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3458879187-3836919629-484233890-1001\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3458879187-3836919629-484233890-1001\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-3458879187-3836919629-484233890-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3458879187-3836919629-484233890-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3458879187-3836919629-484233890-1001\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul = 
IE - HKU\S-1-5-21-3458879187-3836919629-484233890-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_deDE508
IE - HKU\S-1-5-21-3458879187-3836919629-484233890-1001\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=sBw1by4Ny01L7OhL4ygWnrRhogQ?q={searchTerms}
IE - HKU\S-1-5-21-3458879187-3836919629-484233890-1001\..\SearchScopes\{EEED1E69-B1A4-4E1A-9620-0CE6DF8B9DC5}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-3458879187-3836919629-484233890-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Claro Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.claro-search.com/?affID=114508&tt=4412_4&babsrc=HP_clro&mntrId=b2971a310000000000000015affcb035"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.7
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: {ec9032c7-c20a-464f-7b0e-13a3a9e97385}:1
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Tatjana\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.08 13:33:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.12 12:41:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.27 09:59:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\Documents and Settings\All Users\Application Data\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2012.11.03 13:39:37 | 000,000,000 | ---D | M]
 
[2010.10.03 18:31:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tatjana\AppData\Roaming\mozilla\Extensions
[2010.10.03 18:31:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tatjana\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.11.03 11:34:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tatjana\AppData\Roaming\mozilla\Firefox\Profiles\x6fg3595.default\extensions
[2009.08.07 23:44:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tatjana\AppData\Roaming\mozilla\Firefox\Profiles\x6fg3595.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.31 10:31:29 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Tatjana\AppData\Roaming\mozilla\Firefox\Profiles\x6fg3595.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.12.19 18:40:49 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Tatjana\AppData\Roaming\mozilla\Firefox\Profiles\x6fg3595.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.21 08:21:40 | 000,000,000 | ---D | M] (.) -- C:\Users\Tatjana\AppData\Roaming\mozilla\Firefox\Profiles\x6fg3595.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}
[2012.11.02 13:24:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tatjana\AppData\Roaming\mozilla\Firefox\Profiles\x6fg3595.default\extensions\ffxtlbr@babylon.com
[2012.11.02 18:59:35 | 000,000,950 | ---- | M] () -- C:\Users\Tatjana\AppData\Roaming\mozilla\firefox\profiles\x6fg3595.default\searchplugins\icqplugin-1.xml
[2009.12.02 13:28:00 | 000,000,950 | ---- | M] () -- C:\Users\Tatjana\AppData\Roaming\mozilla\firefox\profiles\x6fg3595.default\searchplugins\icqplugin-2.xml
[2010.03.28 10:18:46 | 000,000,950 | ---- | M] () -- C:\Users\Tatjana\AppData\Roaming\mozilla\firefox\profiles\x6fg3595.default\searchplugins\icqplugin-3.xml
[2010.08.13 14:42:25 | 000,000,950 | ---- | M] () -- C:\Users\Tatjana\AppData\Roaming\mozilla\firefox\profiles\x6fg3595.default\searchplugins\icqplugin-4.xml
[2010.06.21 16:35:24 | 000,001,042 | ---- | M] () -- C:\Users\Tatjana\AppData\Roaming\mozilla\firefox\profiles\x6fg3595.default\searchplugins\icqplugin.xml
[2011.12.04 18:57:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.03.18 09:29:28 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.11.08 12:24:54 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.03.08 13:33:15 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2008.06.19 19:46:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\mozilla firefox\plugins\MyCamera.dll
[2008.06.19 19:46:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Program Files\mozilla firefox\plugins\NPCIG.dll
[2010.08.12 12:41:05 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.02 13:24:45 | 000,006,522 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010.08.12 12:41:05 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.08.12 12:41:05 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.08.12 12:41:05 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.08.12 12:41:05 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.claro-search.com/?affID=114508&tt=4412_4&babsrc=HP_clro&mntrId=b2971a310000000000000015affcb035
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.claro-search.com/?affID=114508&tt=4412_4&babsrc=HP_clro&mntrId=b2971a310000000000000015affcb035
CHR - Extension: No name found = C:\Users\Tatjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Users\Tatjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Users\Tatjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474\
