coupondropdown lässt sich immer noch nicht unter Firefox entfernen

DanGomes · 08.04.2013, 14:40

Hallo Leute,
bin neue hier und in Sachen PC nicht gerade der fitteste. Also ich habe wie viele Vorgänger hier vor mir dieses lästige Problem mit dem coupondropdown unter Firefox. Habe, wie hier empfohlen, mehrere Programme bereist laufen lassen, aber das Problem hält sich weiterhin hartnäckig und macht mich langsam wahnsinnig.
Habe folgendes bereits durchgeführt:
adwcleaner

Code:

ATTFilter

# AdwCleaner v2.200 - Datei am 07/04/2013 um 19:37:45 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Administration - ADMINISTRATI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Administration\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Administration\AppData\Roaming\Mozilla\Firefox\Profiles\cnmnilny.default\jetpack

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0 (de)

Datei : C:\Users\Administration\AppData\Roaming\Mozilla\Firefox\Profiles\cnmnilny.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zknox453.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [22996 octets] - [07/04/2013 18:51:57]
AdwCleaner[R2].txt - [23057 octets] - [07/04/2013 18:52:32]
AdwCleaner[S1].txt - [22942 octets] - [07/04/2013 18:53:51]
AdwCleaner[S2].txt - [1320 octets] - [07/04/2013 19:27:37]
AdwCleaner[S3].txt - [1249 octets] - [07/04/2013 19:37:45]

########## EOF - C:\AdwCleaner[S3].txt - [1309 octets] ##########

jtr

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Administration on 07.04.2013 at 19:41:54,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Administration\AppData\Roaming\mozilla\firefox\profiles\cnmnilny.default\prefs.js

user_pref("google.toolbar.button_option.cached.gtbSearchBlogs", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchBlogs\" t
user_pref("google.toolbar.button_option.cached.gtbSearchPhotos", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchPhotos\"
user_pref("google.toolbar.button_option.cached.gtbSearchScholar", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchScholar
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_CTK0Y7F4MTG6NKYH03WT-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
Emptied folder: C:\Users\Administration\AppData\Roaming\mozilla\firefox\profiles\cnmnilny.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.04.2013 at 19:44:20,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

otl

Code:

ATTFilter

OTL logfile created on: 07.04.2013 19:45:06 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administration\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 62,65% Memory free
6,69 Gb Paging File | 5,45 Gb Available in Paging File | 81,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 241,09 Gb Total Space | 30,49 Gb Free Space | 12,65% Space Free | Partition Type: NTFS
Drive D: | 232,94 Gb Total Space | 223,98 Gb Free Space | 96,15% Space Free | Partition Type: NTFS
Drive E: | 19,99 Gb Total Space | 8,45 Gb Free Space | 42,26% Space Free | Partition Type: FAT32
Drive F: | 678,23 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 102,13 Gb Total Space | 72,89 Gb Free Space | 71,37% Space Free | Partition Type: NTFS
Drive K: | 102,54 Gb Total Space | 45,45 Gb Free Space | 44,33% Space Free | Partition Type: NTFS
Drive L: | 115,63 Gb Total Space | 115,53 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive M: | 117,19 Gb Total Space | 43,83 Gb Free Space | 37,40% Space Free | Partition Type: NTFS
 
Computer Name: ADMINISTRATI-PC | User Name: Administration | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.07 19:08:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administration\Desktop\OTL.exe
PRC - [2013.03.15 07:46:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.03.15 04:59:31 | 000,866,592 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013.03.15 04:59:30 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013.02.23 14:17:25 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.23 14:17:08 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.02.23 14:17:06 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.23 14:17:06 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.04.16 23:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
PRC - [2009.10.22 06:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2009.10.22 05:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) -- M:\Program Files\VMware\vmware-authd.exe
PRC - [2009.10.22 05:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2009.10.22 05:59:24 | 000,129,584 | ---- | M] (VMware, Inc.) -- M:\Program Files\VMware\vmware-tray.exe
PRC - [2009.10.22 04:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.12.03 15:51:30 | 002,181,672 | ---- | M] (Gainward Co.) -- C:\Programme\EXPERTool\TBPANEL.exe
PRC - [2008.10.30 23:45:06 | 000,172,032 | ---- | M] (CyberLink Corp.) -- C:\Programme\HomeCinema\PlayMovie\PMVService.exe
PRC - [2008.10.05 10:10:02 | 000,185,632 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe
PRC - [2008.05.16 18:30:30 | 000,091,432 | ---- | M] (cyberlink) -- C:\Programme\CyberLink\Shared Files\brs.exe
PRC - [2008.05.14 14:47:54 | 000,087,336 | ---- | M] (Cyberlink Corp.) -- C:\Programme\HomeCinema\PowerDVD\PDVDServ.exe
PRC - [2007.10.19 17:42:38 | 000,290,909 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
PRC - [2007.10.19 17:42:38 | 000,114,779 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
PRC - [2007.10.19 17:42:02 | 000,155,648 | ---- | M] (CyberLink Corp.) -- C:\Programme\HomeCinema\TV Enhance\TVEService.exe
PRC - [2007.10.09 00:19:22 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.09 00:19:20 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.08.17 13:27:00 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
PRC - [2007.06.27 10:18:40 | 000,215,256 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\CCU\CCU_TrayIcon.exe
PRC - [2007.06.27 10:18:20 | 000,293,080 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\CCU\CCU_Engine.exe
PRC - [2007.06.27 10:18:08 | 000,223,448 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\CCU\AlertService.exe
PRC - [2007.06.27 10:14:40 | 000,439,512 | ---- | M] (Intel Corporation) -- C:\Programme\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
PRC - [2007.02.12 11:46:34 | 000,208,896 | ---- | M] () -- C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2005.10.24 16:13:06 | 000,278,528 | ---- | M] () -- m:\Program Files\Electronics Workbench\NLS\EWBNLSS.exe
PRC - [2005.10.11 15:00:24 | 000,053,248 | ---- | M] (National Instruments, Inc.) -- C:\Windows\System32\lktsrv.exe
PRC - [2005.10.11 15:00:22 | 000,045,056 | ---- | M] (National Instruments, Inc.) -- C:\Windows\System32\lkads.exe
PRC - [2005.10.10 14:08:32 | 000,049,152 | ---- | M] (National Instruments Corp.) -- C:\Windows\System32\nisvcloc.exe
PRC - [2005.08.25 14:43:14 | 000,688,190 | ---- | M] (National Instruments, Inc.) -- C:\Windows\System32\lkcitdl.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.13 12:09:04 | 000,036,864 | ---- | M] () -- C:\Users\ADMINI~1\AppData\Local\Temp\CmdLineExt02.dll
MOD - [2007.10.19 17:42:34 | 000,339,968 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLTinyDB.dll
MOD - [2007.10.19 17:42:20 | 000,245,858 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLCapEngine.dll
MOD - [2007.10.19 17:42:20 | 000,114,780 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLSchMgr.dll
MOD - [2007.10.19 17:42:20 | 000,032,768 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLCapSvcps.dll
MOD - [2007.05.22 11:59:22 | 000,128,512 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [1998.10.31 11:55:56 | 000,005,120 | ---- | M] () -- C:\Programme\EXPERTool\TBMANAGE.DLL
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\hpdj.exe -- (hpdj)
SRV - [2013.03.27 04:16:39 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.15 07:46:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.03.14 10:49:32 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.23 14:17:25 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.23 14:17:06 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2009.10.22 06:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2009.10.22 05:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- M:\Program Files\VMware\vmware-authd.exe -- (VMAuthdService)
SRV - [2009.10.22 05:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009.10.22 04:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009.10.12 15:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- M:\Program Files\VMware\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.10.19 17:42:38 | 000,290,909 | ---- | M] () [Auto | Running] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc)
SRV - [2007.10.19 17:42:38 | 000,114,779 | ---- | M] () [Auto | Running] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched)
SRV - [2007.10.09 00:19:22 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2007.06.27 10:18:08 | 000,223,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
SRV - [2007.06.27 10:17:26 | 000,272,600 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe -- (QualityManager)
SRV - [2007.06.27 10:17:12 | 000,446,680 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
SRV - [2007.06.27 10:16:02 | 000,157,912 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
SRV - [2007.06.27 10:15:28 | 000,039,640 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE)
SRV - [2007.06.27 10:15:14 | 000,059,096 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM)
SRV - [2007.06.27 10:14:46 | 000,317,656 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore)
SRV - [2007.06.27 10:13:56 | 000,268,504 | ---- | M] () [Auto | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)
SRV - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Stopped] -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
SRV - [2007.02.12 11:46:34 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005.10.24 16:13:06 | 000,278,528 | ---- | M] () [Auto | Running] -- m:\Program Files\Electronics Workbench\NLS\EWBNLSS.exe -- (EWBNLSS)
SRV - [2005.10.11 15:00:24 | 000,053,248 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\System32\lktsrv.exe -- (lkTimeSync)
SRV - [2005.10.11 15:00:22 | 000,045,056 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\System32\lkads.exe -- (lkClassAds)
SRV - [2005.10.10 14:08:32 | 000,049,152 | ---- | M] (National Instruments Corp.) [Auto | Running] -- C:\Windows\System32\nisvcloc.exe -- (niSvcLoc)
SRV - [2005.08.25 14:43:14 | 000,688,190 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\System32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DDMI2.sys -- (SDDMI2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013.03.15 07:46:27 | 008,952,608 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013.02.23 14:17:35 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.02.23 14:17:35 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.02.23 14:17:35 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.02.23 14:17:35 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.10.22 06:00:46 | 000,853,936 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2009.10.22 06:00:44 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2009.10.22 06:00:44 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009.10.22 06:00:44 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009.10.22 04:47:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2009.10.22 01:13:36 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2009.10.22 01:13:32 | 000,036,400 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009.10.22 01:13:32 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009.10.12 15:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- M:\Program Files\VMware\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.06.10 12:23:04 | 000,036,992 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2009.06.10 12:23:04 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2008.10.30 23:45:24 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\HomeCinema\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.10.23 23:39:00 | 000,031,824 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2008.05.16 18:29:58 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\HomeCinema\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2008.05.02 11:49:30 | 000,099,264 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2007.09.21 10:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.08.22 11:01:58 | 001,242,976 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007.06.27 10:17:46 | 000,014,552 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2007.06.19 11:37:58 | 000,229,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007.05.01 16:49:42 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiH5F0D.sys -- (SaiH5F0D)
DRV - [2007.05.01 16:49:42 | 000,028,416 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiU5F0D.sys -- (SaiU5F0D)
DRV - [2007.03.16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007.02.18 20:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2007.02.16 02:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005.06.10 10:01:00 | 000,007,140 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 5D 4C 46 EA 09 CE 01  [binary data]
IE - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA_de
IE - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-792228030-1338267176-3048093723-1012\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.freenet.de"
FF - prefs.js..extensions.enabledAddons: foxsaver%40www.foxsaver.com:2.2.8
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7Bc50ca3c4-5656-43c2-a061-13e717f73fc8%7D:4.2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.13.0.6
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.1.3
FF - prefs.js..extensions.enabledItems: foxsaver@www.foxsaver.com:2.2.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: {3EC9C995-8072-4fc0-953E-4F30620D17F3}:2.0.0.4
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2910: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.02.12 09:28:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.07 19:36:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.11 11:32:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.08.03 11:56:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.21 19:18:27 | 000,000,000 | ---D | M]
 
[2008.09.14 11:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administration\AppData\Roaming\mozilla\Extensions
[2013.04.07 19:04:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administration\AppData\Roaming\mozilla\Firefox\Profiles\cnmnilny.default\extensions
[2011.06.08 13:07:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Administration\AppData\Roaming\mozilla\Firefox\Profiles\cnmnilny.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.07.05 15:03:37 | 000,000,000 | ---D | M] (FoxSaver) -- C:\Users\Administration\AppData\Roaming\mozilla\Firefox\Profiles\cnmnilny.default\extensions\foxsaver@www.foxsaver.com
[2013.02.14 20:06:19 | 000,216,743 | ---- | M] () (No name found) -- C:\Users\Administration\AppData\Roaming\mozilla\firefox\profiles\cnmnilny.default\extensions\freehdsport@freehdsport.tv.xpi
[2012.12.12 12:26:03 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Administration\AppData\Roaming\mozilla\firefox\profiles\cnmnilny.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.01.15 21:01:49 | 000,316,778 | ---- | M] () (No name found) -- C:\Users\Administration\AppData\Roaming\mozilla\firefox\profiles\cnmnilny.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
[2013.02.14 15:44:33 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Administration\AppData\Roaming\mozilla\firefox\profiles\cnmnilny.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2009.01.22 21:08:03 | 000,002,108 | ---- | M] () -- C:\Users\Administration\AppData\Roaming\mozilla\firefox\profiles\cnmnilny.default\searchplugins\youtube-videosuche.xml
[2013.04.07 19:36:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.27 04:17:36 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2005.10.12 16:04:02 | 000,020,480 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\NPLV80Win32.dll
[2013.03.27 05:32:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.27 05:32:09 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.03.27 05:32:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.27 05:32:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.27 05:32:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.27 05:32:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Programme\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\HomeCinema\PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vmware-tray] M:\Program Files\VMware\vmware-tray.exe (VMware, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-792228030-1338267176-3048093723-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-792228030-1338267176-3048093723-1004..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe (Gainward Co.)
O4 - HKU\S-1-5-21-792228030-1338267176-3048093723-1004..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-792228030-1338267176-3048093723-1012..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StarOffice 8.lnk = C:\Programme\Sun\StarOffice 8\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =   [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =   [binary data]
O8 - Extra context menu item: Free YouTube Download - C:\Users\Administration\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Administration\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - M:\Program Files\VMware\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - M:\Program Files\VMware\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{004DD726-7D49-47A4-9D03-9F5507481DF3}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{365D6CE8-3EB7-4D59-9B24-20AA50C5C322}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A68A3AF-40A7-46E5-ADB3-202921C38410}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FA6207C-FA60-4C3B-A1C0-165D0EA7E675}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administration\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Administration\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2001.08.24 04:21:18 | 000,000,067 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{045a22e9-d27e-11dc-814a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{045a22e9-d27e-11dc-814a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\_Autorun\Autorun.exe -- [2002.06.28 20:18:56 | 000,065,536 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.07 19:40:12 | 000,000,000 | ---D | C] -- C:\Users\Administration\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2013.04.07 19:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013.04.07 19:08:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administration\Desktop\OTL.exe
[2013.04.07 19:01:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.07 19:01:49 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.07 19:01:38 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Administration\Desktop\JRT.exe
[2013.04.07 16:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.04.07 16:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.04.06 19:34:20 | 000,000,000 | ---D | C] -- C:\Users\Administration\AppData\Local\Koox System Optimizer
[2013.04.06 19:33:55 | 001,122,304 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Windows\System32\libeay32.dll
[2013.04.06 19:33:55 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2013.04.06 19:33:55 | 000,274,432 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Windows\System32\ssleay32.dll
[2013.04.06 19:33:55 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2013.04.06 19:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\Coupon Drop Down Removal Tool
[2013.04.06 13:26:51 | 000,000,000 | ---D | C] -- C:\Users\Administration\Desktop\Diverse Dokumente
[2013.04.02 10:56:06 | 000,000,000 | ---D | C] -- C:\Users\Administration\AppData\Roaming\Malwarebytes
[2013.04.02 10:55:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.02 10:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.28 13:36:49 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2013.03.11 11:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.07 19:40:55 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013.04.07 19:40:09 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.07 19:39:58 | 000,005,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.07 19:39:58 | 000,005,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.07 19:39:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.07 19:39:49 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.07 19:36:18 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.07 19:22:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.07 19:08:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administration\Desktop\OTL.exe
[2013.04.07 19:01:39 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Administration\Desktop\JRT.exe
[2013.04.07 18:49:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.07 18:41:26 | 000,613,083 | ---- | M] () -- C:\Users\Administration\Desktop\adwcleaner.exe
[2013.04.06 15:34:17 | 000,641,432 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.06 15:34:17 | 000,132,104 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.06 15:34:17 | 000,008,878 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.06 15:34:17 | 000,006,488 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.06 14:12:38 | 000,380,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.05 12:32:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013.04.05 10:47:02 | 000,008,240 | ---- | M] () -- C:\Users\Administration\AppData\Local\d3d9caps.dat
[2013.04.02 10:23:50 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.22 18:29:44 | 000,015,426 | ---- | M] () -- C:\Users\Administration\Documents\Discounter Strom3.odt
[2013.03.15 07:46:27 | 000,013,625 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.07 18:41:26 | 000,613,083 | ---- | C] () -- C:\Users\Administration\Desktop\adwcleaner.exe
[2013.03.28 13:31:33 | 000,013,625 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2013.03.22 18:29:43 | 000,015,426 | ---- | C] () -- C:\Users\Administration\Documents\Discounter Strom3.odt
[2013.01.31 14:37:46 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013.01.31 14:05:05 | 000,008,240 | ---- | C] () -- C:\Users\Administration\AppData\Local\d3d9caps.dat
[2013.01.31 13:22:50 | 000,000,569 | ---- | C] () -- C:\Windows\eReg.dat
[2012.03.17 18:49:22 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2012.03.17 18:40:08 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008.04.21 22:24:47 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.04.12 09:14:12 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.02.04 16:43:49 | 000,223,744 | ---- | C] () -- C:\Users\Administration\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.02.04 14:48:17 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.02.03 20:07:02 | 000,000,102 | ---- | C] () -- C:\Users\Administration\AppData\Local\fusioncache.dat
[2008.02.03 16:04:32 | 000,000,101 | ---- | C] () -- C:\Users\Administration\AppData\Roaming\default.pls
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.05.02 15:03:43 | 000,000,000 | ---D | M] -- C:\Users\Administration\AppData\Roaming\Amazon
[2010.06.03 12:44:29 | 000,000,000 | ---D | M] -- C:\Users\Administration\AppData\Roaming\Azureus
[2009.01.13 17:42:34 | 000,000,000 | ---D | M] -- C:\Users\Administration\AppData\Roaming\Canon
[2009.02.22 04:20:45 | 000,000,000 | ---D | M] -- C:\Users\Administration\AppData\Roaming\DataDesign
[2012.02.19 11:40:19 | 000,000,000 | ---D | M] -- C:\Users\Administration\AppData\Roaming\DVDVideoSoft
[2008.02.03 19:50:02 | 000,000,000 | ---D | M] -- C:\Users\Administration\AppData\Roaming\FRITZ!
[2009.12.09 16:13:57 | 000,000,000 | ---D | M] -- C:\Users\Administration\AppData\Roaming\GetRightToGo
[2009.05.12 12:13:31 | 000,000,000 | ---D | M] -- C:\Users\Administration\AppData\Roaming\gtk-2.0
[2008.12.12 15:16:51 | 000,000,000 | ---D | M] -- C:\Users\Administration\AppData\Roaming\OpenArena
[2013.04.06 14:09:53 | 000,000,000 | ---D | M] -- C:\Users\Administration\AppData\Roaming\Samsung
[2009.01.06 16:31:06 | 000,000,000 | ---D | M] -- C:\Users\Administration\AppData\Roaming\Sonavis
[2013.04.05 11:52:24 | 000,000,000 | ---D | M] -- C:\Users\Administration\AppData\Roaming\StarOffice8
[2009.09.22 18:33:30 | 000,000,000 | ---D | M] -- C:\Users\Administration\AppData\Roaming\Subversion
[2008.11.26 16:38:22 | 000,000,000 | ---D | M] -- C:\Users\Administration\AppData\Roaming\Thunderbird
[2008.04.09 16:45:52 | 000,000,000 | ---D | M] -- C:\Users\Administration\AppData\Roaming\Ulead Systems
[2009.09.22 18:59:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\JavaEditor
[2013.01.19 14:40:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\StarOffice8
[2009.09.22 19:07:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Subversion
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:F8D65F32
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

