Google Redirect Virus entfernen

Linus2011 · 15.11.2012, 19:53

Hallo,
wir kennen uns in Sachen Computer überhaupt nicht aus und haben folgendes Probelm:
Wenn ich bei Google eine Suchanfrage starte, kommen zwar die Ergebnisse, aber nach dem Anklicken werde ich auf andere Seiten weitergleitet.
Ich habe heute im Netz recherchiert und verschiedene Programme laufen lassen.
TDSSKiller hat nichts ergeben. Malwarebytes Anti malware hat etwas gefunden, das habe ich entfernt. Das Problem war immernoch da, darum habe ich otl.exe heruntergeladen und laufen lassen. Die Berichte sind allerdings Böhmische-Dörfer... Wir wissen nicht mal, wie wir die Berichte hier hochladen sollen.
Könnt ihr uns bitte helfen?

Vielen Dank im voraus

M-K-D-B · 17.11.2012, 12:44

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Zitat:

TDSSKiller hat nichts ergeben. Malwarebytes Anti malware hat etwas gefunden, das habe ich entfernt.

Solche Aussagen helfen keinem weiter. Das hier durchlesen und die Logdateien von MBAM und TDSSKiller posten:
Bitte alle Logs mit Funden posten
Dazu die entsprechende Logdatei öffnen, mit "STRG + A" alles markieren, mit "STRG+C" kopieren und direkt hier in deinem Thema mit "STRG+V" einfügen.
Alternativ:
Logfiles als Anhang posten

Schritt 1
Downloade dir bitte DDS ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.

dds.com
dds.exe

Starte bitte dds mit einem Doppelklick.
Der Desktop wird verschwinden, das ist normal.
Setze bitte einen Haken bei
- dds.txt ( Sollte angehakt sein )
- attach.txt
Ändere keine Einstellungen ohne Anweisung
Wenn der Scan beendet ist, wird DDS 2 Logfiles auf deinem Desktop erstellen:
- dds.txt
- attach.txt

Bitte poste beide Logfiles in deiner nächsten Antwort.

Schritt 2
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
Wenn der Scan beendet wurde (Finished), klicke auf OK.
Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt. Poste deren Inhalt mit deiner nächsten Antwort.

Klicke den Re-enable Button nicht ohne Anweisung!

Schritt 3
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Bitte poste mit deiner nächsten Antwort

die Logdateien von TDSSKiller und Malwarebytes' Anti-Malware,
die beiden Logdateien von DDS,
die Logdatei von DeFogger,
die Logdatei von aswMBR.

Linus2011 · 17.11.2012, 15:47

Hallo Matthias,
vielen Dank, dass du uns hilfst!!!!
Wir haben deine Anleitungen befolgt und posten nun die gewünschten Logdateien.
Bei DeFogger wurde nur eine log -Datei erstellt, keine txt.