CHR - Extension: No name found = C:\Users\Tatjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: No name found = C:\Users\Tatjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: No name found = C:\Users\Tatjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKU\S-1-5-21-3458879187-3836919629-484233890-1001\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" File not found
O4 - HKLM..\Run: [MailCheck IE Broker] C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [MOMCLIENT] C:\Programme\uniFLOW_Client\momclnt.exe ()
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray File not found
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Programme\EgisTec\VITAKEY\PdtWzd.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3458879187-3836919629-484233890-1001..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\S-1-5-21-3458879187-3836919629-484233890-1001..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-3458879187-3836919629-484233890-1001..\Run: [Upgrade] C:\Users\Tatjana\AppData\Roaming\Opera\{169B4B43-6CC9-4234-AFD9-E5E661A1E1DB}\Upgrade.exe File not found
O4 - HKU\S-1-5-21-3458879187-3836919629-484233890-1001..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3458879187-3836919629-484233890-1001..\RunOnce: [RunCanonMsetUp] C:\Program Files\Canon\IJ_MSetup4\MCDCHK2.EXE File not found
O4 - Startup: C:\Users\Tatjana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Tatjana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3458879187-3836919629-484233890-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tatjana\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\EgisTec\VITAKEY\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\EgisTec\VITAKEY\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3458879187-3836919629-484233890-1001\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3458879187-3836919629-484233890-1001\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{228BBEBE-E967-411B-B950-8E7B8C6843A4}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\docume~1\ settings\all users\application data\browser manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73} c:\progra~1\google\google~2\goec62~1.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Tatjana\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tatjana\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{32c8220d-0217-11e2-b87b-0015affcb035}\Shell - "" = AutoRun
O33 - MountPoints2\{32c8220d-0217-11e2-b87b-0015affcb035}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{bb294c7d-db82-11e0-b05a-0015affcb035}\Shell - "" = AutoRun
O33 - MountPoints2\{bb294c7d-db82-11e0-b05a-0015affcb035}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\ClickMe.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3458879187-3836919629-484233890-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.06 20:09:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tatjana\Desktop\OTL.exe
[2012.11.06 17:48:01 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tatjana\Desktop\tdsskiller.exe
[2012.11.05 11:27:23 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Tatjana\Desktop\aswMBR.exe
[2012.11.02 18:30:26 | 000,000,000 | ---D | C] -- C:\Users\Tatjana\AppData\Roaming\Malwarebytes
[2012.11.02 18:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.02 18:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.02 18:22:51 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.02 18:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.02 17:57:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.02 17:49:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.11.02 17:49:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.11.02 17:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.11.02 17:33:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012.11.02 16:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.11.02 16:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.11.02 13:33:54 | 000,000,000 | ---D | C] -- C:\Users\Tatjana\AppData\Roaming\Iggels
[2012.11.02 13:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.11.02 13:24:18 | 000,000,000 | ---D | C] -- C:\Users\Tatjana\AppData\Roaming\Babylon
[2012.11.02 13:24:09 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
[2012.11.02 13:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012.10.18 10:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\DesktopIcons
[2012.10.18 10:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck
[2012.10.18 10:26:24 | 000,000,000 | ---D | C] -- C:\ProgramData\1&1 Mail & Media GmbH
[2012.10.18 10:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE MailCheck
[2012.10.18 10:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb
[2 C:\Users\Tatjana\Documents\*.tmp files -> C:\Users\Tatjana\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.06 20:15:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2012.11.06 20:09:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tatjana\Desktop\OTL.exe
