AVG hat Trojaner Generic31.BNQF gefunden

sase · 14.03.2013, 11:05

Hallo!
Ich benötige Hilfe. AVG hat mitgeteilt, dass es den Trojaner Generic31.BNQF gefunden hat und in Quarantäne gestellt hat.
(allerdings schon im Februar, ich dachte bisher so etwas wird "automatisch" angezeigt. Da hab ich wohl die Einstellungen schlecht gewählt.)

Einen anderen Trojaner hat er auch gefunden, aber schon im September 2012!
Da muss ich anschließend ein neues Thema melden, oder?

Als Pfad zu dieser Datei wurde C:\Windows\Installer\a31.c0.msi angegeben.

Ergebnis von OTL.txt:

OTL logfile created on: 14.03.2013 09:19:37 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sandra\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19400)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,96 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 45,04% Memory free
6,13 Gb Paging File | 4,43 Gb Available in Paging File | 72,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 433,53 Gb Total Space | 305,64 Gb Free Space | 70,50% Space Free | Partition Type: NTFS
Drive D: | 32,22 Gb Total Space | 17,55 Gb Free Space | 54,49% Space Free | Partition Type: FAT32

Computer Name: SANDRA-PC | User Name: Sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\Programme\iTunesHelper.exe
PRC - [2013.03.14 09:11:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe
PRC - [2013.02.13 17:06:34 | 001,124,016 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
PRC - [2013.02.13 17:06:34 | 000,965,296 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe
PRC - [2012.11.07 19:54:24 | 002,447,440 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2012.11.07 19:23:46 | 000,073,392 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2012.11.02 19:17:02 | 000,497,320 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2012.11.02 19:16:26 | 000,738,984 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.10.13 16:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2009.12.30 18:52:39 | 000,761,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgscanx.exe
PRC - [2009.09.05 13:03:37 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgemc.exe
PRC - [2009.09.05 13:03:37 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgcsrvx.exe
PRC - [2009.09.05 13:03:37 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgnsx.exe
PRC - [2009.09.05 13:03:37 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgrsx.exe
PRC - [2009.09.05 13:03:36 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgwdsvc.exe
PRC - [2009.08.05 15:08:40 | 000,413,696 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WButton.exe
PRC - [2009.07.29 01:35:56 | 000,450,660 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2009.07.29 01:35:56 | 000,217,178 | ---- | M] (IDT, Inc.) -- c:\Programme\IDT\WDM\stacsv.exe
PRC - [2009.07.07 09:44:44 | 000,343,552 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe
PRC - [2009.06.19 13:25:02 | 000,765,952 | ---- | M] (Sentelic Corporation) -- C:\Programme\FSP\FspUip.exe
PRC - [2009.05.13 16:05:08 | 002,033,544 | ---- | M] (zoneLINK) -- C:\Programme\zoneLINK\SystemUp 2009\Tuning\DefragService.exe
PRC - [2009.04.20 09:27:52 | 001,105,288 | ---- | M] (zoneLINK) -- C:\Programme\zoneLINK\SystemUp 2009\Tuning\SUThemeService.exe
PRC - [2009.04.10 22:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.10 22:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.04.10 15:46:26 | 000,191,488 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe
PRC - [2009.03.05 17:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe
PRC - [2009.03.04 08:27:42 | 000,113,152 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe
PRC - [2009.02.11 16:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.02.11 16:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.08.28 14:03:22 | 000,233,472 | ---- | M] () -- C:\Windows\tsnp2uvc.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2005.09.30 18:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Programme\Canon\CAL\CALMAIN.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe

========== Modules (No Company Name) ==========

MOD - [2013.02.13 17:06:34 | 001,124,016 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
MOD - [2013.02.13 17:06:34 | 000,156,848 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\14.1.7\SiteSafety.dll
MOD - [2009.11.03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009.11.03 15:51:26 | 000,039,712 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\ASL.dll
MOD - [2009.06.18 15:03:34 | 000,053,248 | ---- | M] () -- C:\Programme\FSP\KbdHook.dll
MOD - [2009.06.17 16:17:58 | 000,073,728 | ---- | M] () -- C:\Programme\FSP\FspLib.dll
MOD - [2008.08.28 14:03:22 | 000,233,472 | ---- | M] () -- C:\Windows\tsnp2uvc.exe

Ergebnis von EXTRAS.txt:
OTL Extras logfile created on: 14.03.2013 09:19:37 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sandra\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19400)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,96 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 45,04% Memory free
6,13 Gb Paging File | 4,43 Gb Available in Paging File | 72,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 433,53 Gb Total Space | 305,64 Gb Free Space | 70,50% Space Free | Partition Type: NTFS
Drive D: | 32,22 Gb Total Space | 17,55 Gb Free Space | 54,49% Space Free | Partition Type: FAT32

Computer Name: SANDRA-PC | User Name: Sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{49697FEC-F53E-4EF1-8DCE-0CC5C732A483}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AC55D56C-20F0-4339-A4D6-ADE38D85B02A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3310A557-B625-4445-9057-A1DC37AB12C4}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{419117F4-4C8F-4C81-BB66-BDFC3837606F}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{431F049E-0518-46CB-BB4E-904BFDC37CFB}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{4B4BED74-F82D-4D0E-A2E7-2FE2B2B2C083}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4CCD03F0-3C71-4F29-A0F6-CFD7686D11BA}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{4D563289-8C60-4871-BAF7-D8224274C3AE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{716C32B2-CA3C-4722-86D3-16ED0557B406}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{746C0871-3E09-4FA6-A2B8-226EB0DB4EB2}" = protocol=17 | dir=in | app=c:\program files\itunes.exe |
"{824F3129-2A80-4108-9E29-8628EBE8EF85}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe |
"{90AAD55D-756E-4E48-9799-8A65D408A79E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{90D25502-E496-41E3-B9A5-4A65C44192D7}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{A3F28184-F908-4689-B125-E14DC46D26C6}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{C4161DBD-2732-48E8-8FB9-5F2908A141D6}" = protocol=6 | dir=in | app=c:\program files\itunes.exe |
"{D5C885D9-06CE-473B-9335-39A984CC9B9D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D8A36AD1-6432-4B1E-957B-0C867AAF0A7F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{D9593906-B635-4357-8F4A-7907E19AAB72}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{8F103E60-71BF-4E5A-8C4B-CFE396C49B95}C:\windows\ehome\ehexthost.exe" = protocol=6 | dir=in | app=c:\windows\ehome\ehexthost.exe |
"UDP Query User{E83184A4-E904-42F5-B6D5-25B3A9FCC720}C:\windows\ehome\ehexthost.exe" = protocol=17 | dir=in | app=c:\windows\ehome\ehexthost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"_{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB Video Device
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39FE455F-9478-451B-9420-73C15143DF8E}" = Corel Home Office - IPM
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD32654E-90CF-42F2-8CB3-88DA6F1AA11A}" = ZoneAlarm Security
"{AE9F7747-0350-4E02-B115-6A2C92F5FA54}" = Corel Home Office
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.4
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{E25ED28D-3F3F-4707-8DFA-66CA75FB9329}" = ZoneAlarm Firewall
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger-sensing Pad Driver
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"Abrosoft FantaMorph_is1" = Abrosoft FantaMorph 2.55
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AVG Secure Search" = AVG Security Toolbar
"AVG8Uninstall" = AVG Free 8.5
"Badaboom" = Badaboom 1.2.1.40
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 2.2
"EOS Utility" = Canon Utilities EOS Utility
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar
"zonelink_TUNING_is1" = zoneLINK SystemUp 2009 Tuning
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 20.09.2012 00:57:50 | Computer Name = Sandra-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 20.09.2012 00:57:50 | Computer Name = Sandra-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 20.09.2012 00:57:50 | Computer Name = Sandra-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 20.09.2012 00:57:50 | Computer Name = Sandra-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 20.09.2012 00:57:50 | Computer Name = Sandra-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 20.09.2012 00:57:50 | Computer Name = Sandra-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 20.09.2012 00:58:09 | Computer Name = Sandra-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 22.09.2012 01:25:11 | Computer Name = Sandra-PC | Source = WinMgmt | ID = 10
Description =

Error - 23.09.2012 02:50:55 | Computer Name = Sandra-PC | Source = WinMgmt | ID = 10
Description =

Error - 23.09.2012 13:49:05 | Computer Name = Sandra-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 05.03.2013 13:38:06 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 05.03.2013 13:38:06 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 06.03.2013 16:03:40 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 06.03.2013 16:03:40 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 07.03.2013 13:55:13 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 07.03.2013 14:56:57 | Computer Name = Sandra-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.

Error - 08.03.2013 01:54:05 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 08.03.2013 01:54:05 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 10.03.2013 04:04:42 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 14.03.2013 03:43:10 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7000
Description =

< End of report >

Ergebnis von Gmer.txt:

GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-14 10:42:48
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0003 465,76GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Sandra\AppData\Local\Temp\uwdiqpob.sys

---- System - GMER 2.1 ----

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwAlpcConnectPort [0x918D3E90]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwAlpcCreatePort [0x918D4758]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwConnectPort [0x918D38E6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateFile [0x918CD190]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateKey [0x918EED40]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreatePort [0x918D43F0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateProcess [0x918E8B74]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateProcessEx [0x918E8F9C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateSection [0x918F3542]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateWaitablePort [0x918D454E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDeleteFile [0x918CDEC0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDeleteKey [0x918F0828]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDeleteValueKey [0x918F00DE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDuplicateObject [0x918E7958]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwLoadDriver [0x918C7C76]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwLoadKey [0x918F12B6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwLoadKey2 [0x918F14F4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwLoadKeyEx [0x918F19A6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwMapViewOfSection [0x918F38FE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwOpenFile [0x918CDA78]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwOpenProcess [0x918EB082]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwOpenThread [0x918EAC70]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwProtectVirtualMemory [0x918FFC7A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwRenameKey [0x918F237C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwReplaceKey [0x918F1C70]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwRequestWaitReplyPort [0x918D348E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwRestoreKey [0x918F2DDC]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSecureConnectPort [0x918D3BB2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetInformationFile [0x918CE2CA]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetInformationObject [0x918FFB3E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetSecurityObject [0x918F2904]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetSystemInformation [0x918C7340]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetValueKey [0x918EF802]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSystemDebugControl [0x918E9C98]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwTerminateProcess [0x918E99C8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwUnloadDriver [0x918C80C8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateUserProcess [0x918E9410]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!KeSetEvent + 13D 824F3800 8 Bytes [90, 3E, 8D, 91, 58, 47, 8D, ...] {NOP ; LEA EDX, [ECX-0x6e72b8a8]}
.text ntkrnlpa.exe!KeSetEvent + 1C1 824F3884 4 Bytes [E6, 38, 8D, 91]
.text ntkrnlpa.exe!KeSetEvent + 1D9 824F389C 4 Bytes [90, D1, 8C, 91]
.text ntkrnlpa.exe!KeSetEvent + 1E9 824F38AC 4 Bytes [40, ED, 8E, 91]
.text ntkrnlpa.exe!KeSetEvent + 205 824F38C8 12 Bytes [F0, 43, 8D, 91, 74, 8B, 8E, ...]
.text ...

---- User code sections - GMER 2.1 ----

.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[536] USER32.dll!IsWindowUnicode + 37 76E190B5 5 Bytes JMP 20CB9266 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015affc33fc
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0015affc33fc (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0xFD 0x51 0x45 0xFC ...

---- EOF - GMER 2.1 ----

Vielen herzlichen Dank im Voraus!

(ich benutze den PC übrigens zum Online-Banking)

Sase

cosinus · 15.03.2013, 20:32

Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten

MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

sase · 16.03.2013, 18:16

Hallo Cosinus,
vielen Dank, dass du mir hilfst.

Hier das Ergebnis von mbar:

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.16.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19401
Sandra :: SANDRA-PC [administrator]

16.03.2013 09:57:19
mbar-log-2013-03-16 (09-57-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29554
Time elapsed: 35 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Hier das von aswMBR:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-16 17:12:56
-----------------------------
17:12:56.307 OS Version: Windows 6.0.6002 Service Pack 2
17:12:56.307 Number of processors: 2 586 0x170A
17:12:56.307 ComputerName: SANDRA-PC UserName: Sandra
17:13:02.411 Initialize success
17:15:57.939 AVAST engine defs: 13031600
17:18:54.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:18:54.250 Disk 0 Vendor: ST950032 0003 Size: 476940MB BusType: 3
17:18:54.266 Disk 0 MBR read successfully
17:18:54.266 Disk 0 MBR scan
17:18:54.281 Disk 0 Windows VISTA default MBR code
17:18:54.297 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 443938 MB offset 2048
17:18:54.328 Disk 0 Partition 2 00 0C FAT32 LBA MSWIN4.1 33000 MB offset 909187072
17:18:54.344 Disk 0 scanning sectors +976771072
17:18:54.484 Disk 0 scanning C:\Windows\system32\drivers
17:19:12.174 Service scanning
17:19:56.042 Modules scanning
17:20:08.210 Disk 0 trace - called modules:
17:20:08.350 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:20:08.943 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86af1ac8]
17:20:08.958 3 CLASSPNP.SYS[8aba08b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x858f6028]
17:20:12.515 AVAST engine scan C:\Windows
17:20:28.146 AVAST engine scan C:\Windows\system32
17:29:41.088 AVAST engine scan C:\Windows\system32\drivers
17:30:26.463 AVAST engine scan C:\Users\Sandra
17:45:32.048 AVAST engine scan C:\ProgramData
17:49:40.182 Scan finished successfully
17:51:07.776 Disk 0 MBR has been saved successfully to "C:\Users\Sandra\Desktop\MBR.dat"
17:51:07.776 The log file has been saved successfully to "C:\Users\Sandra\Desktop\aswMBR.txt"

Und hier der TDssKiller-log:

17:55:10.0576 5616 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:55:11.0466 5616 ============================================================
17:55:11.0466 5616 Current date / time: 2013/03/16 17:55:11.0466
17:55:11.0466 5616 SystemInfo:
17:55:11.0466 5616
17:55:11.0466 5616 OS Version: 6.0.6002 ServicePack: 2.0
17:55:11.0466 5616 Product type: Workstation
17:55:11.0466 5616 ComputerName: SANDRA-PC
17:55:11.0470 5616 UserName: Sandra
17:55:11.0470 5616 Windows directory: C:\Windows
17:55:11.0470 5616 System windows directory: C:\Windows
17:55:11.0470 5616 Processor architecture: Intel x86
17:55:11.0470 5616 Number of processors: 2
17:55:11.0470 5616 Page size: 0x1000
17:55:11.0470 5616 Boot type: Normal boot
17:55:11.0470 5616 ============================================================
17:55:12.0827 5616 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:55:12.0847 5616 ============================================================
17:55:12.0847 5616 \Device\Harddisk0\DR0:
17:55:12.0847 5616 MBR partitions:
17:55:12.0847 5616 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x36311000
17:55:12.0847 5616 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x36311800, BlocksNum 0x4074000
17:55:12.0847 5616 ============================================================
17:55:12.0877 5616 C: <-> \Device\Harddisk0\DR0\Partition1
17:55:12.0907 5616 D: <-> \Device\Harddisk0\DR0\Partition2
17:55:12.0907 5616 ============================================================
17:55:12.0907 5616 Initialize success
17:55:12.0907 5616 ============================================================
17:55:59.0997 4796 ============================================================
17:55:59.0997 4796 Scan started
17:55:59.0997 4796 Mode: Manual; SigCheck; TDLFS;
17:55:59.0997 4796 ============================================================
17:56:01.0157 4796 ================ Scan system memory ========================
17:56:01.0157 4796 System memory - ok
17:56:01.0157 4796 ================ Scan services =============================
17:56:01.0437 4796 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
17:56:01.0637 4796 ACPI - ok
17:56:01.0737 4796 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:56:01.0767 4796 AdobeARMservice - ok
17:56:01.0817 4796 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:56:01.0887 4796 adp94xx - ok
17:56:01.0927 4796 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:56:01.0987 4796 adpahci - ok
17:56:02.0027 4796 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
17:56:02.0077 4796 adpu160m - ok
17:56:02.0097 4796 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:56:02.0147 4796 adpu320 - ok
17:56:02.0187 4796 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:56:02.0357 4796 AeLookupSvc - ok
17:56:02.0417 4796 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
17:56:02.0547 4796 AFD - ok
17:56:02.0607 4796 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:56:02.0627 4796 agp440 - ok
17:56:02.0677 4796 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
17:56:02.0727 4796 aic78xx - ok
17:56:02.0767 4796 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
17:56:02.0987 4796 ALG - ok
17:56:03.0037 4796 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
17:56:03.0077 4796 aliide - ok
17:56:03.0107 4796 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
17:56:03.0147 4796 amdagp - ok
17:56:03.0157 4796 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
17:56:03.0197 4796 amdide - ok
17:56:03.0207 4796 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
17:56:03.0327 4796 AmdK7 - ok
17:56:03.0337 4796 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:56:03.0437 4796 AmdK8 - ok
17:56:03.0527 4796 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
17:56:03.0577 4796 Appinfo - ok
17:56:03.0647 4796 [ 557F35D1CA42AEA14A6690E21887A31F ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
17:56:03.0667 4796 Apple Mobile Device - ok
17:56:03.0727 4796 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
17:56:03.0767 4796 arc - ok
17:56:03.0817 4796 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:56:03.0857 4796 arcsas - ok
17:56:03.0877 4796 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:56:03.0967 4796 AsyncMac - ok
17:56:04.0017 4796 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
17:56:04.0047 4796 atapi - ok
17:56:04.0137 4796 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:56:04.0217 4796 AudioEndpointBuilder - ok
17:56:04.0237 4796 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:56:04.0287 4796 Audiosrv - ok
17:56:04.0417 4796 [ D45B7995761253A92AB071D576114F28 ] AVG Security Toolbar Service C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe
17:56:04.0587 4796 AVG Security Toolbar Service - ok
17:56:04.0647 4796 [ B9AE3C63A53396CD669EF8AE9C9CBD85 ] avg8emc C:\PROGRA~1\AVG\AVG8\avgemc.exe
17:56:04.0777 4796 avg8emc - ok
17:56:04.0847 4796 [ DB338A6BD3976904EB0F8343F51E64EB ] avg8wd C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
17:56:04.0887 4796 avg8wd - ok
17:56:04.0917 4796 [ BC12F2404BB6F2B6B2FF3C4C246CB752 ] AvgLdx86 C:\Windows\System32\Drivers\avgldx86.sys
17:56:05.0047 4796 AvgLdx86 - ok
17:56:05.0087 4796 [ 5903D729D4F0C5BCA74123C96A1B29E0 ] AvgMfx86 C:\Windows\System32\Drivers\avgmfx86.sys
17:56:05.0127 4796 AvgMfx86 - ok
17:56:05.0177 4796 [ 92D8E1E8502E649B60E70074EB29C380 ] AvgTdiX C:\Windows\System32\Drivers\avgtdix.sys
17:56:05.0217 4796 AvgTdiX - ok
17:56:05.0257 4796 [ F3D2D8D48E3B0CA83D70A420240E509B ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
17:56:05.0297 4796 avgtp - ok
17:56:05.0467 4796 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
17:56:05.0567 4796 BBSvc - ok
17:56:05.0647 4796 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
17:56:05.0697 4796 BBUpdate - ok
17:56:05.0757 4796 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
17:56:05.0847 4796 Beep - ok
17:56:05.0907 4796 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
17:56:05.0967 4796 BFE - ok
17:56:06.0047 4796 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
17:56:06.0197 4796 BITS - ok
17:56:06.0227 4796 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
17:56:06.0327 4796 blbdrive - ok
17:56:06.0377 4796 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:56:06.0407 4796 Bonjour Service - ok
17:56:06.0447 4796 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:56:06.0527 4796 bowser - ok
17:56:06.0597 4796 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
17:56:06.0667 4796 BrFiltLo - ok
17:56:06.0677 4796 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
17:56:06.0737 4796 BrFiltUp - ok
17:56:06.0767 4796 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
17:56:06.0827 4796 Browser - ok
17:56:06.0907 4796 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
17:56:07.0217 4796 Brserid - ok
17:56:07.0297 4796 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
17:56:07.0417 4796 BrSerWdm - ok
17:56:07.0427 4796 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
17:56:07.0577 4796 BrUsbMdm - ok
17:56:07.0587 4796 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
17:56:07.0707 4796 BrUsbSer - ok
17:56:07.0777 4796 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
17:56:07.0817 4796 BthEnum - ok
17:56:07.0867 4796 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:56:07.0977 4796 BTHMODEM - ok
17:56:08.0047 4796 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:56:08.0117 4796 BthPan - ok
17:56:08.0187 4796 [ 5A3ABAA2F8EECE7AEFB942773766E3DB ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
17:56:08.0337 4796 BTHPORT - ok
17:56:08.0387 4796 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
17:56:08.0457 4796 BthServ - ok
17:56:08.0497 4796 [ 94E2941280E3756A5E0BCB467865C43A ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
17:56:08.0567 4796 BTHUSB - ok
17:56:08.0627 4796 [ 5753532C476B83119D85AA43B1B10AB3 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
17:56:08.0637 4796 CCALib8 ( UnsignedFile.Multi.Generic ) - warning
17:56:08.0647 4796 CCALib8 - detected UnsignedFile.Multi.Generic (1)
17:56:08.0697 4796 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:56:08.0777 4796 cdfs - ok
17:56:08.0827 4796 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:56:08.0887 4796 cdrom - ok
17:56:09.0007 4796 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
17:56:09.0097 4796 CertPropSvc - ok
17:56:09.0157 4796 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
17:56:09.0317 4796 circlass - ok
17:56:09.0357 4796 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
17:56:09.0417 4796 CLFS - ok
17:56:09.0487 4796 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:56:09.0547 4796 clr_optimization_v2.0.50727_32 - ok
17:56:09.0597 4796 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:56:09.0677 4796 CmBatt - ok
17:56:09.0707 4796 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:56:09.0747 4796 cmdide - ok
17:56:09.0777 4796 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:56:09.0807 4796 Compbatt - ok
17:56:09.0827 4796 COMSysApp - ok
17:56:09.0837 4796 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:56:09.0877 4796 crcdisk - ok
17:56:09.0907 4796 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
17:56:10.0007 4796 Crusoe - ok
17:56:10.0087 4796 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:56:10.0147 4796 CryptSvc - ok
17:56:10.0227 4796 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:56:10.0307 4796 DcomLaunch - ok
17:56:10.0387 4796 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:56:10.0477 4796 DfsC - ok
17:56:10.0627 4796 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
17:56:10.0877 4796 DFSR - ok
17:56:10.0977 4796 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
17:56:11.0087 4796 Dhcp - ok
17:56:11.0147 4796 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
17:56:11.0197 4796 disk - ok
17:56:11.0257 4796 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:56:11.0367 4796 Dnscache - ok
17:56:11.0427 4796 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:56:11.0507 4796 dot3svc - ok
17:56:11.0547 4796 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
17:56:11.0617 4796 DPS - ok
17:56:11.0667 4796 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:56:11.0737 4796 drmkaud - ok
17:56:11.0787 4796 [ FB85F7F69E9B109820409243F578CC4D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:56:11.0937 4796 DXGKrnl - ok
17:56:11.0977 4796 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
17:56:12.0087 4796 E1G60 - ok
17:56:12.0127 4796 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
17:56:12.0187 4796 EapHost - ok
17:56:12.0247 4796 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
17:56:12.0297 4796 Ecache - ok
17:56:12.0377 4796 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:56:12.0437 4796 ehRecvr - ok
17:56:12.0487 4796 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
17:56:12.0547 4796 ehSched - ok
17:56:12.0577 4796 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
17:56:12.0637 4796 ehstart - ok
17:56:12.0677 4796 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:56:12.0737 4796 elxstor - ok
17:56:12.0797 4796 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
17:56:12.0907 4796 EMDMgmt - ok
17:56:12.0977 4796 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:56:13.0047 4796 ErrDev - ok
17:56:13.0107 4796 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
17:56:13.0257 4796 EventSystem - ok
17:56:13.0327 4796 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
17:56:13.0427 4796 exfat - ok
17:56:13.0497 4796 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:56:13.0607 4796 fastfat - ok
17:56:13.0687 4796 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:56:13.0807 4796 fdc - ok
17:56:13.0847 4796 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
17:56:13.0897 4796 fdPHost - ok
17:56:13.0917 4796 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
17:56:14.0047 4796 FDResPub - ok
17:56:14.0147 4796 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:56:14.0177 4796 FileInfo - ok
17:56:14.0217 4796 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:56:14.0327 4796 Filetrace - ok
17:56:14.0337 4796 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:56:14.0417 4796 flpydisk - ok
17:56:14.0467 4796 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:56:14.0557 4796 FltMgr - ok
17:56:14.0637 4796 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:56:14.0677 4796 FontCache3.0.0.0 - ok
17:56:14.0727 4796 [ 4875E6384310E3AAFB9847312EDB0CFF ] fspad_wlh32 C:\Windows\system32\DRIVERS\fspad_wlh32.sys
17:56:14.0817 4796 fspad_wlh32 - ok
17:56:14.0857 4796 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:56:14.0947 4796 Fs_Rec - ok
17:56:14.0997 4796 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:56:15.0037 4796 gagp30kx - ok
17:56:15.0117 4796 [ F2F431D1573EE632975C524418655B84 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:56:15.0217 4796 GEARAspiWDM - ok
17:56:15.0257 4796 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
17:56:15.0377 4796 gpsvc - ok
17:56:15.0467 4796 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:56:15.0537 4796 HdAudAddService - ok
17:56:15.0597 4796 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:56:15.0727 4796 HDAudBus - ok
17:56:15.0757 4796 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:56:15.0857 4796 HidBth - ok
17:56:15.0887 4796 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
17:56:16.0047 4796 HidIr - ok
17:56:16.0077 4796 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
17:56:16.0137 4796 hidserv - ok
17:56:16.0167 4796 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:56:16.0227 4796 HidUsb - ok
17:56:16.0257 4796 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:56:16.0337 4796 hkmsvc - ok
17:56:16.0367 4796 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
17:56:16.0417 4796 HpCISSs - ok
17:56:16.0477 4796 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:56:16.0697 4796 HTTP - ok
17:56:16.0787 4796 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
17:56:16.0837 4796 i2omp - ok
17:56:16.0887 4796 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:56:17.0007 4796 i8042prt - ok
17:56:17.0107 4796 [ 52E8A3CC8269ADB27D25182284C5E650 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
17:56:17.0147 4796 IAANTMON - ok
17:56:17.0197 4796 [ 71ECC07BC7C5E24C3DD01D8A29A24054 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
17:56:17.0247 4796 iaStor - ok
17:56:17.0287 4796 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
17:56:17.0347 4796 iaStorV - ok
17:56:17.0427 4796 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:56:17.0597 4796 idsvc - ok
17:56:17.0697 4796 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:56:17.0737 4796 iirsp - ok
17:56:17.0777 4796 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
17:56:17.0907 4796 IKEEXT - ok
17:56:17.0957 4796 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
17:56:17.0987 4796 intelide - ok
17:56:18.0037 4796 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:56:18.0107 4796 intelppm - ok
17:56:18.0137 4796 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:56:18.0217 4796 IPBusEnum - ok
17:56:18.0247 4796 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:56:18.0367 4796 IpFilterDriver - ok
17:56:18.0427 4796 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:56:18.0547 4796 iphlpsvc - ok
17:56:18.0557 4796 IpInIp - ok
17:56:18.0617 4796 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
17:56:18.0717 4796 IPMIDRV - ok
17:56:18.0727 4796 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
17:56:18.0797 4796 IPNAT - ok
17:56:18.0877 4796 [ E8E568EA584973DFD99AAC7D00A16287 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:56:18.0937 4796 iPod Service - ok
17:56:18.0957 4796 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:56:19.0027 4796 IRENUM - ok
17:56:19.0067 4796 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:56:19.0107 4796 isapnp - ok
17:56:19.0157 4796 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:56:19.0227 4796 iScsiPrt - ok
17:56:19.0337 4796 [ 33112D12B95BD1DE18AF409D865DF10C ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
17:56:19.0377 4796 ISWKL - ok
17:56:19.0437 4796 [ CFF1CD2C1CC8F5271967AA268982E878 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
17:56:19.0477 4796 IswSvc - ok
17:56:19.0537 4796 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
17:56:19.0577 4796 iteatapi - ok
17:56:19.0607 4796 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
17:56:19.0637 4796 iteraid - ok
17:56:19.0677 4796 [ 9EFE54794B3A94E93DA50703692E011E ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
17:56:19.0777 4796 JMCR - ok
17:56:19.0797 4796 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:56:19.0847 4796 kbdclass - ok
17:56:19.0877 4796 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:56:19.0937 4796 kbdhid - ok
17:56:19.0987 4796 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
17:56:20.0047 4796 KeyIso - ok
17:56:20.0097 4796 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:56:20.0242 4796 KSecDD - ok
17:56:20.0292 4796 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
17:56:20.0377 4796 KtmRm - ok
17:56:20.0437 4796 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
17:56:20.0517 4796 LanmanServer - ok
17:56:20.0552 4796 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:56:20.0632 4796 LanmanWorkstation - ok
17:56:20.0697 4796 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:56:20.0782 4796 lltdio - ok
17:56:20.0842 4796 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:56:20.0957 4796 lltdsvc - ok
17:56:20.0987 4796 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:56:21.0107 4796 lmhosts - ok
17:56:21.0197 4796 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:56:21.0272 4796 LSI_FC - ok
17:56:21.0287 4796 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:56:21.0332 4796 LSI_SAS - ok
17:56:21.0347 4796 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:56:21.0377 4796 LSI_SCSI - ok
17:56:21.0402 4796 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
17:56:21.0477 4796 luafv - ok
17:56:21.0532 4796 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:56:21.0612 4796 Mcx2Svc - ok
17:56:21.0667 4796 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
17:56:21.0722 4796 megasas - ok
17:56:21.0787 4796 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
17:56:21.0837 4796 MegaSR - ok
17:56:21.0912 4796 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
17:56:21.0987 4796 MMCSS - ok
17:56:22.0032 4796 [ 47DA077CB3735AE65D83BF2AD22E5C01 ] mod7700 C:\Windows\system32\DRIVERS\mod7700.sys
17:56:22.0187 4796 mod7700 - ok
17:56:22.0222 4796 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
17:56:22.0302 4796 Modem - ok
17:56:22.0337 4796 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:56:22.0432 4796 monitor - ok
17:56:22.0477 4796 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:56:22.0537 4796 mouclass - ok
17:56:22.0587 4796 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:56:22.0667 4796 mouhid - ok
17:56:22.0707 4796 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
17:56:22.0742 4796 MountMgr - ok
17:56:22.0837 4796 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:56:22.0867 4796 MozillaMaintenance - ok
17:56:22.0967 4796 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
17:56:23.0007 4796 mpio - ok
17:56:23.0027 4796 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:56:23.0087 4796 mpsdrv - ok
17:56:23.0157 4796 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
17:56:23.0312 4796 MpsSvc - ok
17:56:23.0342 4796 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
17:56:23.0437 4796 Mraid35x - ok
17:56:23.0477 4796 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:56:23.0552 4796 MRxDAV - ok
17:56:23.0587 4796 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:56:23.0667 4796 mrxsmb - ok
17:56:23.0727 4796 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:56:23.0797 4796 mrxsmb10 - ok
17:56:23.0847 4796 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:56:23.0942 4796 mrxsmb20 - ok
17:56:24.0002 4796 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
17:56:24.0042 4796 msahci - ok
17:56:24.0127 4796 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:56:24.0197 4796 msdsm - ok
17:56:24.0237 4796 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
17:56:24.0352 4796 MSDTC - ok
17:56:24.0387 4796 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:56:24.0467 4796 Msfs - ok
17:56:24.0527 4796 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:56:24.0557 4796 msisadrv - ok
17:56:24.0592 4796 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:56:24.0697 4796 MSiSCSI - ok
17:56:24.0712 4796 msiserver - ok
17:56:24.0752 4796 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:56:24.0872 4796 MSKSSRV - ok
17:56:24.0882 4796 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:56:24.0957 4796 MSPCLOCK - ok
17:56:24.0977 4796 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:56:25.0072 4796 MSPQM - ok
17:56:25.0117 4796 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:56:25.0187 4796 MsRPC - ok
17:56:25.0207 4796 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:56:25.0232 4796 mssmbios - ok
17:56:25.0272 4796 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:56:25.0382 4796 MSTEE - ok
17:56:25.0437 4796 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
17:56:25.0507 4796 Mup - ok
17:56:25.0557 4796 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
17:56:25.0632 4796 napagent - ok
17:56:25.0712 4796 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:56:25.0847 4796 NativeWifiP - ok
17:56:25.0912 4796 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:56:25.0997 4796 NDIS - ok
17:56:26.0047 4796 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:56:26.0112 4796 NdisTapi - ok
17:56:26.0167 4796 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:56:26.0247 4796 Ndisuio - ok
17:56:26.0292 4796 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:56:26.0377 4796 NdisWan - ok
17:56:26.0397 4796 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:56:26.0452 4796 NDProxy - ok
17:56:26.0612 4796 [ 40D7D0A208EE863BCA8D89E299216F15 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
17:56:26.0682 4796 Nero BackItUp Scheduler 3 - ok
17:56:26.0727 4796 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:56:26.0837 4796 NetBIOS - ok
17:56:26.0882 4796 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
17:56:26.0957 4796 netbt - ok
17:56:27.0002 4796 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
17:56:27.0037 4796 Netlogon - ok
17:56:27.0097 4796 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
17:56:27.0187 4796 Netman - ok
17:56:27.0257 4796 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
17:56:27.0362 4796 netprofm - ok
17:56:27.0407 4796 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:56:27.0467 4796 NetTcpPortSharing - ok
17:56:27.0512 4796 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:56:27.0547 4796 nfrd960 - ok
17:56:27.0597 4796 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:56:27.0662 4796 NlaSvc - ok
17:56:27.0737 4796 [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
17:56:28.0472 4796 NMIndexingService - ok
17:56:28.0507 4796 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:56:28.0592 4796 Npfs - ok
17:56:28.0672 4796 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
17:56:28.0762 4796 nsi - ok
17:56:28.0812 4796 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:56:28.0882 4796 nsiproxy - ok
17:56:28.0977 4796 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:56:29.0072 4796 Ntfs - ok
17:56:29.0127 4796 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
17:56:29.0262 4796 ntrigdigi - ok
17:56:29.0312 4796 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
17:56:29.0392 4796 Null - ok
17:56:29.0447 4796 [ D2F4C4B22969236382CA853B8DAA2D4E ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
17:56:29.0487 4796 NVHDA - ok
17:56:30.0022 4796 [ 5CE5B23855262ACABAECCE156F48DD88 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:56:33.0662 4796 nvlddmkm - ok
17:56:33.0872 4796 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:56:33.0917 4796 nvraid - ok
17:56:33.0977 4796 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:56:34.0017 4796 nvstor - ok
17:56:34.0087 4796 [ 6DF4CC671CD9704840C5522627F3ED43 ] nvsvc C:\Windows\system32\nvvsvc.exe
17:56:34.0122 4796 nvsvc - ok
17:56:34.0167 4796 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:56:34.0227 4796 nv_agp - ok
17:56:34.0242 4796 NwlnkFlt - ok
17:56:34.0262 4796 NwlnkFwd - ok
17:56:34.0357 4796 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:56:34.0462 4796 odserv - ok
17:56:34.0497 4796 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:56:34.0622 4796 ohci1394 - ok
17:56:34.0742 4796 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:56:34.0872 4796 ose - ok
17:56:34.0932 4796 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
17:56:35.0097 4796 p2pimsvc - ok
17:56:35.0117 4796 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
17:56:35.0162 4796 p2psvc - ok
17:56:35.0197 4796 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
17:56:35.0337 4796 Parport - ok
17:56:35.0372 4796 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:56:35.0412 4796 partmgr - ok
17:56:35.0437 4796 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
17:56:35.0612 4796 Parvdm - ok
17:56:35.0642 4796 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
17:56:35.0742 4796 PcaSvc - ok
17:56:35.0832 4796 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
17:56:35.0882 4796 pci - ok
17:56:35.0917 4796 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
17:56:35.0972 4796 pciide - ok
17:56:35.0992 4796 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:56:36.0047 4796 pcmcia - ok
17:56:36.0097 4796 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:56:36.0267 4796 PEAUTH - ok
17:56:36.0342 4796 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
17:56:36.0552 4796 pla - ok
17:56:36.0617 4796 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
17:56:36.0637 4796 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
17:56:36.0637 4796 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
17:56:36.0672 4796 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:56:36.0757 4796 PlugPlay - ok
17:56:36.0807 4796 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
17:56:36.0897 4796 PNRPAutoReg - ok
17:56:36.0947 4796 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
17:56:36.0992 4796 PNRPsvc - ok
17:56:37.0042 4796 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:56:37.0107 4796 PolicyAgent - ok
17:56:37.0177 4796 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:56:37.0257 4796 PptpMiniport - ok
17:56:37.0272 4796 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
17:56:37.0337 4796 Processor - ok
17:56:37.0352 4796 Profos - ok
17:56:37.0387 4796 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
17:56:37.0427 4796 ProfSvc - ok
17:56:37.0447 4796 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
17:56:37.0472 4796 ProtectedStorage - ok
17:56:37.0522 4796 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\system32\PSIService.exe
17:56:37.0557 4796 ProtexisLicensing - ok
17:56:37.0592 4796 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
17:56:37.0677 4796 PSched - ok
17:56:37.0762 4796 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
17:56:37.0787 4796 PSI_SVC_2 - ok
17:56:37.0862 4796 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:56:37.0952 4796 ql2300 - ok
17:56:37.0992 4796 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:56:38.0052 4796 ql40xx - ok
17:56:38.0087 4796 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
17:56:38.0132 4796 QWAVE - ok
17:56:38.0177 4796 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:56:38.0227 4796 QWAVEdrv - ok
17:56:38.0252 4796 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:56:38.0337 4796 RasAcd - ok
17:56:38.0387 4796 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
17:56:38.0472 4796 RasAuto - ok
17:56:38.0497 4796 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:56:38.0572 4796 Rasl2tp - ok
17:56:38.0617 4796 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
17:56:38.0677 4796 RasMan - ok
17:56:38.0722 4796 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:56:38.0802 4796 RasPppoe - ok
17:56:38.0827 4796 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:56:38.0877 4796 RasSstp - ok
17:56:38.0902 4796 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:56:38.0957 4796 rdbss - ok
17:56:38.0982 4796 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:56:39.0087 4796 RDPCDD - ok
17:56:39.0127 4796 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
17:56:39.0212 4796 rdpdr - ok
17:56:39.0282 4796 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:56:39.0392 4796 RDPENCDD - ok
17:56:39.0447 4796 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:56:39.0532 4796 RDPWD - ok
17:56:39.0582 4796 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:56:39.0637 4796 RemoteAccess - ok
17:56:39.0677 4796 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:56:39.0807 4796 RemoteRegistry - ok
17:56:39.0952 4796 [ F85AE59A52885F4B09AADAFB23001A3B ] Rezip C:\Windows\SYSTEM32\Rezip.exe
17:56:39.0992 4796 Rezip ( UnsignedFile.Multi.Generic ) - warning
17:56:39.0992 4796 Rezip - detected UnsignedFile.Multi.Generic (1)
17:56:40.0022 4796 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
17:56:40.0102 4796 RFCOMM - ok
17:56:40.0177 4796 [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo C:\Program Files\Cyberlink\Shared files\RichVideo.exe
17:56:40.0212 4796 RichVideo - ok
17:56:40.0242 4796 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
17:56:40.0307 4796 RpcLocator - ok
17:56:40.0362 4796 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
17:56:40.0462 4796 RpcSs - ok
17:56:40.0527 4796 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:56:40.0587 4796 rspndr - ok
17:56:40.0642 4796 [ 9FF72982F8C3945FB1BC10A6246B9B97 ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
17:56:40.0737 4796 rtl8192se - ok
17:56:40.0797 4796 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
17:56:40.0822 4796 SamSs - ok
17:56:40.0847 4796 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:56:40.0912 4796 sbp2port - ok
17:56:40.0962 4796 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:56:41.0027 4796 SCardSvr - ok
17:56:41.0117 4796 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
17:56:41.0252 4796 Schedule - ok
17:56:41.0267 4796 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:56:41.0317 4796 SCPolicySvc - ok
17:56:41.0347 4796 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
17:56:41.0452 4796 sdbus - ok
17:56:41.0472 4796 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:56:41.0597 4796 SDRSVC - ok
17:56:41.0682 4796 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:56:41.0827 4796 secdrv - ok
17:56:41.0892 4796 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
17:56:41.0972 4796 seclogon - ok
17:56:42.0012 4796 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
17:56:42.0092 4796 SENS - ok
17:56:42.0147 4796 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
17:56:42.0267 4796 Serenum - ok
17:56:42.0282 4796 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
17:56:42.0557 4796 Serial - ok
17:56:42.0787 4796 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:56:42.0897 4796 sermouse - ok
17:56:42.0982 4796 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
17:56:43.0032 4796 SessionEnv - ok
17:56:43.0047 4796 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:56:43.0137 4796 sffdisk - ok
17:56:43.0147 4796 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:56:43.0227 4796 sffp_mmc - ok
17:56:43.0242 4796 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:56:43.0312 4796 sffp_sd - ok
17:56:43.0332 4796 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:56:43.0522 4796 sfloppy - ok
17:56:43.0592 4796 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:56:43.0707 4796 SharedAccess - ok
17:56:43.0737 4796 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:56:43.0807 4796 ShellHWDetection - ok
17:56:43.0862 4796 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
17:56:43.0902 4796 sisagp - ok
17:56:43.0952 4796 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
17:56:44.0002 4796 SiSRaid2 - ok
17:56:44.0017 4796 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:56:44.0102 4796 SiSRaid4 - ok
17:56:44.0292 4796 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
17:56:44.0622 4796 slsvc - ok
17:56:44.0682 4796 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
17:56:44.0767 4796 SLUINotify - ok
17:56:44.0807 4796 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:56:44.0917 4796 Smb - ok
17:56:44.0947 4796 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:56:44.0982 4796 SNMPTRAP - ok
17:56:45.0062 4796 [ 82E3315B1B3E76B9A9643F987ED3AE5C ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
17:56:45.0327 4796 SNP2UVC - ok
17:56:45.0387 4796 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
17:56:45.0417 4796 spldr - ok
17:56:45.0467 4796 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
17:56:45.0577 4796 Spooler - ok
17:56:45.0617 4796 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:56:45.0692 4796 srv - ok
17:56:45.0762 4796 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:56:45.0842 4796 srv2 - ok
17:56:45.0907 4796 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:56:45.0982 4796 srvnet - ok
17:56:46.0087 4796 [ 06A13FCF558BF181C6EF1A3DFD6D3172 ] srvSUThemeService C:\Program Files\zoneLINK\SystemUp 2009\Tuning\SUThemeService.exe
17:56:46.0222 4796 srvSUThemeService - ok
17:56:46.0287 4796 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:56:46.0372 4796 SSDPSRV - ok
17:56:46.0452 4796 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:56:46.0547 4796 SstpSvc - ok
17:56:46.0632 4796 [ 2EF99F5129D4A89480DFDF24332A0CA9 ] STacSV c:\program files\idt\wdm\STacSV.exe
17:56:46.0692 4796 STacSV - ok
17:56:46.0737 4796 [ 1475633F01CB13102B55C059287CBAC8 ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
17:56:46.0862 4796 STHDA - ok
17:56:46.0947 4796 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
17:56:47.0047 4796 stisvc - ok
17:56:47.0087 4796 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:56:47.0152 4796 swenum - ok
17:56:47.0187 4796 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
17:56:47.0312 4796 swprv - ok
17:56:47.0342 4796 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
17:56:47.0387 4796 Symc8xx - ok
17:56:47.0412 4796 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
17:56:47.0452 4796 Sym_hi - ok
17:56:47.0462 4796 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
17:56:47.0512 4796 Sym_u3 - ok
17:56:47.0557 4796 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
17:56:47.0672 4796 SysMain - ok
17:56:47.0697 4796 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:56:47.0792 4796 TabletInputService - ok
17:56:47.0812 4796 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:56:47.0877 4796 TapiSrv - ok
17:56:47.0917 4796 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
17:56:48.0007 4796 TBS - ok
17:56:48.0087 4796 [ 3535CD93F944C00F098E73E12EE7FEB6 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:56:48.0507 4796 Tcpip - ok
17:56:48.0637 4796 [ 3535CD93F944C00F098E73E12EE7FEB6 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
17:56:48.0717 4796 Tcpip6 - ok
17:56:48.0782 4796 [ CD21572F83F7EC6E2C20C465967BEDD9 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:56:48.0922 4796 tcpipreg - ok
17:56:48.0977 4796 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:56:49.0117 4796 TDPIPE - ok
17:56:49.0132 4796 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:56:49.0227 4796 TDTCP - ok
17:56:49.0272 4796 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:56:49.0447 4796 tdx - ok
17:56:49.0517 4796 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:56:49.0582 4796 TermDD - ok
17:56:49.0662 4796 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
17:56:49.0842 4796 TermService - ok
17:56:49.0892 4796 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
17:56:50.0067 4796 Themes - ok
17:56:50.0112 4796 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
17:56:50.0167 4796 THREADORDER - ok
17:56:50.0232 4796 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
17:56:50.0327 4796 TrkWks - ok
17:56:50.0337 4796 Trufos - ok
17:56:50.0422 4796 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:56:50.0502 4796 TrustedInstaller - ok
17:56:50.0557 4796 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:56:50.0712 4796 tssecsrv - ok
17:56:50.0777 4796 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
17:56:50.0852 4796 tunmp - ok
17:56:50.0902 4796 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:56:50.0947 4796 tunnel - ok
17:56:51.0002 4796 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:56:51.0047 4796 uagp35 - ok
17:56:51.0117 4796 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:56:51.0227 4796 udfs - ok
17:56:51.0307 4796 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:56:51.0417 4796 UI0Detect - ok
17:56:51.0447 4796 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:56:51.0532 4796 uliagpkx - ok
17:56:51.0612 4796 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
17:56:51.0682 4796 uliahci - ok
17:56:51.0707 4796 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
17:56:51.0757 4796 UlSata - ok
17:56:51.0762 4796 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
17:56:51.0842 4796 ulsata2 - ok
17:56:51.0877 4796 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:56:51.0977 4796 umbus - ok
17:56:52.0032 4796 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
17:56:52.0157 4796 upnphost - ok
17:56:52.0212 4796 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:56:52.0307 4796 usbccgp - ok
17:56:52.0352 4796 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:56:52.0547 4796 usbcir - ok
17:56:52.0622 4796 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:56:52.0737 4796 usbehci - ok
17:56:52.0777 4796 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:56:52.0902 4796 usbhub - ok
17:56:52.0937 4796 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:56:53.0042 4796 usbohci - ok
17:56:53.0122 4796 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:56:53.0212 4796 usbprint - ok
17:56:53.0247 4796 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:56:53.0322 4796 USBSTOR - ok
17:56:53.0347 4796 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:56:53.0432 4796 usbuhci - ok
17:56:53.0477 4796 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:56:53.0562 4796 usbvideo - ok
17:56:53.0632 4796 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
17:56:53.0697 4796 UxSms - ok
17:56:53.0762 4796 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
17:56:53.0907 4796 vds - ok
17:56:53.0942 4796 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:56:54.0032 4796 vga - ok
17:56:54.0062 4796 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
17:56:54.0137 4796 VgaSave - ok
17:56:54.0157 4796 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
17:56:54.0202 4796 viaagp - ok
17:56:54.0267 4796 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
17:56:54.0342 4796 ViaC7 - ok
17:56:54.0382 4796 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
17:56:54.0422 4796 viaide - ok
17:56:54.0447 4796 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:56:54.0502 4796 volmgr - ok
17:56:54.0607 4796 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:56:54.0727 4796 volmgrx - ok
17:56:54.0792 4796 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:56:54.0887 4796 volsnap - ok
17:56:54.0952 4796 [ DD476FCEE9A7E3D110F445373CC63B7B ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
17:56:55.0027 4796 Vsdatant - ok
17:56:55.0047 4796 vsdatant7 - ok
17:56:55.0087 4796 vsmon - ok
17:56:55.0132 4796 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:56:55.0192 4796 vsmraid - ok
17:56:55.0262 4796 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
17:56:55.0457 4796 VSS - ok
17:56:55.0562 4796 [ 87C57CBE385E00726A2113614F6C6BD2 ] vToolbarUpdater14.1.7 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe
17:56:55.0667 4796 vToolbarUpdater14.1.7 - ok
17:56:55.0702 4796 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
17:56:55.0757 4796 W32Time - ok
17:56:55.0777 4796 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:56:55.0882 4796 WacomPen - ok
17:56:55.0927 4796 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
17:56:55.0987 4796 Wanarp - ok
17:56:56.0002 4796 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:56:56.0052 4796 Wanarpv6 - ok
17:56:56.0072 4796 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:56:56.0187 4796 wcncsvc - ok
17:56:56.0237 4796 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:56:56.0302 4796 WcsPlugInService - ok
17:56:56.0347 4796 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
17:56:56.0412 4796 Wd - ok
17:56:56.0437 4796 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:56:56.0532 4796 Wdf01000 - ok
17:56:56.0557 4796 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:56:56.0622 4796 WdiServiceHost - ok
17:56:56.0637 4796 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:56:56.0697 4796 WdiSystemHost - ok
17:56:56.0747 4796 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
17:56:56.0807 4796 WebClient - ok
17:56:56.0872 4796 [ 905214925A88311FCE52F66153DE7610 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:56:56.0947 4796 Wecsvc - ok
17:56:56.0967 4796 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:56:57.0027 4796 wercplsupport - ok
17:56:57.0062 4796 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
17:56:57.0127 4796 WerSvc - ok
17:56:57.0187 4796 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:56:57.0222 4796 WinDefend - ok
17:56:57.0227 4796 WinHttpAutoProxySvc - ok
17:56:57.0307 4796 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:56:57.0387 4796 Winmgmt - ok
17:56:57.0427 4796 [ 01874D4689C212460FBABF0ECD7CB7F7 ] WinRM C:\Windows\system32\WsmSvc.dll
17:56:57.0607 4796 WinRM - ok
17:56:57.0722 4796 [ 20A97B632A76CC977FCFB98F28CAAAB3 ] WisLMSvc C:\Program Files\Launch Manager\WisLMSvc.exe
17:56:57.0747 4796 WisLMSvc ( UnsignedFile.Multi.Generic ) - warning
17:56:57.0747 4796 WisLMSvc - detected UnsignedFile.Multi.Generic (1)
17:56:57.0787 4796 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:56:57.0917 4796 Wlansvc - ok
17:56:57.0972 4796 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:56:58.0052 4796 WmiAcpi - ok
17:56:58.0117 4796 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:56:58.0197 4796 wmiApSrv - ok
17:56:58.0307 4796 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:56:58.0412 4796 WMPNetworkSvc - ok
17:56:58.0442 4796 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:56:58.0572 4796 WPCSvc - ok
17:56:58.0642 4796 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:56:58.0762 4796 WPDBusEnum - ok
17:56:58.0807 4796 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
17:56:58.0897 4796 WpdUsb - ok
17:56:58.0932 4796 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:56:59.0052 4796 ws2ifsl - ok
17:56:59.0092 4796 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
17:56:59.0147 4796 wscsvc - ok
17:56:59.0157 4796 WSearch - ok
17:56:59.0282 4796 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
17:56:59.0467 4796 wuauserv - ok
17:56:59.0547 4796 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:56:59.0622 4796 WUDFRd - ok
17:56:59.0687 4796 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:56:59.0777 4796 wudfsvc - ok
17:56:59.0822 4796 [ AB2D77BF7222B007717ABB61B15F9AE2 ] X10Hid C:\Windows\system32\Drivers\x10hid.sys
17:56:59.0877 4796 X10Hid - ok
17:56:59.0967 4796 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
17:56:59.0987 4796 x10nets ( UnsignedFile.Multi.Generic ) - warning
17:56:59.0987 4796 x10nets - detected UnsignedFile.Multi.Generic (1)
17:57:00.0057 4796 [ 0625DB94911790F20A866A564D22612B ] XUIF C:\Windows\system32\Drivers\x10ufx2.sys
17:57:00.0092 4796 XUIF - ok
17:57:00.0147 4796 [ C6CA0CC2F7FCDCFE5B551335BFE6D696 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
17:57:00.0252 4796 yukonwlh - ok
17:57:00.0332 4796 [ 82FA1A47C2BB762203BFAFFCFE2ECF47 ] zoneLINKDefrag C:\Program Files\zoneLINK\SystemUp 2009\Tuning\DefragService.exe
17:57:00.0527 4796 zoneLINKDefrag - ok
17:57:00.0552 4796 ================ Scan global ===============================
17:57:00.0612 4796 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
17:57:00.0662 4796 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
17:57:00.0687 4796 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
17:57:00.0762 4796 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
17:57:00.0782 4796 [Global] - ok
17:57:00.0792 4796 ================ Scan MBR ==================================
17:57:00.0807 4796 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:57:02.0287 4796 \Device\Harddisk0\DR0 - ok
17:57:02.0292 4796 ================ Scan VBR ==================================
17:57:02.0337 4796 [ 75D51756C3E908998B6E5571374286C2 ] \Device\Harddisk0\DR0\Partition1
17:57:02.0342 4796 \Device\Harddisk0\DR0\Partition1 - ok
17:57:02.0387 4796 [ 6E35418AA34E95B942D583A9244F566A ] \Device\Harddisk0\DR0\Partition2
17:57:02.0387 4796 \Device\Harddisk0\DR0\Partition2 - ok
17:57:02.0392 4796 ============================================================
17:57:02.0392 4796 Scan finished
17:57:02.0392 4796 ============================================================
17:57:02.0412 3792 Detected object count: 5
17:57:02.0412 3792 Actual detected object count: 5
17:57:30.0667 3792 CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:30.0667 3792 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:30.0672 3792 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:30.0672 3792 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:30.0672 3792 Rezip ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:30.0672 3792 Rezip ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:30.0672 3792 WisLMSvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:30.0677 3792 WisLMSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:57:30.0677 3792 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:30.0677 3792 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip

ÄHM, ich kann mit "code-tags" nichts anfangen, hoffe, das passt so?
Grüße
Sase

cosinus · 17.03.2013, 01:10

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

sase · 17.03.2013, 10:38

ah, OK, danke.
Also:

das Ergebnis von mbar:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.16.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19401
Sandra :: SANDRA-PC [administrator]

16.03.2013 09:57:19
mbar-log-2013-03-16 (09-57-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29554
Time elapsed: 35 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Hier das von aswMBR:

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-16 17:12:56
-----------------------------
17:12:56.307    OS Version: Windows 6.0.6002 Service Pack 2
17:12:56.307    Number of processors: 2 586 0x170A
17:12:56.307    ComputerName: SANDRA-PC  UserName: Sandra
17:13:02.411    Initialize success
17:15:57.939    AVAST engine defs: 13031600
17:18:54.234    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:18:54.250    Disk 0 Vendor: ST950032 0003 Size: 476940MB BusType: 3
17:18:54.266    Disk 0 MBR read successfully
17:18:54.266    Disk 0 MBR scan
17:18:54.281    Disk 0 Windows VISTA default MBR code
17:18:54.297    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       443938 MB offset 2048
17:18:54.328    Disk 0 Partition 2 00     0C    FAT32 LBA MSWIN4.1    33000 MB offset 909187072
17:18:54.344    Disk 0 scanning sectors +976771072
17:18:54.484    Disk 0 scanning C:\Windows\system32\drivers
17:19:12.174    Service scanning
17:19:56.042    Modules scanning
17:20:08.210    Disk 0 trace - called modules:
17:20:08.350    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
17:20:08.943    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86af1ac8]
17:20:08.958    3 CLASSPNP.SYS[8aba08b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x858f6028]
17:20:12.515    AVAST engine scan C:\Windows
17:20:28.146    AVAST engine scan C:\Windows\system32
17:29:41.088    AVAST engine scan C:\Windows\system32\drivers
17:30:26.463    AVAST engine scan C:\Users\Sandra
17:45:32.048    AVAST engine scan C:\ProgramData
17:49:40.182    Scan finished successfully
17:51:07.776    Disk 0 MBR has been saved successfully to "C:\Users\Sandra\Desktop\MBR.dat"
17:51:07.776    The log file has been saved successfully to "C:\Users\Sandra\Desktop\aswMBR.txt"

Und hier das TDssKiller-Ergebnis:

Code:

ATTFilter

17:55:10.0576 5616  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:55:11.0466 5616  ============================================================
17:55:11.0466 5616  Current date / time: 2013/03/16 17:55:11.0466
17:55:11.0466 5616  SystemInfo:
17:55:11.0466 5616  
17:55:11.0466 5616  OS Version: 6.0.6002 ServicePack: 2.0
17:55:11.0466 5616  Product type: Workstation
17:55:11.0466 5616  ComputerName: SANDRA-PC
17:55:11.0470 5616  UserName: Sandra
17:55:11.0470 5616  Windows directory: C:\Windows
17:55:11.0470 5616  System windows directory: C:\Windows
17:55:11.0470 5616  Processor architecture: Intel x86
17:55:11.0470 5616  Number of processors: 2
17:55:11.0470 5616  Page size: 0x1000
17:55:11.0470 5616  Boot type: Normal boot
17:55:11.0470 5616  ============================================================
17:55:12.0827 5616  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:55:12.0847 5616  ============================================================
17:55:12.0847 5616  \Device\Harddisk0\DR0:
17:55:12.0847 5616  MBR partitions:
17:55:12.0847 5616  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x36311000
17:55:12.0847 5616  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x36311800, BlocksNum 0x4074000
17:55:12.0847 5616  ============================================================
17:55:12.0877 5616  C: <-> \Device\Harddisk0\DR0\Partition1
17:55:12.0907 5616  D: <-> \Device\Harddisk0\DR0\Partition2
17:55:12.0907 5616  ============================================================
17:55:12.0907 5616  Initialize success
17:55:12.0907 5616  ============================================================
17:55:59.0997 4796  ============================================================
17:55:59.0997 4796  Scan started
17:55:59.0997 4796  Mode: Manual; SigCheck; TDLFS; 
17:55:59.0997 4796  ============================================================
17:56:01.0157 4796  ================ Scan system memory ========================
17:56:01.0157 4796  System memory - ok
17:56:01.0157 4796  ================ Scan services =============================
17:56:01.0437 4796  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
17:56:01.0637 4796  ACPI - ok
17:56:01.0737 4796  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:56:01.0767 4796  AdobeARMservice - ok
17:56:01.0817 4796  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:56:01.0887 4796  adp94xx - ok
17:56:01.0927 4796  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:56:01.0987 4796  adpahci - ok
17:56:02.0027 4796  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
17:56:02.0077 4796  adpu160m - ok
17:56:02.0097 4796  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:56:02.0147 4796  adpu320 - ok
17:56:02.0187 4796  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:56:02.0357 4796  AeLookupSvc - ok
17:56:02.0417 4796  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
17:56:02.0547 4796  AFD - ok
17:56:02.0607 4796  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:56:02.0627 4796  agp440 - ok
17:56:02.0677 4796  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
17:56:02.0727 4796  aic78xx - ok
17:56:02.0767 4796  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
17:56:02.0987 4796  ALG - ok
17:56:03.0037 4796  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:56:03.0077 4796  aliide - ok
17:56:03.0107 4796  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
17:56:03.0147 4796  amdagp - ok
17:56:03.0157 4796  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
17:56:03.0197 4796  amdide - ok
17:56:03.0207 4796  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
17:56:03.0327 4796  AmdK7 - ok
17:56:03.0337 4796  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:56:03.0437 4796  AmdK8 - ok
17:56:03.0527 4796  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
17:56:03.0577 4796  Appinfo - ok
17:56:03.0647 4796  [ 557F35D1CA42AEA14A6690E21887A31F ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
17:56:03.0667 4796  Apple Mobile Device - ok
17:56:03.0727 4796  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
17:56:03.0767 4796  arc - ok
17:56:03.0817 4796  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:56:03.0857 4796  arcsas - ok
17:56:03.0877 4796  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:56:03.0967 4796  AsyncMac - ok
17:56:04.0017 4796  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
17:56:04.0047 4796  atapi - ok
17:56:04.0137 4796  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:56:04.0217 4796  AudioEndpointBuilder - ok
17:56:04.0237 4796  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
17:56:04.0287 4796  Audiosrv - ok
17:56:04.0417 4796  [ D45B7995761253A92AB071D576114F28 ] AVG Security Toolbar Service C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe
17:56:04.0587 4796  AVG Security Toolbar Service - ok
17:56:04.0647 4796  [ B9AE3C63A53396CD669EF8AE9C9CBD85 ] avg8emc         C:\PROGRA~1\AVG\AVG8\avgemc.exe
17:56:04.0777 4796  avg8emc - ok
17:56:04.0847 4796  [ DB338A6BD3976904EB0F8343F51E64EB ] avg8wd          C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
17:56:04.0887 4796  avg8wd - ok
17:56:04.0917 4796  [ BC12F2404BB6F2B6B2FF3C4C246CB752 ] AvgLdx86        C:\Windows\System32\Drivers\avgldx86.sys
17:56:05.0047 4796  AvgLdx86 - ok
17:56:05.0087 4796  [ 5903D729D4F0C5BCA74123C96A1B29E0 ] AvgMfx86        C:\Windows\System32\Drivers\avgmfx86.sys
17:56:05.0127 4796  AvgMfx86 - ok
17:56:05.0177 4796  [ 92D8E1E8502E649B60E70074EB29C380 ] AvgTdiX         C:\Windows\System32\Drivers\avgtdix.sys
17:56:05.0217 4796  AvgTdiX - ok
17:56:05.0257 4796  [ F3D2D8D48E3B0CA83D70A420240E509B ] avgtp           C:\Windows\system32\drivers\avgtpx86.sys
17:56:05.0297 4796  avgtp - ok
17:56:05.0467 4796  [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc           C:\Program Files\Microsoft\BingBar\BBSvc.EXE
17:56:05.0567 4796  BBSvc - ok
17:56:05.0647 4796  [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate        C:\Program Files\Microsoft\BingBar\SeaPort.EXE
17:56:05.0697 4796  BBUpdate - ok
17:56:05.0757 4796  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:56:05.0847 4796  Beep - ok
17:56:05.0907 4796  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
17:56:05.0967 4796  BFE - ok
17:56:06.0047 4796  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
17:56:06.0197 4796  BITS - ok
17:56:06.0227 4796  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
17:56:06.0327 4796  blbdrive - ok
17:56:06.0377 4796  [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:56:06.0407 4796  Bonjour Service - ok
17:56:06.0447 4796  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:56:06.0527 4796  bowser - ok
17:56:06.0597 4796  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
17:56:06.0667 4796  BrFiltLo - ok
17:56:06.0677 4796  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
17:56:06.0737 4796  BrFiltUp - ok
17:56:06.0767 4796  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
17:56:06.0827 4796  Browser - ok
17:56:06.0907 4796  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
17:56:07.0217 4796  Brserid - ok
17:56:07.0297 4796  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
17:56:07.0417 4796  BrSerWdm - ok
17:56:07.0427 4796  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
17:56:07.0577 4796  BrUsbMdm - ok
17:56:07.0587 4796  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
17:56:07.0707 4796  BrUsbSer - ok
17:56:07.0777 4796  [ 6D39C954799B63BA866910234CF7D726 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
17:56:07.0817 4796  BthEnum - ok
17:56:07.0867 4796  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:56:07.0977 4796  BTHMODEM - ok
17:56:08.0047 4796  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
17:56:08.0117 4796  BthPan - ok
17:56:08.0187 4796  [ 5A3ABAA2F8EECE7AEFB942773766E3DB ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
17:56:08.0337 4796  BTHPORT - ok
17:56:08.0387 4796  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ         C:\Windows\System32\bthserv.dll
17:56:08.0457 4796  BthServ - ok
17:56:08.0497 4796  [ 94E2941280E3756A5E0BCB467865C43A ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
17:56:08.0567 4796  BTHUSB - ok
17:56:08.0627 4796  [ 5753532C476B83119D85AA43B1B10AB3 ] CCALib8         C:\Program Files\Canon\CAL\CALMAIN.exe
17:56:08.0637 4796  CCALib8 ( UnsignedFile.Multi.Generic ) - warning
17:56:08.0647 4796  CCALib8 - detected UnsignedFile.Multi.Generic (1)
17:56:08.0697 4796  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:56:08.0777 4796  cdfs - ok
17:56:08.0827 4796  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:56:08.0887 4796  cdrom - ok
17:56:09.0007 4796  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
17:56:09.0097 4796  CertPropSvc - ok
17:56:09.0157 4796  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
17:56:09.0317 4796  circlass - ok
17:56:09.0357 4796  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
17:56:09.0417 4796  CLFS - ok
17:56:09.0487 4796  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:56:09.0547 4796  clr_optimization_v2.0.50727_32 - ok
17:56:09.0597 4796  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:56:09.0677 4796  CmBatt - ok
17:56:09.0707 4796  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:56:09.0747 4796  cmdide - ok
17:56:09.0777 4796  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:56:09.0807 4796  Compbatt - ok
17:56:09.0827 4796  COMSysApp - ok
17:56:09.0837 4796  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:56:09.0877 4796  crcdisk - ok
17:56:09.0907 4796  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
17:56:10.0007 4796  Crusoe - ok
17:56:10.0087 4796  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:56:10.0147 4796  CryptSvc - ok
17:56:10.0227 4796  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:56:10.0307 4796  DcomLaunch - ok
17:56:10.0387 4796  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:56:10.0477 4796  DfsC - ok
17:56:10.0627 4796  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
17:56:10.0877 4796  DFSR - ok
17:56:10.0977 4796  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
17:56:11.0087 4796  Dhcp - ok
17:56:11.0147 4796  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
17:56:11.0197 4796  disk - ok
17:56:11.0257 4796  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:56:11.0367 4796  Dnscache - ok
17:56:11.0427 4796  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:56:11.0507 4796  dot3svc - ok
17:56:11.0547 4796  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
17:56:11.0617 4796  DPS - ok
17:56:11.0667 4796  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:56:11.0737 4796  drmkaud - ok
17:56:11.0787 4796  [ FB85F7F69E9B109820409243F578CC4D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:56:11.0937 4796  DXGKrnl - ok
17:56:11.0977 4796  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
17:56:12.0087 4796  E1G60 - ok
17:56:12.0127 4796  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
17:56:12.0187 4796  EapHost - ok
17:56:12.0247 4796  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
17:56:12.0297 4796  Ecache - ok
17:56:12.0377 4796  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:56:12.0437 4796  ehRecvr - ok
17:56:12.0487 4796  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
17:56:12.0547 4796  ehSched - ok
17:56:12.0577 4796  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
17:56:12.0637 4796  ehstart - ok
17:56:12.0677 4796  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:56:12.0737 4796  elxstor - ok
17:56:12.0797 4796  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
17:56:12.0907 4796  EMDMgmt - ok
17:56:12.0977 4796  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:56:13.0047 4796  ErrDev - ok
17:56:13.0107 4796  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
17:56:13.0257 4796  EventSystem - ok
17:56:13.0327 4796  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
17:56:13.0427 4796  exfat - ok
17:56:13.0497 4796  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:56:13.0607 4796  fastfat - ok
17:56:13.0687 4796  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:56:13.0807 4796  fdc - ok
17:56:13.0847 4796  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:56:13.0897 4796  fdPHost - ok
17:56:13.0917 4796  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:56:14.0047 4796  FDResPub - ok
17:56:14.0147 4796  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:56:14.0177 4796  FileInfo - ok
17:56:14.0217 4796  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:56:14.0327 4796  Filetrace - ok
17:56:14.0337 4796  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:56:14.0417 4796  flpydisk - ok
17:56:14.0467 4796  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:56:14.0557 4796  FltMgr - ok
17:56:14.0637 4796  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:56:14.0677 4796  FontCache3.0.0.0 - ok
17:56:14.0727 4796  [ 4875E6384310E3AAFB9847312EDB0CFF ] fspad_wlh32     C:\Windows\system32\DRIVERS\fspad_wlh32.sys
17:56:14.0817 4796  fspad_wlh32 - ok
17:56:14.0857 4796  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:56:14.0947 4796  Fs_Rec - ok
17:56:14.0997 4796  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:56:15.0037 4796  gagp30kx - ok
17:56:15.0117 4796  [ F2F431D1573EE632975C524418655B84 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:56:15.0217 4796  GEARAspiWDM - ok
17:56:15.0257 4796  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:56:15.0377 4796  gpsvc - ok
17:56:15.0467 4796  [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:56:15.0537 4796  HdAudAddService - ok
17:56:15.0597 4796  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:56:15.0727 4796  HDAudBus - ok
17:56:15.0757 4796  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:56:15.0857 4796  HidBth - ok
17:56:15.0887 4796  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
17:56:16.0047 4796  HidIr - ok
17:56:16.0077 4796  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
17:56:16.0137 4796  hidserv - ok
17:56:16.0167 4796  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:56:16.0227 4796  HidUsb - ok
17:56:16.0257 4796  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:56:16.0337 4796  hkmsvc - ok
17:56:16.0367 4796  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
17:56:16.0417 4796  HpCISSs - ok
17:56:16.0477 4796  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:56:16.0697 4796  HTTP - ok
17:56:16.0787 4796  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
17:56:16.0837 4796  i2omp - ok
17:56:16.0887 4796  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:56:17.0007 4796  i8042prt - ok
17:56:17.0107 4796  [ 52E8A3CC8269ADB27D25182284C5E650 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
17:56:17.0147 4796  IAANTMON - ok
17:56:17.0197 4796  [ 71ECC07BC7C5E24C3DD01D8A29A24054 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
17:56:17.0247 4796  iaStor - ok
17:56:17.0287 4796  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
17:56:17.0347 4796  iaStorV - ok
17:56:17.0427 4796  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:56:17.0597 4796  idsvc - ok
17:56:17.0697 4796  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:56:17.0737 4796  iirsp - ok
17:56:17.0777 4796  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
17:56:17.0907 4796  IKEEXT - ok
17:56:17.0957 4796  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:56:17.0987 4796  intelide - ok
17:56:18.0037 4796  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:56:18.0107 4796  intelppm - ok
17:56:18.0137 4796  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:56:18.0217 4796  IPBusEnum - ok
17:56:18.0247 4796  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:56:18.0367 4796  IpFilterDriver - ok
17:56:18.0427 4796  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:56:18.0547 4796  iphlpsvc - ok
17:56:18.0557 4796  IpInIp - ok
17:56:18.0617 4796  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
17:56:18.0717 4796  IPMIDRV - ok
17:56:18.0727 4796  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
17:56:18.0797 4796  IPNAT - ok
17:56:18.0877 4796  [ E8E568EA584973DFD99AAC7D00A16287 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:56:18.0937 4796  iPod Service - ok
17:56:18.0957 4796  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:56:19.0027 4796  IRENUM - ok
17:56:19.0067 4796  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:56:19.0107 4796  isapnp - ok
17:56:19.0157 4796  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
17:56:19.0227 4796  iScsiPrt - ok
17:56:19.0337 4796  [ 33112D12B95BD1DE18AF409D865DF10C ] ISWKL           C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
17:56:19.0377 4796  ISWKL - ok
17:56:19.0437 4796  [ CFF1CD2C1CC8F5271967AA268982E878 ] IswSvc          C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
17:56:19.0477 4796  IswSvc - ok
17:56:19.0537 4796  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
17:56:19.0577 4796  iteatapi - ok
17:56:19.0607 4796  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
17:56:19.0637 4796  iteraid - ok
17:56:19.0677 4796  [ 9EFE54794B3A94E93DA50703692E011E ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
17:56:19.0777 4796  JMCR - ok
17:56:19.0797 4796  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:56:19.0847 4796  kbdclass - ok
17:56:19.0877 4796  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:56:19.0937 4796  kbdhid - ok
17:56:19.0987 4796  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
17:56:20.0047 4796  KeyIso - ok
17:56:20.0097 4796  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:56:20.0242 4796  KSecDD - ok
17:56:20.0292 4796  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:56:20.0377 4796  KtmRm - ok
17:56:20.0437 4796  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:56:20.0517 4796  LanmanServer - ok
17:56:20.0552 4796  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:56:20.0632 4796  LanmanWorkstation - ok
17:56:20.0697 4796  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:56:20.0782 4796  lltdio - ok
17:56:20.0842 4796  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:56:20.0957 4796  lltdsvc - ok
17:56:20.0987 4796  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:56:21.0107 4796  lmhosts - ok
17:56:21.0197 4796  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:56:21.0272 4796  LSI_FC - ok
17:56:21.0287 4796  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:56:21.0332 4796  LSI_SAS - ok
17:56:21.0347 4796  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:56:21.0377 4796  LSI_SCSI - ok
17:56:21.0402 4796  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
17:56:21.0477 4796  luafv - ok
17:56:21.0532 4796  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:56:21.0612 4796  Mcx2Svc - ok
17:56:21.0667 4796  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
17:56:21.0722 4796  megasas - ok
17:56:21.0787 4796  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
17:56:21.0837 4796  MegaSR - ok
17:56:21.0912 4796  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
17:56:21.0987 4796  MMCSS - ok
17:56:22.0032 4796  [ 47DA077CB3735AE65D83BF2AD22E5C01 ] mod7700         C:\Windows\system32\DRIVERS\mod7700.sys
17:56:22.0187 4796  mod7700 - ok
17:56:22.0222 4796  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
17:56:22.0302 4796  Modem - ok
17:56:22.0337 4796  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:56:22.0432 4796  monitor - ok
17:56:22.0477 4796  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:56:22.0537 4796  mouclass - ok
17:56:22.0587 4796  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:56:22.0667 4796  mouhid - ok
17:56:22.0707 4796  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
17:56:22.0742 4796  MountMgr - ok
17:56:22.0837 4796  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:56:22.0867 4796  MozillaMaintenance - ok
17:56:22.0967 4796  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:56:23.0007 4796  mpio - ok
17:56:23.0027 4796  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:56:23.0087 4796  mpsdrv - ok
17:56:23.0157 4796  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:56:23.0312 4796  MpsSvc - ok
17:56:23.0342 4796  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
17:56:23.0437 4796  Mraid35x - ok
17:56:23.0477 4796  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:56:23.0552 4796  MRxDAV - ok
17:56:23.0587 4796  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:56:23.0667 4796  mrxsmb - ok
17:56:23.0727 4796  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:56:23.0797 4796  mrxsmb10 - ok
17:56:23.0847 4796  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:56:23.0942 4796  mrxsmb20 - ok
17:56:24.0002 4796  [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:56:24.0042 4796  msahci - ok
17:56:24.0127 4796  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:56:24.0197 4796  msdsm - ok
17:56:24.0237 4796  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
17:56:24.0352 4796  MSDTC - ok
17:56:24.0387 4796  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:56:24.0467 4796  Msfs - ok
17:56:24.0527 4796  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:56:24.0557 4796  msisadrv - ok
17:56:24.0592 4796  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:56:24.0697 4796  MSiSCSI - ok
17:56:24.0712 4796  msiserver - ok
17:56:24.0752 4796  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:56:24.0872 4796  MSKSSRV - ok
17:56:24.0882 4796  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:56:24.0957 4796  MSPCLOCK - ok
17:56:24.0977 4796  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:56:25.0072 4796  MSPQM - ok
17:56:25.0117 4796  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:56:25.0187 4796  MsRPC - ok
17:56:25.0207 4796  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:56:25.0232 4796  mssmbios - ok
17:56:25.0272 4796  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:56:25.0382 4796  MSTEE - ok
17:56:25.0437 4796  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
17:56:25.0507 4796  Mup - ok
17:56:25.0557 4796  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
17:56:25.0632 4796  napagent - ok
17:56:25.0712 4796  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:56:25.0847 4796  NativeWifiP - ok
17:56:25.0912 4796  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:56:25.0997 4796  NDIS - ok
17:56:26.0047 4796  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:56:26.0112 4796  NdisTapi - ok
17:56:26.0167 4796  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:56:26.0247 4796  Ndisuio - ok
17:56:26.0292 4796  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:56:26.0377 4796  NdisWan - ok
17:56:26.0397 4796  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:56:26.0452 4796  NDProxy - ok
17:56:26.0612 4796  [ 40D7D0A208EE863BCA8D89E299216F15 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
17:56:26.0682 4796  Nero BackItUp Scheduler 3 - ok
17:56:26.0727 4796  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:56:26.0837 4796  NetBIOS - ok
17:56:26.0882 4796  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
17:56:26.0957 4796  netbt - ok
17:56:27.0002 4796  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
17:56:27.0037 4796  Netlogon - ok
17:56:27.0097 4796  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
17:56:27.0187 4796  Netman - ok
17:56:27.0257 4796  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
17:56:27.0362 4796  netprofm - ok
17:56:27.0407 4796  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:56:27.0467 4796  NetTcpPortSharing - ok
17:56:27.0512 4796  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:56:27.0547 4796  nfrd960 - ok
17:56:27.0597 4796  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:56:27.0662 4796  NlaSvc - ok
17:56:27.0737 4796  [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
17:56:28.0472 4796  NMIndexingService - ok
17:56:28.0507 4796  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:56:28.0592 4796  Npfs - ok
17:56:28.0672 4796  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
17:56:28.0762 4796  nsi - ok
17:56:28.0812 4796  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:56:28.0882 4796  nsiproxy - ok
17:56:28.0977 4796  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:56:29.0072 4796  Ntfs - ok
17:56:29.0127 4796  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
17:56:29.0262 4796  ntrigdigi - ok
17:56:29.0312 4796  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
17:56:29.0392 4796  Null - ok
17:56:29.0447 4796  [ D2F4C4B22969236382CA853B8DAA2D4E ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
17:56:29.0487 4796  NVHDA - ok
17:56:30.0022 4796  [ 5CE5B23855262ACABAECCE156F48DD88 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:56:33.0662 4796  nvlddmkm - ok
17:56:33.0872 4796  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:56:33.0917 4796  nvraid - ok
17:56:33.0977 4796  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:56:34.0017 4796  nvstor - ok
17:56:34.0087 4796  [ 6DF4CC671CD9704840C5522627F3ED43 ] nvsvc           C:\Windows\system32\nvvsvc.exe
17:56:34.0122 4796  nvsvc - ok
17:56:34.0167 4796  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:56:34.0227 4796  nv_agp - ok
17:56:34.0242 4796  NwlnkFlt - ok
17:56:34.0262 4796  NwlnkFwd - ok
17:56:34.0357 4796  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:56:34.0462 4796  odserv - ok
17:56:34.0497 4796  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:56:34.0622 4796  ohci1394 - ok
17:56:34.0742 4796  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:56:34.0872 4796  ose - ok
17:56:34.0932 4796  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
17:56:35.0097 4796  p2pimsvc - ok
17:56:35.0117 4796  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:56:35.0162 4796  p2psvc - ok
17:56:35.0197 4796  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
17:56:35.0337 4796  Parport - ok
17:56:35.0372 4796  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:56:35.0412 4796  partmgr - ok
17:56:35.0437 4796  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
17:56:35.0612 4796  Parvdm - ok
17:56:35.0642 4796  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:56:35.0742 4796  PcaSvc - ok
17:56:35.0832 4796  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
17:56:35.0882 4796  pci - ok
17:56:35.0917 4796  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
17:56:35.0972 4796  pciide - ok
17:56:35.0992 4796  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:56:36.0047 4796  pcmcia - ok
17:56:36.0097 4796  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:56:36.0267 4796  PEAUTH - ok
17:56:36.0342 4796  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
17:56:36.0552 4796  pla - ok
17:56:36.0617 4796  [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
17:56:36.0637 4796  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
17:56:36.0637 4796  PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
17:56:36.0672 4796  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:56:36.0757 4796  PlugPlay - ok
17:56:36.0807 4796  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
17:56:36.0897 4796  PNRPAutoReg - ok
17:56:36.0947 4796  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
17:56:36.0992 4796  PNRPsvc - ok
17:56:37.0042 4796  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:56:37.0107 4796  PolicyAgent - ok
17:56:37.0177 4796  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:56:37.0257 4796  PptpMiniport - ok
17:56:37.0272 4796  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
17:56:37.0337 4796  Processor - ok
17:56:37.0352 4796  Profos - ok
17:56:37.0387 4796  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:56:37.0427 4796  ProfSvc - ok
17:56:37.0447 4796  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
17:56:37.0472 4796  ProtectedStorage - ok
17:56:37.0522 4796  [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\system32\PSIService.exe
17:56:37.0557 4796  ProtexisLicensing - ok
17:56:37.0592 4796  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
17:56:37.0677 4796  PSched - ok
17:56:37.0762 4796  [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2       C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
17:56:37.0787 4796  PSI_SVC_2 - ok
17:56:37.0862 4796  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:56:37.0952 4796  ql2300 - ok
17:56:37.0992 4796  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:56:38.0052 4796  ql40xx - ok
17:56:38.0087 4796  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
17:56:38.0132 4796  QWAVE - ok
17:56:38.0177 4796  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:56:38.0227 4796  QWAVEdrv - ok
17:56:38.0252 4796  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:56:38.0337 4796  RasAcd - ok
17:56:38.0387 4796  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
17:56:38.0472 4796  RasAuto - ok
17:56:38.0497 4796  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:56:38.0572 4796  Rasl2tp - ok
17:56:38.0617 4796  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
17:56:38.0677 4796  RasMan - ok
17:56:38.0722 4796  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:56:38.0802 4796  RasPppoe - ok
17:56:38.0827 4796  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:56:38.0877 4796  RasSstp - ok
17:56:38.0902 4796  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:56:38.0957 4796  rdbss - ok
17:56:38.0982 4796  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:56:39.0087 4796  RDPCDD - ok
17:56:39.0127 4796  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
17:56:39.0212 4796  rdpdr - ok
17:56:39.0282 4796  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:56:39.0392 4796  RDPENCDD - ok
17:56:39.0447 4796  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:56:39.0532 4796  RDPWD - ok
17:56:39.0582 4796  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:56:39.0637 4796  RemoteAccess - ok
17:56:39.0677 4796  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:56:39.0807 4796  RemoteRegistry - ok
17:56:39.0952 4796  [ F85AE59A52885F4B09AADAFB23001A3B ] Rezip           C:\Windows\SYSTEM32\Rezip.exe
17:56:39.0992 4796  Rezip ( UnsignedFile.Multi.Generic ) - warning
17:56:39.0992 4796  Rezip - detected UnsignedFile.Multi.Generic (1)
17:56:40.0022 4796  [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
17:56:40.0102 4796  RFCOMM - ok
17:56:40.0177 4796  [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo       C:\Program Files\Cyberlink\Shared files\RichVideo.exe
17:56:40.0212 4796  RichVideo - ok
17:56:40.0242 4796  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
17:56:40.0307 4796  RpcLocator - ok
17:56:40.0362 4796  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
17:56:40.0462 4796  RpcSs - ok
17:56:40.0527 4796  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:56:40.0587 4796  rspndr - ok
17:56:40.0642 4796  [ 9FF72982F8C3945FB1BC10A6246B9B97 ] rtl8192se       C:\Windows\system32\DRIVERS\rtl8192se.sys
17:56:40.0737 4796  rtl8192se - ok
17:56:40.0797 4796  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
17:56:40.0822 4796  SamSs - ok
17:56:40.0847 4796  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:56:40.0912 4796  sbp2port - ok
17:56:40.0962 4796  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:56:41.0027 4796  SCardSvr - ok
17:56:41.0117 4796  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
17:56:41.0252 4796  Schedule - ok
17:56:41.0267 4796  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:56:41.0317 4796  SCPolicySvc - ok
17:56:41.0347 4796  [ 126EA89BCC413EE45E3004FB0764888F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
17:56:41.0452 4796  sdbus - ok
17:56:41.0472 4796  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:56:41.0597 4796  SDRSVC - ok
17:56:41.0682 4796  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:56:41.0827 4796  secdrv - ok
17:56:41.0892 4796  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
17:56:41.0972 4796  seclogon - ok
17:56:42.0012 4796  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
17:56:42.0092 4796  SENS - ok
17:56:42.0147 4796  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
17:56:42.0267 4796  Serenum - ok
17:56:42.0282 4796  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
17:56:42.0557 4796  Serial - ok
17:56:42.0787 4796  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:56:42.0897 4796  sermouse - ok
17:56:42.0982 4796  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:56:43.0032 4796  SessionEnv - ok
17:56:43.0047 4796  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:56:43.0137 4796  sffdisk - ok
17:56:43.0147 4796  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:56:43.0227 4796  sffp_mmc - ok
17:56:43.0242 4796  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:56:43.0312 4796  sffp_sd - ok
17:56:43.0332 4796  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:56:43.0522 4796  sfloppy - ok
17:56:43.0592 4796  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:56:43.0707 4796  SharedAccess - ok
17:56:43.0737 4796  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:56:43.0807 4796  ShellHWDetection - ok
17:56:43.0862 4796  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
17:56:43.0902 4796  sisagp - ok
17:56:43.0952 4796  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
17:56:44.0002 4796  SiSRaid2 - ok
17:56:44.0017 4796  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:56:44.0102 4796  SiSRaid4 - ok
17:56:44.0292 4796  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
17:56:44.0622 4796  slsvc - ok
17:56:44.0682 4796  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
17:56:44.0767 4796  SLUINotify - ok
17:56:44.0807 4796  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:56:44.0917 4796  Smb - ok
17:56:44.0947 4796  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:56:44.0982 4796  SNMPTRAP - ok
17:56:45.0062 4796  [ 82E3315B1B3E76B9A9643F987ED3AE5C ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
17:56:45.0327 4796  SNP2UVC - ok
17:56:45.0387 4796  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
17:56:45.0417 4796  spldr - ok
17:56:45.0467 4796  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
17:56:45.0577 4796  Spooler - ok
17:56:45.0617 4796  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:56:45.0692 4796  srv - ok
17:56:45.0762 4796  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:56:45.0842 4796  srv2 - ok
17:56:45.0907 4796  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:56:45.0982 4796  srvnet - ok
17:56:46.0087 4796  [ 06A13FCF558BF181C6EF1A3DFD6D3172 ] srvSUThemeService C:\Program Files\zoneLINK\SystemUp 2009\Tuning\SUThemeService.exe
17:56:46.0222 4796  srvSUThemeService - ok
17:56:46.0287 4796  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:56:46.0372 4796  SSDPSRV - ok
17:56:46.0452 4796  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:56:46.0547 4796  SstpSvc - ok
17:56:46.0632 4796  [ 2EF99F5129D4A89480DFDF24332A0CA9 ] STacSV          c:\program files\idt\wdm\STacSV.exe
17:56:46.0692 4796  STacSV - ok
17:56:46.0737 4796  [ 1475633F01CB13102B55C059287CBAC8 ] STHDA           C:\Windows\system32\DRIVERS\stwrt.sys
17:56:46.0862 4796  STHDA - ok
17:56:46.0947 4796  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
17:56:47.0047 4796  stisvc - ok
17:56:47.0087 4796  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:56:47.0152 4796  swenum - ok
17:56:47.0187 4796  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
17:56:47.0312 4796  swprv - ok
17:56:47.0342 4796  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
17:56:47.0387 4796  Symc8xx - ok
17:56:47.0412 4796  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
17:56:47.0452 4796  Sym_hi - ok
17:56:47.0462 4796  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
17:56:47.0512 4796  Sym_u3 - ok
17:56:47.0557 4796  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
17:56:47.0672 4796  SysMain - ok
17:56:47.0697 4796  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:56:47.0792 4796  TabletInputService - ok
17:56:47.0812 4796  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:56:47.0877 4796  TapiSrv - ok
17:56:47.0917 4796  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
17:56:48.0007 4796  TBS - ok
17:56:48.0087 4796  [ 3535CD93F944C00F098E73E12EE7FEB6 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:56:48.0507 4796  Tcpip - ok
17:56:48.0637 4796  [ 3535CD93F944C00F098E73E12EE7FEB6 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
17:56:48.0717 4796  Tcpip6 - ok
17:56:48.0782 4796  [ CD21572F83F7EC6E2C20C465967BEDD9 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:56:48.0922 4796  tcpipreg - ok
17:56:48.0977 4796  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:56:49.0117 4796  TDPIPE - ok
17:56:49.0132 4796  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:56:49.0227 4796  TDTCP - ok
17:56:49.0272 4796  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:56:49.0447 4796  tdx - ok
17:56:49.0517 4796  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:56:49.0582 4796  TermDD - ok
17:56:49.0662 4796  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
17:56:49.0842 4796  TermService - ok
17:56:49.0892 4796  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
17:56:50.0067 4796  Themes - ok
17:56:50.0112 4796  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
17:56:50.0167 4796  THREADORDER - ok
17:56:50.0232 4796  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
17:56:50.0327 4796  TrkWks - ok
17:56:50.0337 4796  Trufos - ok
17:56:50.0422 4796  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:56:50.0502 4796  TrustedInstaller - ok
17:56:50.0557 4796  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:56:50.0712 4796  tssecsrv - ok
17:56:50.0777 4796  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
17:56:50.0852 4796  tunmp - ok
17:56:50.0902 4796  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:56:50.0947 4796  tunnel - ok
17:56:51.0002 4796  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:56:51.0047 4796  uagp35 - ok
17:56:51.0117 4796  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:56:51.0227 4796  udfs - ok
17:56:51.0307 4796  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:56:51.0417 4796  UI0Detect - ok
17:56:51.0447 4796  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:56:51.0532 4796  uliagpkx - ok
17:56:51.0612 4796  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
17:56:51.0682 4796  uliahci - ok
17:56:51.0707 4796  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
17:56:51.0757 4796  UlSata - ok
17:56:51.0762 4796  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
17:56:51.0842 4796  ulsata2 - ok
17:56:51.0877 4796  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:56:51.0977 4796  umbus - ok
17:56:52.0032 4796  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
17:56:52.0157 4796  upnphost - ok
17:56:52.0212 4796  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:56:52.0307 4796  usbccgp - ok
17:56:52.0352 4796  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:56:52.0547 4796  usbcir - ok
17:56:52.0622 4796  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:56:52.0737 4796  usbehci - ok
17:56:52.0777 4796  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:56:52.0902 4796  usbhub - ok
17:56:52.0937 4796  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:56:53.0042 4796  usbohci - ok
17:56:53.0122 4796  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:56:53.0212 4796  usbprint - ok
17:56:53.0247 4796  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:56:53.0322 4796  USBSTOR - ok
17:56:53.0347 4796  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:56:53.0432 4796  usbuhci - ok
17:56:53.0477 4796  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
17:56:53.0562 4796  usbvideo - ok
17:56:53.0632 4796  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
17:56:53.0697 4796  UxSms - ok
17:56:53.0762 4796  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
17:56:53.0907 4796  vds - ok
17:56:53.0942 4796  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:56:54.0032 4796  vga - ok
17:56:54.0062 4796  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:56:54.0137 4796  VgaSave - ok
17:56:54.0157 4796  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
17:56:54.0202 4796  viaagp - ok
17:56:54.0267 4796  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
17:56:54.0342 4796  ViaC7 - ok
17:56:54.0382 4796  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
17:56:54.0422 4796  viaide - ok
17:56:54.0447 4796  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:56:54.0502 4796  volmgr - ok
17:56:54.0607 4796  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:56:54.0727 4796  volmgrx - ok
17:56:54.0792 4796  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:56:54.0887 4796  volsnap - ok
17:56:54.0952 4796  [ DD476FCEE9A7E3D110F445373CC63B7B ] Vsdatant        C:\Windows\system32\DRIVERS\vsdatant.sys
17:56:55.0027 4796  Vsdatant - ok
17:56:55.0047 4796  vsdatant7 - ok
17:56:55.0087 4796  vsmon - ok
17:56:55.0132 4796  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:56:55.0192 4796  vsmraid - ok
17:56:55.0262 4796  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
17:56:55.0457 4796  VSS - ok
17:56:55.0562 4796  [ 87C57CBE385E00726A2113614F6C6BD2 ] vToolbarUpdater14.1.7 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe
17:56:55.0667 4796  vToolbarUpdater14.1.7 - ok
17:56:55.0702 4796  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
17:56:55.0757 4796  W32Time - ok
17:56:55.0777 4796  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:56:55.0882 4796  WacomPen - ok
17:56:55.0927 4796  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
17:56:55.0987 4796  Wanarp - ok
17:56:56.0002 4796  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:56:56.0052 4796  Wanarpv6 - ok
17:56:56.0072 4796  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:56:56.0187 4796  wcncsvc - ok
17:56:56.0237 4796  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:56:56.0302 4796  WcsPlugInService - ok
17:56:56.0347 4796  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
17:56:56.0412 4796  Wd - ok
17:56:56.0437 4796  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:56:56.0532 4796  Wdf01000 - ok
17:56:56.0557 4796  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:56:56.0622 4796  WdiServiceHost - ok
17:56:56.0637 4796  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:56:56.0697 4796  WdiSystemHost - ok
17:56:56.0747 4796  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
17:56:56.0807 4796  WebClient - ok
17:56:56.0872 4796  [ 905214925A88311FCE52F66153DE7610 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:56:56.0947 4796  Wecsvc - ok
17:56:56.0967 4796  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:56:57.0027 4796  wercplsupport - ok
17:56:57.0062 4796  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:56:57.0127 4796  WerSvc - ok
17:56:57.0187 4796  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
17:56:57.0222 4796  WinDefend - ok
17:56:57.0227 4796  WinHttpAutoProxySvc - ok
17:56:57.0307 4796  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:56:57.0387 4796  Winmgmt - ok
17:56:57.0427 4796  [ 01874D4689C212460FBABF0ECD7CB7F7 ] WinRM           C:\Windows\system32\WsmSvc.dll
17:56:57.0607 4796  WinRM - ok
17:56:57.0722 4796  [ 20A97B632A76CC977FCFB98F28CAAAB3 ] WisLMSvc        C:\Program Files\Launch Manager\WisLMSvc.exe
17:56:57.0747 4796  WisLMSvc ( UnsignedFile.Multi.Generic ) - warning
17:56:57.0747 4796  WisLMSvc - detected UnsignedFile.Multi.Generic (1)
17:56:57.0787 4796  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:56:57.0917 4796  Wlansvc - ok
17:56:57.0972 4796  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
17:56:58.0052 4796  WmiAcpi - ok
17:56:58.0117 4796  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:56:58.0197 4796  wmiApSrv - ok
17:56:58.0307 4796  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
17:56:58.0412 4796  WMPNetworkSvc - ok
17:56:58.0442 4796  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:56:58.0572 4796  WPCSvc - ok
17:56:58.0642 4796  [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:56:58.0762 4796  WPDBusEnum - ok
17:56:58.0807 4796  [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
17:56:58.0897 4796  WpdUsb - ok
17:56:58.0932 4796  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:56:59.0052 4796  ws2ifsl - ok
17:56:59.0092 4796  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
17:56:59.0147 4796  wscsvc - ok
17:56:59.0157 4796  WSearch - ok
17:56:59.0282 4796  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
17:56:59.0467 4796  wuauserv - ok
17:56:59.0547 4796  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:56:59.0622 4796  WUDFRd - ok
17:56:59.0687 4796  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:56:59.0777 4796  wudfsvc - ok
17:56:59.0822 4796  [ AB2D77BF7222B007717ABB61B15F9AE2 ] X10Hid          C:\Windows\system32\Drivers\x10hid.sys
17:56:59.0877 4796  X10Hid - ok
17:56:59.0967 4796  [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets         C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
17:56:59.0987 4796  x10nets ( UnsignedFile.Multi.Generic ) - warning
17:56:59.0987 4796  x10nets - detected UnsignedFile.Multi.Generic (1)
17:57:00.0057 4796  [ 0625DB94911790F20A866A564D22612B ] XUIF            C:\Windows\system32\Drivers\x10ufx2.sys
17:57:00.0092 4796  XUIF - ok
17:57:00.0147 4796  [ C6CA0CC2F7FCDCFE5B551335BFE6D696 ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
17:57:00.0252 4796  yukonwlh - ok
17:57:00.0332 4796  [ 82FA1A47C2BB762203BFAFFCFE2ECF47 ] zoneLINKDefrag  C:\Program Files\zoneLINK\SystemUp 2009\Tuning\DefragService.exe
17:57:00.0527 4796  zoneLINKDefrag - ok
17:57:00.0552 4796  ================ Scan global ===============================
17:57:00.0612 4796  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
17:57:00.0662 4796  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
17:57:00.0687 4796  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
17:57:00.0762 4796  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
17:57:00.0782 4796  [Global] - ok
17:57:00.0792 4796  ================ Scan MBR ==================================
17:57:00.0807 4796  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:57:02.0287 4796  \Device\Harddisk0\DR0 - ok
17:57:02.0292 4796  ================ Scan VBR ==================================
17:57:02.0337 4796  [ 75D51756C3E908998B6E5571374286C2 ] \Device\Harddisk0\DR0\Partition1
17:57:02.0342 4796  \Device\Harddisk0\DR0\Partition1 - ok
17:57:02.0387 4796  [ 6E35418AA34E95B942D583A9244F566A ] \Device\Harddisk0\DR0\Partition2
17:57:02.0387 4796  \Device\Harddisk0\DR0\Partition2 - ok
17:57:02.0392 4796  ============================================================
17:57:02.0392 4796  Scan finished
17:57:02.0392 4796  ============================================================
17:57:02.0412 3792  Detected object count: 5
17:57:02.0412 3792  Actual detected object count: 5
17:57:30.0667 3792  CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:30.0667 3792  CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:57:30.0672 3792  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:30.0672 3792  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:57:30.0672 3792  Rezip ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:30.0672 3792  Rezip ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:57:30.0672 3792  WisLMSvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:30.0677 3792  WisLMSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:57:30.0677 3792  x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
17:57:30.0677 3792  x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip

Gruß,
Sase

cosinus · 17.03.2013, 16:50

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

sase · 17.03.2013, 18:02

Hallo Cosinus,

hier das log file von Combo fix:

Code:

ATTFilter

ComboFix 13-03-17.01 - Sandra 17.03.2013  17:30:39.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3036.1598 [GMT 1:00]
ausgeführt von:: c:\users\Sandra\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\~GLH0014.TMP
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-17 bis 2013-03-17  ))))))))))))))))))))))))))))))
.
.
2013-03-17 16:46 . 2013-03-17 16:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-16 08:20 . 2013-03-16 08:20	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-16 08:11 . 2013-02-08 00:45	6954968	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F2D1EF4-47B6-4A51-9B44-A421FDECBE2C}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-13 16:06 . 2012-09-03 17:26	33112	----a-w-	c:\windows\system32\drivers\avgtpx86.sys
2013-01-17 00:28 . 2009-10-16 13:07	232336	------w-	c:\windows\system32\MpSigStub.exe
2013-01-05 05:26 . 2013-02-14 16:48	3550072	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-05 05:26 . 2013-02-14 16:48	3602808	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-01-04 11:28 . 2013-02-14 16:48	914792	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-01-04 01:55 . 2013-02-14 16:48	31232	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2013-01-04 01:38 . 2013-02-14 16:50	2048512	----a-w-	c:\windows\system32\win32k.sys
2012-12-17 18:51 . 2012-10-19 15:49	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-17 18:51 . 2012-10-19 15:49	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2009-07-13 12:03 . 2009-07-13 12:03	285184	----a-w-	c:\program files\iTunesOutlookAddIn.dll
2009-07-13 12:03 . 2009-07-13 12:03	264992	----a-w-	c:\program files\iTunesPhotoProcessor.exe
2009-07-13 12:03 . 2009-07-13 12:03	384808	----a-w-	c:\program files\iTunesAdmin.dll
2009-07-13 12:03 . 2009-07-13 12:03	292128	----a-w-	c:\program files\iTunesHelper.exe
2009-07-13 12:03 . 2009-07-13 12:03	124200	----a-w-	c:\program files\iTunesMiniPlayer.dll
2009-07-13 12:02 . 2009-07-13 12:02	14074656	----a-w-	c:\program files\iTunes.exe
2009-07-13 12:02 . 2009-07-13 12:02	643072	----a-w-	c:\program files\iPodUpdaterExt.dll
2009-07-13 12:02 . 2009-07-13 12:02	111912	----a-w-	c:\program files\ITDetector.ocx
2009-07-13 12:02 . 2009-07-13 12:02	722160	----a-w-	c:\program files\CDDBControlApple.dll
2013-03-08 06:13 . 2013-03-08 06:13	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-02-13 16:06	1920688	----a-w-	c:\program files\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll" [2013-02-13 1920688]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-01 13789728]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2008-08-28 233472]
"MDS_Menu"="c:\program files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"PDVD8LanguageShortcut"="c:\program files\HomeCinema\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"fspuip"="c:\program files\FSP\fspuip.exe" [2009-06-19 765952]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-29 450660]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-04-10 191488]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-07-07 343552]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2009-08-05 413696]
"iTunesHelper"="c:\program files\iTunesHelper.exe" [2009-07-13 292128]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-11-07 73392]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-02-13 1124016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-02 738984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN14886219933083-4901&toolbarId=base&affiliateId=1025&Lan=de&utid=6a7ddf810000000000000025d32e627d
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: DhcpNameServer = 192.168.178.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.1.7\ViProtocol.dll
FF - ProfilePath - c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\qnbdypba.default\
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7B59992c8f-08f8-4728-a725-f2a92ea54f89%7D&mid=a843e40d3aedd487fc57aa1dc6ecb7f3-31fae43e44045c0172e8c22c3b511829bd367a46&ds=AVG&v=13.2.0.5&lang=de&pr=fr&d=2011-12-10%2018%3A41%3A06&sap=hp
FF - ExtSQL: !HIDDEN! 2009-07-22 14:04; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN14886219933083-4901&toolbarId=base&affiliateId=1025&Lan=de&utid=6a7ddf810000000000000025d32e627d
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN14886219933083-4901&toolbarId=base&affiliateId=1025&Lan=de&utid=6a7ddf810000000000000025d32e627d&q={searchTerms}
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?Source=Newtab&oemCode=ZLN14886219933083-4901&toolbarId=base&affiliateId=1025&Lan=de&utid=6a7ddf810000000000000025d32e627d
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN14886219933083-4901&toolbarId=base&affiliateId=1025&Lan={dfltLng}&utid=6a7ddf810000000000000025d32e627d&q=
FF - user.js: extensions.zonealarm.id - 6a7ddf810000000000000025d32e627d
FF - user.js: extensions.zonealarm.instlDay - 15715
FF - user.js: extensions.zonealarm.vrsn - 1.6.7.4
FF - user.js: extensions.zonealarm.vrsni - 1.6.7.4
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.7.419:54
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1025
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN14886219933083-4901
FF - user.js: extensions.zonealarm.dfltLng - de
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
URLSearchHooks-{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - (no file)
HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
HKLM-Run-LMgrOSD - c:\program files\Launch Manager\OSDCtrl.exe
AddRemove-_{E1A63F75-1F72-4450-980D-434496FFC646} - c:\program files\Corel\Corel Painter Essentials 4\MSILauncher {E1A63F75-1F72-4450-980D-434496FFC646}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-03-17 17:46
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
.
c:\windows\TEMP\TMP000000869BFAE040752CF917 524288 bytes
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{089c58db-1074-46cb-945f-f6330804ef5c}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:100025d3
"Dhcpv6State"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{0a0a9334-6f01-4e77-a0f4-4fc776555261}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0d001f16
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{278e17a4-0c59-4797-aa37-5eacad2058df}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:1a0015af
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{30e69351-e29b-4f31-89c4-37ea8e2a2703}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{bc9a7a0c-b47a-4256-8e47-70abd158c46f}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:19020054
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{cc3c41bf-ebbf-4ca3-9183-2a540181c97d}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0d000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001422
"Dhcpv6State"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(652)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Zeit der Fertigstellung: 2013-03-17  17:50:45
ComboFix-quarantined-files.txt  2013-03-17 16:50
.
Vor Suchlauf: 8 Verzeichnis(se), 329.417.510.912 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 329.786.294.272 Bytes frei
.
- - End Of File - - 1FD0322B6641A39D7ED98E64656BC722

Gruß
Sase

cosinus · 17.03.2013, 19:10

Zitat:

FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}

Kann ich nur von abraten. Bitte deinstallieren, die Windows-Firewall ist min. genauso effektiv.

sase · 18.03.2013, 19:01

hallo cosinus,
ich hab die firewallfunktion von zonealarm ausgeschaltet.
Aber noch nicht deinstalliert, da von dem Programm auch der "webidentitätsschutz" angeboten wird, der ist noch an. Kann das das windowssicherheitscenter auch oder welches "gute" Programm gibt es dafür?
Sase

cosinus · 18.03.2013, 23:29

So eine Funktion ist völlig überflüssig und du solltest dich daran gewöhnen dass derartigenSoftware dich nicht 100 %ig vor allem beschützen kann, will damit sagen ich sehe da druchaus die Gefahr, dass du meinst du kannst dich zu sehr auf die Software verlassen und du selbst dadruch nachlässig wirst

Wie gesagt ich würde ZoneAlarm komplett streichen, nur noch einen reinen Virenscanner rauf mit Windows-Firewall

sase · 20.03.2013, 19:46

Hallo, ok, verstanden.

Ähm, trotzdem noch eine Frage, ist der Trojaner nach der Combo fix - Anwendung nun entfernt und mein PC "sauber" oder muss noch etwas gemacht werden?
Gruß
Sase

cosinus · 20.03.2013, 23:06

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

sase · 27.03.2013, 19:27

Hallo Cosinus,
ich war leider nicht bei der Sache. Ich hatte letzte Woche alles erledigt und geantwortet, aber wohl nur auf die Vorschau geklickt und dann nicht mehr abschließend auf "antworten".
...
Ich habe Zonenalarm noch nicht deinstalliert, aber ausgeschaltet. Ich habe aber trotzdem von dem Programm eine Warnung bekommen, dass ein "Hotkey-irgendwas" Zugriff verlangt. Das habe ich bisher aber immer abgelehnt. Soll ich das ggf. zulassen und die drei scans noch mal laufen lassen?

(da tauchen errors in den scan-ergebnissen auf, falls es daran liegt).

Hier von JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Sandra on 21.03.2013 at 19:54:25,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{95b7759c-8c7f-4bf1-b163-73684a933233} 
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane
Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane.1
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\scripthelper.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\viprotocol.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2613550
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Sandra\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Sandra\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files\conduit"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Users\Sandra\AppData\Roaming\mozilla\firefox\profiles\qnbdypba.default\user.js
Successfully deleted: [Folder] C:\Users\Sandra\AppData\Roaming\mozilla\firefox\profiles\qnbdypba.default\conduitcommon
Successfully deleted the following from C:\Users\Sandra\AppData\Roaming\mozilla\firefox\profiles\qnbdypba.default\prefs.js

user_pref("CT2613550..clientLogIsEnabled", false);
user_pref("CT2613550..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2613550..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2613550.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2613550.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2613550.CTID", "ct2613550");
user_pref("CT2613550.CurrentServerDate", "21-7-2012");
user_pref("CT2613550.DialogsAlignMode", "LTR");
user_pref("CT2613550.DialogsGetterLastCheckTime", "Fri Jul 20 2012 21:10:48 GMT+0200");
user_pref("CT2613550.DownloadReferralCookieData", "");
user_pref("CT2613550.EMailNotifierPollDate", "Sat Jul 21 2012 19:07:26 GMT+0200");
user_pref("CT2613550.FeedLastCount3082739963941193807", 0);
user_pref("CT2613550.FeedPollDate7861255190875796966", "Mon Jul 18 2011 19:42:42 GMT+0200");
user_pref("CT2613550.FeedPollDate7861255191286404846", "Mon Jul 18 2011 19:42:42 GMT+0200");
user_pref("CT2613550.FeedPollDate7861255191690696803", "Mon Jul 18 2011 19:42:40 GMT+0200");
user_pref("CT2613550.FeedPollDate7861255191830767423", "Mon Jul 18 2011 19:42:42 GMT+0200");
user_pref("CT2613550.FeedPollDate7861255192204641884", "Mon Jul 18 2011 19:42:42 GMT+0200");
user_pref("CT2613550.FeedPollDate7861255192330261614", "Mon Jul 18 2011 19:42:40 GMT+0200");
user_pref("CT2613550.FeedPollDate7861255192609293799", "Mon Jul 18 2011 19:42:42 GMT+0200");
user_pref("CT2613550.FeedPollDate7861255192844976705", "Mon Jul 18 2011 19:42:40 GMT+0200");
user_pref("CT2613550.FeedPollDate7861255193025486845", "Mon Jul 18 2011 19:42:42 GMT+0200");
user_pref("CT2613550.FeedPollDate7861255193127848905", "Mon Jul 18 2011 19:42:42 GMT+0200");
user_pref("CT2613550.FeedPollDate7861255193189289837", "Mon Jul 18 2011 19:42:40 GMT+0200");
user_pref("CT2613550.FeedPollDate7861255193256322449", "Mon Jul 18 2011 19:42:40 GMT+0200");
user_pref("CT2613550.FeedPollDate7861255193310202497", "Mon Jul 18 2011 19:42:42 GMT+0200");
user_pref("CT2613550.FeedPollDate7861255193760634970", "Mon Jul 18 2011 19:42:42 GMT+0200");
user_pref("CT2613550.FeedPollDate7861255193813312257", "Mon Jul 18 2011 19:42:42 GMT+0200");
user_pref("CT2613550.FeedPollDate7861255194862513855", "Mon Jul 18 2011 19:42:40 GMT+0200");
user_pref("CT2613550.FeedPollDate7861255194875474195", "Mon Jul 18 2011 19:42:42 GMT+0200");
user_pref("CT2613550.FeedTTL7861255190875796966", 5);
user_pref("CT2613550.FeedTTL7861255191286404846", 2);
user_pref("CT2613550.FeedTTL7861255191830767423", 30);
user_pref("CT2613550.FeedTTL7861255192609293799", 30);
user_pref("CT2613550.FeedTTL7861255192844976705", 5);
user_pref("CT2613550.FeedTTL7861255193256322449", 5);
user_pref("CT2613550.FeedTTL7861255193310202497", 2);
user_pref("CT2613550.FirstServerDate", "25-6-2011");
user_pref("CT2613550.FirstTime", true);
user_pref("CT2613550.FirstTimeFF3", true);
user_pref("CT2613550.FixPageNotFoundErrors", true);
user_pref("CT2613550.GroupingServerCheckInterval", 1440);
user_pref("CT2613550.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2613550.HasUserGlobalKeys", true);
user_pref("CT2613550.Initialize", true);
user_pref("CT2613550.InitializeCommonPrefs", true);
user_pref("CT2613550.InstallationAndCookieDataSentCount", 3);
user_pref("CT2613550.InstallationType", "UnknownIntegration");
user_pref("CT2613550.InstalledDate", "Sat Jun 25 2011 17:55:29 GMT+0200");
user_pref("CT2613550.IsAlertDBUpdated", true);
user_pref("CT2613550.IsGrouping", false);
user_pref("CT2613550.IsInitSetupIni", true);
user_pref("CT2613550.IsMulticommunity", false);
user_pref("CT2613550.IsOpenThankYouPage", false);
user_pref("CT2613550.IsOpenUninstallPage", false);
user_pref("CT2613550.LanguagePackLastCheckTime", "Sat Jun 25 2011 17:55:36 GMT+0200");
user_pref("CT2613550.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2613550.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2613550.LastLogin_3.10.0.1", "Wed Apr 18 2012 18:17:05 GMT+0200");
user_pref("CT2613550.LastLogin_3.12.0.7", "Fri Apr 27 2012 18:55:49 GMT+0200");
user_pref("CT2613550.LastLogin_3.12.2.3", "Thu May 31 2012 19:00:23 GMT+0200");
user_pref("CT2613550.LastLogin_3.13.0.6", "Sun Jul 15 2012 12:39:23 GMT+0200");
user_pref("CT2613550.LastLogin_3.14.1.0", "Sat Jul 21 2012 19:07:28 GMT+0200");
user_pref("CT2613550.LastLogin_3.5.0.12", "Mon Aug 15 2011 16:29:48 GMT+0200");
user_pref("CT2613550.LastLogin_3.6.0.10", "Tue Sep 27 2011 20:51:29 GMT+0200");
user_pref("CT2613550.LastLogin_3.7.0.6", "Mon Nov 07 2011 20:29:08 GMT+0100");
user_pref("CT2613550.LastLogin_3.8.0.8", "Tue Dec 06 2011 20:07:36 GMT+0100");
user_pref("CT2613550.LastLogin_3.8.1.0", "Sun Jan 15 2012 17:08:13 GMT+0100");
user_pref("CT2613550.LastLogin_3.9.0.3", "Sun Mar 11 2012 17:09:04 GMT+0100");
user_pref("CT2613550.LatestVersion", "3.13.0.6");
user_pref("CT2613550.Locale", "de-de");
user_pref("CT2613550.MCDetectTooltipHeight", "83");
user_pref("CT2613550.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2613550.MCDetectTooltipWidth", "295");
user_pref("CT2613550.MyStuffEnabledAtInstallation", true);
user_pref("CT2613550.OriginalFirstVersion", "3.5.0.12");
user_pref("CT2613550.SearchFromAddressBarIsInit", true);
user_pref("CT2613550.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=2&q=");
user_pref("CT2613550.SearchInNewTabEnabled", true);
user_pref("CT2613550.SearchInNewTabIntervalMM", 1440);
user_pref("CT2613550.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2613550.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
user_pref("CT2613550.ServiceMapLastCheckTime", "Sat Jul 21 2012 19:07:24 GMT+0200");
user_pref("CT2613550.SettingsLastCheckTime", "Sat Jun 25 2011 17:55:28 GMT+0200");
user_pref("CT2613550.SettingsLastUpdate", "1306530423");
user_pref("CT2613550.ThirdPartyComponentsInterval", 504);
user_pref("CT2613550.ThirdPartyComponentsLastCheck", "Sat Jun 25 2011 17:55:27 GMT+0200");
user_pref("CT2613550.ThirdPartyComponentsLastUpdate", "1255344657");
user_pref("CT2613550.ToolbarShrinkedFromSetup", false);
user_pref("CT2613550.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2613550");
user_pref("CT2613550.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2613550.UserID", "UN48183260069756766");
user_pref("CT2613550.ValidationData_Search", 2);
user_pref("CT2613550.ValidationData_Toolbar", 2);
user_pref("CT2613550.alertChannelId", "1006347");
user_pref("CT2613550.ct2613550.AppTrackingLastCheckTime", "Sat Jul 14 2012 19:17:22 GMT+0200");
user_pref("CT2613550.ct2613550.DialogsAlignMode", "LTR");
user_pref("CT2613550.ct2613550.FeedLastCount3082739963941193807", 777);
user_pref("CT2613550.ct2613550.LanguagePackLastCheckTime", "Fri Jul 20 2012 21:10:47 GMT+0200");
user_pref("CT2613550.ct2613550.Locale", "de-de");
user_pref("CT2613550.ct2613550.SearchInNewTabLastCheckTime", "Fri Jul 20 2012 21:10:47 GMT+0200");
user_pref("CT2613550.ct2613550.SettingsLastCheckTime", "Sat Jul 21 2012 19:07:26 GMT+0200");
user_pref("CT2613550.ct2613550.SettingsLastUpdate", "1342352981");
user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastCheck", "Tue Jul 17 2012 18:58:16 GMT+0200");
user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastUpdate", "1331806000");
user_pref("CT2613550.ct2613550.globalFirstTimeInfoLastCheckTime", "Sun Jul 15 2012 12:39:24 GMT+0200");
user_pref("CT2613550.ct2613550.toolbarAppMetaDataLastCheckTime", "Fri Jul 20 2012 21:10:49 GMT+0200");
user_pref("CT2613550.ct2613550.toolbarContextMenuLastCheckTime", "Fri Jul 20 2012 21:10:49 GMT+0200");
user_pref("CT2613550.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT2613550.globalFirstTimeInfoLastCheckTime", "Sat Jun 25 2011 17:55:30 GMT+0200");
user_pref("CT2613550.homepageProtectorEnableByLogin", true);
user_pref("CT2613550.initDone", true);
user_pref("CT2613550.isAppTrackingManagerOn", true);
user_pref("CT2613550.myStuffEnabled", true);
user_pref("CT2613550.myStuffPublihserMinWidth", 400);
user_pref("CT2613550.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2613550.myStuffServiceIntervalMM", 1440);
user_pref("CT2613550.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2613550.oldAppsList", "129171076488700693,129171076488856944,111,129171076488856945,129539182460150402,129539182525463225,129791240633491387,1000034,1000080,10000
user_pref("CT2613550.revertSettingsEnabled", true);
user_pref("CT2613550.searchProtectorDialogDelayInSec", 10);
user_pref("CT2613550.searchProtectorEnableByLogin", true);
user_pref("CT2613550.testingCtid", "");
user_pref("CT2613550.toolbarAppMetaDataLastCheckTime", "Sat Jun 25 2011 17:55:30 GMT+0200");
user_pref("CT2613550.toolbarContextMenuLastCheckTime", "Sat Jun 25 2011 17:55:36 GMT+0200");
user_pref("CT2613550.usagesFlag", 2);
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2613550/CT2613550", "\"2baec859dd7825f1b78fbd900678a7a52\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2613550", "\"1280438147\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2613550", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=de-de", "oIwsta2spzadhjRgiY1Nhw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=de-de", "WiZSpHJzJ/uTUKvfHHyj/w==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=de-de", "U5mhHQKIYvMC666+kpF/Lw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=de-de", "Dq4oDE7bC6X7ZY06mrKiog==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"04afd94b864cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.0.12", "\"8028f138140cc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"80ee9485875dcc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.0.6", "\"80ee9485875dcc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.0.8", "\"80ee9485875dcc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"80ee9485875dcc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"801a319dd78ccc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2613550", "\"5a3bfb736bf65ca0cca630a3f0917948\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2613550&octid=CT2613550", "\"1319568606\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2613550/CT2613550", "\"1306530423\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2613550/CT2613550", "\"9962eec473ee6ca62edb7e29d766b9f01\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/50/261/CT2613550/Images/634084971246361250.png", "\"462e8b16c4eaca1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"76b118c11ea11d31ecc656d0b5c271fc\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"4bed802bf70e2b476392c40fa2322f30\"");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Sandra\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\qnbdypba.default\\conduitCommon\\modules\\3.14.1.0");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.avg.com/route/?d=4ccbc941&v=7.005.030.004&i=23&tp=ab&iy=&ychte=de&lng=de&q=");
user_pref("CommunityToolbar.ToolbarsList", "CT2613550");
user_pref("CommunityToolbar.ToolbarsList2", "CT2613550");
user_pref("CommunityToolbar.ToolbarsList4", "CT2613550");
user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Apr 02 2012 19:33:06 GMT+0200");
user_pref("CommunityToolbar.globalUserId", "ec0f1b49-da25-4f96-9a48-9d3f1c1d0687");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Jul 17 2012 18:58:19 GMT+0200");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jul 20 2012 21:10:43 GMT+0200");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "3e332b83-27c5-41b0-8c83-600211a7992e");
user_pref("browser.startup.homepage", "hxxp://isearch.avg.com?cid=%7B59992c8f-08f8-4728-a725-f2a92ea54f89%7D&mid=a843e40d3aedd487fc57aa1dc6ecb7f3-31fae43e44045c0172e8c22c3b511
Emptied folder: C:\Users\Sandra\AppData\Roaming\mozilla\firefox\profiles\qnbdypba.default\minidumps [38 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.03.2013 at 20:02:18,21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hier von adwcleaner:

Code:

ATTFilter

# AdwCleaner v2.115 - Datei am 21/03/2013 um 20:20:31 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Sandra - SANDRA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sandra\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\qnbdypba.default\searchplugins\zonealarm.xml
Gelöscht mit Neustart : C:\Program Files\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\AVG Security Toolbar
Ordner Gelöscht : C:\Users\Sandra\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Sandra\AppData\Local\AVG Security Toolbar
Ordner Gelöscht : C:\Users\Sandra\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Sandra\AppData\LocalLow\AVG Security Toolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.19401

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Datei : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\qnbdypba.default\prefs.js

Gelöscht : user_pref("CT2613550.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2613550/CT2613550[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2613550", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2613550", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2613550",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2613550&octid=[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2613550/CT2613550[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2613550/CT2613550[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/50/261/CT2613550/Images/6340849712463612[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Sandra\\AppData\\Roaming\\Mozilla\\[...]
Gelöscht : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.1.0.10")[...]
Gelöscht : user_pref("browser.search.defaultenginename", "AVG Secure Search");

*************************

AdwCleaner[S1].txt - [9187 octets] - [21/03/2013 20:20:31]

########## EOF - C:\AdwCleaner[S1].txt - [9247 octets] ##########

Hier OTL Nr. 1:

Code:

ATTFilter

OTL logfile created on: 21.03.2013 20:30:53 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sandra\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19401)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,96 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 59,57% Memory free
6,13 Gb Paging File | 4,90 Gb Available in Paging File | 79,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 433,53 Gb Total Space | 308,25 Gb Free Space | 71,10% Space Free | Partition Type: NTFS
Drive D: | 32,22 Gb Total Space | 17,56 Gb Free Space | 54,49% Space Free | Partition Type: FAT32
 
Computer Name: SANDRA-PC | User Name: Sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\iTunesHelper.exe File not found
PRC - C:\Users\Sandra\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe ()
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.)
PRC - C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Programme\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Launch Manager\WButton.exe (Wistron Corp.)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - c:\Programme\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.)
PRC - C:\Programme\FSP\FspUip.exe (Sentelic Corporation)
PRC - C:\Programme\zoneLINK\SystemUp 2009\Tuning\DefragService.exe (zoneLINK)
PRC - C:\Programme\zoneLINK\SystemUp 2009\Tuning\SUThemeService.exe (zoneLINK)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Windows\System32\Rezip.exe ()
PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\tsnp2uvc.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
MOD - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\npFFApi.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\ASL.dll ()
MOD - C:\Programme\FSP\KbdHook.dll ()
MOD - C:\Programme\FSP\FspLib.dll ()
MOD - C:\Windows\tsnp2uvc.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vToolbarUpdater14.1.7) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe ()
SRV - (vsmon) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVG Security Toolbar Service) -- C:\Programme\AVG\AVG8\Toolbar\ToolbarBroker.exe ()
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (avg8emc) -- C:\Programme\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Programme\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (STacSV) -- c:\Programme\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (zoneLINKDefrag) -- C:\Programme\zoneLINK\SystemUp 2009\Tuning\DefragService.exe (zoneLINK)
SRV - (srvSUThemeService) -- C:\Programme\zoneLINK\SystemUp 2009\Tuning\SUThemeService.exe (zoneLINK)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (WisLMSvc) -- C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (CCALib8) -- C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (vsdatant7) -- System32\drivers\vsdatant.win7.sys File not found
DRV - (Trufos) -- C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\trufos.sys File not found
DRV - (Profos) -- C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Sandra\AppData\Local\Temp\catchme.sys File not found
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (mod7700) -- C:\Windows\System32\drivers\mod7700.sys (DiBcom SA)
DRV - (fspad_wlh32) -- C:\Windows\System32\drivers\fspad_wlh32.sys (Sentelic Corporation)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN14886219933083-4901&toolbarId=base&affiliateId=1025&Lan=de&utid=6a7ddf810000000000000025d32e627d
IE - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search
IE - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\..\SearchScopes\{2F059E57-C0CE-47FF-ACB7-10C1A03E7BAC}: "URL" = hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN14886219933083-4901&toolbarId=base&affiliateId=1025&Lan=de&utid=6a7ddf810000000000000025d32e627d&q={searchTerms}&r=813
IE - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\..\SearchScopes\{4029843B-C06E-4107-AF66-00630D3B467F}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\..\SearchScopes\{81AB358F-9454-4C25-AE83-448B29E3D0DC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013.01.10 19:58:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 07:13:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 07:13:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 07:13:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 07:13:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter
 
[2009.09.05 13:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Extensions
[2013.01.10 19:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Firefox\Profiles\qnbdypba.default\extensions
[2010.08.18 16:30:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sandra\AppData\Roaming\mozilla\Firefox\Profiles\qnbdypba.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.01.10 19:56:52 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\Sandra\AppData\Roaming\mozilla\Firefox\Profiles\qnbdypba.default\extensions\ffxtlbr@zonealarm.com
[2013.03.08 07:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.08 07:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.03.08 07:13:23 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.29 17:39:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.29 17:39:00 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.29 17:39:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.29 17:39:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.29 17:39:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.29 17:39:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.03.17 17:46:45 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Programme\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll (Montera Technologeis LTD)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Programme\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISW]  File not found
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1592504286-2890377891-422604750-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{089C58DB-1074-46CB-945F-F6330804EF5C}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.21 19:54:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.21 19:53:41 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.21 19:49:58 | 000,549,920 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Sandra\Desktop\JRT.exe
[2013.03.20 19:38:55 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.18 18:29:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.18 18:04:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.03.17 17:25:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.17 17:25:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.17 17:25:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.17 17:24:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.17 17:24:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.17 17:19:32 | 005,041,875 | R--- | C] (Swearware) -- C:\Users\Sandra\Desktop\ComboFix.exe
[2013.03.16 17:53:51 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sandra\Desktop\tdsskiller.exe
[2013.03.16 16:51:21 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Sandra\Desktop\aswMBR.exe
[2013.03.16 09:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.16 09:17:01 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\mbar-1.01.0.1021
[2013.03.14 09:59:15 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.14 09:59:15 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.03.14 09:59:15 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.14 09:59:15 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.03.14 09:59:15 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.03.14 09:59:15 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.03.14 09:59:14 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.14 09:59:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.03.14 09:59:14 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.03.14 09:59:11 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013.03.14 09:59:11 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.03.14 09:59:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.03.14 09:59:10 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.03.14 09:59:10 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.14 09:59:09 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.03.14 09:59:09 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.14 09:59:09 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.14 09:59:07 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.14 09:12:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe
[2013.03.08 07:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009.07.13 13:03:16 | 000,285,184 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesOutlookAddIn.dll
[2009.07.13 13:03:16 | 000,264,992 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesPhotoProcessor.exe
[2009.07.13 13:03:10 | 000,384,808 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesAdmin.dll
[2009.07.13 13:03:10 | 000,292,128 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
[2009.07.13 13:03:10 | 000,124,200 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesMiniPlayer.dll
[2009.07.13 13:02:56 | 014,074,656 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.exe
[2009.07.13 13:02:52 | 000,111,912 | ---- | C] (Apple Inc.) -- C:\Program Files\ITDetector.ocx
[2009.07.13 13:02:50 | 000,722,160 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\CDDBControlApple.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.21 20:23:15 | 000,088,812 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.03.21 20:23:00 | 000,088,812 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.03.21 20:22:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.21 20:22:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.21 20:22:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.21 20:22:30 | 3184,390,144 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.21 20:21:40 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.03.21 20:21:00 | 000,000,115 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.03.21 20:18:37 | 000,609,993 | ---- | M] () -- C:\Users\Sandra\Desktop\adwcleaner.exe
[2013.03.21 19:50:18 | 000,549,920 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Sandra\Desktop\JRT.exe
[2013.03.18 19:16:31 | 067,676,974 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2013.03.17 17:46:45 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.03.17 17:20:49 | 005,041,875 | R--- | M] (Swearware) -- C:\Users\Sandra\Desktop\ComboFix.exe
[2013.03.16 17:54:05 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sandra\Desktop\tdsskiller.exe
[2013.03.16 17:51:07 | 000,000,512 | ---- | M] () -- C:\Users\Sandra\Desktop\MBR.dat
[2013.03.16 16:52:50 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Sandra\Desktop\aswMBR.exe
[2013.03.16 09:14:15 | 013,786,977 | ---- | M] () -- C:\Users\Sandra\Desktop\mbar-1.01.0.1021.zip
[2013.03.14 10:05:08 | 000,377,856 | ---- | M] () -- C:\Users\Sandra\Desktop\gmer_2.1.19155.exe
[2013.03.14 09:11:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe
[2013.03.14 09:08:32 | 000,000,000 | ---- | M] () -- C:\Users\Sandra\defogger_reenable
[2013.03.14 09:07:00 | 000,050,477 | ---- | M] () -- C:\Users\Sandra\Desktop\Defogger.exe
[2013.02.28 03:49:23 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
 
========== Files Created - No Company Name ==========
 
[2013.03.21 20:20:44 | 000,000,115 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.03.21 20:18:20 | 000,609,993 | ---- | C] () -- C:\Users\Sandra\Desktop\adwcleaner.exe
[2013.03.17 17:25:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.17 17:25:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.17 17:25:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.17 17:25:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.17 17:25:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.16 17:51:07 | 000,000,512 | ---- | C] () -- C:\Users\Sandra\Desktop\MBR.dat
[2013.03.16 09:13:24 | 013,786,977 | ---- | C] () -- C:\Users\Sandra\Desktop\mbar-1.01.0.1021.zip
[2013.03.14 10:04:52 | 000,377,856 | ---- | C] () -- C:\Users\Sandra\Desktop\gmer_2.1.19155.exe
[2013.03.14 09:08:32 | 000,000,000 | ---- | C] () -- C:\Users\Sandra\defogger_reenable
[2013.03.14 09:05:36 | 000,050,477 | ---- | C] () -- C:\Users\Sandra\Desktop\Defogger.exe
[2012.08.02 12:48:01 | 004,245,762 | ---- | C] () -- C:\Users\Sandra\IMG_6667.JPG
[2012.08.02 12:48:00 | 004,940,664 | ---- | C] () -- C:\Users\Sandra\IMG_6666.JPG
[2012.08.02 12:47:59 | 004,981,015 | ---- | C] () -- C:\Users\Sandra\IMG_6665.JPG
[2012.08.02 12:47:57 | 004,757,321 | ---- | C] () -- C:\Users\Sandra\IMG_6664.JPG
[2012.08.02 12:47:55 | 005,643,220 | ---- | C] () -- C:\Users\Sandra\IMG_6663.JPG
[2012.08.02 12:47:52 | 006,359,589 | ---- | C] () -- C:\Users\Sandra\IMG_6662.JPG
[2012.08.02 12:47:49 | 005,209,759 | ---- | C] () -- C:\Users\Sandra\IMG_6661.JPG
[2012.08.02 12:47:47 | 005,427,855 | ---- | C] () -- C:\Users\Sandra\IMG_6660.JPG
[2012.08.02 12:47:45 | 005,312,886 | ---- | C] () -- C:\Users\Sandra\IMG_6659.JPG
[2012.08.02 12:47:43 | 005,065,698 | ---- | C] () -- C:\Users\Sandra\IMG_6658.JPG
[2012.08.02 12:47:41 | 005,484,154 | ---- | C] () -- C:\Users\Sandra\IMG_6657.JPG
[2012.08.02 12:47:39 | 005,358,041 | ---- | C] () -- C:\Users\Sandra\IMG_6656.JPG
[2012.08.02 12:47:37 | 004,755,717 | ---- | C] () -- C:\Users\Sandra\IMG_6655.JPG
[2012.08.02 12:47:35 | 004,824,611 | ---- | C] () -- C:\Users\Sandra\IMG_6654.JPG
[2012.08.02 12:47:32 | 005,689,020 | ---- | C] () -- C:\Users\Sandra\IMG_6653.JPG
[2012.08.02 12:47:31 | 004,963,841 | ---- | C] () -- C:\Users\Sandra\IMG_6652.JPG
[2012.08.02 12:47:29 | 005,305,535 | ---- | C] () -- C:\Users\Sandra\IMG_6651.JPG
[2012.08.02 12:47:27 | 004,809,695 | ---- | C] () -- C:\Users\Sandra\IMG_6650.JPG
[2012.08.02 12:47:26 | 003,245,106 | ---- | C] () -- C:\Users\Sandra\IMG_6649.JPG
[2012.08.02 12:47:25 | 005,007,917 | ---- | C] () -- C:\Users\Sandra\IMG_6648.JPG
[2012.08.02 12:47:23 | 004,880,228 | ---- | C] () -- C:\Users\Sandra\IMG_6647.JPG
[2012.08.02 12:47:21 | 004,147,393 | ---- | C] () -- C:\Users\Sandra\IMG_6646.JPG
[2012.08.02 12:47:20 | 004,864,536 | ---- | C] () -- C:\Users\Sandra\IMG_6645.JPG
[2012.08.02 12:47:19 | 005,142,572 | ---- | C] () -- C:\Users\Sandra\IMG_6644.JPG
[2012.08.02 12:47:17 | 005,180,051 | ---- | C] () -- C:\Users\Sandra\IMG_6643.JPG
[2012.08.02 12:47:16 | 005,511,493 | ---- | C] () -- C:\Users\Sandra\IMG_6642.JPG
[2012.08.02 12:47:14 | 004,915,637 | ---- | C] () -- C:\Users\Sandra\IMG_6641.JPG
[2012.08.02 12:47:12 | 004,876,632 | ---- | C] () -- C:\Users\Sandra\IMG_6640.JPG
[2012.08.02 12:47:10 | 005,820,398 | ---- | C] () -- C:\Users\Sandra\IMG_6639.JPG
[2012.08.02 12:47:09 | 005,445,831 | ---- | C] () -- C:\Users\Sandra\IMG_6638.JPG
[2012.08.02 12:47:07 | 005,480,537 | ---- | C] () -- C:\Users\Sandra\IMG_6637.JPG
[2012.08.02 12:47:06 | 004,869,177 | ---- | C] () -- C:\Users\Sandra\IMG_6636.JPG
[2012.08.02 12:47:05 | 005,551,413 | ---- | C] () -- C:\Users\Sandra\IMG_6635.JPG
[2012.08.02 12:47:01 | 005,344,152 | ---- | C] () -- C:\Users\Sandra\IMG_6634.JPG
[2012.08.02 12:47:00 | 004,814,736 | ---- | C] () -- C:\Users\Sandra\IMG_6633.JPG
[2012.08.02 12:46:59 | 004,740,332 | ---- | C] () -- C:\Users\Sandra\IMG_6632.JPG
[2012.08.02 12:46:57 | 004,668,953 | ---- | C] () -- C:\Users\Sandra\IMG_6631.JPG
[2012.08.02 12:46:56 | 005,600,547 | ---- | C] () -- C:\Users\Sandra\IMG_6630.JPG
[2012.08.02 12:46:55 | 004,823,012 | ---- | C] () -- C:\Users\Sandra\IMG_6629.JPG
[2012.08.02 12:46:51 | 005,282,593 | ---- | C] () -- C:\Users\Sandra\IMG_6628.JPG
[2012.08.02 12:46:50 | 005,315,734 | ---- | C] () -- C:\Users\Sandra\IMG_6627.JPG
[2012.08.02 12:46:49 | 004,231,334 | ---- | C] () -- C:\Users\Sandra\IMG_6626.JPG
[2012.08.02 12:46:48 | 005,381,775 | ---- | C] () -- C:\Users\Sandra\IMG_6625.JPG
[2012.08.02 12:46:47 | 005,042,975 | ---- | C] () -- C:\Users\Sandra\IMG_6624.JPG
[2012.08.02 12:46:45 | 005,741,077 | ---- | C] () -- C:\Users\Sandra\IMG_6623.JPG
[2012.08.02 12:46:44 | 005,563,595 | ---- | C] () -- C:\Users\Sandra\IMG_6622.JPG
[2012.08.02 12:46:42 | 005,475,216 | ---- | C] () -- C:\Users\Sandra\IMG_6621.JPG
[2012.08.02 12:46:41 | 005,709,475 | ---- | C] () -- C:\Users\Sandra\IMG_6620.JPG
[2012.08.02 12:46:40 | 005,957,783 | ---- | C] () -- C:\Users\Sandra\IMG_6619.JPG
[2012.08.02 12:46:38 | 006,232,716 | ---- | C] () -- C:\Users\Sandra\IMG_6618.JPG
[2012.08.02 12:46:37 | 004,009,410 | ---- | C] () -- C:\Users\Sandra\IMG_6617.JPG
[2012.08.02 12:46:36 | 004,565,934 | ---- | C] () -- C:\Users\Sandra\IMG_6616.JPG
[2012.08.02 12:46:35 | 005,749,341 | ---- | C] () -- C:\Users\Sandra\IMG_6615.JPG
[2012.08.02 12:46:32 | 006,026,061 | ---- | C] () -- C:\Users\Sandra\IMG_6614.JPG
[2012.08.02 12:46:30 | 005,084,215 | ---- | C] () -- C:\Users\Sandra\IMG_6613.JPG
[2012.08.02 12:46:29 | 005,543,181 | ---- | C] () -- C:\Users\Sandra\IMG_6612.JPG
[2012.08.02 12:46:27 | 006,041,551 | ---- | C] () -- C:\Users\Sandra\IMG_6611.JPG
[2012.08.02 12:46:25 | 005,717,869 | ---- | C] () -- C:\Users\Sandra\IMG_6610.JPG
[2012.08.02 12:46:23 | 003,667,921 | ---- | C] () -- C:\Users\Sandra\IMG_6609.JPG
[2012.08.02 12:46:21 | 005,402,585 | ---- | C] () -- C:\Users\Sandra\IMG_6608.JPG
[2012.08.02 12:46:20 | 004,319,434 | ---- | C] () -- C:\Users\Sandra\IMG_6607.JPG
[2012.08.02 12:46:18 | 004,668,510 | ---- | C] () -- C:\Users\Sandra\IMG_6606.JPG
[2012.08.02 12:46:16 | 004,381,120 | ---- | C] () -- C:\Users\Sandra\IMG_6605.JPG
[2012.08.02 12:46:14 | 005,300,262 | ---- | C] () -- C:\Users\Sandra\IMG_6604.JPG
[2012.08.02 12:46:12 | 005,280,022 | ---- | C] () -- C:\Users\Sandra\IMG_6603.JPG
[2012.08.02 12:46:09 | 005,983,098 | ---- | C] () -- C:\Users\Sandra\IMG_6602.JPG
[2012.08.02 12:46:06 | 005,702,064 | ---- | C] () -- C:\Users\Sandra\IMG_6601.JPG
[2012.08.02 12:46:02 | 005,343,206 | ---- | C] () -- C:\Users\Sandra\IMG_6600.JPG
[2012.08.02 12:45:56 | 006,013,333 | ---- | C] () -- C:\Users\Sandra\IMG_6599.JPG
[2012.08.02 12:45:51 | 006,075,844 | ---- | C] () -- C:\Users\Sandra\IMG_6598.JPG
[2012.08.02 12:45:46 | 006,052,692 | ---- | C] () -- C:\Users\Sandra\IMG_6597.JPG
[2012.08.02 12:45:44 | 004,919,101 | ---- | C] () -- C:\Users\Sandra\IMG_6596.JPG
[2012.08.02 12:45:38 | 005,395,020 | ---- | C] () -- C:\Users\Sandra\IMG_6595.JPG
[2012.08.02 12:45:34 | 006,001,167 | ---- | C] () -- C:\Users\Sandra\IMG_6594.JPG
[2012.08.02 12:45:31 | 004,904,790 | ---- | C] () -- C:\Users\Sandra\IMG_6593.JPG
[2012.08.02 12:45:28 | 005,174,759 | ---- | C] () -- C:\Users\Sandra\IMG_6592.JPG
[2012.08.02 12:45:25 | 005,698,380 | ---- | C] () -- C:\Users\Sandra\IMG_6591.JPG
[2012.08.02 12:45:23 | 006,069,184 | ---- | C] () -- C:\Users\Sandra\IMG_6590.JPG
[2012.08.02 12:45:20 | 004,698,139 | ---- | C] () -- C:\Users\Sandra\IMG_6589.JPG
[2012.08.02 12:45:17 | 005,986,780 | ---- | C] () -- C:\Users\Sandra\IMG_6588.JPG
[2012.08.02 12:45:14 | 006,068,191 | ---- | C] () -- C:\Users\Sandra\IMG_6587.JPG
[2012.08.02 12:45:09 | 006,092,765 | ---- | C] () -- C:\Users\Sandra\IMG_6586.JPG
[2012.08.02 12:45:07 | 005,751,060 | ---- | C] () -- C:\Users\Sandra\IMG_6585.JPG
[2012.08.02 12:45:04 | 006,141,870 | ---- | C] () -- C:\Users\Sandra\IMG_6584.JPG
[2012.08.02 12:45:02 | 004,572,729 | ---- | C] () -- C:\Users\Sandra\IMG_6583.JPG
[2012.08.02 12:44:58 | 005,870,330 | ---- | C] () -- C:\Users\Sandra\IMG_6582.JPG
[2012.08.02 12:44:55 | 005,735,579 | ---- | C] () -- C:\Users\Sandra\IMG_6581.JPG
[2012.08.02 12:44:54 | 005,663,252 | ---- | C] () -- C:\Users\Sandra\IMG_6580.JPG
[2012.08.02 12:44:52 | 006,282,799 | ---- | C] () -- C:\Users\Sandra\IMG_6579.JPG
[2012.08.02 12:44:50 | 004,766,635 | ---- | C] () -- C:\Users\Sandra\IMG_6578.JPG
[2012.08.02 12:44:47 | 005,069,399 | ---- | C] () -- C:\Users\Sandra\IMG_6577.JPG
[2012.08.02 12:44:45 | 005,267,576 | ---- | C] () -- C:\Users\Sandra\IMG_6576.JPG
[2012.08.02 12:44:43 | 005,541,310 | ---- | C] () -- C:\Users\Sandra\IMG_6575.JPG
[2012.08.02 12:44:41 | 005,475,413 | ---- | C] () -- C:\Users\Sandra\IMG_6574.JPG
[2012.08.02 12:44:40 | 005,588,914 | ---- | C] () -- C:\Users\Sandra\IMG_6573.JPG
[2012.08.02 12:44:38 | 005,909,262 | ---- | C] () -- C:\Users\Sandra\IMG_6572.JPG
[2012.08.02 12:44:36 | 005,168,067 | ---- | C] () -- C:\Users\Sandra\IMG_6571.JPG
[2012.08.02 12:44:33 | 005,377,732 | ---- | C] () -- C:\Users\Sandra\IMG_6570.JPG
[2012.08.02 12:44:30 | 005,671,580 | ---- | C] () -- C:\Users\Sandra\IMG_6569.JPG
[2012.08.02 12:44:29 | 004,718,875 | ---- | C] () -- C:\Users\Sandra\IMG_6568.JPG
[2012.08.02 12:44:26 | 004,546,992 | ---- | C] () -- C:\Users\Sandra\IMG_6567.JPG
[2012.08.02 12:44:24 | 005,617,837 | ---- | C] () -- C:\Users\Sandra\IMG_6566.JPG
[2012.08.02 12:44:22 | 005,639,094 | ---- | C] () -- C:\Users\Sandra\IMG_6565.JPG
[2012.08.02 12:44:19 | 005,536,416 | ---- | C] () -- C:\Users\Sandra\IMG_6564.JPG
[2012.08.02 12:44:15 | 006,082,088 | ---- | C] () -- C:\Users\Sandra\IMG_6563.JPG
[2012.08.02 12:44:12 | 005,487,033 | ---- | C] () -- C:\Users\Sandra\IMG_6562.JPG
[2012.08.02 12:44:08 | 005,543,753 | ---- | C] () -- C:\Users\Sandra\IMG_6561.JPG
[2012.08.02 12:44:07 | 005,375,939 | ---- | C] () -- C:\Users\Sandra\IMG_6560.JPG
[2012.08.02 12:44:04 | 004,007,860 | ---- | C] () -- C:\Users\Sandra\IMG_6559.JPG
[2012.08.02 12:44:02 | 004,689,670 | ---- | C] () -- C:\Users\Sandra\IMG_6558.JPG
[2012.08.02 12:43:57 | 003,909,967 | ---- | C] () -- C:\Users\Sandra\IMG_6557.JPG
[2012.08.02 12:43:54 | 005,907,489 | ---- | C] () -- C:\Users\Sandra\IMG_6556.JPG
[2012.08.02 12:43:50 | 005,775,556 | ---- | C] () -- C:\Users\Sandra\IMG_6555.JPG
[2012.08.02 12:43:45 | 005,957,175 | ---- | C] () -- C:\Users\Sandra\IMG_6554.JPG
[2012.08.02 12:43:40 | 006,078,827 | ---- | C] () -- C:\Users\Sandra\IMG_6553.JPG
[2012.08.02 12:43:37 | 006,065,419 | ---- | C] () -- C:\Users\Sandra\IMG_6552.JPG
[2012.08.02 12:43:32 | 005,781,342 | ---- | C] () -- C:\Users\Sandra\IMG_6551.JPG
[2012.08.02 12:43:27 | 005,644,421 | ---- | C] () -- C:\Users\Sandra\IMG_6550.JPG
[2012.08.02 12:43:26 | 005,616,072 | ---- | C] () -- C:\Users\Sandra\IMG_6549.JPG
[2012.08.02 12:43:23 | 005,967,901 | ---- | C] () -- C:\Users\Sandra\IMG_6548.JPG
[2012.08.02 12:43:22 | 006,207,900 | ---- | C] () -- C:\Users\Sandra\IMG_6547.JPG
[2012.08.02 12:43:17 | 005,961,842 | ---- | C] () -- C:\Users\Sandra\IMG_6546.JPG
[2012.08.02 12:43:15 | 006,275,425 | ---- | C] () -- C:\Users\Sandra\IMG_6545.JPG
[2012.08.02 12:43:13 | 006,156,016 | ---- | C] () -- C:\Users\Sandra\IMG_6544.JPG
[2012.08.02 12:43:11 | 004,704,408 | ---- | C] () -- C:\Users\Sandra\IMG_6543.JPG
[2012.08.02 12:43:08 | 004,317,548 | ---- | C] () -- C:\Users\Sandra\IMG_6542.JPG
[2012.08.02 12:43:07 | 004,167,060 | ---- | C] () -- C:\Users\Sandra\IMG_6541.JPG
[2012.08.02 12:43:03 | 004,151,700 | ---- | C] () -- C:\Users\Sandra\IMG_6540.JPG
[2012.08.02 12:43:02 | 003,870,265 | ---- | C] () -- C:\Users\Sandra\IMG_6538.JPG
[2012.08.02 12:42:59 | 003,910,199 | ---- | C] () -- C:\Users\Sandra\IMG_6537.JPG
[2012.08.02 12:42:58 | 003,694,799 | ---- | C] () -- C:\Users\Sandra\IMG_6535.JPG
[2012.08.02 12:42:58 | 003,636,056 | ---- | C] () -- C:\Users\Sandra\IMG_6536.JPG
[2012.08.02 12:42:56 | 005,366,278 | ---- | C] () -- C:\Users\Sandra\IMG_6534.JPG
[2012.08.02 12:42:55 | 004,893,121 | ---- | C] () -- C:\Users\Sandra\IMG_6533.JPG
[2012.08.02 12:42:54 | 005,685,660 | ---- | C] () -- C:\Users\Sandra\IMG_6532.JPG
[2012.08.02 12:42:53 | 004,516,345 | ---- | C] () -- C:\Users\Sandra\IMG_6531.JPG
[2012.08.02 12:42:52 | 004,672,099 | ---- | C] () -- C:\Users\Sandra\IMG_6530.JPG
[2012.08.02 12:42:50 | 004,187,681 | ---- | C] () -- C:\Users\Sandra\IMG_6529.JPG
[2012.08.02 12:42:49 | 004,400,361 | ---- | C] () -- C:\Users\Sandra\IMG_6528.JPG
[2012.08.02 12:42:48 | 004,023,187 | ---- | C] () -- C:\Users\Sandra\IMG_6527.JPG
[2012.08.02 12:42:47 | 004,882,593 | ---- | C] () -- C:\Users\Sandra\IMG_6526.JPG
[2012.08.02 12:42:45 | 005,326,255 | ---- | C] () -- C:\Users\Sandra\IMG_6525.JPG
[2012.08.02 12:42:36 | 004,509,747 | ---- | C] () -- C:\Users\Sandra\IMG_6520.JPG
[2012.08.02 12:42:35 | 003,962,241 | ---- | C] () -- C:\Users\Sandra\IMG_6519.JPG
[2012.08.02 12:42:34 | 004,509,165 | ---- | C] () -- C:\Users\Sandra\IMG_6518.JPG
[2012.08.02 12:42:31 | 004,265,188 | ---- | C] () -- C:\Users\Sandra\IMG_6516.JPG
[2012.08.02 12:42:29 | 004,740,181 | ---- | C] () -- C:\Users\Sandra\IMG_6515.JPG
[2012.08.02 12:42:12 | 006,281,900 | ---- | C] () -- C:\Users\Sandra\IMG_6510.JPG
[2012.08.02 12:42:09 | 006,769,019 | ---- | C] () -- C:\Users\Sandra\IMG_6509.JPG
[2012.08.02 12:42:07 | 007,399,992 | ---- | C] () -- C:\Users\Sandra\IMG_6508.JPG
[2012.08.02 12:42:05 | 006,418,893 | ---- | C] () -- C:\Users\Sandra\IMG_6507.JPG
[2012.08.02 12:42:03 | 006,908,382 | ---- | C] () -- C:\Users\Sandra\IMG_6506.JPG
[2012.08.02 12:42:02 | 006,246,863 | ---- | C] () -- C:\Users\Sandra\IMG_6505.JPG
[2012.08.02 12:42:00 | 006,690,467 | ---- | C] () -- C:\Users\Sandra\IMG_6504.JPG
[2012.08.02 12:41:57 | 007,150,925 | ---- | C] () -- C:\Users\Sandra\IMG_6503.JPG
[2012.08.02 12:41:55 | 006,355,970 | ---- | C] () -- C:\Users\Sandra\IMG_6502.JPG
[2012.08.02 12:41:52 | 006,972,733 | ---- | C] () -- C:\Users\Sandra\IMG_6501.JPG
[2012.08.02 12:41:49 | 004,942,415 | ---- | C] () -- C:\Users\Sandra\IMG_6500.JPG
[2012.08.02 12:41:46 | 004,612,117 | ---- | C] () -- C:\Users\Sandra\IMG_6499.JPG
[2012.08.02 12:41:45 | 003,663,523 | ---- | C] () -- C:\Users\Sandra\IMG_6498.JPG
[2012.08.02 12:41:44 | 005,194,212 | ---- | C] () -- C:\Users\Sandra\IMG_6497.JPG
[2012.08.02 12:41:41 | 005,067,612 | ---- | C] () -- C:\Users\Sandra\IMG_6496.JPG
[2012.08.02 12:41:40 | 005,080,931 | ---- | C] () -- C:\Users\Sandra\IMG_6495.JPG
[2012.08.02 12:41:36 | 003,327,578 | ---- | C] () -- C:\Users\Sandra\IMG_6668.JPG
[2012.03.21 09:29:32 | 000,087,813 | ---- | C] () -- C:\Users\Sandra\Komposition Nr. 17 - Orange-Chicken nach Jamaikanischer Art.pdf
[2010.04.10 12:34:13 | 000,243,513 | ---- | C] () -- C:\Users\Sandra\Immo_20100331_Kaserne..pdf
[2009.09.04 18:39:00 | 000,004,096 | ---- | C] () -- C:\Users\Sandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.03 18:14:37 | 000,000,762 | ---- | C] () -- C:\Users\Sandra\AppData\Roaming\wklnhst.dat
[2009.07.22 10:09:36 | 000,088,812 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.07.22 10:09:29 | 000,088,812 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.07.13 13:02:52 | 000,643,072 | ---- | C] () -- C:\Program Files\iPodUpdaterExt.dll
[2009.07.13 13:02:36 | 000,008,356 | ---- | C] () -- C:\Program Files\Acknowledgements.rtf
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 22:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 22:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Und hier OTL Nr. 2:

Code:

ATTFilter

OTL Extras logfile created on: 21.03.2013 20:30:53 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sandra\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19401)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,96 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 59,57% Memory free
6,13 Gb Paging File | 4,90 Gb Available in Paging File | 79,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 433,53 Gb Total Space | 308,25 Gb Free Space | 71,10% Space Free | Partition Type: NTFS
Drive D: | 32,22 Gb Total Space | 17,56 Gb Free Space | 54,49% Space Free | Partition Type: FAT32
 
Computer Name: SANDRA-PC | User Name: Sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1592504286-2890377891-422604750-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1592504286-2890377891-422604750-1000]
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{49697FEC-F53E-4EF1-8DCE-0CC5C732A483}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AC55D56C-20F0-4339-A4D6-ADE38D85B02A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3310A557-B625-4445-9057-A1DC37AB12C4}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | 
"{419117F4-4C8F-4C81-BB66-BDFC3837606F}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe | 
"{431F049E-0518-46CB-BB4E-904BFDC37CFB}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{4B4BED74-F82D-4D0E-A2E7-2FE2B2B2C083}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4CCD03F0-3C71-4F29-A0F6-CFD7686D11BA}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{4D563289-8C60-4871-BAF7-D8224274C3AE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{716C32B2-CA3C-4722-86D3-16ED0557B406}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{746C0871-3E09-4FA6-A2B8-226EB0DB4EB2}" = protocol=17 | dir=in | app=c:\program files\itunes.exe | 
"{824F3129-2A80-4108-9E29-8628EBE8EF85}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe | 
"{90AAD55D-756E-4E48-9799-8A65D408A79E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{90D25502-E496-41E3-B9A5-4A65C44192D7}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{A3F28184-F908-4689-B125-E14DC46D26C6}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe | 
"{C4161DBD-2732-48E8-8FB9-5F2908A141D6}" = protocol=6 | dir=in | app=c:\program files\itunes.exe | 
"{D5C885D9-06CE-473B-9335-39A984CC9B9D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D8A36AD1-6432-4B1E-957B-0C867AAF0A7F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{D9593906-B635-4357-8F4A-7907E19AAB72}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{8F103E60-71BF-4E5A-8C4B-CFE396C49B95}C:\windows\ehome\ehexthost.exe" = protocol=6 | dir=in | app=c:\windows\ehome\ehexthost.exe | 
"UDP Query User{E83184A4-E904-42F5-B6D5-25B3A9FCC720}C:\windows\ehome\ehexthost.exe" = protocol=17 | dir=in | app=c:\windows\ehome\ehexthost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB Video Device
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39FE455F-9478-451B-9420-73C15143DF8E}" = Corel Home Office - IPM
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD32654E-90CF-42F2-8CB3-88DA6F1AA11A}" = ZoneAlarm Security
"{AE9F7747-0350-4E02-B115-6A2C92F5FA54}" = Corel Home Office
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.4
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{E25ED28D-3F3F-4707-8DFA-66CA75FB9329}" = ZoneAlarm Firewall
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger-sensing Pad Driver
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"Abrosoft FantaMorph_is1" = Abrosoft FantaMorph 2.55
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AVG8Uninstall" = AVG Free 8.5
"Badaboom" = Badaboom 1.2.1.40
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 2.2
"EOS Utility" = Canon Utilities EOS Utility
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar 
"zonelink_TUNING_is1" = zoneLINK SystemUp 2009 Tuning
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1592504286-2890377891-422604750-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.03.2013 15:23:25 | Computer Name = Sandra-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 21.03.2013 15:23:25 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.03.2013 15:23:26 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7011
Description = 
 
 
< End of report >

Vielen Dank und Frohe Ostern.
Sase

cosinus · 28.03.2013, 12:09

ZoneAlarm bitte deinstallieren! Anschließend ein neues OTL-Log machen

sase · 31.03.2013, 10:09

Hallo.

Zonenalarm ist deinstalliert.

Hier das erst OTL-Ergebnis:

Code:

ATTFilter

OTL logfile created on: 31.03.2013 10:55:57 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sandra\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19401)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,96 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 52,38% Memory free
6,13 Gb Paging File | 4,78 Gb Available in Paging File | 77,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 433,53 Gb Total Space | 308,77 Gb Free Space | 71,22% Space Free | Partition Type: NTFS
Drive D: | 32,22 Gb Total Space | 17,56 Gb Free Space | 54,49% Space Free | Partition Type: FAT32
 
Computer Name: SANDRA-PC | User Name: Sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\iTunesHelper.exe File not found
PRC - C:\Users\Sandra\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe ()
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Programme\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Launch Manager\WButton.exe (Wistron Corp.)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - c:\Programme\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.)
PRC - C:\Programme\FSP\FspUip.exe (Sentelic Corporation)
PRC - C:\Programme\zoneLINK\SystemUp 2009\Tuning\DefragService.exe (zoneLINK)
PRC - C:\Programme\zoneLINK\SystemUp 2009\Tuning\SUThemeService.exe (zoneLINK)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Windows\System32\Rezip.exe ()
PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\tsnp2uvc.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\ASL.dll ()
MOD - C:\Programme\FSP\KbdHook.dll ()
MOD - C:\Programme\FSP\FspLib.dll ()
MOD - C:\Windows\tsnp2uvc.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vToolbarUpdater14.1.7) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe ()
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVG Security Toolbar Service) -- C:\Programme\AVG\AVG8\Toolbar\ToolbarBroker.exe ()
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (avg8emc) -- C:\Programme\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Programme\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (STacSV) -- c:\Programme\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (zoneLINKDefrag) -- C:\Programme\zoneLINK\SystemUp 2009\Tuning\DefragService.exe (zoneLINK)
SRV - (srvSUThemeService) -- C:\Programme\zoneLINK\SystemUp 2009\Tuning\SUThemeService.exe (zoneLINK)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (WisLMSvc) -- C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (CCALib8) -- C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (vsdatant7) -- System32\drivers\vsdatant.win7.sys File not found
DRV - (Trufos) -- C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\trufos.sys File not found
DRV - (Profos) -- C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Sandra\AppData\Local\Temp\catchme.sys File not found
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (mod7700) -- C:\Windows\System32\drivers\mod7700.sys (DiBcom SA)
DRV - (fspad_wlh32) -- C:\Windows\System32\drivers\fspad_wlh32.sys (Sentelic Corporation)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN14886219933083-4901&toolbarId=base&affiliateId=1025&Lan=de&utid=6a7ddf810000000000000025d32e627d
IE - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search
IE - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\..\SearchScopes\{2F059E57-C0CE-47FF-ACB7-10C1A03E7BAC}: "URL" = hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN14886219933083-4901&toolbarId=base&affiliateId=1025&Lan=de&utid=6a7ddf810000000000000025d32e627d&q={searchTerms}&r=813
IE - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\..\SearchScopes\{4029843B-C06E-4107-AF66-00630D3B467F}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\..\SearchScopes\{81AB358F-9454-4C25-AE83-448B29E3D0DC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.07.22 14:04:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 08:13:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 08:13:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 08:13:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 08:13:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter
 
[2009.09.05 14:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Extensions
[2009.09.05 14:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2013.03.31 10:13:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Firefox\Profiles\qnbdypba.default\extensions
[2010.08.18 17:30:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sandra\AppData\Roaming\mozilla\Firefox\Profiles\qnbdypba.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.03.08 08:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.08 08:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.03.08 08:13:23 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.27 22:51:30 | 000,184,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2012.10.29 18:39:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.29 18:39:00 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.29 18:39:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.20 14:20:10 | 000,002,669 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012.10.29 18:39:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.29 18:39:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.29 18:39:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.03.17 18:46:45 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKLM..\Run: [ZoneAlarm Installer] "C:\Program Files\CheckPoint\Install\Launcher.exe" "C:\Program Files\CheckPoint\Install\Install.exe" /r  /c "C:\Program Files\CheckPoint\Install\Install.xml" File not found
O4 - HKU\S-1-5-21-1592504286-2890377891-422604750-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1592504286-2890377891-422604750-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1592504286-2890377891-422604750-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-1592504286-2890377891-422604750-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{089C58DB-1074-46CB-945F-F6330804EF5C}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.31 10:12:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.27 20:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG8UPG
[2013.03.21 20:54:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.21 20:53:41 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.21 20:49:58 | 000,549,920 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Sandra\Desktop\JRT.exe
[2013.03.20 20:38:55 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.18 19:29:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.18 19:04:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.03.17 18:25:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.17 18:25:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.17 18:25:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.17 18:24:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.17 18:24:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.17 18:19:32 | 005,041,875 | R--- | C] (Swearware) -- C:\Users\Sandra\Desktop\ComboFix.exe
[2013.03.16 18:53:51 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sandra\Desktop\tdsskiller.exe
[2013.03.16 17:51:21 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Sandra\Desktop\aswMBR.exe
[2013.03.16 10:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.16 10:17:01 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\mbar-1.01.0.1021
[2013.03.14 10:59:15 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.14 10:59:15 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.03.14 10:59:15 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.14 10:59:15 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.03.14 10:59:15 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.03.14 10:59:15 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.03.14 10:59:14 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.14 10:59:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.03.14 10:59:14 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.03.14 10:59:11 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013.03.14 10:59:11 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.03.14 10:59:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.03.14 10:59:10 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.03.14 10:59:10 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.14 10:59:09 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.03.14 10:59:09 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.14 10:59:09 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.14 10:59:07 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.14 10:12:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe
[2013.03.08 08:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009.07.13 14:03:16 | 000,285,184 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesOutlookAddIn.dll
[2009.07.13 14:03:16 | 000,264,992 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesPhotoProcessor.exe
[2009.07.13 14:03:10 | 000,384,808 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesAdmin.dll
[2009.07.13 14:03:10 | 000,292,128 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
[2009.07.13 14:03:10 | 000,124,200 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesMiniPlayer.dll
[2009.07.13 14:02:56 | 014,074,656 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.exe
[2009.07.13 14:02:52 | 000,111,912 | ---- | C] (Apple Inc.) -- C:\Program Files\ITDetector.ocx
[2009.07.13 14:02:50 | 000,722,160 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\CDDBControlApple.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.31 10:23:20 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.31 10:23:20 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.31 10:23:20 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.31 10:23:20 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.31 10:17:19 | 000,088,812 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.03.31 10:15:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.31 10:15:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.31 10:15:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.31 10:15:44 | 3184,390,144 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.31 10:14:53 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.03.31 10:11:58 | 000,088,812 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.03.27 20:09:08 | 068,191,196 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2013.03.21 21:21:00 | 000,000,115 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.03.21 21:18:37 | 000,609,993 | ---- | M] () -- C:\Users\Sandra\Desktop\adwcleaner.exe
[2013.03.21 20:50:18 | 000,549,920 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Sandra\Desktop\JRT.exe
[2013.03.17 18:46:45 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.03.17 18:20:49 | 005,041,875 | R--- | M] (Swearware) -- C:\Users\Sandra\Desktop\ComboFix.exe
[2013.03.16 18:54:05 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sandra\Desktop\tdsskiller.exe
[2013.03.16 18:51:07 | 000,000,512 | ---- | M] () -- C:\Users\Sandra\Desktop\MBR.dat
[2013.03.16 17:52:50 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Sandra\Desktop\aswMBR.exe
[2013.03.16 10:14:15 | 013,786,977 | ---- | M] () -- C:\Users\Sandra\Desktop\mbar-1.01.0.1021.zip
[2013.03.14 11:05:08 | 000,377,856 | ---- | M] () -- C:\Users\Sandra\Desktop\gmer_2.1.19155.exe
[2013.03.14 10:11:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe
[2013.03.14 10:08:32 | 000,000,000 | ---- | M] () -- C:\Users\Sandra\defogger_reenable
[2013.03.14 10:07:00 | 000,050,477 | ---- | M] () -- C:\Users\Sandra\Desktop\Defogger.exe
 