esetsmartinstaller war unauffällig

security check

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.61  
 Windows Vista Service Pack 2 x86   
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 EasyEclipse Desktop Java 1.3.1.1  
 Java(TM) 6 Update 15  
 Java 7 Update 9  
 Java 7 Update 17  
 Java(TM) SE Development Kit 6 Update 14 
 Java(TM) SE Development Kit 6 Update 16 
 JavaFX(TM) 1.2 SDK   
 Java DB 10.4.2.1   
 Adobe Flash Player 	11.6.602.180  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox (for.) 
 Mozilla Thunderbird (2.0.0 Thunderbird out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

defogger disable

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:22 on 08/04/2013 (Administration)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

defogger enable

Code:

ATTFilter

defogger_enable by jpshortstuff (23.02.10.1)
Log created at 15:24 on 08/04/2013 (Administration)

Parsing file...


-=E.O.F=-

Wäre cool, wenn mir hier jemand helfen könnte.

cosinus · 08.04.2013, 16:11

Hallo und

Hast du noch weitere Logs (mit Funden)? Ist dein Virenscanner jemals fündig geworden?

Malwarebytes und/oder andere Virenscanner?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

DanGomes · 09.04.2013, 16:52

Hi cosinus.
Nun mein Virenscanner habe ich nicht durchlaufen lassen, da es meistens 3 einhalb Stunden dauert, ist aber auf dem neusten Stand. Es handelt sich übrigens um die Free-Version von Avira. Benutze ich schon seit ewig, weiß aber nicht, ob es kompetent genug ist. Also ich habe noch Malwarebytes und Spyhunter bei mir durchlaufen lassen. Bei Malwarebytes hat er weder beim Quick-Scan noch beim Full-Scan etwas endeckt. Trotzdem hier die Log-Dateien:
Quick-Scan

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.04.09.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Administration :: ADMINISTRATI-PC [Administrator]

Schutz: Deaktiviert

09.04.2013 14:07:29
mbam-log-2013-04-09 (14-07-29).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 307155
Laufzeit: 9 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Full-Scan

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.04.09.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Administration :: ADMINISTRATI-PC [Administrator]

Schutz: Deaktiviert

09.04.2013 14:20:10
mbam-log-2013-04-09 (14-20-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|J:\|K:\|L:\|M:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 611433
Laufzeit: 3 Stunde(n), 12 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Spyhunter dagegen hat Infektionen gefunden, allerdings lässt sich ohne eine kostenpflichtige Registrierung weder die Probleme beheben noch Log-Dateien erstellen.

Falls noch helfen sollte, habe ich noch eine OTL Log-Datei von einem Extradurchlauf.
OTL extra

Code:

ATTFilter

OTL Extras logfile created on: 07.04.2013 19:09:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administration\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 54,49% Memory free
6,72 Gb Paging File | 5,12 Gb Available in Paging File | 76,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 241,09 Gb Total Space | 30,75 Gb Free Space | 12,75% Space Free | Partition Type: NTFS
Drive D: | 232,94 Gb Total Space | 223,98 Gb Free Space | 96,15% Space Free | Partition Type: NTFS
Drive E: | 19,99 Gb Total Space | 8,45 Gb Free Space | 42,26% Space Free | Partition Type: FAT32
Drive F: | 678,23 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 102,13 Gb Total Space | 72,89 Gb Free Space | 71,37% Space Free | Partition Type: NTFS
Drive K: | 102,54 Gb Total Space | 45,45 Gb Free Space | 44,33% Space Free | Partition Type: NTFS
Drive L: | 115,63 Gb Total Space | 115,53 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive M: | 117,19 Gb Total Space | 43,83 Gb Free Space | 37,40% Space Free | Partition Type: NTFS
 