15:09:47.0721 5780 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:09:47.0968 5780 ============================================================
15:09:47.0968 5780 Current date / time: 2012/11/15 15:09:47.0968
15:09:47.0968 5780 SystemInfo:
15:09:47.0968 5780
15:09:47.0968 5780 OS Version: 6.0.6002 ServicePack: 2.0
15:09:47.0968 5780 Product type: Workstation
15:09:47.0968 5780 ComputerName: BARBI´SCOMPU-PC
15:09:47.0968 5780 UserName: Barbi´s Computer
15:09:47.0968 5780 Windows directory: C:\Windows
15:09:47.0968 5780 System windows directory: C:\Windows
15:09:47.0968 5780 Processor architecture: Intel x86
15:09:47.0968 5780 Number of processors: 2
15:09:47.0968 5780 Page size: 0x1000
15:09:47.0968 5780 Boot type: Normal boot
15:09:47.0968 5780 ============================================================
15:09:49.0059 5780 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:09:49.0061 5780 ============================================================
15:09:49.0061 5780 \Device\Harddisk0\DR0:
15:09:49.0061 5780 MBR partitions:
15:09:49.0061 5780 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A04000, BlocksNum 0x38981800
15:09:49.0061 5780 ============================================================
15:09:49.0101 5780 C: <-> \Device\Harddisk0\DR0\Partition1
15:09:49.0101 5780 ============================================================
15:09:49.0101 5780 Initialize success
15:09:49.0101 5780 ============================================================
15:09:52.0026 3624 ============================================================
15:09:52.0026 3624 Scan started
15:09:52.0026 3624 Mode: Manual;
15:09:52.0026 3624 ============================================================
15:09:52.0864 3624 ================ Scan system memory ========================
15:09:52.0864 3624 System memory - ok
15:09:52.0864 3624 ================ Scan services =============================
15:09:53.0021 3624 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
15:09:53.0027 3624 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
15:09:53.0346 3624 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
15:09:53.0348 3624 ACPI - ok
15:09:53.0420 3624 [ 09E61047B0CEF21559CFCEDF4F14D216 ] Ad-Aware Service C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
15:09:53.0429 3624 Ad-Aware Service - ok
15:09:53.0470 3624 [ E8FE4FCE23D2809BD88BCC1D0F8408CE ] AdobeActiveFileMonitor6.0 C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
15:09:53.0472 3624 AdobeActiveFileMonitor6.0 - ok
15:09:53.0522 3624 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:09:53.0525 3624 AdobeFlashPlayerUpdateSvc - ok
15:09:53.0563 3624 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:09:53.0566 3624 adp94xx - ok
15:09:53.0589 3624 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:09:53.0591 3624 adpahci - ok
15:09:53.0611 3624 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
15:09:53.0612 3624 adpu160m - ok
15:09:53.0623 3624 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:09:53.0624 3624 adpu320 - ok
15:09:53.0676 3624 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:09:53.0677 3624 AeLookupSvc - ok
15:09:53.0852 3624 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
15:09:53.0855 3624 AFD - ok
15:09:53.0917 3624 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:09:53.0918 3624 agp440 - ok
15:09:53.0968 3624 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:09:53.0969 3624 aic78xx - ok
15:09:54.0002 3624 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
15:09:54.0003 3624 ALG - ok
15:09:54.0036 3624 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
15:09:54.0036 3624 aliide - ok
15:09:54.0061 3624 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:09:54.0062 3624 amdagp - ok
15:09:54.0091 3624 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
15:09:54.0092 3624 amdide - ok
15:09:54.0105 3624 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
15:09:54.0106 3624 AmdK7 - ok
15:09:54.0209 3624 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:09:54.0210 3624 AmdK8 - ok
15:09:54.0366 3624 [ 7A46CF1F1075EB0340EA40F12D88A862 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
15:09:54.0394 3624 amdkmdag - ok
15:09:54.0429 3624 [ E786AC0FBAB7ACFA53A7F8EF64652DD5 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
15:09:54.0430 3624 amdkmdap - ok
15:09:54.0475 3624 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
15:09:54.0475 3624 Appinfo - ok
15:09:54.0549 3624 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:09:54.0550 3624 Apple Mobile Device - ok
15:09:54.0593 3624 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
15:09:54.0594 3624 arc - ok
15:09:54.0636 3624 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:09:54.0637 3624 arcsas - ok
15:09:54.0689 3624 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:09:54.0689 3624 AsyncMac - ok
15:09:54.0727 3624 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
15:09:54.0728 3624 atapi - ok
15:09:54.0766 3624 [ 02CBD9AF51BE20608C21547582723FC8 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
15:09:54.0771 3624 Ati External Event Utility - ok
15:09:54.0834 3624 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:09:54.0837 3624 AudioEndpointBuilder - ok
15:09:54.0856 3624 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:09:54.0859 3624 Audiosrv - ok
15:09:54.0878 3624 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
15:09:54.0878 3624 Beep - ok
15:09:54.0935 3624 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
15:09:54.0938 3624 BFE - ok
15:09:55.0007 3624 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
15:09:55.0015 3624 BITS - ok
15:09:55.0039 3624 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
15:09:55.0040 3624 blbdrive - ok
15:09:55.0156 3624 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:09:55.0160 3624 Bonjour Service - ok
15:09:55.0221 3624 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:09:55.0223 3624 bowser - ok
15:09:55.0246 3624 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
15:09:55.0247 3624 BrFiltLo - ok
15:09:55.0260 3624 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
15:09:55.0261 3624 BrFiltUp - ok
15:09:55.0282 3624 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
15:09:55.0284 3624 Browser - ok
15:09:55.0331 3624 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
15:09:55.0332 3624 Brserid - ok
15:09:55.0355 3624 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
15:09:55.0356 3624 BrSerWdm - ok
15:09:55.0375 3624 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
15:09:55.0376 3624 BrUsbMdm - ok
15:09:55.0391 3624 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
15:09:55.0391 3624 BrUsbSer - ok
15:09:55.0413 3624 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:09:55.0414 3624 BTHMODEM - ok
15:09:55.0452 3624 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:09:55.0453 3624 cdfs - ok
15:09:55.0479 3624 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:09:55.0480 3624 cdrom - ok
15:09:55.0527 3624 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
15:09:55.0529 3624 CertPropSvc - ok
15:09:55.0552 3624 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
15:09:55.0553 3624 circlass - ok
15:09:55.0584 3624 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
15:09:55.0587 3624 CLFS - ok
15:09:55.0666 3624 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:09:55.0667 3624 clr_optimization_v2.0.50727_32 - ok
15:09:55.0766 3624 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:09:55.0767 3624 clr_optimization_v4.0.30319_32 - ok
15:09:55.0796 3624 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:09:55.0797 3624 CmBatt - ok
15:09:55.0820 3624 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:09:55.0821 3624 cmdide - ok
15:09:55.0845 3624 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:09:55.0846 3624 Compbatt - ok
15:09:55.0852 3624 COMSysApp - ok
15:09:55.0961 3624 [ D5A310D8F315E96884EB06CB453B0A3C ] COSIDS_TB C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
15:09:55.0963 3624 COSIDS_TB - ok
15:09:55.0969 3624 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:09:55.0970 3624 crcdisk - ok
15:09:55.0998 3624 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
15:09:55.0998 3624 Crusoe - ok
15:09:56.0052 3624 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:09:56.0053 3624 CryptSvc - ok
15:09:56.0122 3624 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:09:56.0145 3624 DcomLaunch - ok
15:09:56.0329 3624 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:09:56.0330 3624 DfsC - ok
15:09:56.0426 3624 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
15:09:56.0440 3624 DFSR - ok
15:09:56.0498 3624 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
15:09:56.0500 3624 Dhcp - ok
15:09:56.0531 3624 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
15:09:56.0532 3624 disk - ok
15:09:56.0559 3624 [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys
15:09:56.0559 3624 DKbFltr - ok
15:09:56.0617 3624 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:09:56.0618 3624 Dnscache - ok
15:09:56.0662 3624 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:09:56.0664 3624 dot3svc - ok
15:09:56.0686 3624 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
15:09:56.0688 3624 DPS - ok
15:09:56.0743 3624 [ 5C918D413F5837E67A85775C9873775E ] DritekPortIO C:\PROGRA~1\LAUNCH~1\DPortIO.sys
15:09:56.0744 3624 DritekPortIO - ok
15:09:56.0775 3624 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:09:56.0776 3624 drmkaud - ok
15:09:56.0841 3624 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:09:56.0846 3624 DXGKrnl - ok
15:09:56.0874 3624 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
15:09:56.0875 3624 E1G60 - ok
15:09:56.0916 3624 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
15:09:56.0917 3624 EapHost - ok
15:09:56.0972 3624 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
15:09:56.0973 3624 Ecache - ok
15:09:57.0018 3624 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:09:57.0020 3624 ehRecvr - ok
15:09:57.0030 3624 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
15:09:57.0031 3624 ehSched - ok
15:09:57.0048 3624 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
15:09:57.0049 3624 ehstart - ok
15:09:57.0097 3624 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:09:57.0100 3624 elxstor - ok
15:09:57.0148 3624 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
15:09:57.0152 3624 EMDMgmt - ok
15:09:57.0343 3624 [ 926E9D64319454D1314858D348C3E963 ] ePowerSvc C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe
15:09:57.0347 3624 ePowerSvc - ok
15:09:57.0424 3624 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
15:09:57.0425 3624 EpsonBidirectionalService - ok
15:09:57.0446 3624 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:09:57.0447 3624 ErrDev - ok
15:09:57.0511 3624 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
15:09:57.0516 3624 EventSystem - ok
15:09:57.0577 3624 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
15:09:57.0580 3624 exfat - ok
15:09:57.0641 3624 [ 42F721C52EEF2D6DF9372A53813A83EF ] ezSharedSvc C:\Windows\System32\ezsvc7.dll
15:09:57.0644 3624 ezSharedSvc - ok
15:09:57.0680 3624 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:09:57.0681 3624 fastfat - ok
15:09:57.0719 3624 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:09:57.0720 3624 fdc - ok
15:09:57.0749 3624 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
15:09:57.0750 3624 fdPHost - ok
15:09:57.0763 3624 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
15:09:57.0765 3624 FDResPub - ok
15:09:57.0773 3624 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:09:57.0774 3624 FileInfo - ok
15:09:57.0795 3624 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:09:57.0797 3624 Filetrace - ok
15:09:57.0860 3624 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:09:57.0881 3624 FLEXnet Licensing Service - ok
15:09:57.0925 3624 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:09:57.0926 3624 flpydisk - ok
15:09:57.0961 3624 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:09:57.0965 3624 FltMgr - ok
15:09:58.0045 3624 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
15:09:58.0067 3624 FontCache - ok
15:09:58.0154 3624 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:09:58.0156 3624 FontCache3.0.0.0 - ok
15:09:58.0189 3624 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:09:58.0190 3624 Fs_Rec - ok
15:09:58.0225 3624 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:09:58.0227 3624 gagp30kx - ok
15:09:58.0365 3624 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:09:58.0366 3624 GEARAspiWDM - ok
15:09:58.0415 3624 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
15:09:58.0416 3624 GoogleDesktopManager-051210-111108 - ok
15:09:58.0508 3624 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
15:09:58.0530 3624 gpsvc - ok
15:09:58.0570 3624 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:09:58.0574 3624 HdAudAddService - ok
15:09:58.0624 3624 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:09:58.0644 3624 HDAudBus - ok
15:09:58.0680 3624 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:09:58.0682 3624 HidBth - ok
15:09:58.0703 3624 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
15:09:58.0705 3624 HidIr - ok
15:09:58.0743 3624 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
15:09:58.0745 3624 hidserv - ok
15:09:58.0769 3624 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:09:58.0770 3624 HidUsb - ok
15:09:58.0796 3624 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:09:58.0799 3624 hkmsvc - ok
15:09:58.0829 3624 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
15:09:58.0830 3624 HpCISSs - ok
15:09:58.0952 3624 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:09:58.0956 3624 HSFHWAZL - ok
15:09:59.0042 3624 [ 1E7C79CBAF71AA92E0EEE924907DCB55 ] HsfXAudioService C:\Windows\system32\XAudio32.dll
15:09:59.0060 3624 HsfXAudioService - ok
15:09:59.0105 3624 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:09:59.0113 3624 HTTP - ok
15:09:59.0137 3624 hwdatacard - ok
15:09:59.0146 3624 hwusbdev - ok
15:09:59.0180 3624 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
15:09:59.0182 3624 i2omp - ok
15:09:59.0227 3624 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:09:59.0229 3624 i8042prt - ok
15:09:59.0261 3624 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
15:09:59.0383 3624 iaStorV - ok
15:09:59.0490 3624 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:09:59.0524 3624 idsvc - ok
15:09:59.0597 3624 [ E28602C9E17B0DDCE9F5DEB3B3E2A635 ] IGDCTRL C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
15:09:59.0599 3624 IGDCTRL - ok
15:09:59.0639 3624 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:09:59.0640 3624 iirsp - ok
15:09:59.0685 3624 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
15:09:59.0694 3624 IKEEXT - ok
15:09:59.0765 3624 [ DE7D0A44DE9EAF68165748A8D6AF1C86 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:09:59.0820 3624 IntcAzAudAddService - ok
15:09:59.0839 3624 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
15:09:59.0841 3624 intelide - ok
15:09:59.0864 3624 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:09:59.0865 3624 intelppm - ok
15:09:59.0902 3624 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:09:59.0905 3624 IPBusEnum - ok
15:09:59.0934 3624 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:09:59.0935 3624 IpFilterDriver - ok
15:09:59.0974 3624 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:09:59.0979 3624 iphlpsvc - ok
15:09:59.0985 3624 IpInIp - ok
15:10:00.0015 3624 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
15:10:00.0017 3624 IPMIDRV - ok
15:10:00.0038 3624 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
15:10:00.0040 3624 IPNAT - ok
15:10:00.0128 3624 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:10:00.0134 3624 iPod Service - ok
15:10:00.0162 3624 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:10:00.0163 3624 IRENUM - ok
15:10:00.0189 3624 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:10:00.0190 3624 isapnp - ok
15:10:00.0225 3624 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:10:00.0229 3624 iScsiPrt - ok
15:10:00.0249 3624 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
15:10:00.0251 3624 iteatapi - ok
15:10:00.0270 3624 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
15:10:00.0271 3624 iteraid - ok
15:10:00.0422 3624 [ EAC21E8014C7E6EE341AFFFB7E2BBD54 ] k57nd60x C:\Windows\system32\DRIVERS\k57nd60x.sys
15:10:00.0426 3624 k57nd60x - ok
15:10:00.0442 3624 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:10:00.0443 3624 kbdclass - ok
15:10:00.0450 3624 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:10:00.0452 3624 kbdhid - ok
15:10:00.0508 3624 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
15:10:00.0510 3624 KeyIso - ok
15:10:00.0576 3624 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:10:00.0584 3624 KSecDD - ok
15:10:00.0648 3624 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
15:10:00.0655 3624 KtmRm - ok
15:10:00.0693 3624 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
15:10:00.0697 3624 LanmanServer - ok
15:10:00.0730 3624 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:10:00.0735 3624 LanmanWorkstation - ok
15:10:00.0750 3624 Lavasoft Kernexplorer - ok
15:10:00.0768 3624 Lbd - ok
15:10:00.0793 3624 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:10:00.0795 3624 lltdio - ok
15:10:00.0823 3624 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:10:00.0828 3624 lltdsvc - ok
15:10:00.0842 3624 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:10:00.0844 3624 lmhosts - ok
15:10:00.0876 3624 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:10:00.0879 3624 LSI_FC - ok
15:10:00.0903 3624 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:10:00.0905 3624 LSI_SAS - ok
15:10:00.0957 3624 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:10:00.0959 3624 LSI_SCSI - ok
15:10:00.0986 3624 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
15:10:00.0988 3624 luafv - ok
15:10:00.0993 3624 lxby_device - ok
15:10:01.0053 3624 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:10:01.0054 3624 MBAMProtector - ok
15:10:01.0132 3624 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:10:01.0139 3624 MBAMScheduler - ok
15:10:01.0176 3624 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:10:01.0198 3624 MBAMService - ok
15:10:01.0231 3624 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:10:01.0234 3624 Mcx2Svc - ok
15:10:01.0302 3624 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:10:01.0303 3624 mdmxsdk - ok
15:10:01.0478 3624 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
15:10:01.0479 3624 megasas - ok
15:10:01.0542 3624 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
15:10:01.0549 3624 MegaSR - ok
15:10:01.0578 3624 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
15:10:01.0581 3624 MMCSS - ok
15:10:01.0601 3624 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
15:10:01.0602 3624 Modem - ok
15:10:01.0630 3624 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:10:01.0632 3624 monitor - ok
15:10:01.0643 3624 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:10:01.0644 3624 mouclass - ok
15:10:01.0659 3624 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:10:01.0660 3624 mouhid - ok
15:10:01.0675 3624 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
15:10:01.0677 3624 MountMgr - ok
15:10:01.0766 3624 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:10:01.0769 3624 MozillaMaintenance - ok
15:10:01.0807 3624 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
15:10:01.0810 3624 mpio - ok
15:10:01.0862 3624 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:10:01.0863 3624 mpsdrv - ok
15:10:01.0917 3624 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
15:10:01.0926 3624 MpsSvc - ok
15:10:01.0958 3624 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
15:10:01.0959 3624 Mraid35x - ok
15:10:01.0989 3624 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:10:01.0992 3624 MRxDAV - ok
15:10:02.0053 3624 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:10:02.0055 3624 mrxsmb - ok
15:10:02.0113 3624 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:10:02.0115 3624 mrxsmb10 - ok
15:10:02.0125 3624 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:10:02.0128 3624 mrxsmb20 - ok
15:10:02.0152 3624 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
15:10:02.0154 3624 msahci - ok
15:10:02.0201 3624 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:10:02.0203 3624 msdsm - ok
15:10:02.0226 3624 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
15:10:02.0229 3624 MSDTC - ok
15:10:02.0240 3624 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:10:02.0241 3624 Msfs - ok
15:10:02.0273 3624 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:10:02.0275 3624 msisadrv - ok
15:10:02.0313 3624 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:10:02.0316 3624 MSiSCSI - ok
15:10:02.0322 3624 msiserver - ok
15:10:02.0355 3624 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:10:02.0357 3624 MSKSSRV - ok
15:10:02.0500 3624 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:10:02.0501 3624 MSPCLOCK - ok
15:10:02.0556 3624 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:10:02.0557 3624 MSPQM - ok
15:10:02.0595 3624 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:10:02.0598 3624 MsRPC - ok
15:10:02.0619 3624 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:10:02.0620 3624 mssmbios - ok
15:10:02.0647 3624 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:10:02.0649 3624 MSTEE - ok
15:10:02.0683 3624 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
15:10:02.0685 3624 Mup - ok
15:10:02.0730 3624 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
15:10:02.0737 3624 napagent - ok
15:10:02.0797 3624 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:10:02.0800 3624 NativeWifiP - ok
15:10:02.0861 3624 NAVENG - ok
15:10:02.0865 3624 NAVEX15 - ok
15:10:02.0930 3624 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:10:02.0953 3624 NDIS - ok
15:10:03.0008 3624 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:10:03.0009 3624 NdisTapi - ok
15:10:03.0026 3624 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:10:03.0027 3624 Ndisuio - ok
15:10:03.0088 3624 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:10:03.0091 3624 NdisWan - ok
15:10:03.0106 3624 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:10:03.0108 3624 NDProxy - ok
15:10:03.0201 3624 [ 40D7D0A208EE863BCA8D89E299216F15 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
15:10:03.0224 3624 Nero BackItUp Scheduler 3 - ok
15:10:03.0248 3624 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:10:03.0249 3624 NetBIOS - ok
15:10:03.0296 3624 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
15:10:03.0300 3624 netbt - ok
15:10:03.0308 3624 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
15:10:03.0309 3624 Netlogon - ok
15:10:03.0342 3624 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
15:10:03.0348 3624 Netman - ok
15:10:03.0363 3624 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
15:10:03.0369 3624 netprofm - ok
15:10:03.0525 3624 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:10:03.0528 3624 NetTcpPortSharing - ok
15:10:03.0642 3624 [ 7269039E216BDD863ABF1850A0FFDBAF ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
15:10:03.0719 3624 NETw5v32 - ok
15:10:03.0754 3624 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:10:03.0756 3624 nfrd960 - ok
15:10:03.0782 3624 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:10:03.0786 3624 NlaSvc - ok
15:10:03.0862 3624 [ CD4326BC339F98DE21AA07B208A305AE ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
15:10:03.0884 3624 NMIndexingService - ok
15:10:03.0927 3624 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:10:03.0928 3624 Npfs - ok