[2012.11.06 20:05:43 | 000,628,914 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.06 20:05:43 | 000,596,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.06 20:05:43 | 000,104,242 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.06 20:05:42 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.06 20:00:22 | 000,085,095 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.11.06 20:00:09 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.06 19:59:46 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.06 19:59:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.06 19:59:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.06 19:59:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.06 19:59:12 | 3215,855,616 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.06 18:42:03 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.11.06 18:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.06 17:48:01 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tatjana\Desktop\tdsskiller.exe
[2012.11.05 17:23:47 | 000,086,528 | ---- | M] () -- C:\Users\Tatjana\Documents\Reissalat.pdf
[2012.11.05 17:22:44 | 000,002,617 | ---- | M] () -- C:\Users\Tatjana\Desktop\Microsoft Word 2010.lnk
[2012.11.05 15:56:24 | 000,028,357 | ---- | M] () -- C:\Users\Tatjana\Desktop\Gmer.zip
[2012.11.05 11:42:11 | 000,000,512 | ---- | M] () -- C:\Users\Tatjana\Desktop\MBR.dat
[2012.11.05 11:27:24 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Tatjana\Desktop\aswMBR.exe
[2012.11.03 17:43:18 | 000,012,710 | ---- | M] () -- C:\Users\Tatjana\Desktop\Extras.zip
[2012.11.03 12:38:54 | 413,203,557 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.11.03 12:25:10 | 000,302,592 | ---- | M] () -- C:\Users\Tatjana\Desktop\3jtsgt6z.exe
[2012.11.03 11:45:18 | 000,000,000 | ---- | M] () -- C:\Users\Tatjana\defogger_reenable
[2012.11.03 11:44:48 | 000,050,477 | ---- | M] () -- C:\Users\Tatjana\Desktop\Defogger.exe
[2012.11.02 18:22:55 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.02 17:50:30 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.11.02 16:55:12 | 000,001,195 | ---- | M] () -- C:\Users\Tatjana\Desktop\Free YouTube to MP3 Converter.lnk
[2012.10.30 20:10:40 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012.10.26 10:10:32 | 000,002,545 | ---- | M] () -- C:\Users\Tatjana\Desktop\VPN Client.lnk
[2012.10.18 10:26:25 | 000,002,031 | ---- | M] () -- C:\Users\Tatjana\Desktop\Amazon.lnk
[2012.10.18 10:26:25 | 000,002,029 | ---- | M] () -- C:\Users\Tatjana\Desktop\WEB.DE.lnk
[2012.10.18 10:26:25 | 000,002,023 | ---- | M] () -- C:\Users\Tatjana\Desktop\eBay.lnk
[2012.10.16 15:25:35 | 000,000,680 | ---- | M] () -- C:\Users\Tatjana\AppData\Local\d3d9caps.dat
[2012.10.16 08:41:35 | 000,000,145 | -H-- | M] () -- C:\Windows\Spiel des Lebens Statistik
[2012.10.16 08:41:35 | 000,000,013 | ---- | M] () -- C:\Windows\Spiel des Lebens Prefs
[2012.10.16 08:40:33 | 000,069,632 | ---- | M] () -- C:\Windows\System32\realbap1.dll
[2 C:\Users\Tatjana\Documents\*.tmp files -> C:\Users\Tatjana\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.05 17:23:43 | 000,086,528 | ---- | C] () -- C:\Users\Tatjana\Documents\Reissalat.pdf
[2012.11.05 15:56:24 | 000,028,357 | ---- | C] () -- C:\Users\Tatjana\Desktop\Gmer.zip
[2012.11.05 11:42:11 | 000,000,512 | ---- | C] () -- C:\Users\Tatjana\Desktop\MBR.dat
[2012.11.03 17:43:18 | 000,012,710 | ---- | C] () -- C:\Users\Tatjana\Desktop\Extras.zip
[2012.11.03 12:25:10 | 000,302,592 | ---- | C] () -- C:\Users\Tatjana\Desktop\3jtsgt6z.exe
[2012.11.03 11:45:18 | 000,000,000 | ---- | C] () -- C:\Users\Tatjana\defogger_reenable
[2012.11.03 11:41:04 | 000,050,477 | ---- | C] () -- C:\Users\Tatjana\Desktop\Defogger.exe
[2012.11.02 18:22:55 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.02 16:55:12 | 000,001,195 | ---- | C] () -- C:\Users\Tatjana\Desktop\Free YouTube to MP3 Converter.lnk
[2012.10.18 10:26:25 | 000,002,031 | ---- | C] () -- C:\Users\Tatjana\Desktop\Amazon.lnk
[2012.10.18 10:26:25 | 000,002,029 | ---- | C] () -- C:\Users\Tatjana\Desktop\WEB.DE.lnk
[2012.10.18 10:26:25 | 000,002,023 | ---- | C] () -- C:\Users\Tatjana\Desktop\eBay.lnk
[2012.10.16 08:38:15 | 000,000,145 | -H-- | C] () -- C:\Windows\Spiel des Lebens Statistik
[2012.10.16 08:38:15 | 000,000,013 | ---- | C] () -- C:\Windows\Spiel des Lebens Prefs
[2012.10.16 08:37:32 | 000,069,632 | ---- | C] () -- C:\Windows\System32\realbap1.dll
[2011.12.05 19:23:37 | 000,000,898 | ---- | C] () -- C:\Users\Tatjana\.recently-used.xbel
[2011.09.28 14:11:51 | 000,000,016 | -H-- | C] () -- C:\Users\Tatjana\SyncToy_f13327f0-749a-4f0c-b406-b7f28b3762e4.dat
[2011.07.03 10:03:50 | 000,000,000 | ---- | C] () -- C:\Users\Tatjana\AppData\Local\{D0721B12-13E7-424C-B8C4-48BFD37F355C}
[2009.12.13 12:45:44 | 000,000,680 | ---- | C] () -- C:\Users\Tatjana\AppData\Local\d3d9caps.dat
[2009.07.25 13:18:09 | 000,000,071 | ---- | C] () -- C:\Users\Tatjana\AppData\Roaming\default.pls
[2008.11.18 21:34:44 | 000,888,617 | ---- | C] () -- C:\Users\Tatjana\AppData\Roaming\mdbu.bin
[2008.10.30 12:12:05 | 000,092,672 | ---- | C] () -- C:\Users\Tatjana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.30 09:49:04 | 000,000,830 | ---- | C] () -- C:\Users\Tatjana\AppData\Roaming\wklnhst.dat
[2008.08.28 05:28:06 | 000,085,095 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.08.28 05:22:57 | 000,085,095 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.10.18 10:26:25 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\1&1 Mail & Media GmbH