========== Files Created - No Company Name ==========
 
[2013.03.21 21:20:44 | 000,000,115 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.03.21 21:18:20 | 000,609,993 | ---- | C] () -- C:\Users\Sandra\Desktop\adwcleaner.exe
[2013.03.17 18:25:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.17 18:25:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.17 18:25:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.17 18:25:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.17 18:25:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.16 18:51:07 | 000,000,512 | ---- | C] () -- C:\Users\Sandra\Desktop\MBR.dat
[2013.03.16 10:13:24 | 013,786,977 | ---- | C] () -- C:\Users\Sandra\Desktop\mbar-1.01.0.1021.zip
[2013.03.14 11:04:52 | 000,377,856 | ---- | C] () -- C:\Users\Sandra\Desktop\gmer_2.1.19155.exe
[2013.03.14 10:08:32 | 000,000,000 | ---- | C] () -- C:\Users\Sandra\defogger_reenable
[2013.03.14 10:05:36 | 000,050,477 | ---- | C] () -- C:\Users\Sandra\Desktop\Defogger.exe
[2012.08.02 13:48:01 | 004,245,762 | ---- | C] () -- C:\Users\Sandra\IMG_6667.JPG
[2012.08.02 13:48:00 | 004,940,664 | ---- | C] () -- C:\Users\Sandra\IMG_6666.JPG
[2012.08.02 13:47:59 | 004,981,015 | ---- | C] () -- C:\Users\Sandra\IMG_6665.JPG
[2012.08.02 13:47:57 | 004,757,321 | ---- | C] () -- C:\Users\Sandra\IMG_6664.JPG
[2012.08.02 13:47:55 | 005,643,220 | ---- | C] () -- C:\Users\Sandra\IMG_6663.JPG
[2012.08.02 13:47:52 | 006,359,589 | ---- | C] () -- C:\Users\Sandra\IMG_6662.JPG
[2012.08.02 13:47:49 | 005,209,759 | ---- | C] () -- C:\Users\Sandra\IMG_6661.JPG
[2012.08.02 13:47:47 | 005,427,855 | ---- | C] () -- C:\Users\Sandra\IMG_6660.JPG
[2012.08.02 13:47:45 | 005,312,886 | ---- | C] () -- C:\Users\Sandra\IMG_6659.JPG
[2012.08.02 13:47:43 | 005,065,698 | ---- | C] () -- C:\Users\Sandra\IMG_6658.JPG
[2012.08.02 13:47:41 | 005,484,154 | ---- | C] () -- C:\Users\Sandra\IMG_6657.JPG
[2012.08.02 13:47:39 | 005,358,041 | ---- | C] () -- C:\Users\Sandra\IMG_6656.JPG
[2012.08.02 13:47:37 | 004,755,717 | ---- | C] () -- C:\Users\Sandra\IMG_6655.JPG
[2012.08.02 13:47:35 | 004,824,611 | ---- | C] () -- C:\Users\Sandra\IMG_6654.JPG
[2012.08.02 13:47:32 | 005,689,020 | ---- | C] () -- C:\Users\Sandra\IMG_6653.JPG
[2012.08.02 13:47:31 | 004,963,841 | ---- | C] () -- C:\Users\Sandra\IMG_6652.JPG
[2012.08.02 13:47:29 | 005,305,535 | ---- | C] () -- C:\Users\Sandra\IMG_6651.JPG
[2012.08.02 13:47:27 | 004,809,695 | ---- | C] () -- C:\Users\Sandra\IMG_6650.JPG
[2012.08.02 13:47:26 | 003,245,106 | ---- | C] () -- C:\Users\Sandra\IMG_6649.JPG
[2012.08.02 13:47:25 | 005,007,917 | ---- | C] () -- C:\Users\Sandra\IMG_6648.JPG
[2012.08.02 13:47:23 | 004,880,228 | ---- | C] () -- C:\Users\Sandra\IMG_6647.JPG
[2012.08.02 13:47:21 | 004,147,393 | ---- | C] () -- C:\Users\Sandra\IMG_6646.JPG
[2012.08.02 13:47:20 | 004,864,536 | ---- | C] () -- C:\Users\Sandra\IMG_6645.JPG
[2012.08.02 13:47:19 | 005,142,572 | ---- | C] () -- C:\Users\Sandra\IMG_6644.JPG
[2012.08.02 13:47:17 | 005,180,051 | ---- | C] () -- C:\Users\Sandra\IMG_6643.JPG
[2012.08.02 13:47:16 | 005,511,493 | ---- | C] () -- C:\Users\Sandra\IMG_6642.JPG
[2012.08.02 13:47:14 | 004,915,637 | ---- | C] () -- C:\Users\Sandra\IMG_6641.JPG
[2012.08.02 13:47:12 | 004,876,632 | ---- | C] () -- C:\Users\Sandra\IMG_6640.JPG
[2012.08.02 13:47:10 | 005,820,398 | ---- | C] () -- C:\Users\Sandra\IMG_6639.JPG
[2012.08.02 13:47:09 | 005,445,831 | ---- | C] () -- C:\Users\Sandra\IMG_6638.JPG
[2012.08.02 13:47:07 | 005,480,537 | ---- | C] () -- C:\Users\Sandra\IMG_6637.JPG
[2012.08.02 13:47:06 | 004,869,177 | ---- | C] () -- C:\Users\Sandra\IMG_6636.JPG
[2012.08.02 13:47:05 | 005,551,413 | ---- | C] () -- C:\Users\Sandra\IMG_6635.JPG
[2012.08.02 13:47:01 | 005,344,152 | ---- | C] () -- C:\Users\Sandra\IMG_6634.JPG
[2012.08.02 13:47:00 | 004,814,736 | ---- | C] () -- C:\Users\Sandra\IMG_6633.JPG
[2012.08.02 13:46:59 | 004,740,332 | ---- | C] () -- C:\Users\Sandra\IMG_6632.JPG
[2012.08.02 13:46:57 | 004,668,953 | ---- | C] () -- C:\Users\Sandra\IMG_6631.JPG
[2012.08.02 13:46:56 | 005,600,547 | ---- | C] () -- C:\Users\Sandra\IMG_6630.JPG
[2012.08.02 13:46:55 | 004,823,012 | ---- | C] () -- C:\Users\Sandra\IMG_6629.JPG
[2012.08.02 13:46:51 | 005,282,593 | ---- | C] () -- C:\Users\Sandra\IMG_6628.JPG
[2012.08.02 13:46:50 | 005,315,734 | ---- | C] () -- C:\Users\Sandra\IMG_6627.JPG
[2012.08.02 13:46:49 | 004,231,334 | ---- | C] () -- C:\Users\Sandra\IMG_6626.JPG
[2012.08.02 13:46:48 | 005,381,775 | ---- | C] () -- C:\Users\Sandra\IMG_6625.JPG
[2012.08.02 13:46:47 | 005,042,975 | ---- | C] () -- C:\Users\Sandra\IMG_6624.JPG
[2012.08.02 13:46:45 | 005,741,077 | ---- | C] () -- C:\Users\Sandra\IMG_6623.JPG
[2012.08.02 13:46:44 | 005,563,595 | ---- | C] () -- C:\Users\Sandra\IMG_6622.JPG
[2012.08.02 13:46:42 | 005,475,216 | ---- | C] () -- C:\Users\Sandra\IMG_6621.JPG
[2012.08.02 13:46:41 | 005,709,475 | ---- | C] () -- C:\Users\Sandra\IMG_6620.JPG
[2012.08.02 13:46:40 | 005,957,783 | ---- | C] () -- C:\Users\Sandra\IMG_6619.JPG
[2012.08.02 13:46:38 | 006,232,716 | ---- | C] () -- C:\Users\Sandra\IMG_6618.JPG
[2012.08.02 13:46:37 | 004,009,410 | ---- | C] () -- C:\Users\Sandra\IMG_6617.JPG
[2012.08.02 13:46:36 | 004,565,934 | ---- | C] () -- C:\Users\Sandra\IMG_6616.JPG
[2012.08.02 13:46:35 | 005,749,341 | ---- | C] () -- C:\Users\Sandra\IMG_6615.JPG
[2012.08.02 13:46:32 | 006,026,061 | ---- | C] () -- C:\Users\Sandra\IMG_6614.JPG
[2012.08.02 13:46:30 | 005,084,215 | ---- | C] () -- C:\Users\Sandra\IMG_6613.JPG
[2012.08.02 13:46:29 | 005,543,181 | ---- | C] () -- C:\Users\Sandra\IMG_6612.JPG
[2012.08.02 13:46:27 | 006,041,551 | ---- | C] () -- C:\Users\Sandra\IMG_6611.JPG
[2012.08.02 13:46:25 | 005,717,869 | ---- | C] () -- C:\Users\Sandra\IMG_6610.JPG
[2012.08.02 13:46:23 | 003,667,921 | ---- | C] () -- C:\Users\Sandra\IMG_6609.JPG
[2012.08.02 13:46:21 | 005,402,585 | ---- | C] () -- C:\Users\Sandra\IMG_6608.JPG
[2012.08.02 13:46:20 | 004,319,434 | ---- | C] () -- C:\Users\Sandra\IMG_6607.JPG
[2012.08.02 13:46:18 | 004,668,510 | ---- | C] () -- C:\Users\Sandra\IMG_6606.JPG
[2012.08.02 13:46:16 | 004,381,120 | ---- | C] () -- C:\Users\Sandra\IMG_6605.JPG
[2012.08.02 13:46:14 | 005,300,262 | ---- | C] () -- C:\Users\Sandra\IMG_6604.JPG
[2012.08.02 13:46:12 | 005,280,022 | ---- | C] () -- C:\Users\Sandra\IMG_6603.JPG
[2012.08.02 13:46:09 | 005,983,098 | ---- | C] () -- C:\Users\Sandra\IMG_6602.JPG
[2012.08.02 13:46:06 | 005,702,064 | ---- | C] () -- C:\Users\Sandra\IMG_6601.JPG
[2012.08.02 13:46:02 | 005,343,206 | ---- | C] () -- C:\Users\Sandra\IMG_6600.JPG
[2012.08.02 13:45:56 | 006,013,333 | ---- | C] () -- C:\Users\Sandra\IMG_6599.JPG
[2012.08.02 13:45:51 | 006,075,844 | ---- | C] () -- C:\Users\Sandra\IMG_6598.JPG
[2012.08.02 13:45:46 | 006,052,692 | ---- | C] () -- C:\Users\Sandra\IMG_6597.JPG
[2012.08.02 13:45:44 | 004,919,101 | ---- | C] () -- C:\Users\Sandra\IMG_6596.JPG
[2012.08.02 13:45:38 | 005,395,020 | ---- | C] () -- C:\Users\Sandra\IMG_6595.JPG
[2012.08.02 13:45:34 | 006,001,167 | ---- | C] () -- C:\Users\Sandra\IMG_6594.JPG
[2012.08.02 13:45:31 | 004,904,790 | ---- | C] () -- C:\Users\Sandra\IMG_6593.JPG
[2012.08.02 13:45:28 | 005,174,759 | ---- | C] () -- C:\Users\Sandra\IMG_6592.JPG
[2012.08.02 13:45:25 | 005,698,380 | ---- | C] () -- C:\Users\Sandra\IMG_6591.JPG
[2012.08.02 13:45:23 | 006,069,184 | ---- | C] () -- C:\Users\Sandra\IMG_6590.JPG
[2012.08.02 13:45:20 | 004,698,139 | ---- | C] () -- C:\Users\Sandra\IMG_6589.JPG
[2012.08.02 13:45:17 | 005,986,780 | ---- | C] () -- C:\Users\Sandra\IMG_6588.JPG
[2012.08.02 13:45:14 | 006,068,191 | ---- | C] () -- C:\Users\Sandra\IMG_6587.JPG
[2012.08.02 13:45:09 | 006,092,765 | ---- | C] () -- C:\Users\Sandra\IMG_6586.JPG
[2012.08.02 13:45:07 | 005,751,060 | ---- | C] () -- C:\Users\Sandra\IMG_6585.JPG
[2012.08.02 13:45:04 | 006,141,870 | ---- | C] () -- C:\Users\Sandra\IMG_6584.JPG
[2012.08.02 13:45:02 | 004,572,729 | ---- | C] () -- C:\Users\Sandra\IMG_6583.JPG
[2012.08.02 13:44:58 | 005,870,330 | ---- | C] () -- C:\Users\Sandra\IMG_6582.JPG
[2012.08.02 13:44:55 | 005,735,579 | ---- | C] () -- C:\Users\Sandra\IMG_6581.JPG
[2012.08.02 13:44:54 | 005,663,252 | ---- | C] () -- C:\Users\Sandra\IMG_6580.JPG
[2012.08.02 13:44:52 | 006,282,799 | ---- | C] () -- C:\Users\Sandra\IMG_6579.JPG
[2012.08.02 13:44:50 | 004,766,635 | ---- | C] () -- C:\Users\Sandra\IMG_6578.JPG
[2012.08.02 13:44:47 | 005,069,399 | ---- | C] () -- C:\Users\Sandra\IMG_6577.JPG
[2012.08.02 13:44:45 | 005,267,576 | ---- | C] () -- C:\Users\Sandra\IMG_6576.JPG
[2012.08.02 13:44:43 | 005,541,310 | ---- | C] () -- C:\Users\Sandra\IMG_6575.JPG
[2012.08.02 13:44:41 | 005,475,413 | ---- | C] () -- C:\Users\Sandra\IMG_6574.JPG
[2012.08.02 13:44:40 | 005,588,914 | ---- | C] () -- C:\Users\Sandra\IMG_6573.JPG
[2012.08.02 13:44:38 | 005,909,262 | ---- | C] () -- C:\Users\Sandra\IMG_6572.JPG
[2012.08.02 13:44:36 | 005,168,067 | ---- | C] () -- C:\Users\Sandra\IMG_6571.JPG
[2012.08.02 13:44:33 | 005,377,732 | ---- | C] () -- C:\Users\Sandra\IMG_6570.JPG
[2012.08.02 13:44:30 | 005,671,580 | ---- | C] () -- C:\Users\Sandra\IMG_6569.JPG
[2012.08.02 13:44:29 | 004,718,875 | ---- | C] () -- C:\Users\Sandra\IMG_6568.JPG
[2012.08.02 13:44:26 | 004,546,992 | ---- | C] () -- C:\Users\Sandra\IMG_6567.JPG
[2012.08.02 13:44:24 | 005,617,837 | ---- | C] () -- C:\Users\Sandra\IMG_6566.JPG
[2012.08.02 13:44:22 | 005,639,094 | ---- | C] () -- C:\Users\Sandra\IMG_6565.JPG
[2012.08.02 13:44:19 | 005,536,416 | ---- | C] () -- C:\Users\Sandra\IMG_6564.JPG
[2012.08.02 13:44:15 | 006,082,088 | ---- | C] () -- C:\Users\Sandra\IMG_6563.JPG
[2012.08.02 13:44:12 | 005,487,033 | ---- | C] () -- C:\Users\Sandra\IMG_6562.JPG
[2012.08.02 13:44:08 | 005,543,753 | ---- | C] () -- C:\Users\Sandra\IMG_6561.JPG
[2012.08.02 13:44:07 | 005,375,939 | ---- | C] () -- C:\Users\Sandra\IMG_6560.JPG
[2012.08.02 13:44:04 | 004,007,860 | ---- | C] () -- C:\Users\Sandra\IMG_6559.JPG
[2012.08.02 13:44:02 | 004,689,670 | ---- | C] () -- C:\Users\Sandra\IMG_6558.JPG
[2012.08.02 13:43:57 | 003,909,967 | ---- | C] () -- C:\Users\Sandra\IMG_6557.JPG
[2012.08.02 13:43:54 | 005,907,489 | ---- | C] () -- C:\Users\Sandra\IMG_6556.JPG
[2012.08.02 13:43:50 | 005,775,556 | ---- | C] () -- C:\Users\Sandra\IMG_6555.JPG
[2012.08.02 13:43:45 | 005,957,175 | ---- | C] () -- C:\Users\Sandra\IMG_6554.JPG
[2012.08.02 13:43:40 | 006,078,827 | ---- | C] () -- C:\Users\Sandra\IMG_6553.JPG
[2012.08.02 13:43:37 | 006,065,419 | ---- | C] () -- C:\Users\Sandra\IMG_6552.JPG
[2012.08.02 13:43:32 | 005,781,342 | ---- | C] () -- C:\Users\Sandra\IMG_6551.JPG
[2012.08.02 13:43:27 | 005,644,421 | ---- | C] () -- C:\Users\Sandra\IMG_6550.JPG
[2012.08.02 13:43:26 | 005,616,072 | ---- | C] () -- C:\Users\Sandra\IMG_6549.JPG
[2012.08.02 13:43:23 | 005,967,901 | ---- | C] () -- C:\Users\Sandra\IMG_6548.JPG
[2012.08.02 13:43:22 | 006,207,900 | ---- | C] () -- C:\Users\Sandra\IMG_6547.JPG
[2012.08.02 13:43:17 | 005,961,842 | ---- | C] () -- C:\Users\Sandra\IMG_6546.JPG
[2012.08.02 13:43:15 | 006,275,425 | ---- | C] () -- C:\Users\Sandra\IMG_6545.JPG
[2012.08.02 13:43:13 | 006,156,016 | ---- | C] () -- C:\Users\Sandra\IMG_6544.JPG
[2012.08.02 13:43:11 | 004,704,408 | ---- | C] () -- C:\Users\Sandra\IMG_6543.JPG
[2012.08.02 13:43:08 | 004,317,548 | ---- | C] () -- C:\Users\Sandra\IMG_6542.JPG
[2012.08.02 13:43:07 | 004,167,060 | ---- | C] () -- C:\Users\Sandra\IMG_6541.JPG
[2012.08.02 13:43:03 | 004,151,700 | ---- | C] () -- C:\Users\Sandra\IMG_6540.JPG
[2012.08.02 13:43:02 | 003,870,265 | ---- | C] () -- C:\Users\Sandra\IMG_6538.JPG
[2012.08.02 13:42:59 | 003,910,199 | ---- | C] () -- C:\Users\Sandra\IMG_6537.JPG
[2012.08.02 13:42:58 | 003,694,799 | ---- | C] () -- C:\Users\Sandra\IMG_6535.JPG
[2012.08.02 13:42:58 | 003,636,056 | ---- | C] () -- C:\Users\Sandra\IMG_6536.JPG
[2012.08.02 13:42:56 | 005,366,278 | ---- | C] () -- C:\Users\Sandra\IMG_6534.JPG
[2012.08.02 13:42:55 | 004,893,121 | ---- | C] () -- C:\Users\Sandra\IMG_6533.JPG
[2012.08.02 13:42:54 | 005,685,660 | ---- | C] () -- C:\Users\Sandra\IMG_6532.JPG
[2012.08.02 13:42:53 | 004,516,345 | ---- | C] () -- C:\Users\Sandra\IMG_6531.JPG
[2012.08.02 13:42:52 | 004,672,099 | ---- | C] () -- C:\Users\Sandra\IMG_6530.JPG
[2012.08.02 13:42:50 | 004,187,681 | ---- | C] () -- C:\Users\Sandra\IMG_6529.JPG
[2012.08.02 13:42:49 | 004,400,361 | ---- | C] () -- C:\Users\Sandra\IMG_6528.JPG
[2012.08.02 13:42:48 | 004,023,187 | ---- | C] () -- C:\Users\Sandra\IMG_6527.JPG
[2012.08.02 13:42:47 | 004,882,593 | ---- | C] () -- C:\Users\Sandra\IMG_6526.JPG
[2012.08.02 13:42:45 | 005,326,255 | ---- | C] () -- C:\Users\Sandra\IMG_6525.JPG
[2012.08.02 13:42:36 | 004,509,747 | ---- | C] () -- C:\Users\Sandra\IMG_6520.JPG
[2012.08.02 13:42:35 | 003,962,241 | ---- | C] () -- C:\Users\Sandra\IMG_6519.JPG
[2012.08.02 13:42:34 | 004,509,165 | ---- | C] () -- C:\Users\Sandra\IMG_6518.JPG
[2012.08.02 13:42:31 | 004,265,188 | ---- | C] () -- C:\Users\Sandra\IMG_6516.JPG
[2012.08.02 13:42:29 | 004,740,181 | ---- | C] () -- C:\Users\Sandra\IMG_6515.JPG
[2012.08.02 13:42:12 | 006,281,900 | ---- | C] () -- C:\Users\Sandra\IMG_6510.JPG
[2012.08.02 13:42:09 | 006,769,019 | ---- | C] () -- C:\Users\Sandra\IMG_6509.JPG
[2012.08.02 13:42:07 | 007,399,992 | ---- | C] () -- C:\Users\Sandra\IMG_6508.JPG
[2012.08.02 13:42:05 | 006,418,893 | ---- | C] () -- C:\Users\Sandra\IMG_6507.JPG
[2012.08.02 13:42:03 | 006,908,382 | ---- | C] () -- C:\Users\Sandra\IMG_6506.JPG
[2012.08.02 13:42:02 | 006,246,863 | ---- | C] () -- C:\Users\Sandra\IMG_6505.JPG
[2012.08.02 13:42:00 | 006,690,467 | ---- | C] () -- C:\Users\Sandra\IMG_6504.JPG
[2012.08.02 13:41:57 | 007,150,925 | ---- | C] () -- C:\Users\Sandra\IMG_6503.JPG
[2012.08.02 13:41:55 | 006,355,970 | ---- | C] () -- C:\Users\Sandra\IMG_6502.JPG
[2012.08.02 13:41:52 | 006,972,733 | ---- | C] () -- C:\Users\Sandra\IMG_6501.JPG
[2012.08.02 13:41:49 | 004,942,415 | ---- | C] () -- C:\Users\Sandra\IMG_6500.JPG
[2012.08.02 13:41:46 | 004,612,117 | ---- | C] () -- C:\Users\Sandra\IMG_6499.JPG
[2012.08.02 13:41:45 | 003,663,523 | ---- | C] () -- C:\Users\Sandra\IMG_6498.JPG
[2012.08.02 13:41:44 | 005,194,212 | ---- | C] () -- C:\Users\Sandra\IMG_6497.JPG
[2012.08.02 13:41:41 | 005,067,612 | ---- | C] () -- C:\Users\Sandra\IMG_6496.JPG
[2012.08.02 13:41:40 | 005,080,931 | ---- | C] () -- C:\Users\Sandra\IMG_6495.JPG
[2012.08.02 13:41:36 | 003,327,578 | ---- | C] () -- C:\Users\Sandra\IMG_6668.JPG
[2012.03.21 10:29:32 | 000,087,813 | ---- | C] () -- C:\Users\Sandra\Komposition Nr. 17 - Orange-Chicken nach Jamaikanischer Art.pdf
[2010.04.10 13:34:13 | 000,243,513 | ---- | C] () -- C:\Users\Sandra\Immo_20100331_Kaserne..pdf
[2009.09.04 19:39:00 | 000,004,096 | ---- | C] () -- C:\Users\Sandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.03 19:14:37 | 000,000,762 | ---- | C] () -- C:\Users\Sandra\AppData\Roaming\wklnhst.dat
[2009.07.22 11:09:36 | 000,088,812 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.07.22 11:09:29 | 000,088,812 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.07.13 14:02:52 | 000,643,072 | ---- | C] () -- C:\Program Files\iPodUpdaterExt.dll
[2009.07.13 14:02:36 | 000,008,356 | ---- | C] () -- C:\Program Files\Acknowledgements.rtf
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Hier das 2. Ergebnis:

Code:

ATTFilter

OTL Extras logfile created on: 31.03.2013 10:55:57 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sandra\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19401)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,96 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 52,38% Memory free
6,13 Gb Paging File | 4,78 Gb Available in Paging File | 77,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 433,53 Gb Total Space | 308,77 Gb Free Space | 71,22% Space Free | Partition Type: NTFS
Drive D: | 32,22 Gb Total Space | 17,56 Gb Free Space | 54,49% Space Free | Partition Type: FAT32
 
Computer Name: SANDRA-PC | User Name: Sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1592504286-2890377891-422604750-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1592504286-2890377891-422604750-1000]
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{49697FEC-F53E-4EF1-8DCE-0CC5C732A483}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AC55D56C-20F0-4339-A4D6-ADE38D85B02A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3310A557-B625-4445-9057-A1DC37AB12C4}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | 
"{419117F4-4C8F-4C81-BB66-BDFC3837606F}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe | 
"{431F049E-0518-46CB-BB4E-904BFDC37CFB}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{4B4BED74-F82D-4D0E-A2E7-2FE2B2B2C083}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4CCD03F0-3C71-4F29-A0F6-CFD7686D11BA}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{4D563289-8C60-4871-BAF7-D8224274C3AE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{716C32B2-CA3C-4722-86D3-16ED0557B406}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{746C0871-3E09-4FA6-A2B8-226EB0DB4EB2}" = protocol=17 | dir=in | app=c:\program files\itunes.exe | 
"{824F3129-2A80-4108-9E29-8628EBE8EF85}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe | 
"{90AAD55D-756E-4E48-9799-8A65D408A79E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{90D25502-E496-41E3-B9A5-4A65C44192D7}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{A3F28184-F908-4689-B125-E14DC46D26C6}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe | 
"{C4161DBD-2732-48E8-8FB9-5F2908A141D6}" = protocol=6 | dir=in | app=c:\program files\itunes.exe | 
"{D5C885D9-06CE-473B-9335-39A984CC9B9D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D8A36AD1-6432-4B1E-957B-0C867AAF0A7F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{D9593906-B635-4357-8F4A-7907E19AAB72}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{8F103E60-71BF-4E5A-8C4B-CFE396C49B95}C:\windows\ehome\ehexthost.exe" = protocol=6 | dir=in | app=c:\windows\ehome\ehexthost.exe | 
"UDP Query User{E83184A4-E904-42F5-B6D5-25B3A9FCC720}C:\windows\ehome\ehexthost.exe" = protocol=17 | dir=in | app=c:\windows\ehome\ehexthost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB Video Device
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39FE455F-9478-451B-9420-73C15143DF8E}" = Corel Home Office - IPM
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AE9F7747-0350-4E02-B115-6A2C92F5FA54}" = Corel Home Office
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.4
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger-sensing Pad Driver
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"Abrosoft FantaMorph_is1" = Abrosoft FantaMorph 2.55
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AVG8Uninstall" = AVG Free 8.5
"Badaboom" = Badaboom 1.2.1.40
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 2.2
"EOS Utility" = Canon Utilities EOS Utility
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
"zonelink_TUNING_is1" = zoneLINK SystemUp 2009 Tuning
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1592504286-2890377891-422604750-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.03.2013 04:01:41 | Computer Name = Sandra-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.03.2013 04:05:41 | Computer Name = Sandra-PC | Source = VSS | ID = 8194
Description = 
 
Error - 31.03.2013 04:06:18 | Computer Name = Sandra-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.03.2013 04:07:23 | Computer Name = Sandra-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 31.03.2013 04:09:19 | Computer Name = Sandra-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 31.03.2013 04:09:19 | Computer Name = Sandra-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 31.03.2013 04:12:34 | Computer Name = Sandra-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = 
 
Error - 31.03.2013 04:13:04 | Computer Name = Sandra-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = 
 
Error - 31.03.2013 04:13:04 | Computer Name = Sandra-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = 
 
Error - 31.03.2013 04:17:21 | Computer Name = Sandra-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 21.03.2013 15:23:25 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.03.2013 15:23:26 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 27.03.2013 01:42:22 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.03.2013 11:39:41 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 28.03.2013 05:59:11 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 30.03.2013 04:01:42 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 30.03.2013 04:01:42 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 31.03.2013 04:06:19 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 31.03.2013 04:17:22 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

Danke.
Sase

28.03.2013, 12:09	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	AVG hat Trojaner Generic31.BNQF gefunden ZoneAlarm bitte deinstallieren! Anschließend ein neues OTL-Log machen __________________ Logfiles bitte immer in CODE-Tags posten

AVG hat Trojaner Generic31.BNQF gefunden

Log-Analyse und Auswertung: AVG hat Trojaner Generic31.BNQF gefunden