15:10:03.0939 3624 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
15:10:03.0945 3624 nsi - ok
15:10:03.0968 3624 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:10:03.0969 3624 nsiproxy - ok
15:10:04.0053 3624 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:10:04.0132 3624 Ntfs - ok
15:10:04.0195 3624 [ 952BF6DFC96E3E94D1D88FD0B78EC443 ] NTI IScheduleSvc C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
15:10:04.0197 3624 NTI IScheduleSvc - ok
15:10:04.0230 3624 [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr C:\Windows\system32\Drivers\NTIDrvr.sys
15:10:04.0231 3624 NTIDrvr - ok
15:10:04.0264 3624 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
15:10:04.0265 3624 ntrigdigi - ok
15:10:04.0288 3624 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
15:10:04.0289 3624 Null - ok
15:10:04.0318 3624 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:10:04.0321 3624 nvraid - ok
15:10:04.0344 3624 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:10:04.0346 3624 nvstor - ok
15:10:04.0383 3624 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:10:04.0740 3624 nv_agp - ok
15:10:04.0745 3624 NwlnkFlt - ok
15:10:04.0751 3624 NwlnkFwd - ok
15:10:04.0808 3624 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:10:04.0811 3624 ohci1394 - ok
15:10:04.0938 3624 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
15:10:04.0959 3624 p2pimsvc - ok
15:10:05.0006 3624 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
15:10:05.0014 3624 p2psvc - ok
15:10:05.0075 3624 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
15:10:05.0078 3624 Parport - ok
15:10:05.0200 3624 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:10:05.0202 3624 partmgr - ok
15:10:05.0312 3624 [ 3C6E7D73B0E9BC21D5E4B531AB7EC091 ] Partner Service C:\ProgramData\Partner\partner.exe
15:10:05.0459 3624 Partner Service - ok
15:10:05.0541 3624 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
15:10:05.0543 3624 Parvdm - ok
15:10:05.0573 3624 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
15:10:05.0576 3624 PcaSvc - ok
15:10:05.0631 3624 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
15:10:05.0633 3624 pccsmcfd - ok
15:10:05.0663 3624 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
15:10:05.0667 3624 pci - ok
15:10:05.0704 3624 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
15:10:05.0705 3624 pciide - ok
15:10:05.0726 3624 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:10:05.0727 3624 pcmcia - ok
15:10:05.0773 3624 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:10:05.0779 3624 PEAUTH - ok
15:10:05.0860 3624 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
15:10:05.0894 3624 pla - ok
15:10:05.0924 3624 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
15:10:05.0927 3624 PLFlash DeviceIoControl Service - ok
15:10:05.0983 3624 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:10:05.0988 3624 PlugPlay - ok
15:10:06.0013 3624 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
15:10:06.0020 3624 PNRPAutoReg - ok
15:10:06.0046 3624 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
15:10:06.0053 3624 PNRPsvc - ok
15:10:06.0097 3624 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:10:06.0104 3624 PolicyAgent - ok
15:10:06.0147 3624 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:10:06.0148 3624 PptpMiniport - ok
15:10:06.0168 3624 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
15:10:06.0170 3624 Processor - ok
15:10:06.0225 3624 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
15:10:06.0228 3624 ProfSvc - ok
15:10:06.0241 3624 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
15:10:06.0243 3624 ProtectedStorage - ok
15:10:06.0279 3624 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
15:10:06.0281 3624 PSched - ok
15:10:06.0298 3624 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
15:10:06.0300 3624 PxHelp20 - ok
15:10:06.0364 3624 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:10:06.0406 3624 ql2300 - ok
15:10:06.0423 3624 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:10:06.0426 3624 ql40xx - ok
15:10:06.0458 3624 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
15:10:06.0464 3624 QWAVE - ok
15:10:06.0474 3624 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:10:06.0476 3624 QWAVEdrv - ok
15:10:06.0490 3624 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:10:06.0492 3624 RasAcd - ok
15:10:06.0505 3624 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
15:10:06.0509 3624 RasAuto - ok
15:10:06.0527 3624 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:10:06.0529 3624 Rasl2tp - ok
15:10:06.0581 3624 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
15:10:06.0587 3624 RasMan - ok
15:10:06.0636 3624 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:10:06.0638 3624 RasPppoe - ok
15:10:06.0679 3624 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:10:06.0681 3624 RasSstp - ok
15:10:06.0731 3624 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:10:06.0736 3624 rdbss - ok
15:10:06.0755 3624 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:10:06.0756 3624 RDPCDD - ok
15:10:06.0777 3624 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
15:10:06.0782 3624 rdpdr - ok
15:10:06.0787 3624 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:10:06.0789 3624 RDPENCDD - ok
15:10:06.0849 3624 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:10:06.0853 3624 RDPWD - ok
15:10:06.0962 3624 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:10:06.0965 3624 RemoteAccess - ok
15:10:07.0001 3624 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:10:07.0005 3624 RemoteRegistry - ok
15:10:07.0064 3624 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
15:10:07.0066 3624 RpcLocator - ok
15:10:07.0088 3624 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
15:10:07.0094 3624 RpcSs - ok
15:10:07.0123 3624 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:10:07.0125 3624 rspndr - ok
15:10:07.0163 3624 [ A95B16FF762FF217847B97E6F05778EE ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
15:10:07.0167 3624 RTHDMIAzAudService - ok
15:10:07.0207 3624 [ D97D8259293B7A82CB891F37F997DF3F ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
15:10:07.0209 3624 RTSTOR - ok
15:10:07.0273 3624 [ 59509AD6CBC28F2C73056268985B3E48 ] s0016bus C:\Windows\system32\DRIVERS\s0016bus.sys
15:10:07.0276 3624 s0016bus - ok
15:10:07.0321 3624 [ B98C3A6F91F4FBA285AF9606A240C6B4 ] s0016mdfl C:\Windows\system32\DRIVERS\s0016mdfl.sys
15:10:07.0323 3624 s0016mdfl - ok
15:10:07.0362 3624 [ 8A83426F4FB7B5212825D9DE76368B1A ] s0016mdm C:\Windows\system32\DRIVERS\s0016mdm.sys
15:10:07.0364 3624 s0016mdm - ok
15:10:07.0392 3624 [ 7A78BBA97FEB5E6D24C49E93A3BF7287 ] s0016mgmt C:\Windows\system32\DRIVERS\s0016mgmt.sys
15:10:07.0393 3624 s0016mgmt - ok
15:10:07.0415 3624 [ 34EF7B5F611957B73E7219DD5A222AD1 ] s0016nd5 C:\Windows\system32\DRIVERS\s0016nd5.sys
15:10:07.0416 3624 s0016nd5 - ok
15:10:07.0460 3624 [ 36792935847143E4A3CDA0DC87248487 ] s0016obex C:\Windows\system32\DRIVERS\s0016obex.sys
15:10:07.0463 3624 s0016obex - ok
15:10:07.0493 3624 [ 927208754FB27FC3E7A659E77500C5D1 ] s0016unic C:\Windows\system32\DRIVERS\s0016unic.sys
15:10:07.0495 3624 s0016unic - ok
15:10:07.0519 3624 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
15:10:07.0520 3624 SamSs - ok
15:10:07.0653 3624 [ BCE943896289A91AD75CC5652620B1C6 ] SBAMSvc C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
15:10:07.0753 3624 SBAMSvc - ok
15:10:07.0778 3624 [ 3FFF8CDA4D2F29CA06F1557E85163C30 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys
15:10:07.0781 3624 sbapifs - ok
15:10:07.0830 3624 [ BCF3BA30C1CFA2942CF26C31384B37C7 ] SbFw C:\Windows\system32\drivers\SbFw.sys
15:10:07.0834 3624 SbFw - ok
15:10:07.0845 3624 [ 1DCAD90CC9C0DDC7D060FD97854F8518 ] SBFWIMCL C:\Windows\system32\DRIVERS\sbfwim.sys
15:10:07.0847 3624 SBFWIMCL - ok
15:10:07.0853 3624 [ 1DCAD90CC9C0DDC7D060FD97854F8518 ] SBFWIMCLMP C:\Windows\system32\DRIVERS\SBFWIM.sys
15:10:07.0855 3624 SBFWIMCLMP - ok
15:10:07.0883 3624 [ 1AFD7178AB9C4FCE2D332DA7AA474FA6 ] sbhips C:\Windows\system32\drivers\sbhips.sys
15:10:07.0886 3624 sbhips - ok
15:10:07.0906 3624 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:10:07.0908 3624 sbp2port - ok
15:10:07.0947 3624 [ 1FD538C4FEB36B793D2121F20BBDC16F ] SBRE C:\Windows\system32\drivers\SBREdrv.sys
15:10:07.0950 3624 SBRE - ok
15:10:07.0962 3624 [ 9BDF801A6C78E3F1E6FA1C5CA90BAA8A ] sbwtis C:\Windows\system32\DRIVERS\sbwtis.sys
15:10:07.0965 3624 sbwtis - ok
15:10:08.0002 3624 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:10:08.0006 3624 SCardSvr - ok
15:10:08.0059 3624 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
15:10:08.0082 3624 Schedule - ok
15:10:08.0138 3624 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
15:10:08.0139 3624 SCPolicySvc - ok
15:10:08.0165 3624 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:10:08.0169 3624 SDRSVC - ok
15:10:08.0192 3624 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:10:08.0194 3624 secdrv - ok
15:10:08.0206 3624 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
15:10:08.0209 3624 seclogon - ok
15:10:08.0223 3624 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
15:10:08.0226 3624 SENS - ok
15:10:08.0284 3624 [ DA17773297995D1135DFD1ACEEF07D58 ] Sentinel C:\Windows\System32\Drivers\SENTINEL.SYS
15:10:08.0285 3624 Sentinel - ok
15:10:08.0310 3624 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
15:10:08.0311 3624 Serenum - ok
15:10:08.0336 3624 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
15:10:08.0338 3624 Serial - ok
15:10:08.0362 3624 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:10:08.0364 3624 sermouse - ok
15:10:08.0475 3624 [ 8C1F87F5FDD92229D1754B98F073913F ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
15:10:08.0497 3624 ServiceLayer - ok
15:10:08.0543 3624 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
15:10:08.0547 3624 SessionEnv - ok
15:10:08.0563 3624 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:10:08.0564 3624 sffdisk - ok
15:10:08.0581 3624 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:10:08.0582 3624 sffp_mmc - ok
15:10:08.0598 3624 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:10:08.0600 3624 sffp_sd - ok
15:10:08.0612 3624 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:10:08.0614 3624 sfloppy - ok
15:10:08.0638 3624 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:10:08.0644 3624 SharedAccess - ok
15:10:08.0699 3624 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:10:08.0705 3624 ShellHWDetection - ok
15:10:08.0729 3624 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:10:08.0730 3624 sisagp - ok
15:10:08.0767 3624 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
15:10:08.0769 3624 SiSRaid2 - ok
15:10:08.0790 3624 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:10:08.0792 3624 SiSRaid4 - ok
15:10:08.0848 3624 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
15:10:08.0852 3624 SkypeUpdate - ok
15:10:08.0960 3624 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
15:10:09.0027 3624 slsvc - ok
15:10:09.0071 3624 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
15:10:09.0074 3624 SLUINotify - ok
15:10:09.0120 3624 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:10:09.0122 3624 Smb - ok
15:10:09.0148 3624 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:10:09.0151 3624 SNMPTRAP - ok
15:10:09.0242 3624 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
15:10:09.0245 3624 Sony PC Companion - ok
15:10:09.0288 3624 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
15:10:09.0289 3624 spldr - ok
15:10:09.0332 3624 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
15:10:09.0336 3624 Spooler - ok
15:10:09.0392 3624 SRTSP - ok
15:10:09.0404 3624 SRTSPX - ok
15:10:09.0460 3624 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:10:09.0466 3624 srv - ok
15:10:09.0495 3624 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:10:09.0500 3624 srv2 - ok
15:10:09.0571 3624 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:10:09.0574 3624 srvnet - ok
15:10:09.0612 3624 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:10:09.0617 3624 SSDPSRV - ok
15:10:09.0627 3624 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:10:09.0631 3624 SstpSvc - ok
15:10:09.0703 3624 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
15:10:09.0726 3624 stisvc - ok
15:10:09.0780 3624 [ 863FAB86FC18EE9D59ECAD342FD4AF06 ] SuperProServer C:\Windows\system32\spnsrvnt.exe
15:10:09.0784 3624 SuperProServer - ok
15:10:09.0809 3624 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:10:09.0810 3624 swenum - ok
15:10:09.0858 3624 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
15:10:09.0865 3624 swprv - ok
15:10:09.0885 3624 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
15:10:09.0887 3624 Symc8xx - ok
15:10:09.0937 3624 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
15:10:09.0939 3624 Sym_hi - ok
15:10:09.0957 3624 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
15:10:09.0959 3624 Sym_u3 - ok
15:10:10.0000 3624 [ 5C3E900F41426A372DE60675AFC8AA07 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:10:10.0004 3624 SynTP - ok
15:10:10.0071 3624 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
15:10:10.0093 3624 SysMain - ok
15:10:10.0142 3624 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:10:10.0145 3624 TabletInputService - ok
15:10:10.0181 3624 [ 1E89DE7A4FB7A854EBB241D0AA8996DD ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
15:10:10.0183 3624 tap0901 - ok
15:10:10.0224 3624 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:10:10.0230 3624 TapiSrv - ok
15:10:10.0243 3624 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
15:10:10.0247 3624 TBS - ok
15:10:10.0316 3624 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:10:10.0339 3624 Tcpip - ok
15:10:10.0367 3624 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
15:10:10.0374 3624 Tcpip6 - ok
15:10:10.0413 3624 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:10:10.0414 3624 tcpipreg - ok
15:10:10.0442 3624 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:10:10.0443 3624 TDPIPE - ok
15:10:10.0464 3624 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:10:10.0466 3624 TDTCP - ok
15:10:10.0519 3624 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:10:10.0521 3624 tdx - ok
15:10:10.0604 3624 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:10:10.0634 3624 TermDD - ok
15:10:10.0737 3624 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
15:10:10.0745 3624 TermService - ok
15:10:10.0766 3624 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
15:10:10.0769 3624 Themes - ok
15:10:10.0789 3624 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
15:10:10.0791 3624 THREADORDER - ok
15:10:10.0871 3624 [ D5697047F9CA5A18BB367CF94DA4B2C4 ] TIS 2000 Apache Web Server C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
15:10:10.0872 3624 TIS 2000 Apache Web Server - ok
15:10:10.0897 3624 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
15:10:10.0901 3624 TrkWks - ok
15:10:10.0958 3624 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:10:10.0958 3624 TrustedInstaller - ok
15:10:10.0994 3624 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:10:10.0995 3624 tssecsrv - ok
15:10:11.0023 3624 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
15:10:11.0024 3624 tunmp - ok
15:10:11.0053 3624 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:10:11.0055 3624 tunnel - ok
15:10:11.0079 3624 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:10:11.0081 3624 uagp35 - ok
15:10:11.0100 3624 [ F763E070843EE2803DE1395002B42938 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
15:10:11.0101 3624 UBHelper - ok
15:10:11.0146 3624 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:10:11.0148 3624 udfs - ok
15:10:11.0185 3624 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:10:11.0188 3624 UI0Detect - ok
15:10:11.0303 3624 [ F13DA74969897359A88F2A739F54A250 ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
15:10:11.0305 3624 UleadBurningHelper - ok
15:10:11.0324 3624 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:10:11.0328 3624 uliagpkx - ok
15:10:11.0351 3624 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
15:10:11.0356 3624 uliahci - ok
15:10:11.0387 3624 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
15:10:11.0389 3624 UlSata - ok
15:10:11.0412 3624 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
15:10:11.0413 3624 ulsata2 - ok
15:10:11.0444 3624 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:10:11.0446 3624 umbus - ok
15:10:11.0484 3624 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
15:10:11.0490 3624 upnphost - ok
15:10:11.0548 3624 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:10:11.0549 3624 usbaudio - ok
15:10:11.0579 3624 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:10:11.0580 3624 usbccgp - ok
15:10:11.0613 3624 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:10:11.0615 3624 usbcir - ok
15:10:11.0655 3624 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:10:11.0656 3624 usbehci - ok
15:10:11.0668 3624 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:10:11.0669 3624 usbhub - ok
15:10:11.0736 3624 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:10:11.0738 3624 usbohci - ok
15:10:11.0770 3624 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:10:11.0772 3624 usbprint - ok
15:10:11.0831 3624 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:10:11.0833 3624 usbscan - ok
15:10:11.0878 3624 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:10:11.0880 3624 USBSTOR - ok
15:10:11.0896 3624 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:10:11.0898 3624 usbuhci - ok
15:10:11.0929 3624 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:10:11.0932 3624 usbvideo - ok
15:10:11.0959 3624 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
15:10:11.0963 3624 UxSms - ok
15:10:12.0008 3624 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
15:10:12.0031 3624 vds - ok
15:10:12.0076 3624 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:10:12.0078 3624 vga - ok
15:10:12.0110 3624 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
15:10:12.0112 3624 VgaSave - ok
15:10:12.0135 3624 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:10:12.0136 3624 viaagp - ok
15:10:12.0156 3624 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
15:10:12.0157 3624 ViaC7 - ok
15:10:12.0184 3624 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
15:10:12.0185 3624 viaide - ok
15:10:12.0201 3624 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:10:12.0203 3624 volmgr - ok
15:10:12.0227 3624 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:10:12.0232 3624 volmgrx - ok
15:10:12.0262 3624 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:10:12.0267 3624 volsnap - ok
15:10:12.0302 3624 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:10:12.0305 3624 vsmraid - ok
15:10:12.0367 3624 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
15:10:12.0400 3624 VSS - ok
15:10:12.0428 3624 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
15:10:12.0435 3624 W32Time - ok
15:10:12.0464 3624 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:10:12.0466 3624 WacomPen - ok
15:10:12.0493 3624 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
15:10:12.0495 3624 Wanarp - ok
15:10:12.0504 3624 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:10:12.0505 3624 Wanarpv6 - ok
15:10:12.0554 3624 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:10:12.0559 3624 wcncsvc - ok
15:10:12.0593 3624 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:10:12.0596 3624 WcsPlugInService - ok
15:10:12.0629 3624 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
15:10:12.0630 3624 Wd - ok
15:10:12.0683 3624 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:10:12.0686 3624 Wdf01000 - ok
15:10:12.0709 3624 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:10:12.0713 3624 WdiServiceHost - ok
15:10:12.0721 3624 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:10:12.0724 3624 WdiSystemHost - ok
15:10:12.0769 3624 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
15:10:12.0773 3624 WebClient - ok
15:10:12.0823 3624 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:10:12.0828 3624 Wecsvc - ok
15:10:12.0841 3624 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:10:12.0844 3624 wercplsupport - ok
15:10:12.0881 3624 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
15:10:12.0885 3624 WerSvc - ok
15:10:12.0941 3624 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:10:12.0946 3624 WinDefend - ok
15:10:12.0957 3624 WinHttpAutoProxySvc - ok
15:10:13.0013 3624 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:10:13.0015 3624 Winmgmt - ok
15:10:13.0076 3624 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
15:10:13.0109 3624 WinRM - ok
15:10:13.0169 3624 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:10:13.0192 3624 Wlansvc - ok
15:10:13.0294 3624 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:10:13.0328 3624 wlidsvc - ok
15:10:13.0354 3624 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:10:13.0356 3624 WmiAcpi - ok
15:10:13.0405 3624 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:10:13.0408 3624 wmiApSrv - ok
15:10:13.0460 3624 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:10:13.0483 3624 WMPNetworkSvc - ok
15:10:13.0492 3624 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:10:13.0496 3624 WPCSvc - ok
15:10:13.0542 3624 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:10:13.0547 3624 WPDBusEnum - ok
15:10:13.0582 3624 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
15:10:13.0583 3624 WpdUsb - ok
15:10:13.0742 3624 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:10:13.0765 3624 WPFFontCache_v0400 - ok
15:10:13.0796 3624 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:10:13.0797 3624 ws2ifsl - ok
15:10:13.0831 3624 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
15:10:13.0835 3624 wscsvc - ok
15:10:13.0893 3624 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
15:10:13.0894 3624 WSDPrintDevice - ok
15:10:13.0947 3624 [ 65D1FF8AAFF4A7D8F787A290E5087816 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
15:10:13.0949 3624 WSDScan - ok
15:10:13.0958 3624 WSearch - ok
15:10:14.0054 3624 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
15:10:14.0099 3624 wuauserv - ok
15:10:14.0118 3624 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:10:14.0119 3624 WUDFRd - ok
15:10:14.0150 3624 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:10:14.0154 3624 wudfsvc - ok
15:10:14.0200 3624 [ 22A08B9FAECD6A306868F59B7F03F188 ] XAudio C:\Windows\system32\DRIVERS\XAudio32.sys
15:10:14.0201 3624 XAudio - ok
15:10:14.0222 3624 ================ Scan global ===============================
15:10:14.0250 3624 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
15:10:14.0311 3624 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
15:10:14.0337 3624 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
15:10:14.0387 3624 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
15:10:14.0394 3624 [Global] - ok
15:10:14.0394 3624 ================ Scan MBR ==================================
15:10:14.0402 3624 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
15:10:15.0068 3624 \Device\Harddisk0\DR0 - ok
15:10:15.0068 3624 ================ Scan VBR ==================================
15:10:15.0071 3624 [ 35525138EA9BFAFB02F4846C389C9D0C ] \Device\Harddisk0\DR0\Partition1
15:10:15.0076 3624 \Device\Harddisk0\DR0\Partition1 - ok
15:10:15.0077 3624 ============================================================
15:10:15.0077 3624 Scan finished
15:10:15.0077 3624 ============================================================
15:10:15.0087 1560 Detected object count: 0
15:10:15.0087 1560 Actual detected object count: 0
15:10:38.0268 1320 Deinitialize success

Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.15.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Barbi´s Computer :: BARBI´SCOMPU-PC [Administrator]

Schutz: Aktiviert

16.11.2012 09:49:47
mbam-log-2012-11-16 (09-49-47).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 212633
Laufzeit: 9 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
DDS Logfile:

Code:

ATTFilter

DDS (Ver_2012-11-07.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16455  BrowserJavaVersion: 10.9.2
Run by Barbi´s Computer at 14:12:18 on 2012-11-17
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3038.1522 [GMT 1:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe
C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
C:\Windows\system32\lxbycoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
C:\Windows\system32\IoctlSvc.exe
C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerTray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Video Web Camera\traybar.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Video Web Camera\CEC_MAIN.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\BARBIS~1\AppData\Local\Temp\RtkBtMnt.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PACKARD BELL\SetupMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
C:\Program Files\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\FRITZ!DSL\StCenter.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0409&m=easynote_lj65
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0409&m=easynote_lj65
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0409&m=easynote_lj65
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: {b80f591e-fe9a-46cf-a13e-180377240586} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
uRun: [SmpcSys] c:\program files\packard bell\setupmypc\SmpSys.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [1&1 EasyLogin] c:\program files\1&1\1&1 easylogin\EasyLogin.exe
uRun: [BrowserMask] "c:\program files\antibrowserspy\AntiBrowserSpyBrowserMaske.exe" -delayed
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Epson Stylus SX430(Netzwerk)] c:\windows\system32\spool\drivers\w32x86\3\e_fatihae.exe /fu "c:\users\barbis~1\appdata\local\temp\E_S3E8E.tmp" /EF "HKCU"
uRun: [Sony PC Companion] "c:\program files\sony\sony pc companion\PCCompanion.exe" /Background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [KOQCN] rundll32 "c:\windows\system32\iashost6.dll",Addfmuphop
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_4_402_287_Plugin.exe -update plugin
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [BackupManagerTray] "c:\program files\newtech infosystems\packard bell mybackup\BackupManagerTray.exe" -k
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Acer ePower Management] c:\program files\packard bell\packard bell powersave solution\ePowerTray.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Camera Assistant Software] "c:\program files\video web camera\traybar.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [EPSON Stylus Photo R240 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiahe.exe /f "c:\windows\temp\E_S1E0C.tmp" /EF "HKLM"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [LXBYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBYtime.dll,_RunDLLEntry@16
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [EPSON Stylus Photo R240 Series (Kopie 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatiahe.exe /f "c:\windows\temp\E_S2926.tmp" /EF "HKLM"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LexwareInfoService] c:\program files\common files\lexware\update manager\LxUpdateManager.exe /autostart
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\fritz!~1.lnk - c:\windows\installer\{2457326b-c110-40c3-89b0-889cc913871a}\Icon2457326B4.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://express.foto.com/ImageUploader5.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.178.1
TCP: Interfaces\{1C5868CF-96AF-44AC-8BBA-F0BF22641A77} : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{57B1DCF1-5A6A-4FB2-BCDC-6CA31973F302} : DHCPNameServer = 192.168.178.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - c:\windows\system32\ezUPBHook.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1	www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\barbi´s computer\appdata\roaming\mozilla\firefox\profiles\9n85fvyd.default\
.
============= SERVICES / DRIVERS ===============
.
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-6-19 223864]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-5-3 1226096]
R2 COSIDS_TB;COSIDS_TB;c:\progra~1\cosids\bin\TbMux32.exe [2011-3-20 165376]
R2 ePowerSvc;Acer ePower Service;c:\program files\packard bell\packard bell powersave solution\ePowerSvc.exe [2009-3-20 666144]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 IGDCTRL;AVM IGD CTRL Service;c:\program files\fritz!dsl\IGDCTRL.EXE [2007-9-4 87344]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-15 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-15 676936]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\packard bell mybackup\IScheduleSvc.exe [2009-3-10 44800]
R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-11-29 77816]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-3-20 223232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-15 22856]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-3-20 3666432]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-6-19 94584]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-6-19 93816]
R3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2011-12-19 72312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2008-1-21 21504]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-3-20 30192]
S3 Partner Service;Partner Service;c:\programdata\partner\partner.exe [2009-6-14 110576]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2008-5-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2008-5-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2008-5-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2008-5-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2008-5-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2008-5-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2008-5-16 115752]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-6-19 94584]
S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2012-9-6 155320]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\drivers\WSDScan.sys [2009-6-16 19968]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2012-11-15 09:57:40	--------	d-----w-	c:\users\barbi´s computer\appdata\roaming\Malwarebytes
2012-11-15 09:57:29	--------	d-----w-	c:\programdata\Malwarebytes
2012-11-15 09:57:28	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-15 09:57:28	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-11-14 04:45:45	75776	----a-w-	c:\windows\system32\synceng.dll
2012-11-14 04:45:26	2047488	----a-w-	c:\windows\system32\win32k.sys
2012-11-12 09:34:32	122880	--sha-r-	c:\windows\system32\iashost6.dll
2012-11-08 13:45:27	--------	d-----w-	c:\program files\Mueller Foto
2012-10-18 17:37:41	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M  ====================
.
2012-10-09 19:02:05	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 19:02:05	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-08 07:56:24	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-10-08 07:48:03	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-10-08 07:47:44	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-10-08 07:44:05	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-10-08 07:43:21	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-10-08 07:40:56	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-09-13 13:28:08	2048	----a-w-	c:\windows\system32\tzres.dll
2012-09-09 19:53:21	821736	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-09-09 19:53:20	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-08-29 11:27:41	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27:41	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-24 15:53:29	172544	----a-w-	c:\windows\system32\wintrust.dll
.
============= FINISH: 14:18:24,84 ===============

--- --- ---

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 15.04.2009 12:38:45
System Uptime: 16.11.2012 08:33:53 (30 hours ago)
.
Motherboard: Packard Bell | | EasyNote LJ65
Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | uPGA-478 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 165,238 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1107: 23.10.2012 11:12:10 - Geplanter Prüfpunkt
RP1108: 24.10.2012 11:14:57 - Geplanter Prüfpunkt
RP1109: 25.10.2012 09:16:32 - Geplanter Prüfpunkt
RP1110: 26.10.2012 09:22:18 - Geplanter Prüfpunkt
RP1111: 27.10.2012 08:18:40 - Geplanter Prüfpunkt
RP1112: 29.10.2012 13:51:55 - Geplanter Prüfpunkt
RP1113: 30.10.2012 08:47:43 - Geplanter Prüfpunkt
RP1114: 30.10.2012 19:00:34 - Sony Ericsson PC Suite Drivers
RP1115: 31.10.2012 10:54:36 - Geplanter Prüfpunkt
RP1116: 01.11.2012 09:22:38 - Geplanter Prüfpunkt
RP1117: 02.11.2012 09:15:08 - Geplanter Prüfpunkt
RP1118: 03.11.2012 11:50:16 - Geplanter Prüfpunkt
RP1119: 04.11.2012 10:12:27 - Geplanter Prüfpunkt
RP1120: 05.11.2012 07:42:53 - Geplanter Prüfpunkt
RP1121: 06.11.2012 11:21:13 - Geplanter Prüfpunkt
RP1122: 07.11.2012 10:31:45 - Geplanter Prüfpunkt
RP1123: 07.11.2012 22:50:26 - Geplanter Prüfpunkt
RP1124: 09.11.2012 21:36:26 - Geplanter Prüfpunkt
RP1125: 11.11.2012 10:10:43 - Geplanter Prüfpunkt
RP1126: 13.11.2012 11:33:03 - Geplanter Prüfpunkt
RP1127: 14.11.2012 00:05:39 - Geplanter Prüfpunkt
RP1128: 14.11.2012 08:03:57 - Windows Update
RP1129: 15.11.2012 09:05:29 - Geplanter Prüfpunkt
RP1130: 15.11.2012 19:07:15 - OTL Restore Point - 15.11.2012 19:07:15
RP1131: 16.11.2012 11:28:08 - Geplanter Prüfpunkt
.
==== Installed Programs ======================
.
1&1 EasyLogin
7-Zip 4.65
ABBYY FineReader 9.0 Sprint
AC3Filter 1.62b
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe Common File Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 6.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Adobe Reader 9.5.2 - Deutsch
AntiBrowserSpy
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
AVM FRITZ!Box Dokumentation
AVM FRITZ!Box Druckeranschluss
AVM FRITZ!DSL
AWIN NotenBox 7
Backup Manager Basic
Benutzerhandbuch - Grundlagen EPSON SX430 Series
Benutzerhandbuch EPSON SX430 Series
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Choice Guard
Compatibility Pack für 2007 Office System
CyberLink PowerDVD 8
DivX-Setup
EasyBits Magic Desktop
EPSON-Drucker-Software
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Event Manager
EPSON Scan
EPSON SX430 Series Printer Uninstall
EpsonNet Print
ESPR240 User's Guide
Google Desktop
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Identity Card
InfoCentre
iTunes
Java 7 Update 9
Java Auto Updater
Java Servlet Development Kit 2.0
Junk Mail filter update
Launch Manager
Lexmark P910 Series
Lexware Info Service
Müller Foto
Malwarebytes Anti-Malware Version 1.65.1.1000
maxdome - Online Videothek Version 3.1.0
Mein CEWE FOTOBUCH
MetaBoli
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Application Error Reporting
Microsoft Office Live Add-in 1.5
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft Office Suite Activation Assistant
Microsoft Office XP Professional mit FrontPage
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
MobileMe Control Panel
Move Media Player
Mozilla Firefox 16.0.2 (x86 de)
Mozilla Maintenance Service
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
Nero Suite
neroxml
Netzwerkhandbuch EPSON SX430 Series
Nokia Connectivity Cable Driver
Nokia PC Suite
Norton Internet Security
Packard Bell Customer Registration
Packard Bell MyBackup
Packard Bell PowerSave Solution
Packard Bell Recovery Management
PackardBell ScreenSaver
PC Connectivity Solution
PX Profile Update
QuickSteuer Deluxe 2010
QuickSteuer Deluxe 2011
QuickSteuer Deluxe 2012
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Rossmann Fotowelt Software 4.12.1
SCHLECKER Foto Digital Service
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Sentinel System Driver
SetupMyPC
Skins
Skype™ 5.10
Sony Ericsson Update Engine
Sony PC Companion 2.10.108
Spelling Dictionaries Support For Adobe Reader 9
Synaptics Pointing Device Driver
Ulead VideoStudio SE DVD
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Updator
USB Scanner
USB2.0 Capture Device
VC80CRTRedist - 8.0.50727.6195
Video Web Camera
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7)
Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live-Uploadtool
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live ID-Anmelde-Assistent
Windows Live Mail
Windows Live Messenger
Windows Live Sync
Windows Live Writer
.
==== End Of File ===========================

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:22 on 17/11/2012 (Barbi´s Computer)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-17 14:24:14
-----------------------------
14:24:14.733 OS Version: Windows 6.0.6002 Service Pack 2
14:24:14.734 Number of processors: 2 586 0x170A
14:24:14.737 ComputerName: BARBI´SCOMPU-PC UserName:
14:24:18.799 Initialize success
14:28:01.317 AVAST engine defs: 12111700
14:28:17.771 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:28:17.773 Disk 0 Vendor: WDC_WD5000BEVT-22ZAT0 01.01A01 Size: 476940MB BusType: 3
14:28:17.800 Disk 0 MBR read successfully
14:28:17.803 Disk 0 MBR scan
14:28:17.808 Disk 0 Windows VISTA default MBR code
14:28:17.814 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13319 MB offset 63
14:28:17.827 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 463619 MB offset 27279360
14:28:17.834 Disk 0 scanning sectors +976771072
14:28:17.957 Disk 0 scanning C:\Windows\system32\drivers
14:28:36.823 Service scanning
14:29:07.853 Modules scanning
14:29:14.085 Disk 0 trace - called modules:
14:29:14.119 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
14:29:14.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859521e8]
14:29:14.130 3 CLASSPNP.SYS[8a99f8b3] -> nt!IofCallDriver -> [0x856f0360]
14:29:14.134 5 acpi.sys[806916bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x856d8b98]
14:29:17.928 AVAST engine scan C:\Windows
14:29:24.739 AVAST engine scan C:\Windows\system32
14:34:51.660 AVAST engine scan C:\Windows\system32\drivers
14:35:34.893 AVAST engine scan C:\Users\Barbi´s Computer
15:22:43.744 AVAST engine scan C:\ProgramData
15:42:35.061 Scan finished successfully
15:46:18.258 Disk 0 MBR has been saved successfully to "C:\Users\Barbi´s Computer\Desktop\MBR.dat"
15:46:18.263 The log file has been saved successfully to "C:\Users\Barbi´s Computer\Desktop\aswMBR.txt"

Viele Grüße
Barbara

M-K-D-B · 17.11.2012, 15:58

Servus,

in deinem ersten Post schreibst du, dass Malwarebytes' Anti-Malware (=MBAM) "etwas" gefunden hat.

Jetzt postest du mir eine Logdatei des Programms, in dem ich nur "(Keine bösartigen Objekte gefunden)" lese.

Ich hoffe, du verstehst, dass das nicht gerade hilfreich ist.

Darum möchte ich, dass du diejenige Logdatei von MBAM postest, in der ich sehen kann, was gefunden und entfernt wurde:

Bitte alle Logs mit Funden posten

Linus2011 · 17.11.2012, 16:25

Sorry,
hab das Programm öfter laufen lassen und dir nur die letzte Datei geschickt.
Jetzt folgt die erste!
Vielen Dank für deine Geduld!

Malwarebytes Anti-Malware (Test) 1.65.1.1000
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.11.15.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Barbi´s Computer :: BARBI´SCOMPU-PC [Administrator]

Schutz: Aktiviert

15.11.2012 10:59:11
mbam-log-2012-11-15 (10-59-11).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 212781
Laufzeit: 10 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Barbi´s Computer\Downloads\ProduKey.exe (PUP.PSWTool.ProductKey) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

M-K-D-B · 17.11.2012, 17:49

Servus,

na dann los:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Linus2011 · 17.11.2012, 23:36

Hallo,
haben versucht alles nach Anweisung durchzuführen.
Combofix wollte nach dem Scan keinen Neustart. Hoffen das passt alles.
Hier nun die Log-Datei

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-11-16.02 - Barbi´s Computer 17.11.2012  23:15:20.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3038.1903 [GMT 1:00]
ausgeführt von:: c:\users\Barbi¦s Computer\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\SPLC0EA.tmp
c:\programdata\SPLD650.tmp
c:\users\Barbi´s Computer\AppData\Roaming\1&1
c:\users\Barbi´s Computer\AppData\Roaming\1&1\1&1 EasyLogin\customer.xml
c:\users\Barbi´s Computer\AppData\Roaming\1&1\1&1 EasyLogin\EasyLogin.log
c:\users\Barbi´s Computer\AppData\Roaming\1&1\1&1 EasyLogin\update\EasyLogin_setup_DE.exe
c:\windows\_detmp.2
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-17 bis 2012-11-17  ))))))))))))))))))))))))))))))
.
.
2012-11-17 22:27 . 2012-11-17 22:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-15 09:57 . 2012-11-15 09:57	--------	d-----w-	c:\users\Barbi´s Computer\AppData\Roaming\Malwarebytes
2012-11-15 09:57 . 2012-11-15 09:57	--------	d-----w-	c:\programdata\Malwarebytes
2012-11-15 09:57 . 2012-11-15 09:57	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-11-15 09:57 . 2012-09-29 18:54	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-14 04:45 . 2012-09-25 16:19	75776	----a-w-	c:\windows\system32\synceng.dll
2012-11-14 04:45 . 2012-10-12 14:29	2047488	----a-w-	c:\windows\system32\win32k.sys
2012-11-12 09:34 . 2012-11-12 09:34	122880	--sha-r-	c:\windows\system32\iashost6.dll
2012-11-08 13:45 . 2012-11-08 13:45	--------	d-----w-	c:\program files\Mueller Foto
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 19:02 . 2012-04-16 10:31	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-09 19:02 . 2011-05-20 17:21	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-24 21:16 . 2012-10-18 17:37	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-09-13 13:28 . 2012-10-10 10:30	2048	----a-w-	c:\windows\system32\tzres.dll
2012-09-09 19:53 . 2012-09-06 20:37	821736	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-09-09 19:53 . 2011-06-19 19:20	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-08-29 11:27 . 2012-10-10 10:30	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-10 10:30	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-24 15:53 . 2012-10-10 10:30	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-11-01 16:52 . 2012-11-01 16:52	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetupMyPC\SmpSys.exe" [2009-03-18 1160736]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"1&1 EasyLogin"="c:\program files\1&1\1&1 EasyLogin\EasyLogin.exe" [2012-07-16 1114112]
"BrowserMask"="c:\program files\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe" [2011-04-07 101280]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-04-28 1828136]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-06-16 1500160]
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2012-09-12 445624]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"KOQCN"="c:\windows\system32\iashost6.dll" [2012-11-12 122880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2009-03-09 250624]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-27 30192]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe" [2009-03-11 715296]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-13 61440]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-24 6789664]
"Camera Assistant Software"="c:\program files\Video Web Camera\traybar.exe" [2009-02-24 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-02-12 862728]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-10-17 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-24 1833504]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"LXBYCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXBYtime.dll" [2007-02-22 73728]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Startcenter.lnk - c:\windows\Installer\{2457326B-C110-40C3-89B0-889CC913871A}\Icon2457326B4.exe [2009-9-21 29184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UVS10 Preload"=c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
"LexwareInfoService"=c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R4 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSERVICE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 19:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0409&m=easynote_lj65
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Barbi´s Computer\AppData\Roaming\Mozilla\Firefox\Profiles\9n85fvyd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://go.gmx.net/tb/mff_keyurl_search/?su=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{b80f591e-fe9a-46cf-a13e-180377240586} - (no file)
WebBrowser-{B80F591E-FE9A-46CF-A13E-180377240586} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-17 23:27
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  LXBYCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-11-17  23:29:53
ComboFix-quarantined-files.txt  2012-11-17 22:29
.
Vor Suchlauf: 16 Verzeichnis(se), 177.306.583.040 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 177.546.158.080 Bytes frei
.
- - End Of File - - 95F89B76E56551EE2D39D53235DE80AD

--- --- ---

Vielen Dank und gute Nacht

M-K-D-B · 18.11.2012, 10:02

Servus,

wir müssen nochmal ran mit ComboFix:

Am Ende wird ComboFix eine Datei hochladen, dies bitte zulassen!