[2012.05.26 12:55:11 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Aggeo
[2012.05.26 12:55:11 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Agsou
[2011.10.10 14:51:22 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Aipersun333
[2011.05.26 12:08:25 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Amazon
[2010.04.24 16:43:49 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Audacity
[2012.11.02 13:24:18 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Babylon
[2012.09.15 13:27:13 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Canon
[2012.05.21 08:22:10 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Ciet
[2012.05.14 08:17:55 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Doek
[2012.05.13 21:47:38 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Dropbox
[2012.05.21 08:22:10 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Dudyv
[2012.05.13 20:27:10 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Duusu
[2012.11.02 16:55:20 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\DVDVideoSoft
[2011.12.19 18:40:47 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.21 08:24:03 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Folocy
[2009.11.07 15:42:22 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\gtk-2.0
[2012.05.13 21:47:46 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\ICQ
[2012.11.02 13:33:54 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Iggels
[2012.05.14 08:18:29 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Ilyg
[2012.05.14 08:18:29 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Ivki
[2010.09.13 16:01:17 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\JAlbum
[2012.05.15 08:31:23 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Kaetm
[2010.12.27 10:15:21 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Leadertech
[2012.05.15 08:31:23 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Moipuc
[2012.05.15 08:30:52 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Muehar
[2009.02.07 07:38:45 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\OpenOffice.org
[2012.05.14 12:53:42 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Opera
[2012.05.14 08:17:55 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Orac
[2012.05.21 12:38:38 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Qagusi
[2009.01.05 19:22:16 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\ScanSoft
[2012.09.29 15:43:06 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Sony
[2012.05.14 12:51:56 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\TeamViewer
[2009.02.03 18:17:02 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Template
[2010.10.03 18:31:25 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\TomTom
[2012.05.13 20:32:57 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Udzo
[2012.05.21 08:21:39 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Upatte
[2012.05.15 08:30:51 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Uqeza
[2012.05.21 12:38:40 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Vuqe
[2012.05.13 21:46:06 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Windows Desktop Search
[2010.06.18 15:44:37 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Windows Live Writer
[2012.05.21 08:21:39 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Ylmasu
[2012.05.26 13:02:53 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Ypady
[2012.05.26 13:02:53 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Ypma
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.02.28 17:04:35 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.03.16 18:47:43 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.11.03 10:07:32 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2010.03.09 18:33:35 | 000,000,000 | ---D | M] -- C:\divx
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.10.30 08:57:33 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.11.15 14:47:28 | 000,000,000 | ---D | M] -- C:\drivers
[2010.03.05 19:24:15 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2008.08.28 04:50:19 | 000,000,000 | ---D | M] -- C:\Intel
[2011.05.23 20:08:32 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.11.15 18:05:03 | 000,000,000 | -H-D | M] -- C:\MyWinLockerData
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.11.03 10:07:31 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.11.02 18:22:53 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.10.30 08:57:33 | 000,000,000 | -HSD | M] -- C:\Programme
[2008.09.02 09:40:06 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2012.11.06 20:14:51 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.10.30 09:01:02 | 000,000,000 | R--D | M] -- C:\Users
[2012.11.03 23:23:14 | 000,000,000 | ---D | M] -- C:\Windows
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.10.18 10:26:25 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\1&1 Mail & Media GmbH
[2010.01.22 07:20:10 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Adobe
[2012.05.26 12:55:11 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Aggeo