Computer Name: ADMINISTRATI-PC | User Name: Administration | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-792228030-1338267176-3048093723-1004\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05BED537-4F2F-445E-BDB9-FABD8C91AE78}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{09A0479D-6FEC-44EC-AE35-A11F3555DF76}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery | 
"{1C8F3A52-5803-4B27-86D9-1AAB48BA2BB9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1DA6277D-6668-4352-9FAD-35A932F920FA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{22F42D4C-AC69-4ED9-B0F4-49FF6D8663D4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{243F184D-F2DA-4AB2-9C46-6A59283F96B0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{35E30DCC-99A8-4EE4-8BA6-2E94C181AFE8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{39C99774-D924-490A-AB4F-8082C868138E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{51BD869B-4D9A-455F-A777-B5D598035E5C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{568B5458-D46A-4405-A6A5-1D9D6E69CC12}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{595A6D12-FC69-4521-9C1F-25E65B93190D}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{769EEBF4-D87F-40D9-AB62-F6416984AC0B}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery | 
"{8F107B26-091E-4D03-A88E-AB4B0B947D8A}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{95C603AE-B456-4ACB-8D4D-16E51BC03FAC}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{ABF2BBA0-BA7D-48A6-897A-2EBE613C4452}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B22A4CA2-0327-425C-99D6-4CE6F4D1C0CB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C7AD2A4D-C8DE-4509-BBF3-A8B078118E08}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{CD2C0D92-A011-4370-B6BD-4680745EE7D4}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D1BE683A-009B-4BD6-9449-EF5277BA8A0B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{DA210AF0-998D-4326-A657-17BCCA3AF6A1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DCDE2A2E-1FEE-4DCE-B188-42FDCD4A4C66}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{DE97CE7E-724E-4215-B17C-5F56FEDF8197}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{E8467382-9C9E-45AA-956A-E3B4BF748819}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{E9E71E8C-0BEF-4D64-8F8F-9A4AF83C2B21}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C23F63-1C82-4C9A-83AD-3F12F37539EC}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{0718D7FE-E9B1-490D-8110-8D1D049B6EDF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0E4F2913-904F-407F-B3BF-E5C43AACAFAE}" = dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe | 
"{11A0AE7E-F2EB-42C8-9D13-DC2C76618033}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe | 
"{13AD2E8B-1AD6-47CD-975D-FB6A7EF6B8B1}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe | 
"{1CA85D05-68B4-48F8-9272-BAE64521BB97}" = protocol=17 | dir=in | app=k:\program files\midway games\stranglehold\binaries\retail-stranglehold.exe | 
"{2F8E6A1D-6A53-4033-B58A-B7C6C6755477}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 
"{308F21D1-29C3-4675-916F-D6137426272B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{35E80827-5F5D-4525-9670-B345828314ED}" = protocol=6 | dir=in | app=k:\program files\midway games\stranglehold\binaries\retail-stranglehold.exe | 
"{462204C3-531F-44C8-8F54-24FFB75FD8DD}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{4EA4E7A7-1A77-4726-B6C8-19D1998FBAD1}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{528773B3-F9C5-42B3-B101-E0447E3CD334}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{539864FB-849F-43D2-A94F-42720A2B4C15}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{64DCE4E0-BE06-4BB5-8602-7760B09F65F3}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe | 
"{67C95187-7609-4E32-A5FD-485E6BB20E73}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6BEC0D4C-61EF-44C4-9A57-4E569F4BA5E3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{763BD154-B8EB-4462-A8B1-BF42E9ACDFF6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7CD61BFE-B7B5-4252-840F-F7F31D78E18F}" = dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe | 
"{7D3CF706-04B0-4A39-84FC-3B34E4017780}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe | 
"{9A2DE70A-FBDE-4A72-AA80-658658A4F1BF}" = dir=in | app=c:\program files\homecinema\playmovie\playmovie.exe | 
"{BDA25F2D-FEF8-478B-82F0-1147F3029BC5}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 
"{C7DBDF5C-C2CA-4608-838F-9BB532F0944B}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{C85BD6CD-B19F-423E-AC37-34CC68A94692}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C9A88DBB-E3E5-4499-8C19-F992BE529F9E}" = protocol=6 | dir=in | app=m:\program files\vmware\vmware-authd.exe | 
"{D383F04C-5757-4FE6-90E7-B48D22CB8919}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe | 
"{E266203E-A6A8-44C4-855A-C45B8FF7DD87}" = dir=in | app=c:\program files\homecinema\playmovie\pmvservice.exe | 
"{EF04D381-9E3F-4009-A103-46F78CEE86E4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F8A8A00B-A18D-419C-8BC1-3B7700D4BA80}" = protocol=17 | dir=in | app=m:\program files\vmware\vmware-authd.exe | 
"{FA437D86-7525-4A37-9F58-928C0D059377}" = protocol=6 | dir=in | app=c:\program files\stampit\binary\stampit.exe | 
"{FAE57EDA-E71F-4905-976F-FF8091FB39CD}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe | 
"{FC008E8C-3A55-4593-B5F8-088EE0DF0221}" = protocol=17 | dir=in | app=c:\program files\stampit\binary\stampit.exe | 
"TCP Query User{0CD38428-2A8D-4DD8-9698-898B4FA30E61}K:\program files\konami\pro evolution soccer 2010\pes2010.exe" = protocol=6 | dir=in | app=k:\program files\konami\pro evolution soccer 2010\pes2010.exe | 
"TCP Query User{0FEEC4A7-2780-4E80-BCAE-23AA06C1A624}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{266D1772-AD27-4B46-9D14-0C4BD76FBB27}C:\program files\common files\nero\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe | 
"TCP Query User{291B55E3-6360-47C7-AF33-E892BB2FAF54}C:6\openarena\openarena-0.8.1\openarena-deprecated.exe" = protocol=6 | dir=in | app=c:6\openarena\openarena-0.8.1\openarena-deprecated.exe | 
"TCP Query User{2BABE999-5378-47A0-A291-306C93E00526}C:\users\administration\appdata\local\temp\onlineupdate8\setupxu.exe" = protocol=6 | dir=in | app=c:\users\administration\appdata\local\temp\onlineupdate8\setupxu.exe | 
"TCP Query User{3041BBB5-8190-43C8-92C3-C330972FE513}J:\program files\emule\emule.exe" = protocol=6 | dir=in | app=j:\program files\emule\emule.exe | 
"TCP Query User{3181A7DA-299D-4DA8-9230-420751E0D747}C:\users\administration\desktop\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\administration\desktop\eclipse\eclipse.exe | 
"TCP Query User{503D9B53-FC74-4A73-B7C0-A604C183F36F}J:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=j:\program files\azureus\azureus.exe | 
"TCP Query User{6A9CCA4F-0E4A-4E1D-A854-E5011D8DB243}K:\program files\konami\pro evolution soccer 2009\pes2009.exe" = protocol=6 | dir=in | app=k:\program files\konami\pro evolution soccer 2009\pes2009.exe | 
"TCP Query User{6D9FFD0A-FFB4-46F0-BBB6-C7DC09DF5FAA}K:\program files\sports interactive\football manager 2006\fm.exe" = protocol=6 | dir=in | app=k:\program files\sports interactive\football manager 2006\fm.exe | 
"TCP Query User{795AA14C-E884-4FE3-8ADA-8156AD680515}F:\ttn.exe" = protocol=6 | dir=in | app=f:\ttn.exe | 
"TCP Query User{90840F6C-EC8C-46D3-955F-7ABD9E035AFD}C:\program files\easyeclipse desktop java 1.3.1.1\eclipse.exe" = protocol=6 | dir=in | app=c:\program files\easyeclipse desktop java 1.3.1.1\eclipse.exe | 
"TCP Query User{A2D1A602-5B71-4326-B6B2-C13681AD9662}K:\program files\konami\pro evolution soccer 2008\pes2008.exe" = protocol=6 | dir=in | app=k:\program files\konami\pro evolution soccer 2008\pes2008.exe | 
"TCP Query User{B0BC4D65-8F0E-4401-9C83-6B3DC900CBD7}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"TCP Query User{BCFF028A-D034-447E-8A8A-652A1EE49F50}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{C5720FE2-9A46-4CD7-BA4D-13CF30F65E91}C:\program files\java\jdk1.6.0_16\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_16\jre\bin\javaw.exe | 
"TCP Query User{CB66A83C-9F6E-4279-8338-FB993F4235EB}J:\program files\emule\emule.exe" = protocol=6 | dir=in | app=j:\program files\emule\emule.exe | 
"TCP Query User{F0337F62-4281-4892-8406-8A3E976F38EC}J:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=j:\program files\azureus\azureus.exe | 
"TCP Query User{F0BA8F58-57F2-4DA0-8874-B7A3C3773701}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{F5DAB7D6-FC8D-4894-B644-4C8F3FCB3465}M:\program files\franzis\3d tipptrainer\ttn.exe" = protocol=6 | dir=in | app=m:\program files\franzis\3d tipptrainer\ttn.exe | 
"TCP Query User{F9D4514D-86BD-465C-91E2-E08D5874ECDF}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{FA91E12E-96F0-4C62-8488-CE51F727F6E0}C:5\openarena\openarena-0.8.1\openarena-deprecated.exe" = protocol=6 | dir=in | app=c:5\openarena\openarena-0.8.1\openarena-deprecated.exe | 
"TCP Query User{FD88C966-31E8-4210-A72B-6D96D41CF744}K:\program files\konami\pro evolution soccer 2009\pes2009.exe" = protocol=6 | dir=in | app=k:\program files\konami\pro evolution soccer 2009\pes2009.exe | 
"UDP Query User{0AAAD534-ECC0-4A8B-A55C-E20B0BA33C27}C:5\openarena\openarena-0.8.1\openarena-deprecated.exe" = protocol=17 | dir=in | app=c:5\openarena\openarena-0.8.1\openarena-deprecated.exe | 
"UDP Query User{0F4CB157-472D-4049-AB39-41E019534D99}K:\program files\konami\pro evolution soccer 2009\pes2009.exe" = protocol=17 | dir=in | app=k:\program files\konami\pro evolution soccer 2009\pes2009.exe | 
"UDP Query User{1535909B-D9CE-4B10-8EBE-C97C8B92AE51}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{1A2EA339-53C8-47AA-9AB3-6CD1B27F8C5C}C:\program files\java\jdk1.6.0_16\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_16\jre\bin\javaw.exe | 
"UDP Query User{40323823-0FE7-4CCF-8EAE-C8B64D3C9158}K:\program files\konami\pro evolution soccer 2009\pes2009.exe" = protocol=17 | dir=in | app=k:\program files\konami\pro evolution soccer 2009\pes2009.exe | 
"UDP Query User{468B9DBA-8CDC-4B91-B37A-D20376B6F545}C:\users\administration\appdata\local\temp\onlineupdate8\setupxu.exe" = protocol=17 | dir=in | app=c:\users\administration\appdata\local\temp\onlineupdate8\setupxu.exe | 
"UDP Query User{785F6F59-F853-4197-9476-6069DAE66205}K:\program files\konami\pro evolution soccer 2010\pes2010.exe" = protocol=17 | dir=in | app=k:\program files\konami\pro evolution soccer 2010\pes2010.exe | 
"UDP Query User{8D8FA50B-216E-4D26-A28A-4A7FB93FB968}C:\program files\easyeclipse desktop java 1.3.1.1\eclipse.exe" = protocol=17 | dir=in | app=c:\program files\easyeclipse desktop java 1.3.1.1\eclipse.exe | 
"UDP Query User{9A7C5D34-CB7F-4A73-8FEC-1706956F027D}K:\program files\sports interactive\football manager 2006\fm.exe" = protocol=17 | dir=in | app=k:\program files\sports interactive\football manager 2006\fm.exe | 
"UDP Query User{9DEE61AC-3023-41E1-9E8F-80499C51565D}J:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=j:\program files\azureus\azureus.exe | 
"UDP Query User{AF0BD7C9-44DA-43C7-A0A5-293B28845DFA}C:\program files\common files\nero\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe | 
"UDP Query User{B740C805-1124-47A6-A60D-9ED484393B47}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{BEBE341E-72E0-4EC5-8C37-82E3B07784B5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{C28BD79A-274B-4968-9F54-8F53EB677714}C:6\openarena\openarena-0.8.1\openarena-deprecated.exe" = protocol=17 | dir=in | app=c:6\openarena\openarena-0.8.1\openarena-deprecated.exe | 
"UDP Query User{C3098D05-3CD0-4D18-AC0C-25C1A1741248}J:\program files\emule\emule.exe" = protocol=17 | dir=in | app=j:\program files\emule\emule.exe | 
"UDP Query User{C3E7B11F-F1EF-490C-BBC3-5E578A10A7B5}M:\program files\franzis\3d tipptrainer\ttn.exe" = protocol=17 | dir=in | app=m:\program files\franzis\3d tipptrainer\ttn.exe | 
"UDP Query User{C720CD53-5630-43D8-B8B9-2DD9B120E7B9}F:\ttn.exe" = protocol=17 | dir=in | app=f:\ttn.exe | 
"UDP Query User{C833B95A-89A0-4EC5-AC14-8A2A6BE6DA12}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"UDP Query User{D0DE2636-0129-4EA5-ACC5-E3835396DBD4}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{D61B1E1C-FAA2-49D0-93F1-0CF8FDE0BBBD}C:\users\administration\desktop\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\administration\desktop\eclipse\eclipse.exe | 
"UDP Query User{DD032383-12C1-4213-A0D7-339DA2B82565}K:\program files\konami\pro evolution soccer 2008\pes2008.exe" = protocol=17 | dir=in | app=k:\program files\konami\pro evolution soccer 2008\pes2008.exe | 
"UDP Query User{F5F35C06-97C5-4DB2-9309-1CD1B475DEC4}J:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=j:\program files\azureus\azureus.exe | 
"UDP Query User{F65D3605-0D48-424A-82AB-32A5C9070791}J:\program files\emule\emule.exe" = protocol=17 | dir=in | app=j:\program files\emule\emule.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07FB1A47-5D14-47A2-BC3C-A3481ABBB957}" = EWB Shared Components
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0B0BEF37-B327-48ED-A2E0-BF6974676294}" = NI Logos 4.6
"{1058F383-32D3-4B8B-BFEF-10D8AFDCD24E}" = EWB Network License Server
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{255D87CE-1E45-4795-9731-454EF5371B02}" = NI USI 1.2.0
"{26A24AE4-039D-4CA4-87B4-2F83216015F0}" = Java(TM) 6 Update 15
"{26A24AE4-039D-4CA4-87B4-2F83217009F0}" = Java 7 Update 9
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{28C59BDD-55F3-4454-BF17-37AC537F894B}" = NI MDF Support
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2FDFD600-7338-4738-90D5-FC4ACA08DC36}" = Pro Evolution Soccer 2008
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32A3A4F4-B792-11D6-A78A-00B0D0160140}" = Java(TM) SE Development Kit 6 Update 14
"{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java(TM) SE Development Kit 6 Update 16
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46CA73D7-A908-4732-8DD3-217DA58526BB}" = EWB Network License Server
"{49CFD5D9-0556-4037-B7D6-E13ED4BEA4C5}" = Football Manager 2006
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5aa47dba-b584-4d47-a626-76e53fc2987d}" = JavaFX(TM) 1.2 SDK
"{60FC2242-9CF5-4264-B02A-A4A86447F560}" = NI EULA Depot
"{64B408B8-068B-4EE0-B16C-658A24E75B8B}" = Active@ UNDELETE
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A65D944-399F-4665-BA27-318B3F91E881}" = Multisim 9
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80BC3054-A6BF-4FAA-A09E-196F3DA80FB5}" = EWB Network License Server
"{818FB39B-1A57-4F1B-A54D-391C33D6C596}" = Tropico
"{8410B358-107A-4FB7-AB2B-6FD952F15A8F}" = Nero 8 Essentials
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86EDEF11-EFE4-46CB-8B08-9CBD4A936B1F}" = Stranglehold
"{87E01B1B-92A0-416F-9F8E-9BE921A05F9F}" = StarOffice 8
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B63540D-D942-4C38-B42E-A48AE0145970}" = Virtua Tennis(TM) 2009
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CD92DB1-1B3B-4296-9456-93EA6BCAA4C5}" = Enter The Matrix
"{9E0AE153-88DC-428B-99EB-6A3D984230B8}" = NI LabWindows/CVI 7.1.1 Run Time Engine
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Play Movie
"{A5D1EA23-CEE5-4B72-A0C3-8BCEDFC6F94C}" = NI LabVIEW Run-Time Engine 8.0
"{A6473724-A851-11D5-986D-00500443CF9F}" = Moorhuhn 3
"{A7472CEE-6E85-4D43-9C71-BDFC0D471F70}" = Intel® Viiv™ Software
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B1F27A23-B6D1-4397-BA2F-25F348DF135F}" = NI Uninstaller
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B571B309-5E65-3DCE-8DE7-205DE2D366C3}" = Microsoft Visual C++ 2008 Express Edition - DEU
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BBBF4CFE-9D26-4D93-A869-B2B021B3CA85}" = Intel(R) PRO Network Connections 12.2.41.0
"{C07B8BC4-AFD9-3AA4-BDF5-330A07591FDE}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{C73A0FC7-FFDC-4BAD-912A-C5791FF9EAC6}" = NI Service Locator
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCC8E84E-AB61-4EC0-890D-8B553915B3AD}" = TVsweeper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{D922EF97-6657-3075-BC93-A6CF59444E84}" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DCDD061F-3797-42C1-96E4-4B897C73E2B4}" = Multisim 9
"{DE3FCA5F-7B8A-482B-89A9-CC9BD5F656A1}" = UEFA EURO 2008™
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"3D TippTrainer_is1" = 3D TippTrainer
"7-Zip" = 7-Zip 4.65
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ALDI Foto Manager Free Nord D" = ALDI Foto Manager Free Nord
"ALDI Foto Service Nord D" = ALDI Foto Service Nord
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice
"ALDI Online Druck Service (Nord)" = ALDI Online Druck Service (Nord)
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"CloneDVD2" = CloneDVD2
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EasyEclipse Desktop Java 1.3.1.1" = EasyEclipse Desktop Java 1.3.1.1
"EXPERTool_is1" = EXPERTool 7.0
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Studio_is1" = Free Studio version 5.3.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hp deskjet 5100 series_Driver" = hp deskjet 5100 series
"Indeo® software" = Indeo® software
"InstallShield_{2FDFD600-7338-4738-90D5-FC4ACA08DC36}" = Pro Evolution Soccer 2008
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Intel(R) Configuration Center" = Intel® Viiv™ Software
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.4
"James Bond 007: Nightfire" = James Bond 007: Nightfire
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.7.0 (Full)
"MEDION Fotos auf CD Nord D" = MEDION Fotos auf CD Nord
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual C++ 2008 Express Edition - DEU" = Microsoft Visual C++ 2008 Express Edition - DEU
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird (2.0.0.19)" = Mozilla Thunderbird (2.0.0.19)
"MSDN Library for Microsoft Visual Studio 2008 Express Editions" = MSDN Library für Microsoft Visual Studio 2008 Express Editions
"NAVIGON Fresh" = NAVIGON Fresh 3.0.2
"NI Uninstaller" = National Instruments-Software
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"PROSetDX" = Intel(R) PRO Network Connections 12.2.41.0
"RealPlayer 6.0" = RealPlayer
"SEAT" = SEAT
"SEAT Cupra GT - Screen Saver" = SEAT Cupra GT - Screen Saver
"Shockwave" = Shockwave
"ShotOnline" = ShotOnline
"SWING" = SWING
"The Dark Knight" = The Dark Knight
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.1
"VMware_Workstation" = VMware Workstation
"WinGimp-2.0_is1" = Gimp 2.6.2 Debug
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"X10Hardware" = X10 Hardware(TM)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.04.2013 13:17:46 | Computer Name = Administrati-PC | Source = vmauthd | ID = 100
Description = Malformed perfmon object, index=2   
 
Error - 07.04.2013 13:17:46 | Computer Name = Administrati-PC | Source = vmauthd | ID = 100
Description = Malformed perfmon object, index=3   
 
Error - 07.04.2013 13:17:46 | Computer Name = Administrati-PC | Source = vmauthd | ID = 100
Description = Malformed perfmon object, index=4   
 
Error - 07.04.2013 13:17:46 | Computer Name = Administrati-PC | Source = vmauthd | ID = 100
Description = Malformed perfmon object, index=5   
 
Error - 07.04.2013 13:18:04 | Computer Name = Administrati-PC | Source = vmauthd | ID = 100
Description = Malformed perfmon object, index=0   
 
Error - 07.04.2013 13:18:04 | Computer Name = Administrati-PC | Source = vmauthd | ID = 100
Description = Malformed perfmon object, index=1   
 
Error - 07.04.2013 13:18:04 | Computer Name = Administrati-PC | Source = vmauthd | ID = 100
Description = Malformed perfmon object, index=2   
 
Error - 07.04.2013 13:18:04 | Computer Name = Administrati-PC | Source = vmauthd | ID = 100
Description = Malformed perfmon object, index=3   
 
Error - 07.04.2013 13:18:04 | Computer Name = Administrati-PC | Source = vmauthd | ID = 100
Description = Malformed perfmon object, index=4   
 
Error - 07.04.2013 13:18:04 | Computer Name = Administrati-PC | Source = vmauthd | ID = 100
Description = Malformed perfmon object, index=5   
 
[ OSession Events ]
Error - 29.08.2011 09:08:59 | Computer Name = Administrati-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 28
 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
< End of report >

Erwarte dann Deine Antwort.
Bis dahin schöne Grüße vom cotangens.

Hier noch die Log-Datei vom Avira Full-Scan ohne Befund.