Combofix-Skript

WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link

Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
http://www.trojaner-board.de/127059-google-redirect-virus-entfernen.html#post958413

Collect::
c:\windows\system32\iashost6.dll

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KOQCN"=-
         
Speichere dies als CFScript.txt auf deinem Desktop.

Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!

Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.

Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:

Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.

Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.
Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

Linus2011 · 18.11.2012, 11:21

Hi,
haben nochmal alles durchlaufen lassen. Nach dem Durchlauf gab es diesmal nen Neustart.

Viele Grüße
Barbara
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-11-16.02 - Barbi´s Computer 18.11.2012  10:57:51.3.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3038.1689 [GMT 1:00]
ausgeführt von:: c:\users\Barbi´s Computer\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Barbi´s Computer\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
file zipped: c:\windows\system32\iashost6.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-18 bis 2012-11-18  ))))))))))))))))))))))))))))))
.
.
2012-11-18 10:04 . 2012-11-18 10:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-18 09:26 . 2012-11-18 09:26	--------	d-----w-	c:\programdata\GFI Software
2012-11-15 09:57 . 2012-11-15 09:57	--------	d-----w-	c:\users\Barbi´s Computer\AppData\Roaming\Malwarebytes
2012-11-15 09:57 . 2012-11-15 09:57	--------	d-----w-	c:\programdata\Malwarebytes
2012-11-14 04:45 . 2012-09-25 16:19	75776	----a-w-	c:\windows\system32\synceng.dll
2012-11-14 04:45 . 2012-10-12 14:29	2047488	----a-w-	c:\windows\system32\win32k.sys
2012-11-12 09:34 . 2012-11-12 09:34	122880	--sha-r-	c:\windows\system32\iashost6.dll
2012-11-08 13:45 . 2012-11-08 13:45	--------	d-----w-	c:\program files\Mueller Foto
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 19:02 . 2012-04-16 10:31	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-09 19:02 . 2011-05-20 17:21	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-24 21:16 . 2012-10-18 17:37	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-09-13 13:28 . 2012-10-10 10:30	2048	----a-w-	c:\windows\system32\tzres.dll
2012-09-09 19:53 . 2012-09-06 20:37	821736	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-09-09 19:53 . 2011-06-19 19:20	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-08-29 11:27 . 2012-10-10 10:30	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-10 10:30	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-24 15:53 . 2012-10-10 10:30	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-11-01 16:52 . 2012-11-01 16:52	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetupMyPC\SmpSys.exe" [2009-03-18 1160736]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"1&1 EasyLogin"="c:\program files\1&1\1&1 EasyLogin\EasyLogin.exe" [2012-07-16 1114112]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-04-28 1828136]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-06-16 1500160]
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2012-09-12 445624]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2009-03-09 250624]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-27 30192]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe" [2009-03-11 715296]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-13 61440]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-24 6789664]
"Camera Assistant Software"="c:\program files\Video Web Camera\traybar.exe" [2009-02-24 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-02-12 862728]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-10-17 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-24 1833504]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"LXBYCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXBYtime.dll" [2007-02-22 73728]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Startcenter.lnk - c:\windows\Installer\{2457326B-C110-40C3-89B0-889CC913871A}\Icon2457326B4.exe [2009-9-21 29184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UVS10 Preload"=c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
"LexwareInfoService"=c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 19:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0409&m=easynote_lj65
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Barbi´s Computer\AppData\Roaming\Mozilla\Firefox\Profiles\9n85fvyd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://go.gmx.net/tb/mff_keyurl_search/?su=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-11-18 11:06
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  LXBYCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4816)
c:\program files\PACKARD BELL\Packard Bell PowerSave Solution\SysHook.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\COSIDS\BIN\TbMux32.exe
c:\program files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe
c:\program files\FRITZ!DSL\IGDCTRL.EXE
c:\windows\system32\lxbycoms.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
c:\windows\system32\IoctlSvc.exe
c:\progra~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
c:\progra~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\FRITZ!DSL\StCenter.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Sony\Sony PC Companion\PCCompanionInfo.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Internet Explorer\IELowutil.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-11-18  11:13:27 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-11-18 10:13
ComboFix2.txt  2012-11-18 09:54
ComboFix3.txt  2012-11-17 22:29
.
Vor Suchlauf: 21 Verzeichnis(se), 176.512.372.736 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 176.360.742.912 Bytes frei
.
- - End Of File - - 94371EE1EBAF4C1689010580387AC8BB

--- --- ---
Hochladen war erfolgreich

M-K-D-B · 18.11.2012, 14:31

Servus,

wirst du bei Google immer noch unerwünscht weitergeleitet?

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).

Starte bitte die OTL.exe.
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
Setze einen Haken bei Scanne alle Benutzer.
Unter Extra Registry, wähle bitte Use SafeList.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Schließe bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Scan Button.
Am Ende des Suchlaufs werden 2 Logdateien erstellt.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Linus2011 · 18.11.2012, 15:03

Servus,
hab jetzt verschiedene Suchanfragen bei Google gestartet und wurde immer richtig weitergeleitet. Das scheint jetzt wieder zu funktionieren - freu!
Hier nun OTL.txt und Extra.txt ...OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 18.11.2012 14:45:37 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Barbi´s Computer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 60,44% Memory free
6,13 Gb Paging File | 4,97 Gb Available in Paging File | 81,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,75 Gb Total Space | 163,26 Gb Free Space | 36,06% Space Free | Partition Type: NTFS
 
Computer Name: BARBI´SCOMPU-PC | User Name: Barbi´s Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.18 14:43:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Barbi´s Computer\Desktop\OTL.exe
PRC - [2012.09.12 12:17:12 | 000,445,624 | ---- | M] (Sony) -- C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2012.07.16 16:24:28 | 001,114,112 | ---- | M] (1&1 Internet AG) -- C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
PRC - [2012.04.30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2012.03.26 20:28:10 | 000,212,480 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHAE.EXE
PRC - [2011.07.31 13:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2011.06.16 14:21:06 | 001,500,160 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2011.06.08 13:49:48 | 000,159,744 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2011.06.08 12:02:00 | 000,633,856 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2011.03.21 12:19:36 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2010.10.12 12:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009.05.14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.11 02:09:28 | 000,715,296 | ---- | M] (Acer Incorporated) -- C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerTray.exe
PRC - [2009.03.11 02:09:26 | 000,666,144 | ---- | M] (Acer Incorporated) -- C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe
PRC - [2009.03.10 00:53:08 | 000,250,624 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2009.03.10 00:53:02 | 000,044,800 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2009.02.12 05:21:12 | 000,862,728 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008.10.17 09:44:58 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008.04.28 15:16:06 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.09.11 14:50:28 | 000,804,144 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!DSL\StCenter.exe
PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007.09.04 09:14:34 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
PRC - [2007.04.16 20:28:54 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxbycoms.exe
PRC - [2006.12.19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006.09.28 10:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2001.11.20 15:37:06 | 000,165,376 | ---- | M] (TransAction Software, D 81737 Munich) -- C:\Program Files\cosids\bin\tbmux32.exe
PRC - [1999.03.23 20:07:08 | 000,004,096 | ---- | M] () -- C:\Program Files\cosids\Apache Group\Apache\ApchT2kW.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.14 08:35:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll
MOD - [2012.11.14 08:34:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll
MOD - [2012.11.14 08:32:31 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll
MOD - [2012.11.14 08:31:57 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll
MOD - [2012.11.14 08:31:40 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll
MOD - [2012.11.14 08:28:42 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll
MOD - [2012.11.14 08:26:16 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll
MOD - [2012.11.14 08:13:53 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll
MOD - [2012.11.14 08:13:37 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll
MOD - [2012.11.14 08:13:23 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll
MOD - [2012.11.14 08:13:13 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll
MOD - [2012.11.14 08:13:11 | 009,093,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll
MOD - [2012.11.14 08:13:01 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2012.08.20 09:52:42 | 000,587,776 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2012.05.24 11:50:32 | 000,203,776 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
MOD - [2012.04.30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2012.04.30 11:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2011.07.07 13:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\Report.dll
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.04.07 15:43:24 | 008,191,488 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll
MOD - [2011.04.07 15:43:22 | 002,296,320 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2011.02.22 19:13:22 | 000,022,016 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
MOD - [2011.02.22 19:12:54 | 000,196,608 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2011.02.22 16:39:06 | 000,276,480 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2011.02.22 16:07:20 | 000,339,968 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll
MOD - [2010.07.27 16:44:26 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2010.06.02 10:38:54 | 000,128,512 | ---- | M] () -- C:\Program Files\1&1\1&1 EasyLogin\EasyLoginCrypt.dll
MOD - [2010.01.11 16:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\VObject.dll
MOD - [2009.04.15 11:36:39 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009.04.15 11:36:39 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009.04.15 11:36:38 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3331.38890__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009.04.15 11:36:38 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3331.38888__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009.04.15 11:36:38 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009.04.15 11:36:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.13 15:32:44 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2009.02.01 22:28:14 | 000,460,199 | ---- | M] () -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
MOD - [2003.06.07 06:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.11.01 17:52:41 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.09 20:02:07 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.06.08 12:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.06.14 12:01:34 | 000,110,576 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\partner.exe -- (Partner Service)
SRV - [2009.05.14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009.03.20 02:07:30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.03.11 02:09:26 | 000,666,144 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.03.10 00:53:02 | 000,044,800 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2008.11.03 12:37:58 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008.02.03 11:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007.09.04 09:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007.04.16 20:28:54 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbycoms.exe -- (lxby_device)
SRV - [2006.12.19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006.09.28 10:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2001.11.20 15:37:06 | 000,165,376 | ---- | M] (TransAction Software, D 81737 Munich) [Auto | Running] -- C:\Program Files\cosids\bin\tbmux32.exe -- (COSIDS_TB)
SRV - [2001.10.22 04:20:00 | 000,126,976 | ---- | M] (Rainbow Technologies) [Auto | Stopped] -- C:\Windows\System32\spnsrvnt.exe -- (SuperProServer)
SRV - [1999.03.23 20:07:08 | 000,004,096 | ---- | M] () [Auto | Running] -- C:\Program Files\cosids\Apache Group\Apache\ApchT2kW.exe -- (TIS 2000 Apache Web Server)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\BARBIS~1\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\BARBIS~1\AppData\Local\Temp\CFcatchme.sys -- (CFcatchme)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2011.09.29 11:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011.09.29 11:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2010.02.25 16:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009.04.11 06:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009.02.13 16:50:34 | 004,385,280 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2009.02.13 14:35:30 | 000,093,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2008.12.24 18:30:00 | 000,155,808 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.11.03 12:32:20 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008.09.25 00:37:40 | 003,666,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.09.03 13:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008.01.21 03:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2006.11.02 14:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2001.04.06 08:11:00 | 000,073,216 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SENTINEL.SYS -- (Sentinel)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-37773925-4015125300-2503883205-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Font Size = 01 00 00 00  [binary data]
IE - HKU\S-1-5-21-37773925-4015125300-2503883205-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-37773925-4015125300-2503883205-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-37773925-4015125300-2503883205-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-37773925-4015125300-2503883205-1000\..\SearchScopes,DefaultScope = {42572AB8-BA64-4761-831F-5E68C8202798}
IE - HKU\S-1-5-21-37773925-4015125300-2503883205-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-37773925-4015125300-2503883205-1000\..\SearchScopes\{42572AB8-BA64-4761-831F-5E68C8202798}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW_deDE331
IE - HKU\S-1-5-21-37773925-4015125300-2503883205-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKU\S-1-5-21-37773925-4015125300-2503883205-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACPW_deDE331&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-37773925-4015125300-2503883205-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=g1OYdmVrHnCQ-DZMQRGtJXO45Rs?q={searchTerms}
IE - HKU\S-1-5-21-37773925-4015125300-2503883205-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-37773925-4015125300-2503883205-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..keyword.URL: "hxxp://go.gmx.net/tb/mff_keyurl_search/?su="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Barbi´s Computer\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.21 09:11:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.01 17:52:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.01 17:52:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.01 17:52:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.01 17:52:35 | 000,000,000 | ---D | M]
 
[2011.05.27 18:15:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barbi´s Computer\AppData\Roaming\mozilla\Extensions
[2012.10.23 10:32:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barbi´s Computer\AppData\Roaming\mozilla\Firefox\Profiles\9n85fvyd.default\extensions
[2012.05.05 09:26:06 | 000,000,933 | ---- | M] () -- C:\Users\Barbi´s Computer\AppData\Roaming\mozilla\firefox\profiles\9n85fvyd.default\searchplugins\11-suche.xml
[2012.05.05 09:26:06 | 000,002,419 | ---- | M] () -- C:\Users\Barbi´s Computer\AppData\Roaming\mozilla\firefox\profiles\9n85fvyd.default\searchplugins\englische-ergebnisse.xml
[2012.05.05 09:26:06 | 000,010,525 | ---- | M] () -- C:\Users\Barbi´s Computer\AppData\Roaming\mozilla\firefox\profiles\9n85fvyd.default\searchplugins\gmx-suche.xml
[2012.05.05 09:26:06 | 000,002,457 | ---- | M] () -- C:\Users\Barbi´s Computer\AppData\Roaming\mozilla\firefox\profiles\9n85fvyd.default\searchplugins\lastminute.xml
[2012.05.05 19:58:29 | 000,005,489 | ---- | M] () -- C:\Users\Barbi´s Computer\AppData\Roaming\mozilla\firefox\profiles\9n85fvyd.default\searchplugins\webde-suche.xml
[2012.11.01 17:52:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.12.21 09:11:18 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2009.06.23 19:13:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.11.01 17:52:42 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.17 16:19:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.04 17:51:25 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.17 16:19:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.17 16:19:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.17 16:19:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.17 16:19:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.11.18 11:06:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LXBYCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXBYtime.DLL ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-37773925-4015125300-2503883205-1000..\Run: [1&1 EasyLogin] C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG)
O4 - HKU\S-1-5-21-37773925-4015125300-2503883205-1000..\Run: [Epson Stylus SX430(Netzwerk)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIHAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-37773925-4015125300-2503883205-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-37773925-4015125300-2503883205-1000..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-37773925-4015125300-2503883205-1000..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetupMyPC\SmpSys.exe (Acer Incorporated)
O4 - HKU\S-1-5-21-37773925-4015125300-2503883205-1000..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-37773925-4015125300-2503883205-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-37773925-4015125300-2503883205-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-37773925-4015125300-2503883205-1000\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-37773925-4015125300-2503883205-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-37773925-4015125300-2503883205-1000\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-37773925-4015125300-2503883205-1000\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://express.foto.com/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C5868CF-96AF-44AC-8BBA-F0BF22641A77}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57B1DCF1-5A6A-4FB2-BCDC-6CA31973F302}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-37773925-4015125300-2503883205-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
 