[2012.05.26 12:55:11 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Agsou
[2011.10.10 14:51:22 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Aipersun333
[2011.05.26 12:08:25 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Amazon
[2010.04.24 16:43:49 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Audacity
[2012.04.13 08:43:20 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Avira
[2012.11.02 13:24:18 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Babylon
[2012.09.15 13:27:13 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Canon
[2012.05.21 08:22:10 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Ciet
[2009.02.16 16:07:51 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Corel
[2008.11.13 18:50:08 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\CyberLink
[2012.03.30 19:20:28 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\DivX
[2012.05.14 08:17:55 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Doek
[2012.05.13 21:47:38 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Dropbox
[2012.05.21 08:22:10 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Dudyv
[2012.05.13 20:27:10 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Duusu
[2010.07.30 15:10:00 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\dvdcss
[2012.11.02 16:55:20 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\DVDVideoSoft
[2011.12.19 18:40:47 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.21 08:24:03 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Folocy
[2008.10.30 14:43:03 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Google
[2012.05.14 12:52:08 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Google Inc
[2009.11.07 15:42:22 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\gtk-2.0
[2012.05.13 20:11:04 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Help
[2012.05.13 21:47:46 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\ICQ
[2012.05.14 12:51:38 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Identities
[2012.11.02 13:33:54 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Iggels
[2012.05.14 08:18:29 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Ilyg
[2012.05.14 08:18:29 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Ivki
[2010.09.13 16:01:17 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\JAlbum
[2012.05.15 08:31:23 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Kaetm
[2010.12.27 10:15:21 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Leadertech
[2012.05.13 20:06:56 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Macromedia
[2012.11.02 18:30:26 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Media Center Programs
[2011.09.21 12:39:16 | 000,000,000 | --SD | M] -- C:\Users\Tatjana\AppData\Roaming\Microsoft
[2012.05.15 08:31:23 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Moipuc
[2010.03.12 17:03:30 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Move Networks
[2009.02.01 18:29:44 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Mozilla
[2012.05.15 08:30:52 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Muehar
[2008.10.30 12:00:57 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Nero
[2009.02.07 07:38:45 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\OpenOffice.org
[2009.02.06 15:59:07 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\OpenOffice.org2
[2012.05.14 12:53:42 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Opera
[2012.05.14 08:17:55 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Orac
[2012.05.21 12:38:38 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Qagusi
[2009.01.18 20:00:31 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Roxio
[2009.01.05 19:22:16 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\ScanSoft
[2012.09.06 21:04:57 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Skype
[2012.09.29 15:43:06 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Sony
[2012.05.13 21:48:49 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Sun
[2012.05.14 12:51:56 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\TeamViewer
[2009.02.03 18:17:02 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Template
[2010.10.03 18:31:25 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\TomTom
[2012.05.13 20:32:57 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Udzo
[2012.05.21 08:21:39 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Upatte
[2012.05.15 08:30:51 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Uqeza
[2009.03.13 13:59:03 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\vlc
[2012.05.21 12:38:40 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Vuqe
[2012.05.13 21:46:06 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Windows Desktop Search
[2010.06.18 15:44:37 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Windows Live Writer
[2012.05.21 08:21:39 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Ylmasu
[2012.05.26 13:02:53 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Ypady
[2012.05.26 13:02:53 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\Ypma
[2009.11.07 15:39:44 | 000,000,000 | ---D | M] -- C:\Users\Tatjana\AppData\Roaming\ZoomBrowser EX
 