Code:

ATTFilter

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 9. April 2013  18:03


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus     : Normal gebootet
Benutzername   : Administration
Computername   : ADMINISTRATI-PC

Versionsinformationen:
BUILD.DAT      : 13.0.0.3185    47702 Bytes  30.01.2013 10:05:00
AVSCAN.EXE     : 13.6.0.584    640224 Bytes  23.02.2013 12:17:07
AVSCANRC.DLL   : 13.4.0.360     64800 Bytes  23.02.2013 12:17:07
LUKE.DLL       : 13.6.0.602     67808 Bytes  23.02.2013 12:17:19
AVSCPLR.DLL    : 13.6.0.986     94944 Bytes  20.03.2013 11:55:02
AVREG.DLL      : 13.6.0.940    250592 Bytes  20.03.2013 11:55:02
avlode.dll     : 13.6.2.624    434912 Bytes  23.02.2013 12:17:36
avlode.rdf     : 13.0.0.46      15591 Bytes  05.04.2013 09:05:03
VBASE000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 09:04:46
VBASE001.VDF   : 7.11.70.1       2048 Bytes  04.04.2013 09:04:47
VBASE002.VDF   : 7.11.70.2       2048 Bytes  04.04.2013 09:04:47
VBASE003.VDF   : 7.11.70.3       2048 Bytes  04.04.2013 09:04:47
VBASE004.VDF   : 7.11.70.4       2048 Bytes  04.04.2013 09:04:47
VBASE005.VDF   : 7.11.70.5       2048 Bytes  04.04.2013 09:04:47
VBASE006.VDF   : 7.11.70.6       2048 Bytes  04.04.2013 09:04:48
VBASE007.VDF   : 7.11.70.7       2048 Bytes  04.04.2013 09:04:48
VBASE008.VDF   : 7.11.70.8       2048 Bytes  04.04.2013 09:04:48
VBASE009.VDF   : 7.11.70.9       2048 Bytes  04.04.2013 09:04:48
VBASE010.VDF   : 7.11.70.10      2048 Bytes  04.04.2013 09:04:48
VBASE011.VDF   : 7.11.70.11      2048 Bytes  04.04.2013 09:04:48
VBASE012.VDF   : 7.11.70.12      2048 Bytes  04.04.2013 09:04:48
VBASE013.VDF   : 7.11.70.13      2048 Bytes  04.04.2013 09:04:49
VBASE014.VDF   : 7.11.70.103   136192 Bytes  05.04.2013 12:08:01
VBASE015.VDF   : 7.11.70.183   183808 Bytes  06.04.2013 17:30:48
VBASE016.VDF   : 7.11.71.9     145920 Bytes  08.04.2013 09:39:43
VBASE017.VDF   : 7.11.71.10      2048 Bytes  08.04.2013 09:39:43
VBASE018.VDF   : 7.11.71.11      2048 Bytes  08.04.2013 09:39:43
VBASE019.VDF   : 7.11.71.12      2048 Bytes  08.04.2013 09:39:43
VBASE020.VDF   : 7.11.71.13      2048 Bytes  08.04.2013 09:39:43
VBASE021.VDF   : 7.11.71.14      2048 Bytes  08.04.2013 09:39:43
VBASE022.VDF   : 7.11.71.15      2048 Bytes  08.04.2013 09:39:43
VBASE023.VDF   : 7.11.71.16      2048 Bytes  08.04.2013 09:39:44
VBASE024.VDF   : 7.11.71.17      2048 Bytes  08.04.2013 09:39:44
VBASE025.VDF   : 7.11.71.18      2048 Bytes  08.04.2013 09:39:44
VBASE026.VDF   : 7.11.71.19      2048 Bytes  08.04.2013 09:39:44
VBASE027.VDF   : 7.11.71.20      2048 Bytes  08.04.2013 09:39:44
VBASE028.VDF   : 7.11.71.21      2048 Bytes  08.04.2013 09:39:44
VBASE029.VDF   : 7.11.71.22      2048 Bytes  08.04.2013 09:39:44
VBASE030.VDF   : 7.11.71.23      2048 Bytes  08.04.2013 09:39:44
VBASE031.VDF   : 7.11.71.84     89600 Bytes  09.04.2013 09:08:08
Engineversion  : 8.2.12.24 
AEVDF.DLL      : 8.1.2.10      102772 Bytes  12.07.2012 19:09:32
AESCRIPT.DLL   : 8.1.4.104     475517 Bytes  05.04.2013 09:05:02
AESCN.DLL      : 8.1.10.4      131446 Bytes  28.03.2013 11:21:43
AESBX.DLL      : 8.2.5.12      606578 Bytes  14.06.2012 18:18:07
AERDL.DLL      : 8.2.0.88      643444 Bytes  14.01.2013 13:43:36
AEPACK.DLL     : 8.3.2.6       827767 Bytes  28.03.2013 12:31:47
AEOFFICE.DLL   : 8.1.2.56      205180 Bytes  11.03.2013 09:08:09
AEHEUR.DLL     : 8.1.4.278    5828985 Bytes  05.04.2013 09:04:55
AEHELP.DLL     : 8.1.25.2      258423 Bytes  11.10.2012 13:12:14
AEGEN.DLL      : 8.1.7.2       442741 Bytes  28.03.2013 11:21:42
AEEXP.DLL      : 8.4.0.16      192886 Bytes  05.04.2013 09:05:03
AEEMU.DLL      : 8.1.3.2       393587 Bytes  12.07.2012 19:09:29
AECORE.DLL     : 8.1.31.2      201080 Bytes  20.02.2013 10:52:27
AEBB.DLL       : 8.1.1.4        53619 Bytes  07.11.2012 09:33:10
AVWINLL.DLL    : 13.6.0.480     26480 Bytes  23.02.2013 12:16:51
AVPREF.DLL     : 13.6.0.480     51056 Bytes  23.02.2013 12:17:07
AVREP.DLL      : 13.6.0.480    178544 Bytes  23.02.2013 12:17:35
AVARKT.DLL     : 13.6.0.624    260832 Bytes  23.02.2013 12:17:04
AVEVTLOG.DLL   : 13.6.0.600    167648 Bytes  23.02.2013 12:17:05
SQLITE3.DLL    : 3.7.0.1       397704 Bytes  23.02.2013 12:17:27
AVSMTP.DLL     : 13.6.0.480     62832 Bytes  23.02.2013 12:17:08
NETNT.DLL      : 13.6.0.480     16240 Bytes  23.02.2013 12:17:22
RCIMAGE.DLL    : 13.4.0.360   4780832 Bytes  23.02.2013 12:16:53
RCTEXT.DLL     : 13.6.0.480     68976 Bytes  23.02.2013 12:16:53

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:, J:, K:, L:, M:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Dienstag, 9. April 2013  18:03

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'E:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'J:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'K:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'L:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'M:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'Tropico.EXE' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehRecvr.exe' - '216' Modul(e) wurden durchsucht
Durchsuche Prozess 'WmiApSrv.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'alg.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehsched.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'vmnetdhcp.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'vmware-authd.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'TVESched.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'x10nets.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '7' Modul(e) wurden durchsucht
Durchsuche Prozess 'vmnat.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'vmware-usbarbitrator.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'TVECapSvc.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'PVRService.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'IoctlSvc.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'nisvcloc.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'NBService.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'lktsrv.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'lkads.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'lkcitdl.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'Iaantmon.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'ewbnlss.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'DQLWinService.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'AlertService.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleToolbarNotifier.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'TBPANEL.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCU_Engine.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'msnmsgr.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'vmware-tray.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'PMVService.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'realsched.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVDServ.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'brs.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'TVEService.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'IntelHCTAgent.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleDesktop.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCU_TrayIcon.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '174' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '158' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '115' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '7117' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <System>
Beginne mit der Suche in 'D:\' <Dateien/Medien>
Beginne mit der Suche in 'E:\' <SYSTEMVISTA>
Beginne mit der Suche in 'J:\' <Medium>
Beginne mit der Suche in 'K:\' <Games>
Beginne mit der Suche in 'L:\' <Programme>
Beginne mit der Suche in 'M:\' <Medien>


Ende des Suchlaufs: Dienstag, 9. April 2013  21:04
Benötigte Zeit:  3:01:24 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  46693 Verzeichnisse wurden überprüft
 1739065 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 1739065 Dateien ohne Befall
  17049 Archive wurden durchsucht
      0 Warnungen
      0 Hinweise
 856585 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden

Wäre cool wenn sich hier einer bereit stellt und mir in dieser Sache hilft.
Wie gesagt Problem des "coupondropdown" hält sich weiterhin auf meinem Rechner hartnäckig.

cosinus · 09.04.2013, 22:03

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Rootkitscan mit GMER

Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

DanGomes · 10.04.2013, 12:59

Hi cosinus.
Habe Deine Schritte befolgt, allerdings war es sehr mühsam und zum Teil nicht erfolgreich.
Vorne weg, dass "coupondropdown" Problem besteht weiterhin.

Puntk 1 "GMER Scan":
Der Scan lief auf meinem PC sehr störrisch. Die möglichen Probleme die Du vorab bereist erwähnt hattest, kamen auch vor. Ich habe den Scan im normalem und im abgesichertem Modus laufen lassen, vobei im abgesicherten Modus der Quickscan gefühlte Ewigkeiten dauerte. Insgesamt habe ich nach mehreren erfolglosen Versuchen bei beiden Modi drei erfolgreiche Scans durchführen können. Aber bei allen erfolgreichen Scans kam jeweils zweimal die gleiche Fehlermeldung vor "Es befindet sich kein Datenträger im Laufwerk. Legen Sie einen Datenträger in Laufwerk\Device\Harddisk2\DR2 ein.", welches sich durch mehrere male drücken auf den "wiederholen butten" wegklicken ließ und der Suchvorgang weiter fortgesetzt wurde. Ebenfalls war es mir nicht möglich die Log-Datei des erfolgreichen Scans im abgesicherten Modus zu speichern, da dass System sehr langsam im abgesicherten Modus lief und beim Versuch die Log-Datei zu speichern sich aufhängte, dabei war die Liste mit Seitenweise Registry-Einträgen versehen, welche in den anderen Scans nicht so oft vorkommen. Allerdings habe ich das Gefühl, dass nach einem Suchlauf jede neue Log-Datei andere Einträge beinhaltet.
Hier nun die Logs des GMER Scans:

nicht erfolgreiche Scans

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-10 08:06:52
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST350083 rev.3.AA 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\kwkoakow.sys


---- System - GMER 2.1 ----

SSDT            8FAE1FBE                                                                                 ZwCreateSection
SSDT            8FAE1FC8                                                                                 ZwRequestWaitReplyPort
SSDT            8FAE1FC3                                                                                 ZwSetContextThread
SSDT            8FAE1FCD                                                                                 ZwSetSecurityObject
SSDT            8FAE1FD2                                                                                 ZwSystemDebugControl
SSDT            8FAE1F5F                                                                                 ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                            85EE88D8 4 Bytes  [BE, 1F, AE, 8F]
.text           ntkrnlpa.exe!KeSetEvent + 539                                                            85EE8BFC 4 Bytes  [C8, 1F, AE, 8F] {ENTER 0xae1f, 0x8f}
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                            85EE8C30 4 Bytes  [C3, 1F, AE, 8F]
.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                            85EE8C94 4 Bytes  [CD, 1F, AE, 8F]
.text           ntkrnlpa.exe!KeSetEvent + 619                                                            85EE8CDC 4 Bytes  [D2, 1F, AE, 8F]
.text           ...                                                                                      
                C:\Program Files\HomeCinema\PlayMovie\000.fcl                                            entry point in "" section [0xB6F4941C]
.clc            C:\Program Files\HomeCinema\PlayMovie\000.fcl                                            unknown last code section [0xB6F4A000, 0x1000, 0xE0000020]
                C:\Program Files\HomeCinema\PowerDVD\000.fcl                                             entry point in "" section [0xB6F4941C]
.clc            C:\Program Files\HomeCinema\PowerDVD\000.fcl                                             unknown last code section [0xB6F4A000, 0x1000, 0xE0000020]

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                  VMkbd.sys

Device          \Driver\usbuhci \Device\USBPDO-0                                                         hcmon.sys
Device          \Driver\usbuhci \Device\USBPDO-1                                                         hcmon.sys
Device          \Driver\usbuhci \Device\USBPDO-2                                                         hcmon.sys
Device          \Driver\usbehci \Device\USBPDO-3                                                         hcmon.sys
Device          \Driver\usbuhci \Device\USBPDO-4                                                         hcmon.sys
Device          \Driver\usbuhci \Device\USBPDO-5                                                         hcmon.sys
Device          \Driver\usbuhci \Device\USBPDO-6                                                         hcmon.sys
Device          \Driver\usbhub \Device\00000070                                                          hcmon.sys
Device          \Driver\usbehci \Device\USBPDO-7                                                         hcmon.sys
Device          \Driver\usbhub \Device\00000071                                                          hcmon.sys
Device          \Driver\usbhub \Device\USBPDO-8                                                          hcmon.sys
Device          \Driver\usbhub \Device\00000072                                                          hcmon.sys
Device          \Driver\usbhub \Device\00000073                                                          hcmon.sys
Device          \Driver\usbhub \Device\USBPDO-11                                                         hcmon.sys
Device          \Driver\usbhub \Device\USBPDO-12                                                         hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-0                                                         hcmon.sys
Device          \Driver\usbhub \Device\0000006c                                                          hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-1                                                         hcmon.sys
Device          \Driver\usbhub \Device\0000006d                                                          hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-2                                                         hcmon.sys
Device          \Driver\usbhub \Device\0000006e                                                          hcmon.sys
Device          \Driver\usbehci \Device\USBFDO-3                                                         hcmon.sys
Device          \Driver\usbhub \Device\0000006f                                                          hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-4                                                         hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-5                                                         hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-6                                                         hcmon.sys
Device          \Driver\usbehci \Device\USBFDO-7                                                         hcmon.sys

AttachedDevice  \FileSystem\fastfat \Fat                                                                 fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat  0x10 0x3C 0x69 0x99 ...

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-10 08:55:13
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST350083 rev.3.AA 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\kwkoakow.sys


---- System - GMER 2.1 ----

SSDT   9176DD9E                                                                                 ZwCreateSection
SSDT   9176DDA8                                                                                 ZwRequestWaitReplyPort
SSDT   9176DDA3                                                                                 ZwSetContextThread
SSDT   9176DDAD                                                                                 ZwSetSecurityObject
SSDT   9176DDB2                                                                                 ZwSystemDebugControl
SSDT   9176DD3F                                                                                 ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!KeSetEvent + 215                                                            85EED8D8 4 Bytes  [9E, DD, 76, 91] {SAHF ; FNSAVE [ESI-0x6f]}
.text  ntkrnlpa.exe!KeSetEvent + 539                                                            85EEDBFC 4 Bytes  [A8, DD, 76, 91] {TEST AL, 0xdd; JBE 0xffffff95}
.text  ntkrnlpa.exe!KeSetEvent + 56D                                                            85EEDC30 4 Bytes  [A3, DD, 76, 91]
.text  ntkrnlpa.exe!KeSetEvent + 5D1                                                            85EEDC94 4 Bytes  [AD, DD, 76, 91] {LODSD ; FNSAVE [ESI-0x6f]}
.text  ntkrnlpa.exe!KeSetEvent + 619                                                            85EEDCDC 4 Bytes  [B2, DD, 76, 91] {MOV DL, 0xdd; JBE 0xffffff95}
.text  ...                                                                                      
       C:\Program Files\HomeCinema\PlayMovie\000.fcl                                            entry point in "" section [0xADC2941C]
.clc   C:\Program Files\HomeCinema\PlayMovie\000.fcl                                            unknown last code section [0xADC2A000, 0x1000, 0xE0000020]
       C:\Program Files\HomeCinema\PowerDVD\000.fcl                                             entry point in "" section [0xADC2941C]
.clc   C:\Program Files\HomeCinema\PowerDVD\000.fcl                                             unknown last code section [0xADC2A000, 0x1000, 0xE0000020]

---- Registry - GMER 2.1 ----

Reg    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat  0x5A 0xDB 0x98 0x78 ...

erfolgreiche Scans
mit Hacken bei Device

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-10 10:35:46
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST350083 rev.3.AA 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\kwkoakow.sys


---- System - GMER 2.1 ----

SSDT            942879DE                                                                                                     ZwCreateSection
SSDT            942879E8                                                                                                     ZwRequestWaitReplyPort
SSDT            942879E3                                                                                                     ZwSetContextThread
SSDT            942879ED                                                                                                     ZwSetSecurityObject
SSDT            942879F2                                                                                                     ZwSystemDebugControl
SSDT            9428797F                                                                                                     ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                                85EEC8D8 4 Bytes  [DE, 79, 28, 94] {FIDIVR WORD [ECX+0x28]; XCHG ESP, EAX}
.text           ntkrnlpa.exe!KeSetEvent + 539                                                                                85EECBFC 4 Bytes  CALL 8182F47A 
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                                85EECC30 4 Bytes  [E3, 79, 28, 94]
.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                                                85EECC94 4 Bytes  [ED, 79, 28, 94] {IN EAX, DX; JNS 0x2b; XCHG ESP, EAX}
.text           ntkrnlpa.exe!KeSetEvent + 619                                                                                85EECCDC 4 Bytes  [F2, 79, 28, 94] {JNS 0x2b; XCHG ESP, EAX}
.text           ...                                                                                                          
                C:\Program Files\HomeCinema\PlayMovie\000.fcl                                                                entry point in "" section [0xA475041C]
.clc            C:\Program Files\HomeCinema\PlayMovie\000.fcl                                                                unknown last code section [0xA4751000, 0x1000, 0xE0000020]
                C:\Program Files\HomeCinema\PowerDVD\000.fcl                                                                 entry point in "" section [0xA475041C]
.clc            C:\Program Files\HomeCinema\PowerDVD\000.fcl                                                                 unknown last code section [0xA4751000, 0x1000, 0xE0000020]