MsConfig - State: "services" - 0
 
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: SENTINEL - C:\Windows\System32\SNTI386.DLL ()
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.18 14:43:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Barbi´s Computer\Desktop\OTL.exe
[2012.11.18 11:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.18 11:24:50 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.18 11:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.18 11:23:08 | 010,669,952 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Barbi´s Computer\Desktop\mbam-setup-1.65.1.1000(2).exe
[2012.11.18 11:16:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.18 11:06:25 | 000,000,000 | R--D | C] -- C:\Users\Barbi´s Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012.11.18 11:06:21 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.11.18 10:56:01 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.11.18 10:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012.11.18 10:26:47 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.11.18 10:17:31 | 005,002,404 | R--- | C] (Swearware) -- C:\Users\Barbi´s Computer\Desktop\ComboFix.exe
[2012.11.17 23:11:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.17 23:11:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.17 23:11:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.17 23:11:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.17 23:10:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.17 14:23:23 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Barbi´s Computer\Desktop\aswMBR.exe
[2012.11.17 14:09:03 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\Barbi´s Computer\Desktop\dds.com
[2012.11.15 10:57:40 | 000,000,000 | ---D | C] -- C:\Users\Barbi´s Computer\AppData\Roaming\Malwarebytes
[2012.11.15 10:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.14 08:05:33 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.11.14 08:05:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.11.14 08:05:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.11.14 08:05:31 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.11.14 08:05:30 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.11.14 08:05:27 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.11.14 08:05:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.11.14 08:05:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.11.14 05:45:45 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.14 05:45:26 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.11.08 14:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Müller Foto
[2012.11.08 14:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mueller Foto
[2012.11.01 17:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.18 14:43:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Barbi´s Computer\Desktop\OTL.exe
[2012.11.18 14:41:30 | 000,002,583 | ---- | M] () -- C:\Users\Barbi´s Computer\Desktop\Microsoft Word.lnk
[2012.11.18 14:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.18 13:05:49 | 000,004,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.18 13:05:49 | 000,004,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.18 11:24:51 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.18 11:23:35 | 010,669,952 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Barbi´s Computer\Desktop\mbam-setup-1.65.1.1000(2).exe
[2012.11.18 11:13:03 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.18 11:13:03 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.18 11:13:03 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.18 11:13:03 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.18 11:06:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.11.18 11:05:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.18 11:05:42 | 3184,517,120 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.18 10:34:19 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.11.18 10:17:19 | 005,002,404 | R--- | M] (Swearware) -- C:\Users\Barbi´s Computer\Desktop\ComboFix.exe
[2012.11.18 09:03:53 | 000,043,520 | ---- | M] () -- C:\Users\Barbi´s Computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.17 15:46:18 | 000,000,512 | ---- | M] () -- C:\Users\Barbi´s Computer\Desktop\MBR.dat
[2012.11.17 14:23:49 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Barbi´s Computer\Desktop\aswMBR.exe
[2012.11.17 14:20:26 | 000,000,000 | ---- | M] () -- C:\Users\Barbi´s Computer\defogger_reenable
[2012.11.17 14:19:44 | 000,050,477 | ---- | M] () -- C:\Users\Barbi´s Computer\Desktop\Defogger.exe
[2012.11.17 14:09:11 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\Barbi´s Computer\Desktop\dds.com
[2012.11.14 08:25:11 | 001,008,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.12 10:34:32 | 000,122,880 | RHS- | M] () -- C:\Windows\System32\iashost6.dll
[2012.11.08 14:55:23 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
[2012.11.08 14:55:23 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\Müller Foto.lnk
[2012.11.08 10:35:27 | 000,012,862 | ---- | M] () -- C:\Windows\EPISMG00.SWB
[2012.10.31 21:40:30 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.30 19:00:31 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.18 11:24:51 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.17 23:11:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.17 23:11:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.17 23:11:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.17 23:11:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.17 23:11:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.17 15:46:18 | 000,000,512 | ---- | C] () -- C:\Users\Barbi´s Computer\Desktop\MBR.dat
[2012.11.17 14:20:26 | 000,000,000 | ---- | C] () -- C:\Users\Barbi´s Computer\defogger_reenable
[2012.11.17 14:19:44 | 000,050,477 | ---- | C] () -- C:\Users\Barbi´s Computer\Desktop\Defogger.exe
[2012.11.12 10:34:32 | 000,122,880 | RHS- | C] () -- C:\Windows\System32\iashost6.dll
[2012.11.08 14:55:23 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\Müller Foto.lnk
[2012.10.30 19:00:31 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012.09.11 16:24:17 | 094,888,858 | ---- | C] () -- C:\Users\Barbi´s Computer\Memory Linus.cpr
[2012.03.31 10:57:52 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011.11.14 10:25:47 | 000,000,680 | ---- | C] () -- C:\Users\Barbi´s Computer\AppData\Local\d3d9caps.dat
[2011.10.11 08:13:48 | 000,256,579 | ---- | C] () -- C:\Users\Barbi´s Computer\Linus1a.mcf
[2011.10.11 08:13:48 | 000,253,346 | ---- | C] () -- C:\Users\Barbi´s Computer\Linus1a.mcf~
[2011.09.29 11:39:08 | 000,170,738 | ---- | C] () -- C:\Users\Barbi´s Computer\Linus1.mcf~
[2011.09.29 11:39:08 | 000,168,659 | ---- | C] () -- C:\Users\Barbi´s Computer\Linus1.mcf
[2011.09.25 11:55:56 | 000,041,062 | ---- | C] () -- C:\Users\Barbi´s Computer\Linus klein.mcf
[2011.09.25 11:55:56 | 000,038,484 | ---- | C] () -- C:\Users\Barbi´s Computer\Linus klein.mcf~
[2011.09.12 12:41:52 | 000,003,899 | ---- | C] () -- C:\Users\Barbi´s Computer\Leinwand Linus.mcf
[2011.09.12 12:41:52 | 000,003,889 | ---- | C] () -- C:\Users\Barbi´s Computer\Leinwand Linus.mcf~
[2011.08.03 13:29:22 | 000,254,970 | ---- | C] () -- C:\Users\Barbi´s Computer\Linus.mcf~
[2011.08.03 13:29:22 | 000,254,970 | ---- | C] () -- C:\Users\Barbi´s Computer\Linus.mcf
[2011.05.27 18:14:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.05.02 13:38:54 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.05.02 13:38:54 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.03.20 20:02:02 | 000,073,216 | ---- | C] () -- C:\Windows\System32\drivers\SENTINEL.SYS
[2011.03.20 20:02:02 | 000,049,152 | ---- | C] () -- C:\Windows\System32\SNTI386.DLL
[2011.03.02 16:30:27 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2011.01.14 14:14:07 | 000,026,112 | ---- | C] () -- C:\Windows\RunUnDrv.exe
[2011.01.14 14:14:07 | 000,006,137 | ---- | C] () -- C:\Windows\System32\E1.ini
[2009.09.19 13:50:07 | 000,000,104 | ---- | C] () -- C:\Users\Barbi´s Computer\Internet - Verknüpfung.lnk
[2009.06.28 17:20:28 | 000,043,520 | ---- | C] () -- C:\Users\Barbi´s Computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.14 13:43:26 | 000,000,166 | ---- | C] () -- C:\Users\Barbi´s Computer\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.11.01 17:52:39 | 000,891,808 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.11.01 17:52:39 | 000,891,808 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.11.01 17:52:39 | 000,891,808 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012.11.01 17:52:42 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012.11.01 17:52:42 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012.11.01 17:52:42 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011.05.11 18:41:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011.05.11 18:41:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011.05.11 18:41:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012.10.08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012.10.08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.11.01 17:52:39 | 000,891,808 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.11.01 17:52:39 | 000,891,808 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.11.01 17:52:39 | 000,891,808 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012.11.01 17:52:42 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012.11.01 17:52:42 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012.11.01 17:52:42 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011.05.11 18:41:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011.05.11 18:41:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011.05.11 18:41:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012.10.08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012.10.08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
 
<           >

< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 18.11.2012 14:45:37 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Barbi´s Computer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 60,44% Memory free
6,13 Gb Paging File | 4,97 Gb Available in Paging File | 81,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,75 Gb Total Space | 163,26 Gb Free Space | 36,06% Space Free | Partition Type: NTFS
 
Computer Name: BARBI´SCOMPU-PC | User Name: Barbi´s Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-37773925-4015125300-2503883205-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Mueller Foto\Mueller Foto\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Users\Barbi´s Computer\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [Müller Foto] -- "C:\Program Files\Mueller Foto\Mueller Foto\Müller Foto.exe" "%1" ()
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0128DB00-F522-45C6-B5C1-5A624EC6BA22}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{0CDA1687-F582-49BD-B205-8599F48FC4A3}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1054F1F9-2F7C-47B3-9983-731B341CFB77}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{19D09EDE-E814-458B-852E-0B0EF4487874}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{1EACEA03-CAA8-4319-B4B1-82A4002705AA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2C756A6C-EAF5-4CF6-9DBC-44646FB435A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{32C9FDB0-3345-41F5-9D56-9CF8AB31BFCE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3D08208C-2BB2-4866-BF57-E76E3A801D68}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4110E3F9-2713-474D-B705-74E6DEEA4E86}" = lport=138 | protocol=17 | dir=in | app=system | 
"{49EF4549-A73E-4501-838B-F7E399D817F7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5233D9E2-218C-46FE-808E-FD6BD08649C0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{54327AF7-C951-4DA1-A318-D4B8EA90C23C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{676E83A9-7E08-4A29-A7C7-4492DCB68B93}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6F86F0A3-1F6C-44C7-A7B9-2A8A689D6D99}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7A7406F9-A441-470B-A650-9D6799AF3ADE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{821D70EE-6004-44D3-B3A1-DBD3CC7D1AC9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8D8B200E-D932-4505-8084-F7BC6973FE67}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9DF0604B-6A9C-4989-B044-191AF5005BAE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BD954DB8-D68C-4858-9417-E50944B20661}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C0E8FCE5-919B-4BE7-B8B9-91FCCBF578BC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FC4347BE-3877-4EF3-B2E0-CD50D41F1031}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A03396C-4A9E-4E28-8CE6-BAEE1C037D11}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0FA43231-7D28-4949-950F-40C301FF95E1}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe | 
"{1A188CB5-F6E2-432B-A126-A099028E7050}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2CD5A4F2-EA99-4D2C-A9CB-BAB27EE54D76}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{2CE44B49-3D10-4490-A16E-E910AA49394B}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{302BA7BC-4ADE-468F-8D59-1E6793478A0A}" = protocol=6 | dir=out | app=system | 
"{35058145-6882-4589-8444-549B38F470D0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{40D65720-0800-4508-B64A-7AFB509F7235}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{45F65C98-8DB7-4DDD-9FF1-B284204A1135}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{500290D1-B7E3-45EE-82E6-96B7DB40274B}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{50330A91-8FF2-4031-9230-85C11EC65B4B}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{52C1521C-397B-4387-BEA5-66C93C8752B4}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{55244B9B-0369-489A-A638-6A65A08DD766}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{55EB5A99-145E-4E46-B81C-635DAE66D72C}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{578BC78E-3592-4023-96DC-1DBBF294C2A3}" = protocol=17 | dir=in | app=c:\windows\system32\lxbycoms.exe | 
"{5B3955B5-6E35-4662-AAB7-64E92A1482A9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5D085051-215D-4F04-BE9E-FE473D0D7B03}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5DEA64AB-D35E-494B-B0DF-E769E3F3EB8B}" = protocol=17 | dir=in | app=d:\network\epsonnetsetup\eneasyapp.exe | 
"{68BE4951-2306-4AF4-BF18-C04331DDB446}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{73107816-26F3-4808-A9D5-1873E3D289BF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{79623057-3460-4DB5-BB31-10F4456F3F6F}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{8501C94F-E5F6-4722-AC56-59432111889C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9D3CA89D-FB47-4671-86AE-57597C332DE0}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbypswx.exe | 
"{A8A9DDA2-8A31-4AF5-99E3-6979B0FAA3B0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B23EB9A5-E227-433E-A3A1-8340BA93094C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B3660920-D1D9-4273-9188-1E89C0AA0375}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B3FB810A-3413-46A9-9613-D5737901F445}" = protocol=6 | dir=in | app=d:\network\epsonnetsetup\eneasyapp.exe | 
"{B685838B-06E6-4007-A003-FED26A7F0EA7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B9EDC2E5-2A36-4BCD-9FBF-220CF8F7D3C6}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbypswx.exe | 
"{C8EEEABB-B471-4DDA-8767-8750E3D6134F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CCD410C4-6B55-4BB4-90D5-D5115A3DCC50}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CE40E31B-5930-4AD6-A7BE-8F9E1FA5E4BC}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{CF8E73CC-DF66-43BB-B22A-02769EF2E143}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{D43CE0D6-3B3C-4507-8BB7-985EBAC1D755}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D6D501C7-8657-4D40-B8AC-C40AA387D450}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D7715B7B-46A4-4E4E-9554-19BE7DD412FB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E3323BA9-B399-4086-BD1D-1AC9452B007C}" = protocol=6 | dir=in | app=c:\windows\system32\lxbycoms.exe | 
"{EF13C5F8-6ACA-4C09-91B3-3434FBA40A53}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FF1BB384-8A1A-4C50-A0C3-AE255E7B3FDB}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"TCP Query User{511703D4-7729-4F1B-A3C4-252F3E3B4097}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{7D1A7E1D-A37C-45BA-B503-18C995743654}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{FCD5AF98-5F06-4420-9CE9-30F76A0B1AD7}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{03ACE12F-24F3-4D25-BB18-3ECF388EA35E}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{671C3013-70A9-42BC-B548-6A3509A242A3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{F432A1D7-3626-4A1D-84F9-047B8C0E6BFC}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0B96C1A6-73A1-8648-BB59-9AA8E0EC3BBD}" = ATI Catalyst Install Manager
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EA5CCBB-EAE1-863F-42C7-2200ECB5C215}" = ccc-utility
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12A1B519-5934-4508-ADBD-335347B0DC87}" = Video Web Camera
"{196CF234-5A24-2F2F-82D9-03E8794A8DB2}" = CCC Help Danish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{221E3442-5E36-4444-45C3-69022B3A818B}" = Catalyst Control Center Graphics Full Existing
"{22392D35-2541-5D02-7159-A1C6F93D08DB}" = CCC Help Chinese Standard
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26966185-1610-386E-A249-2D05A5C6861C}" = Catalyst Control Center Graphics Previews Vista
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2CCEEB92-631F-FC35-0757-122A8EA82573}" = CCC Help Portuguese
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{3BBBF916-D04B-7388-46FB-21EA257B6756}" = CCC Help Italian
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell PowerSave Solution
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3FE2C6E2-8A57-D9EF-5005-FDFF43A4BA99}" = CCC Help English
"{4297D072-09F0-F2E7-4B0F-009098303CB9}" = CCC Help Czech
"{48D60246-3600-CF3A-9B9C-BD8C0145BABA}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5C1BF3AC-B19D-4C26-B0A0-90833A521031}" = Nero 8 Essentials
"{5EAEE5D7-F4D6-0D20-3EAE-D971E35A1F48}" = CCC Help Russian
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{662AF9F7-2728-B97D-D806-CB529B5B6572}" = CCC Help Greek
"{673ACCCA-79B5-EFD0-C08F-C6160188F837}" = CCC Help Japanese
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6BCC7669-A863-4C24-804B-9C811C102F71}" = QuickSteuer Deluxe 2011
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DA250F4-CC00-CD57-3081-97C5AEEB6517}" = CCC Help Polish
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{70D0D8A6-4A55-5D59-D9F0-0BD2E63BE4CB}" = Skins
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{7687F1D7-BA02-E78A-38B8-CC2E80441F02}" = CCC Help Spanish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7C20E89E-4C3D-468E-97A0-9ECF6B1C93DD}" = Catalyst Control Center - Branding
"{7E69211F-9327-68CC-B854-CCE0A73951FD}" = CCC Help Thai
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{80E59E27-B816-A3F1-69FB-DAF5623A5320}" = Catalyst Control Center InstallProxy
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8D580EFB-6B85-2680-77F9-F6B05335995D}" = CCC Help German
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A32563F0-671A-B71C-6D5D-F1BCC5D9820A}" = PX Profile Update
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF74E427-69CD-71EF-34A1-AAD7BBF98571}" = Catalyst Control Center Core Implementation
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B423FEBB-A980-3F0C-019D-39570AB69F52}" = CCC Help Chinese Traditional
"{B7B8F5CF-A83E-0485-A5D6-A04F437BE9E3}" = CCC Help French
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF1A3128-AE8D-6CDD-97E2-EB21AE072578}" = Catalyst Control Center Localization All
"{CFAE5CA5-3757-B38A-3CEF-26C275098EF3}" = CCC Help Turkish
"{D0D14551-3A2D-433B-861F-F4DCE5422759}" = Nokia PC Suite
"{D1F45DA3-0747-FE7F-BD90-AA030DE37B47}" = CCC Help Korean
"{D8547BA0-E3B7-DEE8-FE37-660F8C69EF83}" = CCC Help Dutch
"{DB64492B-AE9C-1C8F-5158-0B204B42410A}" = ccc-core-static
"{DBAD3D0A-7A98-95F5-ACFB-C6B5CCB47A95}" = CCC Help Finnish
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DE41E729-2E45-D6C5-F06F-F686D6C9E472}" = CCC Help Swedish
"{DEE03A90-C723-4E3D-A661-86651D6F0668}" = QuickSteuer Deluxe 2010
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{DF61C694-F6D1-37C6-35B7-1320F836FE57}" = Catalyst Control Center Graphics Light
"{E0D839A8-C888-C560-9332-43D73D7BDE21}" = Catalyst Control Center Graphics Full New
"{E128FE24-9C62-6642-1D18-BEAC991C5E62}" = CCC Help Norwegian
"{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device
"{E4B7F2AF-AEDA-4DE8-8014-9ADAFF7B4164}" = QuickSteuer Deluxe 2012
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.108
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 EasyLogin" = 1&1 EasyLogin
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9)
"7-Zip" = 7-Zip 4.65
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"AC3Filter_is1" = AC3Filter 1.62b
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"CCleaner" = CCleaner
"DivX Setup" = DivX-Setup
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7)
"EasyBits Magic Desktop" = EasyBits Magic Desktop
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EPSON SX430 Series" = EPSON SX430 Series Printer Uninstall
"EPSON SX430 Series Bog" = Benutzerhandbuch - Grundlagen EPSON SX430 Series
"EPSON SX430 Series Netg" = Netzwerkhandbuch EPSON SX430 Series
"EPSON SX430 Series Useg" = Benutzerhandbuch EPSON SX430 Series
"ESPR240 User's Guide" = ESPR240 User's Guide
"Google Desktop" = Google Desktop
"Identity Card" = Identity Card
"InfoCentre" = InfoCentre
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"JSDK2.0" = Java Servlet Development Kit 2.0
"Lexmark P910 Series" = Lexmark P910 Series
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"maxdome - Online Videothek_is1" = maxdome - Online Videothek Version 3.1.0
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Müller Foto" = Müller Foto
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Nokia PC Suite" = Nokia PC Suite
"NotenBox7_is1" = AWIN NotenBox 7
"Packard Bell Customer Registration" = Packard Bell Customer Registration
"PackardBell Screensaver" = PackardBell ScreenSaver
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"Rainbow Sentinel Driver" = Sentinel System Driver
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"SetupMyPC" = SetupMyPC
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Update Engine" = Sony Ericsson Update Engine
"Updator" = Updator
"USB Scanner" = USB Scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-37773925-4015125300-2503883205-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.11.2012 06:06:00 | Computer Name = Barbi´sCompu-PC | Source = SuperProServer | ID = 9
Description = 
 