< %APPDATA%\*.exe /s >
[2010.06.12 10:54:14 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Tatjana\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.02.10 22:17:27 | 002,871,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Tatjana\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2009.08.15 17:31:12 | 000,010,134 | R--- | M] () -- C:\Users\Tatjana\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2009.07.10 13:39:00 | 000,350,720 | ---- | M] () -- C:\Users\Tatjana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dateisplitter.exe
[2010.03.12 17:03:30 | 000,144,053 | ---- | M] () -- C:\Users\Tatjana\AppData\Roaming\Move Networks\uninstall.exe
[2009.02.12 19:37:34 | 000,097,144 | ---- | M] () -- C:\Users\Tatjana\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
 
< %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >
 
< %SYSTEMROOT%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %SYSTEMROOT%\*. /mp /s >
 
< %SYSTEMROOT%\system32\*.dll /lockedfiles >
 
<           >
[2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 14:01:49 | 000,032,538 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2008.08.28 06:26:12 | 000,000,438 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2010.03.02 15:10:45 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010.03.02 15:10:48 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.09.29 15:24:36 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< End of report >

--- --- ---

cosinus · 06.11.2012, 20:51

Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
MOD - [2012.11.02 20:00:42 | 002,400,800 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
MOD - [2012.11.02 19:59:20 | 002,139,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll
SRV - [2012.11.02 20:00:42 | 002,400,800 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe -- (Browser Manager)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul = 
IE - HKU\S-1-5-21-3458879187-3836919629-484233890-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.claro-search.com/?affID=114508&tt=4412_4&babsrc=HP_clro&mntrId=b2971a310000000000000015affcb035
IE - HKU\S-1-5-21-3458879187-3836919629-484233890-1001\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3458879187-3836919629-484233890-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3458879187-3836919629-484233890-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3458879187-3836919629-484233890-1001\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul = 
IE - HKU\S-1-5-21-3458879187-3836919629-484233890-1001\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=sBw1by4Ny01L7OhL4ygWnrRhogQ?q={searchTerms}
FF - prefs.js..browser.search.selectedEngine: "Claro Search"
FF - prefs.js..browser.startup.homepage: "http://www.claro-search.com/?affID=114508&tt=4412_4&babsrc=HP_clro&mntrId=b2971a310000000000000015affcb035"
[2012.11.02 13:24:45 | 000,006,522 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
:Files
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache
C:\Documents and Settings\All Users\Application Data\Browser Manager
C:\ProgramData\Babylon
C:\Users\Tatjana\AppData\Roaming\Babylon
C:\ProgramData\IBUpdaterService
C:\ProgramData\Browser Manager
C:\Users\Tatjana\AppData\Roaming\Dudyv
C:\Users\Tatjana\AppData\Roaming\Duusu
C:\Users\Tatjana\AppData\Roaming\Ilyg
C:\Users\Tatjana\AppData\Roaming\Ivki
C:\Users\Tatjana\AppData\Roaming\Moipuc
C:\Users\Tatjana\AppData\Roaming\Muehar
C:\Users\Tatjana\AppData\Roaming\Kaetm
C:\Users\Tatjana\AppData\Roaming\Orac
C:\Users\Tatjana\AppData\Roaming\Qagusi
C:\Users\Tatjana\AppData\Roaming\Udzo
C:\Users\Tatjana\AppData\Roaming\Upatte
C:\Users\Tatjana\AppData\Roaming\Uqeza
C:\Users\Tatjana\AppData\Roaming\Vuqe
C:\Users\Tatjana\AppData\Roaming\Ylmasu
C:\Users\Tatjana\AppData\Roaming\Ypady
C:\Users\Tatjana\AppData\Roaming\Ypma
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

zatjana · 06.11.2012, 22:31

Code:

ATTFilter

 All processes killed
========== OTL ==========
Releasing module C:\Documents and Settings\All Users\Application Data\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll
C:\Documents and Settings\All Users\Application Data\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll moved successfully.
Service Browser Manager stopped successfully!
Service Browser Manager deleted successfully!
C:\Documents and Settings\All Users\Application Data\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-3458879187-3836919629-484233890-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3458879187-3836919629-484233890-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_USERS\S-1-5-21-3458879187-3836919629-484233890-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-3458879187-3836919629-484233890-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-3458879187-3836919629-484233890-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3458879187-3836919629-484233890-1001\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Prefs.js: "Claro Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.claro-search.com/?affID=114508&tt=4412_4&babsrc=HP_clro&mntrId=b2971a310000000000000015affcb035" removed from browser.startup.homepage
C:\Programme\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
========== FILES ==========
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Tatjana\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File\Folder C:\Documents and Settings\All Users\Application Data\Browser Manager not found.
C:\ProgramData\Babylon folder moved successfully.
C:\Users\Tatjana\AppData\Roaming\Babylon folder moved successfully.
C:\ProgramData\IBUpdaterService folder moved successfully.
C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings folder moved successfully.
C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension\content folder moved successfully.
C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension\components folder moved successfully.
C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension folder moved successfully.
Folder move failed. C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.4.897.175 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager scheduled to be moved on reboot.
C:\Users\Tatjana\AppData\Roaming\Dudyv folder moved successfully.
C:\Users\Tatjana\AppData\Roaming\Duusu folder moved successfully.
C:\Users\Tatjana\AppData\Roaming\Ilyg folder moved successfully.
C:\Users\Tatjana\AppData\Roaming\Ivki folder moved successfully.
C:\Users\Tatjana\AppData\Roaming\Moipuc folder moved successfully.
C:\Users\Tatjana\AppData\Roaming\Muehar folder moved successfully.
C:\Users\Tatjana\AppData\Roaming\Kaetm folder moved successfully.
C:\Users\Tatjana\AppData\Roaming\Orac folder moved successfully.
C:\Users\Tatjana\AppData\Roaming\Qagusi folder moved successfully.
C:\Users\Tatjana\AppData\Roaming\Udzo folder moved successfully.
C:\Users\Tatjana\AppData\Roaming\Upatte folder moved successfully.
C:\Users\Tatjana\AppData\Roaming\Uqeza folder moved successfully.
C:\Users\Tatjana\AppData\Roaming\Vuqe folder moved successfully.
C:\Users\Tatjana\AppData\Roaming\Ylmasu folder moved successfully.
C:\Users\Tatjana\AppData\Roaming\Ypady folder moved successfully.
C:\Users\Tatjana\AppData\Roaming\Ypma folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Tatjana\Desktop\cmd.bat deleted successfully.
C:\Users\Tatjana\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Tatjana
->Temp folder emptied: 3218558780 bytes
->Temporary Internet Files folder emptied: 2038507212 bytes
->FireFox cache emptied: 117346245 bytes
->Google Chrome cache emptied: 6947908 bytes
->Flash cache emptied: 3026860 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1640760 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 494617139 bytes
RecycleBin emptied: 3682195 bytes
 
Total Files Cleaned = 5.612,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 11062012_215151

Files\Folders moved on Reboot...
C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings folder moved successfully.
C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73} folder moved successfully.
C:\ProgramData\Browser Manager\2.4.897.175 folder moved successfully.
C:\ProgramData\Browser Manager folder moved successfully.
File\Folder C:\Windows\temp\JETBF96.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 06.11.2012, 22:41

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

zatjana · 07.11.2012, 18:01

Code:

ATTFilter

 # AdwCleaner v2.007 - Datei am 07/11/2012 um 18:00:51 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Tatjana - TATJANA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Tatjana\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****

Gefunden : ICQ Service

***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files\Mozilla Firefox\.autoreg
Datei Gefunden : C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\x6fg3595.default\searchplugins\icqplugin.xml
Datei Gefunden : C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\x6fg3595.default\searchplugins\icqplugin-1.xml
Datei Gefunden : C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\x6fg3595.default\searchplugins\icqplugin-2.xml
Datei Gefunden : C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\x6fg3595.default\searchplugins\icqplugin-3.xml
Datei Gefunden : C:\Users\Tatjana\Desktop\eBay.lnk
Ordner Gefunden : C:\Program Files\ICQ6Toolbar
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\Users\Tatjana\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\Tatjana\AppData\LocalLow\Claro LTD
Ordner Gefunden : C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\x6fg3595.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
Ordner Gefunden : C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\x6fg3595.default\extensions\ffxtlbr@babylon.com

***** [Registrierungsdatenbank] *****

Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = data\browser
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\Cr_Installer
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gefunden : HKU\S-1-5-21-3458879187-3836919629-484233890-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Mozilla Firefox v3.0.19 (de)

Profilname : default 
Datei : C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\x6fg3595.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Tatjana\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [4739 octets] - [07/11/2012 18:00:51]

########## EOF - C:\AdwCleaner[R1].txt - [4799 octets] ##########

04.11.2012, 02:07	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Claro Search Virus Hast du schon einen der Virenscanner (Avast oder AntiVir) deinstalliert? __________________ Logfiles bitte immer in CODE-Tags posten

Claro Search Virus

Plagegeister aller Art und deren Bekämpfung: Claro Search Virus