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                      VMkbd.sys

Device          \Driver\usbuhci \Device\USBPDO-0                                                                             hcmon.sys
Device          \Driver\usbuhci \Device\USBPDO-1                                                                             hcmon.sys
Device          \Driver\usbuhci \Device\USBPDO-2                                                                             hcmon.sys
Device          \Driver\usbehci \Device\USBPDO-3                                                                             hcmon.sys
Device          \Driver\usbuhci \Device\USBPDO-4                                                                             hcmon.sys
Device          \Driver\usbuhci \Device\USBPDO-5                                                                             hcmon.sys
Device          \Driver\usbuhci \Device\USBPDO-6                                                                             hcmon.sys
Device          \Driver\usbhub \Device\00000070                                                                              hcmon.sys
Device          \Driver\usbehci \Device\USBPDO-7                                                                             hcmon.sys
Device          \Driver\usbhub \Device\00000071                                                                              hcmon.sys
Device          \Driver\usbhub \Device\USBPDO-8                                                                              hcmon.sys
Device          \Driver\usbhub \Device\00000072                                                                              hcmon.sys
Device          \Driver\usbhub \Device\USBPDO-10                                                                             hcmon.sys
Device          \Driver\usbhub \Device\USBPDO-12                                                                             hcmon.sys
Device          \Driver\usbhub \Device\0000006b                                                                              hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-0                                                                             hcmon.sys
Device          \Driver\usbhub \Device\0000006c                                                                              hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-1                                                                             hcmon.sys
Device          \Driver\usbhub \Device\0000006d                                                                              hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-2                                                                             hcmon.sys
Device          \Driver\usbhub \Device\0000006e                                                                              hcmon.sys
Device          \Driver\usbehci \Device\USBFDO-3                                                                             hcmon.sys
Device          \Driver\usbhub \Device\0000006f                                                                              hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-4                                                                             hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-5                                                                             hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-6                                                                             hcmon.sys
Device          \Driver\usbehci \Device\USBFDO-7                                                                             hcmon.sys

AttachedDevice  \FileSystem\fastfat \Fat                                                                                     fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat                      0x32 0x7F 0x9B 0xBB ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@\24!s!\24!y!c!`!s!i!\22!t!t!\22!i!c!s!j!  19583823

---- EOF - GMER 2.1 ----

ohne Hacken bei Device

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-10 11:26:31
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST350083 rev.3.AA 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\kwkoakow.sys


---- System - GMER 2.1 ----

SSDT   8FCC6F3E                                                                                                     ZwCreateSection
SSDT   8FCC6F48                                                                                                     ZwRequestWaitReplyPort
SSDT   8FCC6F43                                                                                                     ZwSetContextThread
SSDT   8FCC6F4D                                                                                                     ZwSetSecurityObject
SSDT   8FCC6F52                                                                                                     ZwSystemDebugControl
SSDT   8FCC6EDF                                                                                                     ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!KeSetEvent + 215                                                                                85EBA8D8 4 Bytes  [3E, 6F, CC, 8F]
.text  ntkrnlpa.exe!KeSetEvent + 539                                                                                85EBABFC 4 Bytes  [48, 6F, CC, 8F]
.text  ntkrnlpa.exe!KeSetEvent + 56D                                                                                85EBAC30 4 Bytes  [43, 6F, CC, 8F]
.text  ntkrnlpa.exe!KeSetEvent + 5D1                                                                                85EBAC94 4 Bytes  [4D, 6F, CC, 8F]
.text  ntkrnlpa.exe!KeSetEvent + 619                                                                                85EBACDC 4 Bytes  [52, 6F, CC, 8F]
.text  ...                                                                                                          
       C:\Program Files\HomeCinema\PlayMovie\000.fcl                                                                entry point in "" section [0xA494B41C]
.clc   C:\Program Files\HomeCinema\PlayMovie\000.fcl                                                                unknown last code section [0xA494C000, 0x1000, 0xE0000020]
       C:\Program Files\HomeCinema\PowerDVD\000.fcl                                                                 entry point in "" section [0xA494B41C]
.clc   C:\Program Files\HomeCinema\PowerDVD\000.fcl                                                                 unknown last code section [0xA494C000, 0x1000, 0xE0000020]

---- Registry - GMER 2.1 ----

Reg    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat                      0xC2 0x5D 0xA5 0x6B ...
Reg    HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogName                                    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy223.gthr
Reg    HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogNumber                                  223
Reg    HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@CheckPointSignature                        dda498c1-7dcf-49bd-8967-241bbe98c811
Reg    HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@\24!s!\24!y!c!`!s!i!\22!t!t!\22!i!c!s!j!  19583823

---- EOF - GMER 2.1 ----

So und nun zu Punkt 2 "Malwarebytes Anti-Rootkit":
Habe laut Deiner Anleitung zwei Scans versucht durchzuführen. Beide Scans blieben beim Suchlauf stecken, so dass keine Festplattengeräusche mehr zu hören waren, kein Abbruch des Scans möglich war, die Taskleiste sich nicht mehr bedienen ließ, der Taskmanager sich nicht aufrufen ließ, der Mauszeiger ständig auf Ladesymbol stecken blieb und schlussendlich der PC sich aufhängte und einen schwarzer Bildschirm zeigte, in dem man nur noch den Mauszeiger bewegen konnte. Neustart oder Herunterfahren waren auch nicht möglich. Es half nur Einschaltknopf gedrückt halten um herauszukommen. Falls noch helfen sollte, die Scans blieben fast an der gleichen Stelle stecken. Einmal bei dem Pfad "C:\Windows\Installer\faed.msi" und das zweite Mal bei "C:\Window\Installer\f3dd4.msp". Trotz allem wurde eine Log-Datei, wie in Deiner Anleitung beschrieben, erstellt.
Hier die Log-Datei des nicht erfolgreichen Scans unter Malwarebytes Anti-Rootkit:

Code:

ATTFilter

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, J:\ DRIVE_FIXED, K:\ DRIVE_FIXED, L:\ DRIVE_FIXED, M:\ DRIVE_FIXED
CPU speed: 2.660000 GHz
Memory total: 3486990336, free: 2343997440

------------ Kernel report ------------
     04/10/2013 11:27:58
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iastor.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\3xHybrid.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\BdaSup.SYS
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\System32\Drivers\AnyDVD.sys
\SystemRoot\System32\Drivers\ElbyDelay.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\x10hid.sys
\SystemRoot\System32\Drivers\HIDCLASS.SYS
\SystemRoot\System32\Drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\vmnetadapter.sys
\SystemRoot\system32\DRIVERS\VMNET.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\??\C:\Windows\system32\drivers\VMkbd.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\System32\Drivers\StarOpen.SYS
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\x10ufx2.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\vmnetbridge.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\Drivers\cvintdrv.SYS
\??\C:\Windows\system32\drivers\hcmon.sys
\SystemRoot\System32\Drivers\TBPanel.SYS
\??\C:\Windows\system32\Drivers\vmci.sys
\??\C:\Windows\system32\Drivers\vmx86.sys
\SystemRoot\system32\DRIVERS\nmsunidr.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\vmnetuserif.sys
\??\M:\Program Files\VMware\vstor2-ws60.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Program Files\HomeCinema\PlayMovie\000.fcl
\??\C:\Program Files\HomeCinema\PowerDVD\000.fcl
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\drivers\MSPQM.sys
\??\C:\Users\ADMINI~1\AppData\Local\Temp\kwkoakow.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff8b41eac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000007f\
Lower Device Object: 0xffffffff8b3ee5d0
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff8b41dac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000007e\
Lower Device Object: 0xffffffff8b3e1420
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff8b3eea10
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000007d\
Lower Device Object: 0xffffffff8b3ee1c8
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8a4ea7c0
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xffffffff89316030
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a3e7390
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff89307030
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, J:\ DRIVE_FIXED, K:\ DRIVE_FIXED, L:\ DRIVE_FIXED, M:\ DRIVE_FIXED
CPU speed: 2.660000 GHz
Memory total: 3486990336, free: 2264506368

------------ Kernel report ------------
     04/10/2013 11:33:21
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iastor.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\3xHybrid.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\BdaSup.SYS
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\System32\Drivers\AnyDVD.sys
\SystemRoot\System32\Drivers\ElbyDelay.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\x10hid.sys
\SystemRoot\System32\Drivers\HIDCLASS.SYS
\SystemRoot\System32\Drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\vmnetadapter.sys
\SystemRoot\system32\DRIVERS\VMNET.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\??\C:\Windows\system32\drivers\VMkbd.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\System32\Drivers\StarOpen.SYS
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\x10ufx2.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\vmnetbridge.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\Drivers\cvintdrv.SYS
\??\C:\Windows\system32\drivers\hcmon.sys
\SystemRoot\System32\Drivers\TBPanel.SYS
\??\C:\Windows\system32\Drivers\vmci.sys
\??\C:\Windows\system32\Drivers\vmx86.sys
\SystemRoot\system32\DRIVERS\nmsunidr.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\vmnetuserif.sys
\??\M:\Program Files\VMware\vstor2-ws60.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Program Files\HomeCinema\PlayMovie\000.fcl
\??\C:\Program Files\HomeCinema\PowerDVD\000.fcl
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\drivers\MSPQM.sys
\??\C:\Users\ADMINI~1\AppData\Local\Temp\kwkoakow.sys
\SystemRoot\system32\DRIVERS\e1e6032.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff8b41eac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000007f\
Lower Device Object: 0xffffffff8b3ee5d0
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xffffffff9513f4d0
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff8b41dac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000007e\
Lower Device Object: 0xffffffff8b3e1420
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xffffffff81841328
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff8b3eea10
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000007d\
Lower Device Object: 0xffffffff8b3ee1c8
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xffffffffd677ff08
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8a4ea7c0
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xffffffff89316030
Lower Device Driver Name: \Driver\iaStor\
Device already Exists: 0xffffffff818032e0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a3e7390
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff89307030
Lower Device Driver Name: \Driver\iaStor\
Device already Exists: 0xffffffff952ff430
Downloaded database version: v2013.04.10.02
Downloaded database version: v2013.03.25.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a3e7390, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a4ead18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8a3e7390, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff89307030, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffb9457818, 0xffffffff8a3e7390, 0xffffffff9569fa20
Lower DeviceData: 0xffffffffb67dbb60, 0xffffffff89307030, 0xffffffff952ff430
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2BAB359D

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 505606543
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 505608192  Numsec = 214175744

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 719783936  Numsec = 215037952

    Partition 3 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 934822350  Numsec = 41945715

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8a4ea7c0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a4ea3e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8a4ea7c0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff89316030, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffbc31de08, 0xffffffff8a4ea7c0, 0xffffffff81841488
Lower DeviceData: 0xffffffffbc3722d8, 0xffffffff89316030, 0xffffffff818032e0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 710BED0C

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 488516610

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 488517632  Numsec = 242493440

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 731011072  Numsec = 245760000

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff8b3eea10, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b260560, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8b3eea10, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8b3ee1c8, DeviceName: \Device\0000007d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff8b41dac8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b41d7b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8b41dac8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8b3e1420, DeviceName: \Device\0000007e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff8b41eac8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b41e748, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8b41eac8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8b3ee5d0, DeviceName: \Device\0000007f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, J:\ DRIVE_FIXED, K:\ DRIVE_FIXED, L:\ DRIVE_FIXED, M:\ DRIVE_FIXED
CPU speed: 2.660000 GHz
Memory total: 3486990336, free: 2844647424

Could not load protection driver
DDA Driver installation error.
Driver installed on boot. Reboot required.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, J:\ DRIVE_FIXED, K:\ DRIVE_FIXED, L:\ DRIVE_FIXED, M:\ DRIVE_FIXED
CPU speed: 2.660000 GHz
Memory total: 3486990336, free: 2915639296

DDA Driver installation error.
Downloaded database version: v2013.04.10.03
Driver is not installed. Scan is aborted.
Driver is not installed. Scan is aborted.
Driver is not installed. Scan is aborted.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, J:\ DRIVE_FIXED, K:\ DRIVE_FIXED, L:\ DRIVE_FIXED, M:\ DRIVE_FIXED
CPU speed: 2.660000 GHz
Memory total: 3486990336, free: 2097897472

DDA driver is not installed

Host not found
Host not found
Initializing...
Done!
Can't access volume using primary device, the volume might be encrypted.
The system volume seems inaccessible or encrypted. Scan can't continue.
=======================================


Could not remove DDA driver
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, J:\ DRIVE_FIXED, K:\ DRIVE_FIXED, L:\ DRIVE_FIXED, M:\ DRIVE_FIXED
CPU speed: 2.660000 GHz
Memory total: 3486990336, free: 2407735296

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, J:\ DRIVE_FIXED, K:\ DRIVE_FIXED, L:\ DRIVE_FIXED, M:\ DRIVE_FIXED
CPU speed: 2.660000 GHz
Memory total: 3486990336, free: 2212466688

------------ Kernel report ------------
     04/10/2013 12:09:31
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iastor.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\e1e6032.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\3xHybrid.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\BdaSup.SYS
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\System32\Drivers\AnyDVD.sys
\SystemRoot\System32\Drivers\ElbyDelay.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\x10hid.sys
\SystemRoot\System32\Drivers\HIDCLASS.SYS
\SystemRoot\System32\Drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\vmnetadapter.sys
\SystemRoot\system32\DRIVERS\VMNET.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\??\C:\Windows\system32\drivers\VMkbd.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\System32\Drivers\StarOpen.SYS
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\x10ufx2.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\vmnetbridge.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\Drivers\cvintdrv.SYS
\??\C:\Windows\system32\drivers\hcmon.sys
\SystemRoot\System32\Drivers\TBPanel.SYS
\??\C:\Windows\system32\Drivers\vmci.sys
\??\C:\Windows\system32\Drivers\vmx86.sys
\SystemRoot\system32\DRIVERS\nmsunidr.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\vmnetuserif.sys
\??\M:\Program Files\VMware\vstor2-ws60.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Program Files\HomeCinema\PlayMovie\000.fcl
\??\C:\Program Files\HomeCinema\PowerDVD\000.fcl
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\drivers\MSPQM.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff8b7c88c0
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000081\
Lower Device Object: 0xffffffff8b7c97a8
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff8b7c8030
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000080\
Lower Device Object: 0xffffffff8b7bcb70
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff8b7164c0
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000007f\
Lower Device Object: 0xffffffff8b7c1cb8
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8a4180f8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xffffffff89316030
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a418ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff8930b030
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a418ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a4187b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8a418ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8930b030, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffbc6e76f0, 0xffffffff8a418ac8, 0xffffffff890983f0
Lower DeviceData: 0xffffffffc20291f0, 0xffffffff8930b030, 0xffffffff8900f418
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2BAB359D

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 505606543
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 505608192  Numsec = 214175744

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 719783936  Numsec = 215037952

    Partition 3 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 934822350  Numsec = 41945715

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8a4180f8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a51bcb0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8a4180f8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff89316030, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffc21947f8, 0xffffffff8a4180f8, 0xffffffff88be0040
Lower DeviceData: 0xffffffffc1f24388, 0xffffffff89316030, 0xffffffff88dd4ce0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 710BED0C

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 488516610

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 488517632  Numsec = 242493440

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 731011072  Numsec = 245760000

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff8b7164c0, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b7c9020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8b7164c0, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8b7c1cb8, DeviceName: \Device\0000007f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff8b7c8030, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b7c9490, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8b7c8030, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8b7bcb70, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff8b7c88c0, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b7c7020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8b7c88c0, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8b7c97a8, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, J:\ DRIVE_FIXED, K:\ DRIVE_FIXED, L:\ DRIVE_FIXED, M:\ DRIVE_FIXED
CPU speed: 2.660000 GHz
Memory total: 3486990336, free: 2098196480

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, J:\ DRIVE_FIXED, K:\ DRIVE_FIXED, L:\ DRIVE_FIXED, M:\ DRIVE_FIXED
CPU speed: 2.660000 GHz
Memory total: 3486990336, free: 1889017856

------------ Kernel report ------------
     04/10/2013 13:21:16
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iastor.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\e1e6032.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\3xHybrid.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\BdaSup.SYS
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\System32\Drivers\AnyDVD.sys
\SystemRoot\System32\Drivers\ElbyDelay.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\x10hid.sys
\SystemRoot\System32\Drivers\HIDCLASS.SYS
\SystemRoot\System32\Drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\vmnetadapter.sys
\SystemRoot\system32\DRIVERS\VMNET.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\??\C:\Windows\system32\drivers\VMkbd.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\System32\Drivers\StarOpen.SYS
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\x10ufx2.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\vmnetbridge.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\Drivers\cvintdrv.SYS
\??\C:\Windows\system32\drivers\hcmon.sys
\SystemRoot\System32\Drivers\TBPanel.SYS
\??\C:\Windows\system32\Drivers\vmci.sys
\??\C:\Windows\system32\Drivers\vmx86.sys
\SystemRoot\system32\DRIVERS\nmsunidr.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\vmnetuserif.sys
\??\M:\Program Files\VMware\vstor2-ws60.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Program Files\HomeCinema\PlayMovie\000.fcl
\??\C:\Program Files\HomeCinema\PowerDVD\000.fcl
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\drivers\MSPQM.sys
\??\C:\Users\ADMINI~1\AppData\Local\Temp\kwkoakow.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff8b7c5030
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000080\
Lower Device Object: 0xffffffff8b7cb940
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff8b7caac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000007f\
Lower Device Object: 0xffffffff8b7cd178
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff8b7ce030
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000007e\
Lower Device Object: 0xffffffff8b7cbcb8
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8a413560
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xffffffff89314030
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a413ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff89308030
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
=======================================

Ich befürchte mein System ist richtig im Arsch.