Error - 18.11.2012 06:06:24 | Computer Name = Barbi´sCompu-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.11.2012 06:12:37 | Computer Name = Barbi´sCompu-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.11.2012 06:12:37 | Computer Name = Barbi´sCompu-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.11.2012 06:12:37 | Computer Name = Barbi´sCompu-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.11.2012 06:12:37 | Computer Name = Barbi´sCompu-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.11.2012 06:12:37 | Computer Name = Barbi´sCompu-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.11.2012 06:12:37 | Computer Name = Barbi´sCompu-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.11.2012 06:12:37 | Computer Name = Barbi´sCompu-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.11.2012 09:39:23 | Computer Name = Barbi´sCompu-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 16.0.2.4680 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 1314  Anfangszeit: 01cdc57588f90e98  Zeitpunkt der
 Beendigung: 11
 
[ System Events ]
Error - 18.11.2012 06:01:07 | Computer Name = Barbi´sCompu-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 18.11.2012 06:04:34 | Computer Name = Barbi´sCompu-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 18.11.2012 06:05:54 | Computer Name = Barbi´sCompu-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker EPSON Stylus Photo R240 Series
 nicht unter dem Namen EPSON Stylus Photo R240 Series freigeben. Fehler: 2114. Der
 Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden.
 
Error - 18.11.2012 06:06:25 | Computer Name = Barbi´sCompu-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 18.11.2012 06:06:25 | Computer Name = Barbi´sCompu-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 18.11.2012 06:06:25 | Computer Name = Barbi´sCompu-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 18.11.2012 06:06:25 | Computer Name = Barbi´sCompu-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 18.11.2012 06:06:25 | Computer Name = Barbi´sCompu-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 18.11.2012 06:06:54 | Computer Name = Barbi´sCompu-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 18.11.2012 06:07:01 | Computer Name = Barbi´sCompu-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >

--- --- ---

M-K-D-B · 19.11.2012, 09:01

Servus,

freut mich, dass es wieder funktioniert.

Aber ich seh da noch Malware. Wir müssen nochmal ran:

Schritt 1

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-37773925-4015125300-2503883205-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=g1OYdmVrHnCQ-DZMQRGtJXO45Rs?q={searchTerms}
IE - HKU\S-1-5-21-37773925-4015125300-2503883205-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[2012.11.12 10:34:32 | 000,122,880 | RHS- | M] () -- C:\Windows\System32\iashost6.dll

:commands
[Emptytemp]

Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2
Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Logdatei des OTL-Fix,
die Logdatei des neuen OTL-Scans.

Linus2011 · 19.11.2012, 09:54

Hallo,
habe OtL.exe laufen lassen.
Muss schon sagen, was ihr hier macht finde ich echt klasse. Dass ihr solchen Ahnungslosen, wie ich es bin helfen könnt - super! Vielen Dank dafür!
Kann man eigentlich sagen, womit ich mir das Virus eingefangen habe u kannst du mir evtl. ein Programm empfehlen, dass soetwas nicht mehr vorkommt?

Viele Grüße
Barbara

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-37773925-4015125300-2503883205-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
HKU\S-1-5-21-37773925-4015125300-2503883205-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\Windows\System32\iashost6.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Barbi´s Computer
->Temp folder emptied: 2168661 bytes
->Temporary Internet Files folder emptied: 173529838 bytes
->Java cache emptied: 21289613 bytes
->FireFox cache emptied: 74235063 bytes
->Flash cache emptied: 853 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 88186 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 193650594 bytes

Total Files Cleaned = 443,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11192012_093319

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 19.11.2012 09:37:48 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Barbi´s Computer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 55,33% Memory free
6,13 Gb Paging File | 4,82 Gb Available in Paging File | 78,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,75 Gb Total Space | 164,66 Gb Free Space | 36,37% Space Free | Partition Type: NTFS
Drive E: | 7,41 Gb Total Space | 7,40 Gb Free Space | 99,82% Space Free | Partition Type: FAT32
 
Computer Name: BARBI´SCOMPU-PC | User Name: Barbi´s Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.19 09:36:09 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\BARBIS~1\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2012.11.18 14:43:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Barbi´s Computer\Desktop\OTL.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.12 12:17:12 | 000,445,624 | ---- | M] (Sony) -- C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2012.07.16 16:24:28 | 001,114,112 | ---- | M] (1&1 Internet AG) -- C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
PRC - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Updater\Updater.exe
PRC - [2012.04.30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2011.07.31 13:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2011.06.16 14:21:06 | 001,500,160 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2011.06.08 13:49:48 | 000,159,744 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2011.06.08 12:02:00 | 000,633,856 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2011.03.21 12:19:36 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2010.10.12 12:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009.05.14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.18 09:46:30 | 001,160,736 | ---- | M] (Acer Incorporated) -- C:\Program Files\PACKARD BELL\SetupMyPC\SmpSys.exe
PRC - [2009.03.11 02:09:28 | 000,715,296 | ---- | M] (Acer Incorporated) -- C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerTray.exe
PRC - [2009.03.11 02:09:26 | 000,666,144 | ---- | M] (Acer Incorporated) -- C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe
PRC - [2009.03.10 00:53:08 | 000,250,624 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2009.03.10 00:53:02 | 000,044,800 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2009.02.24 17:00:28 | 003,175,936 | ---- | M] (Chicony) -- C:\Program Files\Video Web Camera\CEC_MAIN.exe
PRC - [2009.02.24 17:00:26 | 000,630,784 | ---- | M] (Chicony) -- C:\Program Files\Video Web Camera\traybar.exe
PRC - [2009.02.12 05:21:12 | 000,862,728 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008.10.17 09:44:58 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008.04.28 15:16:06 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.09.11 14:50:28 | 000,804,144 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!DSL\StCenter.exe
PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007.09.04 09:14:34 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
PRC - [2007.04.16 20:28:54 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxbycoms.exe
PRC - [2006.12.19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006.09.28 10:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2001.11.20 15:37:06 | 000,165,376 | ---- | M] (TransAction Software, D 81737 Munich) -- C:\Program Files\cosids\bin\tbmux32.exe
PRC - [1999.03.23 20:07:08 | 000,004,096 | ---- | M] () -- C:\Program Files\cosids\Apache Group\Apache\ApchT2kW.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.14 08:35:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll
MOD - [2012.11.14 08:35:13 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec451da0e6d4e\System.Web.ni.dll
MOD - [2012.11.14 08:34:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll
MOD - [2012.11.14 08:34:16 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\79f3661da2402c72b0bba0de1e55f4d1\Accessibility.ni.dll
MOD - [2012.11.14 08:32:31 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll
MOD - [2012.11.14 08:31:57 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll
MOD - [2012.11.14 08:31:40 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll
MOD - [2012.11.14 08:28:42 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll
MOD - [2012.11.14 08:26:16 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll
MOD - [2012.11.14 08:13:53 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll
MOD - [2012.11.14 08:13:37 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll
MOD - [2012.11.14 08:13:23 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll
MOD - [2012.11.14 08:13:13 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll
MOD - [2012.11.14 08:13:11 | 009,093,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll
MOD - [2012.11.14 08:13:01 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2012.08.20 09:52:42 | 000,587,776 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2012.05.24 11:50:32 | 000,203,776 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
MOD - [2012.04.30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2012.04.30 11:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2011.07.07 13:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\Report.dll
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.04.07 15:43:24 | 008,191,488 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll
MOD - [2011.04.07 15:43:22 | 002,296,320 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2011.02.22 19:13:22 | 000,022,016 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
MOD - [2011.02.22 19:12:54 | 000,196,608 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2011.02.22 16:39:06 | 000,276,480 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2011.02.22 16:07:20 | 000,339,968 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll
MOD - [2010.06.02 10:38:54 | 000,128,512 | ---- | M] () -- C:\Program Files\1&1\1&1 EasyLogin\EasyLoginCrypt.dll
MOD - [2010.01.11 16:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\VObject.dll
MOD - [2009.04.15 11:36:41 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3331.38812__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009.04.15 11:36:41 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3331.38896__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009.04.15 11:36:41 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3331.38795__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009.04.15 11:36:41 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3331.38814__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009.04.15 11:36:41 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3331.38874__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009.04.15 11:36:41 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3331.38802__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009.04.15 11:36:41 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3331.38853__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009.04.15 11:36:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3331.38809__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009.04.15 11:36:41 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3331.38838__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009.04.15 11:36:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3331.38803__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009.04.15 11:36:40 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3331.38841__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009.04.15 11:36:40 | 000,712,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3331.38804__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009.04.15 11:36:40 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3331.38815__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009.04.15 11:36:40 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3331.38835__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009.04.15 11:36:40 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3331.38869__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009.04.15 11:36:40 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3331.38852__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2009.04.15 11:36:40 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3331.38859__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009.04.15 11:36:40 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3331.38819__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2009.04.15 11:36:40 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3331.38814__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009.04.15 11:36:40 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3331.38896__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2009.04.15 11:36:40 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3331.38897__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009.04.15 11:36:40 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3331.38850__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009.04.15 11:36:40 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3331.38860__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009.04.15 11:36:40 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3331.38840__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009.04.15 11:36:40 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3331.38858__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009.04.15 11:36:40 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3331.38895__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2009.04.15 11:36:40 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3331.38818__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009.04.15 11:36:40 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3331.38850__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009.04.15 11:36:40 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3331.38852__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009.04.15 11:36:39 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3331.38839__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009.04.15 11:36:39 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009.04.15 11:36:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3331.38839__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009.04.15 11:36:39 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009.04.15 11:36:39 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009.04.15 11:36:39 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009.04.15 11:36:39 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009.04.15 11:36:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009.04.15 11:36:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3331.38840__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009.04.15 11:36:39 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009.04.15 11:36:39 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009.04.15 11:36:39 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009.04.15 11:36:39 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2009.04.15 11:36:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009.04.15 11:36:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009.04.15 11:36:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009.04.15 11:36:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009.04.15 11:36:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009.04.15 11:36:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009.04.15 11:36:39 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009.04.15 11:36:39 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
MOD - [2009.04.15 11:36:39 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009.04.15 11:36:39 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009.04.15 11:36:39 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009.04.15 11:36:39 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009.04.15 11:36:39 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009.04.15 11:36:39 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009.04.15 11:36:39 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009.04.15 11:36:39 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2009.04.15 11:36:39 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009.04.15 11:36:39 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009.04.15 11:36:39 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009.04.15 11:36:39 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009.04.15 11:36:38 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3331.38799__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009.04.15 11:36:38 | 000,544,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3331.38883__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2009.04.15 11:36:38 | 000,503,808 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3331.38930__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2009.04.15 11:36:38 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3331.38808__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009.04.15 11:36:38 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3331.38890__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009.04.15 11:36:38 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3331.38793__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009.04.15 11:36:38 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3331.38793__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009.04.15 11:36:38 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009.04.15 11:36:38 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3331.38888__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009.04.15 11:36:38 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3331.38794__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009.04.15 11:36:38 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009.04.15 11:36:38 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009.04.15 11:36:38 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009.04.15 11:36:38 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3331.38906__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009.04.15 11:36:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009.04.15 11:36:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009.04.15 11:36:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009.04.15 11:36:38 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009.04.15 11:36:38 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009.04.15 11:36:38 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009.04.15 11:36:38 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009.04.15 11:36:38 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009.04.15 11:36:38 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3331.38889__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009.04.15 11:36:38 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009.04.15 11:36:38 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009.04.15 11:36:38 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009.04.15 11:36:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2009.04.15 11:36:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009.04.15 11:36:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009.04.15 11:36:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009.04.15 11:36:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009.04.15 11:36:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009.04.15 11:36:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009.04.15 11:36:38 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2009.04.15 11:36:38 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2009.04.15 11:36:38 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3331.38791__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009.04.15 11:36:37 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3331.38792__90ba9c70f846762e\APM.Server.dll
MOD - [2009.04.15 11:36:37 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3331.38791__90ba9c70f846762e\AEM.Server.dll
MOD - [2009.04.15 11:36:37 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009.03.30 05:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.13 15:32:44 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2009.02.12 13:36:24 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009.02.01 22:28:14 | 000,460,199 | ---- | M] () -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
MOD - [2003.06.07 06:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.11.01 17:52:41 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.09 20:02:07 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.06.08 12:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.06.14 12:01:34 | 000,110,576 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\partner.exe -- (Partner Service)
SRV - [2009.05.14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009.03.20 02:07:30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.03.11 02:09:26 | 000,666,144 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.03.10 00:53:02 | 000,044,800 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2008.11.03 12:37:58 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008.02.03 11:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007.09.04 09:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007.04.16 20:28:54 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbycoms.exe -- (lxby_device)
SRV - [2006.12.19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006.09.28 10:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2001.11.20 15:37:06 | 000,165,376 | ---- | M] (TransAction Software, D 81737 Munich) [Auto | Running] -- C:\Program Files\cosids\bin\tbmux32.exe -- (COSIDS_TB)
SRV - [2001.10.22 04:20:00 | 000,126,976 | ---- | M] (Rainbow Technologies) [Auto | Stopped] -- C:\Windows\System32\spnsrvnt.exe -- (SuperProServer)
SRV - [1999.03.23 20:07:08 | 000,004,096 | ---- | M] () [Auto | Running] -- C:\Program Files\cosids\Apache Group\Apache\ApchT2kW.exe -- (TIS 2000 Apache Web Server)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS -- (NAVENG)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\BARBIS~1\AppData\Local\Temp\CFcatchme.sys -- (CFcatchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.09.29 11:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011.09.29 11:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2010.02.25 16:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009.04.11 06:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009.02.13 16:50:34 | 004,385,280 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2009.02.13 14:35:30 | 000,093,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2008.12.24 18:30:00 | 000,155,808 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.11.03 12:32:20 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008.09.25 00:37:40 | 003,666,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.09.03 13:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008.01.21 03:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2006.11.02 14:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2001.04.06 08:11:00 | 000,073,216 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SENTINEL.SYS -- (Sentinel)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Font Size = 01 00 00 00  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {42572AB8-BA64-4761-831F-5E68C8202798}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{42572AB8-BA64-4761-831F-5E68C8202798}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW_deDE331
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACPW_deDE331&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..keyword.URL: "hxxp://go.gmx.net/tb/mff_keyurl_search/?su="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Barbi´s Computer\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.21 09:11:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.01 17:52:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.01 17:52:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.01 17:52:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.01 17:52:35 | 000,000,000 | ---D | M]
 