Gruß, cotangens.

cosinus · 10.04.2013, 14:16

Ist eigenlich das falsche Log von MBAR
Probier bitte MBAR nochmal im abgesicherten Modus mit Netzwerktreibern aus

DanGomes · 10.04.2013, 16:11

Hi cosinus.
Hab gerade zweimal versucht MBAR im abgesicherten Modus durchzuführen. Genau das gleiche Problem wie oben beschrieben. Scan bleibt erneut stecken und hängt das ganze System auf, so dass man nur herauskommt durch gedrückthalten des Einschaltknopfes. Diesmal blieben die Scans bei den Pfaden "C:\Windows\Installer\MSI1144.tmp" und erneut bei "C:\Windows\Installer\f3dd4.msp" fest.

Gruß, cotangens.

cosinus · 10.04.2013, 21:14

Dann probieren wir MBAR später nochmal

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

DanGomes · 11.04.2013, 10:31

Hi cosinus.
Vorne weg, dass "coupondropdown"-Problem besteht weiterhin.
Habe beides, so wie von Dir beschrieben, ausgeführt und Programme liefen problemlos durch.
Hier nun die Logs.

aswMBR.txt

Code:

ATTFilter

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-11 10:36:11
-----------------------------
10:36:11.665    OS Version: Windows 6.0.6002 Service Pack 2
10:36:11.665    Number of processors: 2 586 0xF0B
10:36:11.667    ComputerName: ADMINISTRATI-PC  UserName: Administration
10:36:12.596    Initialize success
10:37:53.662    AVAST engine defs: 13041002
10:38:20.480    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:38:20.482    Disk 0 Vendor: ST350083 3.AA Size: 476940MB BusType: 3
10:38:20.484    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
10:38:20.486    Disk 1 Vendor: ST350083 3.AF Size: 476940MB BusType: 3
10:38:20.595    Disk 0 MBR read successfully
10:38:20.598    Disk 0 MBR scan
10:38:20.604    Disk 0 Windows VISTA default MBR code
10:38:20.607    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       246878 MB offset 63
10:38:20.626    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       104578 MB offset 505608192
10:38:20.646    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       104999 MB offset 719783936
10:38:20.653    Disk 0 Partition - 00     0F Extended LBA             20481 MB offset 934822350
10:38:20.670    Disk 0 Partition 4 00     0B        FAT32 MSDOS5.0    20481 MB offset 934822413
10:38:20.729    Disk 0 scanning sectors +976768065
10:38:20.850    Disk 0 scanning C:\Windows\system32\drivers
10:38:33.106    Service scanning
10:39:02.017    Modules scanning
10:39:20.437    Disk 0 trace - called modules:
10:39:20.450    ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 
10:39:20.454    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89df8a38]
10:39:20.459    3 CLASSPNP.SYS[8ed9f8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x892dd030]
10:39:21.182    AVAST engine scan C:\Windows
10:39:31.070    AVAST engine scan C:\Windows\system32
10:44:05.971    AVAST engine scan C:\Windows\system32\drivers
10:44:21.023    AVAST engine scan C:\Users\Administration
11:01:30.896    AVAST engine scan C:\ProgramData
11:04:45.899    Scan finished successfully
11:05:39.984    Disk 0 MBR has been saved successfully to "C:\Users\Administration\Desktop\MBR.dat"
11:05:39.989    The log file has been saved successfully to "C:\Users\Administration\Desktop\aswMBR.txt"

TDSSKiller.txt

Code:

ATTFilter

11:14:11.0411 5540  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:14:11.0612 5540  ============================================================
11:14:11.0612 5540  Current date / time: 2013/04/11 11:14:11.0612
11:14:11.0612 5540  SystemInfo:
11:14:11.0612 5540  
11:14:11.0612 5540  OS Version: 6.0.6002 ServicePack: 2.0
11:14:11.0612 5540  Product type: Workstation
11:14:11.0612 5540  ComputerName: ADMINISTRATI-PC
11:14:11.0612 5540  UserName: Administration
11:14:11.0612 5540  Windows directory: C:\Windows
11:14:11.0612 5540  System windows directory: C:\Windows
11:14:11.0612 5540  Processor architecture: Intel x86
11:14:11.0612 5540  Number of processors: 2
11:14:11.0612 5540  Page size: 0x1000
11:14:11.0612 5540  Boot type: Normal boot
11:14:11.0612 5540  ============================================================
11:14:12.0013 5540  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:14:21.0261 5540  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:14:21.0313 5540  ============================================================
11:14:21.0313 5540  \Device\Harddisk0\DR0:
11:14:21.0317 5540  MBR partitions:
11:14:21.0317 5540  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1E22F18F
11:14:21.0317 5540  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E22F800, BlocksNum 0xCC41000
11:14:21.0317 5540  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2AE70800, BlocksNum 0xCD13800
11:14:21.0333 5540  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xB, StartLBA 0x37B8420D, BlocksNum 0x2800A34
11:14:21.0334 5540  \Device\Harddisk1\DR1:
11:14:21.0336 5540  MBR partitions:
11:14:21.0336 5540  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1E2C02
11:14:21.0336 5540  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x1D1E3000, BlocksNum 0xE742800
11:14:21.0337 5540  \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x2B925800, BlocksNum 0xEA60000
11:14:21.0337 5540  ============================================================
11:14:21.0367 5540  C: <-> \Device\Harddisk0\DR0\Partition1
11:14:21.0397 5540  D: <-> \Device\Harddisk1\DR1\Partition1
11:14:21.0397 5540  E: <-> \Device\Harddisk0\DR0\Partition4
11:14:21.0431 5540  J: <-> \Device\Harddisk0\DR0\Partition2
11:14:21.0458 5540  K: <-> \Device\Harddisk0\DR0\Partition3
11:14:21.0499 5540  L: <-> \Device\Harddisk1\DR1\Partition2
11:14:21.0532 5540  M: <-> \Device\Harddisk1\DR1\Partition3
11:14:21.0533 5540  ============================================================
11:14:21.0533 5540  Initialize success
11:14:21.0533 5540  ============================================================
11:16:07.0296 4592  ============================================================
11:16:07.0296 4592  Scan started
11:16:07.0296 4592  Mode: Manual; SigCheck; TDLFS; 
11:16:07.0296 4592  ============================================================
11:16:07.0799 4592  ================ Scan system memory ========================
11:16:07.0799 4592  System memory - ok
11:16:07.0800 4592  ================ Scan services =============================
11:16:08.0163 4592  [ 53A3664BCA7BBC1C09744455BF2EA136 ] 3xHybrid        C:\Windows\system32\DRIVERS\3xHybrid.sys
11:16:08.0311 4592  3xHybrid - ok
11:16:08.0353 4592  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
11:16:08.0372 4592  ACPI - ok
11:16:08.0439 4592  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:16:08.0452 4592  AdobeFlashPlayerUpdateSvc - ok
11:16:08.0527 4592  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
11:16:08.0560 4592  adp94xx - ok
11:16:08.0574 4592  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
11:16:08.0589 4592  adpahci - ok
11:16:08.0605 4592  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
11:16:08.0614 4592  adpu160m - ok
11:16:08.0642 4592  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
11:16:08.0654 4592  adpu320 - ok
11:16:08.0693 4592  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:16:08.0792 4592  AeLookupSvc - ok
11:16:08.0835 4592  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
11:16:08.0890 4592  AFD - ok
11:16:08.0931 4592  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
11:16:08.0944 4592  agp440 - ok
11:16:08.0969 4592  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
11:16:08.0983 4592  aic78xx - ok
11:16:09.0148 4592  [ CF86F64A1AEA27E5FA97E697BF70346D ] AlertService    C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
11:16:09.0161 4592  AlertService - ok
11:16:09.0207 4592  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
11:16:09.0347 4592  ALG - ok
11:16:09.0379 4592  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:16:09.0391 4592  aliide - ok
11:16:09.0427 4592  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
11:16:09.0440 4592  amdagp - ok
11:16:09.0453 4592  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
11:16:09.0465 4592  amdide - ok
11:16:09.0498 4592  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
11:16:09.0652 4592  AmdK7 - ok
11:16:09.0679 4592  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
11:16:09.0763 4592  AmdK8 - ok
11:16:10.0132 4592  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:16:10.0145 4592  AntiVirSchedulerService - ok
11:16:10.0184 4592  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:16:10.0203 4592  AntiVirService - ok
11:16:10.0251 4592  [ 688111577381E3D4EE39E378AFF2663D ] AnyDVD          C:\Windows\system32\Drivers\AnyDVD.sys
11:16:10.0266 4592  AnyDVD - ok
11:16:10.0312 4592  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
11:16:10.0352 4592  Appinfo - ok
11:16:10.0377 4592  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
11:16:10.0391 4592  arc - ok
11:16:10.0429 4592  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
11:16:10.0443 4592  arcsas - ok
11:16:10.0484 4592  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:16:10.0532 4592  AsyncMac - ok
11:16:10.0559 4592  [ 4F4FCB8B6EA06784FB6D475B7EC7300F ] atapi           C:\Windows\system32\drivers\atapi.sys
11:16:10.0571 4592  atapi - ok
11:16:10.0638 4592  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:16:10.0675 4592  AudioEndpointBuilder - ok
11:16:10.0754 4592  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
11:16:10.0778 4592  Audiosrv - ok
11:16:10.0813 4592  [ 87425709A251386064C99B684BF96F72 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
11:16:10.0826 4592  avgntflt - ok
11:16:10.0866 4592  [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
11:16:10.0880 4592  avipbb - ok
11:16:10.0922 4592  [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
11:16:10.0935 4592  avkmgr - ok
11:16:10.0981 4592  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:16:11.0012 4592  Beep - ok
11:16:11.0053 4592  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
11:16:11.0092 4592  BFE - ok
11:16:11.0255 4592  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
11:16:11.0314 4592  BITS - ok
11:16:11.0318 4592  blbdrive - ok
11:16:11.0365 4592  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:16:11.0398 4592  bowser - ok
11:16:11.0437 4592  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
11:16:11.0468 4592  BrFiltLo - ok
11:16:11.0485 4592  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
11:16:11.0524 4592  BrFiltUp - ok
11:16:11.0574 4592  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
11:16:11.0634 4592  Browser - ok
11:16:11.0676 4592  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
11:16:11.0731 4592  Brserid - ok
11:16:11.0751 4592  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
11:16:11.0806 4592  BrSerWdm - ok
11:16:11.0839 4592  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
11:16:11.0918 4592  BrUsbMdm - ok
11:16:11.0936 4592  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
11:16:11.0991 4592  BrUsbSer - ok
11:16:12.0036 4592  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
11:16:12.0105 4592  BTHMODEM - ok
11:16:12.0205 4592  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:16:12.0255 4592  cdfs - ok
11:16:12.0294 4592  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:16:12.0343 4592  cdrom - ok
11:16:12.0405 4592  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
11:16:12.0448 4592  CertPropSvc - ok
11:16:12.0485 4592  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
11:16:12.0549 4592  circlass - ok
11:16:12.0583 4592  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
11:16:12.0618 4592  CLFS - ok
11:16:12.0693 4592  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:16:12.0707 4592  clr_optimization_v2.0.50727_32 - ok
11:16:12.0783 4592  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:16:12.0807 4592  clr_optimization_v4.0.30319_32 - ok
11:16:12.0832 4592  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:16:12.0843 4592  cmdide - ok
11:16:12.0862 4592  [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
11:16:12.0873 4592  Compbatt - ok
11:16:12.0878 4592  COMSysApp - ok
11:16:12.0904 4592  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
11:16:12.0917 4592  crcdisk - ok
11:16:12.0930 4592  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
11:16:12.0986 4592  Crusoe - ok
11:16:13.0063 4592  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:16:13.0120 4592  CryptSvc - ok
11:16:13.0150 4592  [ 310C5EC0B4278211089F0A5E915D025F ] cvintdrv        C:\Windows\system32\drivers\cvintdrv.sys
11:16:13.0166 4592  cvintdrv ( UnsignedFile.Multi.Generic ) - warning
11:16:13.0166 4592  cvintdrv - detected UnsignedFile.Multi.Generic (1)
11:16:13.0240 4592  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:16:13.0281 4592  DcomLaunch - ok
11:16:13.0317 4592  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:16:13.0359 4592  DfsC - ok
11:16:13.0457 4592  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
11:16:13.0611 4592  DFSR - ok
11:16:13.0663 4592  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
11:16:13.0697 4592  Dhcp - ok
11:16:13.0754 4592  [ 2C56880D37785CF2C07B0309CEBB0A7D ] DHTRACE         C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
11:16:13.0765 4592  DHTRACE - ok
11:16:13.0800 4592  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
11:16:13.0815 4592  disk - ok
11:16:13.0877 4592  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:16:13.0918 4592  Dnscache - ok
11:16:13.0975 4592  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:16:14.0021 4592  dot3svc - ok
11:16:14.0058 4592  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
11:16:14.0095 4592  DPS - ok
11:16:14.0218 4592  [ 28B42D80CE943A98C6BCEA67263CBDFF ] DQLWinService   C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
11:16:14.0243 4592  DQLWinService ( UnsignedFile.Multi.Generic ) - warning
11:16:14.0243 4592  DQLWinService - detected UnsignedFile.Multi.Generic (1)
11:16:14.0284 4592  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:16:14.0312 4592  drmkaud - ok
11:16:14.0433 4592  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:16:14.0490 4592  DXGKrnl - ok
11:16:14.0550 4592  [ 476D9F2F0789CDE89ACEE2A2FB21EC5A ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
11:16:14.0567 4592  e1express - ok
11:16:14.0608 4592  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
11:16:14.0682 4592  E1G60 - ok
11:16:14.0709 4592  EagleNT - ok
11:16:14.0750 4592  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
11:16:14.0772 4592  EapHost - ok
11:16:14.0808 4592  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
11:16:14.0826 4592  Ecache - ok
11:16:14.0892 4592  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:16:14.0925 4592  ehRecvr - ok
11:16:14.0952 4592  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
11:16:15.0004 4592  ehSched - ok
11:16:15.0011 4592  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
11:16:15.0030 4592  ehstart - ok
11:16:15.0045 4592  [ AAA8999A169E39FB8B48AE49CD6AC30A ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
11:16:15.0057 4592  ElbyCDIO - ok
11:16:15.0089 4592  [ E205C313417DA6FA7AFE85912A310A65 ] ElbyDelay       C:\Windows\system32\Drivers\ElbyDelay.sys
11:16:15.0100 4592  ElbyDelay - ok
11:16:15.0213 4592  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
11:16:15.0253 4592  elxstor - ok
11:16:15.0405 4592  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
11:16:15.0478 4592  EMDMgmt - ok
11:16:15.0523 4592  esgiguard - ok
11:16:15.0591 4592  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
11:16:15.0626 4592  EventSystem - ok
11:16:15.0695 4592  [ 0B2091BF6A51025A8A2050E672ECE07A ] EWBNLSS         m:\Program Files\Electronics Workbench\NLS\ewbnlss.exe
11:16:15.0712 4592  EWBNLSS ( UnsignedFile.Multi.Generic ) - warning
11:16:15.0712 4592  EWBNLSS - detected UnsignedFile.Multi.Generic (1)
11:16:15.0763 4592  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
11:16:15.0812 4592  exfat - ok
11:16:15.0845 4592  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:16:15.0874 4592  fastfat - ok
11:16:15.0897 4592  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
11:16:15.0953 4592  fdc - ok
11:16:15.0981 4592  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
11:16:16.0007 4592  fdPHost - ok
11:16:16.0044 4592  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:16:16.0107 4592  FDResPub - ok
11:16:16.0157 4592  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:16:16.0171 4592  FileInfo - ok
11:16:16.0199 4592  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:16:16.0243 4592  Filetrace - ok
11:16:16.0526 4592  [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe
11:16:16.0622 4592  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
11:16:16.0622 4592  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
11:16:16.0649 4592  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
11:16:16.0754 4592  flpydisk - ok
11:16:16.0825 4592  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:16:16.0842 4592  FltMgr - ok
11:16:16.0944 4592  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
11:16:17.0030 4592  FontCache - ok
11:16:17.0093 4592  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:16:17.0105 4592  FontCache3.0.0.0 - ok
11:16:17.0154 4592  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:16:17.0205 4592  Fs_Rec - ok
11:16:17.0232 4592  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
11:16:17.0246 4592  gagp30kx - ok
11:16:17.0308 4592  [ 51B2D8629E1A0F463682F365D56325CB ] GnabService     c:\program files\common files\gnab\service\servicecontroller.exe
11:16:17.0355 4592  GnabService ( UnsignedFile.Multi.Generic ) - warning
11:16:17.0355 4592  GnabService - detected UnsignedFile.Multi.Generic (1)
11:16:17.0422 4592  [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
11:16:17.0433 4592  GoogleDesktopManager-051210-111108 - ok
11:16:17.0475 4592  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
11:16:17.0542 4592  gpsvc - ok
11:16:17.0637 4592  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
11:16:17.0664 4592  gupdate - ok
11:16:17.0695 4592  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
11:16:17.0706 4592  gupdatem - ok
11:16:17.0757 4592  [ 408DDD80EEDE47175F6844817B90213E ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:16:17.0771 4592  gusvc - ok
11:16:17.0814 4592  [ 1F79859A8C1D7C14EF6207852F622ADD ] hcmon           C:\Windows\system32\drivers\hcmon.sys
11:16:17.0826 4592  hcmon - ok
11:16:17.0875 4592  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
11:16:17.0913 4592  HDAudBus - ok
11:16:17.0947 4592  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
11:16:17.0991 4592  HidBth - ok
11:16:18.0007 4592  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
11:16:18.0060 4592  HidIr - ok
11:16:18.0111 4592  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
11:16:18.0152 4592  hidserv - ok
11:16:18.0182 4592  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:16:18.0203 4592  HidUsb - ok
11:16:18.0233 4592  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:16:18.0269 4592  hkmsvc - ok
11:16:18.0290 4592  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
11:16:18.0302 4592  HpCISSs - ok
11:16:18.0423 4592  hpdj - ok
11:16:18.0517 4592  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:16:18.0581 4592  HTTP - ok
11:16:18.0609 4592  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
11:16:18.0621 4592  i2omp - ok
11:16:18.0668 4592  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
11:16:18.0700 4592  i8042prt - ok
11:16:18.0764 4592  [ 9BCF5972C941B4B5CB60DED03CB9E300 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
11:16:18.0785 4592  IAANTMON - ok
11:16:18.0881 4592  [ 28AAE599496B4930B3F19026F2083BC4 ] iaStor          C:\Windows\system32\drivers\iastor.sys
11:16:18.0895 4592  iaStor - ok
11:16:18.0965 4592  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
11:16:18.0995 4592  iaStorV - ok
11:16:19.0180 4592  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:16:19.0276 4592  idsvc - ok
11:16:19.0315 4592  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
11:16:19.0328 4592  iirsp - ok
11:16:19.0403 4592  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
11:16:19.0453 4592  IKEEXT - ok
11:16:19.0662 4592  [ 9F5898EBD3BBE82EADF2EFA595F02A72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
11:16:19.0750 4592  IntcAzAudAddService - ok
11:16:19.0762 4592  [ 97469037714070E45194ED318D636401 ] intelide        C:\Windows\system32\drivers\intelide.sys
11:16:19.0775 4592  intelide - ok
11:16:19.0814 4592  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:16:19.0853 4592  intelppm - ok
11:16:19.0881 4592  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:16:19.0925 4592  IPBusEnum - ok
11:16:19.0964 4592  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:16:19.0989 4592  IpFilterDriver - ok
11:16:20.0059 4592  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:16:20.0114 4592  iphlpsvc - ok
11:16:20.0118 4592  IpInIp - ok
11:16:20.0146 4592  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
11:16:20.0214 4592  IPMIDRV - ok
11:16:20.0257 4592  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
11:16:20.0297 4592  IPNAT - ok
11:16:20.0345 4592  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:16:20.0383 4592  IRENUM - ok
11:16:20.0404 4592  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:16:20.0416 4592  isapnp - ok
11:16:20.0451 4592  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
11:16:20.0469 4592  iScsiPrt - ok
11:16:20.0540 4592  [ 50ADB2883F8874AA6632A67CD410F27F ] ISSM            C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
11:16:20.0552 4592  ISSM - ok
11:16:20.0568 4592  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
11:16:20.0581 4592  iteatapi - ok
11:16:20.0598 4592  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
11:16:20.0611 4592  iteraid - ok
11:16:20.0637 4592  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:16:20.0652 4592  kbdclass - ok
11:16:20.0689 4592  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
11:16:20.0709 4592  kbdhid - ok
11:16:20.0753 4592  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
11:16:20.0793 4592  KeyIso - ok
11:16:20.0826 4592  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:16:20.0856 4592  KSecDD - ok
11:16:20.0936 4592  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:16:21.0008 4592  KtmRm - ok
11:16:21.0051 4592  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
11:16:21.0093 4592  LanmanServer - ok
11:16:21.0144 4592  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:16:21.0188 4592  LanmanWorkstation - ok
11:16:21.0224 4592  [ 47A111A4DC0D67DA431DF9F91EE09682 ] LkCitadelServer C:\Windows\system32\lkcitdl.exe
11:16:21.0273 4592  LkCitadelServer ( UnsignedFile.Multi.Generic ) - warning
11:16:21.0273 4592  LkCitadelServer - detected UnsignedFile.Multi.Generic (1)
11:16:21.0293 4592  [ 93CD77EF951E426A2C36A33D750D9321 ] lkClassAds      C:\Windows\system32\lkads.exe
11:16:21.0311 4592  lkClassAds ( UnsignedFile.Multi.Generic ) - warning
11:16:21.0311 4592  lkClassAds - detected UnsignedFile.Multi.Generic (1)
11:16:21.0324 4592  [ 9F616DF9EC606BA99323DAC363C4D414 ] lkTimeSync      C:\Windows\system32\lktsrv.exe
11:16:21.0342 4592  lkTimeSync ( UnsignedFile.Multi.Generic ) - warning
11:16:21.0342 4592  lkTimeSync - detected UnsignedFile.Multi.Generic (1)
11:16:21.0374 4592  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:16:21.0414 4592  lltdio - ok
11:16:21.0492 4592  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:16:21.0541 4592  lltdsvc - ok
11:16:21.0572 4592  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:16:21.0636 4592  lmhosts - ok
11:16:21.0679 4592  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
11:16:21.0693 4592  LSI_FC - ok
11:16:21.0704 4592  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
11:16:21.0719 4592  LSI_SAS - ok
11:16:21.0740 4592  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
11:16:21.0754 4592  LSI_SCSI - ok
11:16:21.0785 4592  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
11:16:21.0825 4592  luafv - ok
11:16:21.0846 4592  [ 9A3741D5412AB81B86992915E3ECD3E9 ] M1 Server       C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
11:16:21.0862 4592  M1 Server - ok
11:16:21.0901 4592  [ 6AD27B01272F966C9611A398961FCF15 ] MCLServiceATL   C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
11:16:21.0927 4592  MCLServiceATL - ok
11:16:21.0958 4592  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:16:21.0990 4592  Mcx2Svc - ok
11:16:22.0033 4592  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
11:16:22.0047 4592  megasas - ok
11:16:22.0076 4592  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
11:16:22.0113 4592  MMCSS - ok
11:16:22.0136 4592  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
11:16:22.0178 4592  Modem - ok
11:16:22.0213 4592  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:16:22.0250 4592  monitor - ok
11:16:22.0290 4592  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:16:22.0304 4592  mouclass - ok
11:16:22.0327 4592  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:16:22.0375 4592  mouhid - ok
11:16:22.0411 4592  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
11:16:22.0424 4592  MountMgr - ok
11:16:22.0474 4592  [ 1C9B83F6A2D1F414F0ACD28D75605607 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:16:22.0505 4592  MozillaMaintenance - ok
11:16:22.0550 4592  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:16:22.0564 4592  mpio - ok
11:16:22.0592 4592  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:16:22.0619 4592  mpsdrv - ok
11:16:22.0664 4592  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:16:22.0702 4592  MpsSvc - ok
11:16:22.0765 4592  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
11:16:22.0790 4592  Mraid35x - ok
11:16:22.0836 4592  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:16:22.0869 4592  MRxDAV - ok