[2011.05.27 18:15:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barbi´s Computer\AppData\Roaming\mozilla\Extensions
[2012.10.23 10:32:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barbi´s Computer\AppData\Roaming\mozilla\Firefox\Profiles\9n85fvyd.default\extensions
[2012.05.05 09:26:06 | 000,000,933 | ---- | M] () -- C:\Users\Barbi´s Computer\AppData\Roaming\mozilla\firefox\profiles\9n85fvyd.default\searchplugins\11-suche.xml
[2012.05.05 09:26:06 | 000,002,419 | ---- | M] () -- C:\Users\Barbi´s Computer\AppData\Roaming\mozilla\firefox\profiles\9n85fvyd.default\searchplugins\englische-ergebnisse.xml
[2012.05.05 09:26:06 | 000,010,525 | ---- | M] () -- C:\Users\Barbi´s Computer\AppData\Roaming\mozilla\firefox\profiles\9n85fvyd.default\searchplugins\gmx-suche.xml
[2012.05.05 09:26:06 | 000,002,457 | ---- | M] () -- C:\Users\Barbi´s Computer\AppData\Roaming\mozilla\firefox\profiles\9n85fvyd.default\searchplugins\lastminute.xml
[2012.05.05 19:58:29 | 000,005,489 | ---- | M] () -- C:\Users\Barbi´s Computer\AppData\Roaming\mozilla\firefox\profiles\9n85fvyd.default\searchplugins\webde-suche.xml
[2012.11.01 17:52:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.12.21 09:11:18 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2009.06.23 19:13:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.11.01 17:52:42 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.17 16:19:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.04 17:51:25 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.17 16:19:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.17 16:19:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.17 16:19:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.17 16:19:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.11.18 11:06:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LXBYCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXBYtime.DLL ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [1&1 EasyLogin] C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG)
O4 - HKCU..\Run: [Epson Stylus SX430(Netzwerk)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIHAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetupMyPC\SmpSys.exe (Acer Incorporated)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://express.foto.com/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C5868CF-96AF-44AC-8BBA-F0BF22641A77}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57B1DCF1-5A6A-4FB2-BCDC-6CA31973F302}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.19 09:36:08 | 000,000,000 | R--D | C] -- C:\Users\Barbi´s Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012.11.19 09:33:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.11.18 14:43:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Barbi´s Computer\Desktop\OTL.exe
[2012.11.18 11:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.18 11:24:50 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.18 11:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.18 11:23:08 | 010,669,952 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Barbi´s Computer\Desktop\mbam-setup-1.65.1.1000(2).exe
[2012.11.18 11:16:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.18 11:06:21 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.11.18 10:56:01 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.11.18 10:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012.11.18 10:26:47 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.11.18 10:17:31 | 005,002,404 | R--- | C] (Swearware) -- C:\Users\Barbi´s Computer\Desktop\ComboFix.exe
[2012.11.17 23:11:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.17 23:11:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.17 23:11:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.17 23:11:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.17 23:10:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.17 14:23:23 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Barbi´s Computer\Desktop\aswMBR.exe
[2012.11.17 14:09:03 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\Barbi´s Computer\Desktop\dds.com
[2012.11.15 10:57:40 | 000,000,000 | ---D | C] -- C:\Users\Barbi´s Computer\AppData\Roaming\Malwarebytes
[2012.11.15 10:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.08 14:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Müller Foto
[2012.11.08 14:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mueller Foto
[2012.11.01 17:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.19 09:36:32 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.11.19 09:35:43 | 000,004,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.19 09:35:43 | 000,004,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.19 09:35:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.19 09:35:33 | 3186,589,696 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.19 09:31:46 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.19 09:31:46 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.19 09:31:46 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.19 09:31:46 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.19 09:29:50 | 000,002,583 | ---- | M] () -- C:\Users\Barbi´s Computer\Desktop\Microsoft Word.lnk
[2012.11.18 22:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.18 14:43:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Barbi´s Computer\Desktop\OTL.exe
[2012.11.18 11:24:51 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.18 11:23:35 | 010,669,952 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Barbi´s Computer\Desktop\mbam-setup-1.65.1.1000(2).exe
[2012.11.18 11:06:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.11.18 10:17:19 | 005,002,404 | R--- | M] (Swearware) -- C:\Users\Barbi´s Computer\Desktop\ComboFix.exe
[2012.11.18 09:03:53 | 000,043,520 | ---- | M] () -- C:\Users\Barbi´s Computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.17 15:46:18 | 000,000,512 | ---- | M] () -- C:\Users\Barbi´s Computer\Desktop\MBR.dat
[2012.11.17 14:23:49 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Barbi´s Computer\Desktop\aswMBR.exe
[2012.11.17 14:20:26 | 000,000,000 | ---- | M] () -- C:\Users\Barbi´s Computer\defogger_reenable
[2012.11.17 14:19:44 | 000,050,477 | ---- | M] () -- C:\Users\Barbi´s Computer\Desktop\Defogger.exe
[2012.11.17 14:09:11 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\Barbi´s Computer\Desktop\dds.com
[2012.11.14 08:25:11 | 001,008,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.08 14:55:23 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
[2012.11.08 14:55:23 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\Müller Foto.lnk
[2012.11.08 10:35:27 | 000,012,862 | ---- | M] () -- C:\Windows\EPISMG00.SWB
[2012.10.31 21:40:30 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.30 19:00:31 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
 
========== Files Created - No Company Name ==========
 
[2012.11.18 11:24:51 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.17 23:11:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.17 23:11:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.17 23:11:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.17 23:11:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.17 23:11:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.17 15:46:18 | 000,000,512 | ---- | C] () -- C:\Users\Barbi´s Computer\Desktop\MBR.dat
[2012.11.17 14:20:26 | 000,000,000 | ---- | C] () -- C:\Users\Barbi´s Computer\defogger_reenable
[2012.11.17 14:19:44 | 000,050,477 | ---- | C] () -- C:\Users\Barbi´s Computer\Desktop\Defogger.exe
[2012.11.08 14:55:23 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\Müller Foto.lnk
[2012.10.30 19:00:31 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012.09.11 16:24:17 | 094,888,858 | ---- | C] () -- C:\Users\Barbi´s Computer\Memory Linus.cpr
[2012.03.31 10:57:52 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011.11.14 10:25:47 | 000,000,680 | ---- | C] () -- C:\Users\Barbi´s Computer\AppData\Local\d3d9caps.dat
[2011.10.11 08:13:48 | 000,256,579 | ---- | C] () -- C:\Users\Barbi´s Computer\Linus1a.mcf
[2011.10.11 08:13:48 | 000,253,346 | ---- | C] () -- C:\Users\Barbi´s Computer\Linus1a.mcf~
[2011.09.29 11:39:08 | 000,170,738 | ---- | C] () -- C:\Users\Barbi´s Computer\Linus1.mcf~
[2011.09.29 11:39:08 | 000,168,659 | ---- | C] () -- C:\Users\Barbi´s Computer\Linus1.mcf
[2011.09.25 11:55:56 | 000,041,062 | ---- | C] () -- C:\Users\Barbi´s Computer\Linus klein.mcf
[2011.09.25 11:55:56 | 000,038,484 | ---- | C] () -- C:\Users\Barbi´s Computer\Linus klein.mcf~
[2011.09.12 12:41:52 | 000,003,899 | ---- | C] () -- C:\Users\Barbi´s Computer\Leinwand Linus.mcf
[2011.09.12 12:41:52 | 000,003,889 | ---- | C] () -- C:\Users\Barbi´s Computer\Leinwand Linus.mcf~
[2011.08.03 13:29:22 | 000,254,970 | ---- | C] () -- C:\Users\Barbi´s Computer\Linus.mcf~
[2011.08.03 13:29:22 | 000,254,970 | ---- | C] () -- C:\Users\Barbi´s Computer\Linus.mcf
[2011.05.27 18:14:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.05.02 13:38:54 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.05.02 13:38:54 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.03.20 20:02:02 | 000,073,216 | ---- | C] () -- C:\Windows\System32\drivers\SENTINEL.SYS
[2011.03.20 20:02:02 | 000,049,152 | ---- | C] () -- C:\Windows\System32\SNTI386.DLL
[2011.03.02 16:30:27 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2011.01.14 14:14:07 | 000,026,112 | ---- | C] () -- C:\Windows\RunUnDrv.exe
[2011.01.14 14:14:07 | 000,006,137 | ---- | C] () -- C:\Windows\System32\E1.ini
[2009.09.19 13:50:07 | 000,000,104 | ---- | C] () -- C:\Users\Barbi´s Computer\Internet - Verknüpfung.lnk
[2009.06.28 17:20:28 | 000,043,520 | ---- | C] () -- C:\Users\Barbi´s Computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.14 13:43:26 | 000,000,166 | ---- | C] () -- C:\Users\Barbi´s Computer\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.06.20 19:45:39 | 000,000,000 | ---D | M] -- C:\Users\Barbi´s Computer\AppData\Roaming\Ad-Aware Antivirus
[2010.05.13 19:05:17 | 000,000,000 | ---D | M] -- C:\Users\Barbi´s Computer\AppData\Roaming\AntiBrowserSpy 2009
[2012.04.24 13:50:58 | 000,000,000 | ---D | M] -- C:\Users\Barbi´s Computer\AppData\Roaming\Epson
[2010.05.18 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\Barbi´s Computer\AppData\Roaming\EurekaLog
[2011.03.03 17:55:50 | 000,000,000 | ---D | M] -- C:\Users\Barbi´s Computer\AppData\Roaming\Lexware
[2010.11.15 20:24:51 | 000,000,000 | ---D | M] -- C:\Users\Barbi´s Computer\AppData\Roaming\Nokia
[2010.07.19 15:29:02 | 000,000,000 | ---D | M] -- C:\Users\Barbi´s Computer\AppData\Roaming\PC Suite
[2009.09.15 19:00:08 | 000,000,000 | ---D | M] -- C:\Users\Barbi´s Computer\AppData\Roaming\Template
[2012.04.06 22:22:01 | 000,000,000 | ---D | M] -- C:\Users\Barbi´s Computer\AppData\Roaming\TuneUp Software
[2010.05.30 18:31:20 | 000,000,000 | ---D | M] -- C:\Users\Barbi´s Computer\AppData\Roaming\Ulead Systems
[2010.05.03 12:50:01 | 000,000,000 | ---D | M] -- C:\Users\Barbi´s Computer\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

M-K-D-B · 19.11.2012, 10:03

Servus,

es ist schwer zu sagen, wie du dir den Schädling eingefangen hast.

Wir machen jetzt zur Kontrolle noch ein paar Suchläufe.

Im nächsten Post bekommst du dann ein paar Tipps mit auf den Weg.

Schritt 1

Starte Malwarebytes' Anti-Malware, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade Dir bitte SecurityCheck

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei von MBAM,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

Linus2011 · 19.11.2012, 15:40

Hallo,
das hat jetzt ewig gedauert. Hab die externe Festplatte angeschlossen u da ist nur uralter Schrott drauf. Benutze die nur noch zum Speichern der Babyvideos. Vielleicht sollte ich die mal leeren ....

Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.19.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Barbi´s Computer :: BARBI´SCOMPU-PC [Administrator]

Schutz: Aktiviert

19.11.2012 10:08:23
mbam-log-2012-11-19 (10-08-23).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 216542
Laufzeit: 7 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6a3eb735b5d9c44bb568e233c0b401a4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-19 02:10:02
# local_time=2012-11-19 03:10:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776573 100 100 4813 190850046 0 0
# compatibility_mode=8192 67108863 100 0 3818 3818 0 0
# scanned=366192
# found=3
# cleaned=0
# scan_time=16883
C:\$RECYCLE.BIN\S-1-5-21-37773925-4015125300-2503883205-1000\$RKA4C23\C_Windows\System32\iashost6.dll a variant of Win32/Ponmocup.FC trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\[4]-Submit_2012-11-18_10.57.23.zip a variant of Win32/Ponmocup.FC trojan (unable to clean) 00000000000000000000000000000000 I
F:\System Volume Information\_restore{5F45B317-0D4E-4BF6-8B4A-596889E2E4AE}\RP1214\A0157580.exe Win32/Adware.BHO.AA application (unable to clean) 00000000000000000000000000000000 I

Results of screen317's Security Check version 0.99.54
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.65.1.1000
CCleaner
Java Servlet Development Kit 2.0
Java 7 Update 9
Adobe Flash Player 11.4.402.287
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (16.0.2)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
system32 FirewallControlPanel.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````