11:16:22.0904 4592  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:16:22.0963 4592  mrxsmb - ok
11:16:23.0013 4592  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:16:23.0035 4592  mrxsmb10 - ok
11:16:23.0055 4592  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:16:23.0070 4592  mrxsmb20 - ok
11:16:23.0091 4592  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
11:16:23.0104 4592  msahci - ok
11:16:23.0121 4592  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:16:23.0135 4592  msdsm - ok
11:16:23.0158 4592  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
11:16:23.0200 4592  MSDTC - ok
11:16:23.0235 4592  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:16:23.0282 4592  Msfs - ok
11:16:23.0316 4592  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:16:23.0330 4592  msisadrv - ok
11:16:23.0358 4592  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:16:23.0395 4592  MSiSCSI - ok
11:16:23.0399 4592  msiserver - ok
11:16:23.0435 4592  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:16:23.0470 4592  MSKSSRV - ok
11:16:23.0492 4592  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:16:23.0533 4592  MSPCLOCK - ok
11:16:23.0547 4592  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:16:23.0579 4592  MSPQM - ok
11:16:23.0624 4592  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:16:23.0641 4592  MsRPC - ok
11:16:23.0686 4592  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
11:16:23.0699 4592  mssmbios - ok
11:16:23.0754 4592  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:16:23.0798 4592  MSTEE - ok
11:16:23.0825 4592  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
11:16:23.0851 4592  Mup - ok
11:16:23.0886 4592  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
11:16:23.0932 4592  napagent - ok
11:16:23.0966 4592  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:16:23.0995 4592  NativeWifiP - ok
11:16:24.0052 4592  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:16:24.0077 4592  NDIS - ok
11:16:24.0104 4592  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:16:24.0137 4592  NdisTapi - ok
11:16:24.0170 4592  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:16:24.0207 4592  Ndisuio - ok
11:16:24.0251 4592  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:16:24.0278 4592  NdisWan - ok
11:16:24.0310 4592  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:16:24.0331 4592  NDProxy - ok
11:16:24.0432 4592  [ 2AAE889742376EDC5C3203DFB74F28FD ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
11:16:24.0488 4592  Nero BackItUp Scheduler 3 - ok
11:16:24.0543 4592  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:16:24.0579 4592  NetBIOS - ok
11:16:24.0617 4592  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
11:16:24.0648 4592  netbt - ok
11:16:24.0660 4592  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
11:16:24.0674 4592  Netlogon - ok
11:16:24.0704 4592  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
11:16:24.0743 4592  Netman - ok
11:16:24.0810 4592  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
11:16:24.0934 4592  netprofm - ok
11:16:24.0986 4592  [ 9BA2F93E4F01EC58E722B36639E0CE5D ] netr28u         C:\Windows\system32\DRIVERS\netr28u.sys
11:16:25.0045 4592  netr28u - ok
11:16:25.0106 4592  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:16:25.0149 4592  NetTcpPortSharing - ok
11:16:25.0173 4592  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
11:16:25.0186 4592  nfrd960 - ok
11:16:25.0202 4592  niSvcLoc - ok
11:16:25.0228 4592  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:16:25.0270 4592  NlaSvc - ok
11:16:25.0538 4592  [ CB992AE1506985D9167E85883B4C3240 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
11:16:25.0580 4592  NMIndexingService - ok
11:16:25.0775 4592  [ 5384D7A64E7B6011E98D68F69DCFC980 ] NMSCore         C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
11:16:25.0831 4592  NMSCore - ok
11:16:25.0874 4592  [ DFEABB7CFFFADEA4A912AB95BDC3177A ] nmsunidr        C:\Windows\system32\DRIVERS\nmsunidr.sys
11:16:25.0897 4592  nmsunidr - ok
11:16:25.0929 4592  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:16:25.0961 4592  Npfs - ok
11:16:25.0975 4592  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
11:16:26.0011 4592  nsi - ok
11:16:26.0043 4592  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:16:26.0075 4592  nsiproxy - ok
11:16:26.0120 4592  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:16:26.0173 4592  Ntfs - ok
11:16:26.0192 4592  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
11:16:26.0244 4592  ntrigdigi - ok
11:16:26.0285 4592  [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr        C:\Windows\system32\DRIVERS\NuidFltr.sys
11:16:26.0297 4592  NuidFltr - ok
11:16:26.0330 4592  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
11:16:26.0356 4592  Null - ok
11:16:27.0270 4592  [ 0B2E7B39411FAA44EBDA76FB38673964 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:16:27.0658 4592  nvlddmkm - ok
11:16:27.0713 4592  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:16:27.0740 4592  nvraid - ok
11:16:27.0750 4592  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:16:27.0763 4592  nvstor - ok
11:16:27.0839 4592  [ 439FD6A5A34113388C51C48D0E5092AA ] nvsvc           C:\Windows\system32\nvvsvc.exe
11:16:27.0867 4592  nvsvc - ok
11:16:28.0020 4592  [ E3C7676582502C5E4BB9288C3617AB59 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
11:16:28.0089 4592  nvUpdatusService - ok
11:16:28.0140 4592  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:16:28.0167 4592  nv_agp - ok
11:16:28.0171 4592  NwlnkFlt - ok
11:16:28.0176 4592  NwlnkFwd - ok
11:16:28.0359 4592  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:16:28.0399 4592  odserv - ok
11:16:28.0446 4592  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
11:16:28.0467 4592  ohci1394 - ok
11:16:28.0522 4592  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:16:28.0559 4592  ose - ok
11:16:28.0714 4592  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
11:16:28.0787 4592  p2pimsvc - ok
11:16:28.0864 4592  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:16:28.0897 4592  p2psvc - ok
11:16:28.0934 4592  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
11:16:28.0988 4592  Parport - ok
11:16:29.0016 4592  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:16:29.0031 4592  partmgr - ok
11:16:29.0045 4592  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
11:16:29.0122 4592  Parvdm - ok
11:16:29.0175 4592  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:16:29.0252 4592  PcaSvc - ok
11:16:29.0301 4592  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
11:16:29.0319 4592  pci - ok
11:16:29.0340 4592  [ 3B1901E401473E03EB8C874271E50C26 ] pciide          C:\Windows\system32\drivers\pciide.sys
11:16:29.0361 4592  pciide - ok
11:16:29.0378 4592  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
11:16:29.0392 4592  pcmcia - ok
11:16:29.0431 4592  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:16:29.0518 4592  PEAUTH - ok
11:16:29.0622 4592  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
11:16:29.0753 4592  pla - ok
11:16:29.0778 4592  [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
11:16:29.0796 4592  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
11:16:29.0796 4592  PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
11:16:29.0827 4592  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:16:29.0854 4592  PlugPlay - ok
11:16:29.0881 4592  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
11:16:29.0917 4592  PNRPAutoReg - ok
11:16:29.0947 4592  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
11:16:29.0972 4592  PNRPsvc - ok
11:16:30.0038 4592  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:16:30.0088 4592  PolicyAgent - ok
11:16:30.0126 4592  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:16:30.0153 4592  PptpMiniport - ok
11:16:30.0170 4592  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
11:16:30.0240 4592  Processor - ok
11:16:30.0275 4592  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
11:16:30.0309 4592  ProfSvc - ok
11:16:30.0324 4592  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
11:16:30.0339 4592  ProtectedStorage - ok
11:16:30.0385 4592  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
11:16:30.0431 4592  PSched - ok
11:16:30.0480 4592  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
11:16:30.0533 4592  ql2300 - ok
11:16:30.0545 4592  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
11:16:30.0558 4592  ql40xx - ok
11:16:30.0683 4592  [ 938A882B718866E24CA5F71DFC925866 ] QualityManager  C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
11:16:30.0712 4592  QualityManager - ok
11:16:30.0770 4592  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
11:16:30.0815 4592  QWAVE - ok
11:16:30.0850 4592  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:16:30.0871 4592  QWAVEdrv - ok
11:16:30.0902 4592  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:16:30.0957 4592  RasAcd - ok
11:16:31.0009 4592  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
11:16:31.0054 4592  RasAuto - ok
11:16:31.0079 4592  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:16:31.0115 4592  Rasl2tp - ok
11:16:31.0150 4592  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
11:16:31.0184 4592  RasMan - ok
11:16:31.0212 4592  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:16:31.0244 4592  RasPppoe - ok
11:16:31.0273 4592  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:16:31.0288 4592  RasSstp - ok
11:16:31.0362 4592  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:16:31.0400 4592  rdbss - ok
11:16:31.0430 4592  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:16:31.0468 4592  RDPCDD - ok
11:16:31.0516 4592  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
11:16:31.0581 4592  rdpdr - ok
11:16:31.0613 4592  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:16:31.0655 4592  RDPENCDD - ok
11:16:31.0705 4592  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:16:31.0742 4592  RDPWD - ok
11:16:31.0837 4592  [ A8430231E1A06828210248C79755BF9C ] Remote UI Service C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
11:16:31.0900 4592  Remote UI Service - ok
11:16:31.0943 4592  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:16:31.0995 4592  RemoteAccess - ok
11:16:32.0026 4592  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:16:32.0063 4592  RemoteRegistry - ok
11:16:32.0107 4592  [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
11:16:32.0123 4592  RichVideo - ok
11:16:32.0145 4592  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
11:16:32.0167 4592  RpcLocator - ok
11:16:32.0248 4592  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
11:16:32.0278 4592  RpcSs - ok
11:16:32.0313 4592  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:16:32.0347 4592  rspndr - ok
11:16:32.0395 4592  [ DE7A2FC379671998865122A08FD9DB52 ] SaiH5F0D        C:\Windows\system32\DRIVERS\SaiH5F0D.sys
11:16:32.0407 4592  SaiH5F0D - ok
11:16:32.0448 4592  [ A79FBDBC6A979259E38DEA7D29B57619 ] SaiMini         C:\Windows\system32\DRIVERS\SaiMini.sys
11:16:32.0499 4592  SaiMini - ok
11:16:32.0530 4592  [ BB20EBA89E0EF39697A1A8728C5685FE ] SaiNtBus        C:\Windows\system32\drivers\SaiBus.sys
11:16:32.0540 4592  SaiNtBus - ok
11:16:32.0584 4592  [ 1890BD6B225D8E612B81C9C7171BCA83 ] SaiU5F0D        C:\Windows\system32\DRIVERS\SaiU5F0D.sys
11:16:32.0626 4592  SaiU5F0D - ok
11:16:32.0639 4592  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
11:16:32.0654 4592  SamSs - ok
11:16:32.0677 4592  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:16:32.0690 4592  sbp2port - ok
11:16:32.0724 4592  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:16:32.0766 4592  SCardSvr - ok
11:16:32.0811 4592  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
11:16:32.0873 4592  Schedule - ok
11:16:32.0903 4592  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:16:32.0924 4592  SCPolicySvc - ok
11:16:32.0949 4592  SDDMI2 - ok
11:16:32.0980 4592  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:16:33.0017 4592  SDRSVC - ok
11:16:33.0043 4592  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:16:33.0096 4592  secdrv - ok
11:16:33.0137 4592  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
11:16:33.0175 4592  seclogon - ok
11:16:33.0205 4592  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
11:16:33.0251 4592  SENS - ok
11:16:33.0277 4592  [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
11:16:33.0317 4592  Serenum - ok
11:16:33.0352 4592  [ 6D663022DB3E7058907784AE14B69898 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
11:16:33.0385 4592  Serial - ok
11:16:33.0397 4592  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
11:16:33.0423 4592  sermouse - ok
11:16:33.0468 4592  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:16:33.0505 4592  SessionEnv - ok
11:16:33.0522 4592  [ 103B79418DA647736EE95645F305F68A ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
11:16:33.0566 4592  sffdisk - ok
11:16:33.0577 4592  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:16:33.0632 4592  sffp_mmc - ok
11:16:33.0649 4592  [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
11:16:33.0703 4592  sffp_sd - ok
11:16:33.0747 4592  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
11:16:33.0787 4592  sfloppy - ok
11:16:33.0822 4592  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:16:33.0861 4592  SharedAccess - ok
11:16:33.0929 4592  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:16:33.0968 4592  ShellHWDetection - ok
11:16:33.0986 4592  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
11:16:33.0996 4592  sisagp - ok
11:16:34.0025 4592  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
11:16:34.0035 4592  SiSRaid2 - ok
11:16:34.0050 4592  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
11:16:34.0061 4592  SiSRaid4 - ok
11:16:34.0475 4592  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
11:16:34.0672 4592  slsvc - ok
11:16:34.0717 4592  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
11:16:34.0750 4592  SLUINotify - ok
11:16:34.0780 4592  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:16:34.0801 4592  Smb - ok
11:16:34.0862 4592  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:16:34.0893 4592  SNMPTRAP - ok
11:16:34.0922 4592  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
11:16:34.0935 4592  spldr - ok
11:16:34.0966 4592  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
11:16:34.0999 4592  Spooler - ok
11:16:35.0094 4592  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:16:35.0145 4592  srv - ok
11:16:35.0194 4592  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:16:35.0216 4592  srv2 - ok
11:16:35.0380 4592  [ BF94A7553EF257D70CB2287BF7A3BCE1 ] srvcPVR         C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
11:16:35.0489 4592  srvcPVR ( UnsignedFile.Multi.Generic ) - warning
11:16:35.0490 4592  srvcPVR - detected UnsignedFile.Multi.Generic (1)
11:16:35.0529 4592  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:16:35.0557 4592  srvnet - ok
11:16:35.0588 4592  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:16:35.0633 4592  SSDPSRV - ok
11:16:35.0650 4592  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
11:16:35.0680 4592  ssmdrv - ok
11:16:35.0719 4592  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:16:35.0742 4592  SstpSvc - ok
11:16:35.0779 4592  [ 306521935042FC0A6988D528643619B3 ] StarOpen        C:\Windows\system32\drivers\StarOpen.sys
11:16:35.0795 4592  StarOpen ( UnsignedFile.Multi.Generic ) - warning
11:16:35.0795 4592  StarOpen - detected UnsignedFile.Multi.Generic (1)
11:16:36.0023 4592  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
11:16:36.0084 4592  stisvc - ok
11:16:36.0110 4592  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
11:16:36.0136 4592  swenum - ok
11:16:36.0221 4592  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
11:16:36.0403 4592  swprv - ok
11:16:36.0433 4592  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
11:16:36.0445 4592  Symc8xx - ok
11:16:36.0477 4592  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
11:16:36.0489 4592  Sym_hi - ok
11:16:36.0507 4592  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
11:16:36.0520 4592  Sym_u3 - ok
11:16:36.0684 4592  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
11:16:36.0774 4592  SysMain - ok
11:16:36.0800 4592  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:16:36.0838 4592  TabletInputService - ok
11:16:36.0900 4592  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:16:36.0967 4592  TapiSrv - ok
11:16:37.0009 4592  [ 04E1C782CF14B7282EBC633B0FD3ED16 ] TBPanel         C:\Windows\system32\drivers\TBPanel.sys
11:16:37.0019 4592  TBPanel - ok
11:16:37.0059 4592  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
11:16:37.0093 4592  TBS - ok
11:16:37.0145 4592  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:16:37.0196 4592  Tcpip - ok
11:16:37.0387 4592  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
11:16:37.0424 4592  Tcpip6 - ok
11:16:37.0458 4592  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:16:37.0497 4592  tcpipreg - ok
11:16:37.0522 4592  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:16:37.0568 4592  TDPIPE - ok
11:16:37.0615 4592  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:16:37.0672 4592  TDTCP - ok
11:16:37.0715 4592  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:16:37.0736 4592  tdx - ok
11:16:37.0778 4592  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
11:16:37.0792 4592  TermDD - ok
11:16:37.0808 4592  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
11:16:37.0854 4592  TermService - ok
11:16:37.0886 4592  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
11:16:37.0903 4592  Themes - ok
11:16:37.0926 4592  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
11:16:37.0953 4592  THREADORDER - ok
11:16:37.0993 4592  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
11:16:38.0053 4592  TrkWks - ok
11:16:38.0145 4592  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:16:38.0170 4592  TrustedInstaller - ok
11:16:38.0201 4592  [ B56368B25A51CEBDA77E6B20764F07F2 ] TSHWMDTCP       C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
11:16:38.0237 4592  TSHWMDTCP - ok
11:16:38.0268 4592  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:16:38.0305 4592  tssecsrv - ok
11:16:38.0347 4592  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
11:16:38.0371 4592  tunmp - ok
11:16:38.0411 4592  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:16:38.0433 4592  tunnel - ok
11:16:38.0802 4592  [ DEC8ACEBD9CD1F3DD6F4F3A6308D8B94 ] TVECapSvc       C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
11:16:38.0842 4592  TVECapSvc ( UnsignedFile.Multi.Generic ) - warning
11:16:38.0842 4592  TVECapSvc - detected UnsignedFile.Multi.Generic (1)
11:16:38.0853 4592  [ 7A5A6987397F78B1606BDB5C407D3574 ] TVESched        C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
11:16:38.0873 4592  TVESched ( UnsignedFile.Multi.Generic ) - warning
11:16:38.0873 4592  TVESched - detected UnsignedFile.Multi.Generic (1)
11:16:38.0896 4592  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
11:16:38.0908 4592  uagp35 - ok
11:16:38.0981 4592  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:16:39.0026 4592  udfs - ok
11:16:39.0079 4592  [ 3F2D08B07CF67CB37E669A93E59A508C ] ufad-ws60       M:\Program Files\VMware\vmware-ufad.exe
11:16:39.0115 4592  ufad-ws60 - ok
11:16:39.0162 4592  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:16:39.0190 4592  UI0Detect - ok
11:16:39.0237 4592  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:16:39.0249 4592  uliagpkx - ok
11:16:39.0324 4592  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
11:16:39.0349 4592  uliahci - ok
11:16:39.0367 4592  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
11:16:39.0380 4592  UlSata - ok
11:16:39.0434 4592  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
11:16:39.0447 4592  ulsata2 - ok
11:16:39.0482 4592  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
11:16:39.0512 4592  umbus - ok
11:16:39.0569 4592  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
11:16:39.0623 4592  upnphost - ok
11:16:39.0658 4592  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:16:39.0679 4592  usbccgp - ok
11:16:39.0719 4592  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:16:39.0778 4592  usbcir - ok
11:16:39.0812 4592  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
11:16:39.0833 4592  usbehci - ok
11:16:39.0898 4592  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:16:39.0940 4592  usbhub - ok
11:16:39.0968 4592  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
11:16:40.0030 4592  usbohci - ok
11:16:40.0084 4592  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:16:40.0120 4592  usbprint - ok
11:16:40.0148 4592  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
11:16:40.0193 4592  usbscan - ok
11:16:40.0231 4592  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:16:40.0251 4592  USBSTOR - ok
11:16:40.0291 4592  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
11:16:40.0332 4592  usbuhci - ok
11:16:40.0364 4592  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
11:16:40.0402 4592  UxSms - ok
11:16:40.0449 4592  [ 9C51097CD7F2E1CCFB0FFBB8966917DA ] VBoxUSB         C:\Windows\system32\Drivers\VBoxUSB.sys
11:16:40.0460 4592  VBoxUSB - ok
11:16:40.0505 4592  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
11:16:40.0535 4592  vds - ok
11:16:40.0558 4592  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:16:40.0598 4592  vga - ok
11:16:40.0628 4592  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:16:40.0680 4592  VgaSave - ok
11:16:40.0726 4592  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
11:16:40.0739 4592  viaagp - ok
11:16:40.0763 4592  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
11:16:40.0822 4592  ViaC7 - ok
11:16:40.0849 4592  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
11:16:40.0862 4592  viaide - ok
11:16:40.0901 4592  [ 85A0E62AC295B2958070EBF60CED22BC ] VMAuthdService  M:\Program Files\VMware\vmware-authd.exe
11:16:40.0914 4592  VMAuthdService - ok
11:16:40.0962 4592  [ 2847315DE9AC17C7FF5FA3059D935C07 ] vmci            C:\Windows\system32\Drivers\vmci.sys
11:16:40.0974 4592  vmci - ok
11:16:41.0013 4592  [ AAEEF4444A6C2BB2E741DE684F2A5E56 ] vmkbd           C:\Windows\system32\drivers\VMkbd.sys
11:16:41.0028 4592  vmkbd - ok
11:16:41.0071 4592  [ E41704D8149992107B333CC7A52C07CC ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
11:16:41.0081 4592  VMnetAdapter - ok
11:16:41.0088 4592  [ 462F2A31EA8B87A28962ACA998DF1869 ] VMnetBridge     C:\Windows\system32\DRIVERS\vmnetbridge.sys
11:16:41.0100 4592  VMnetBridge - ok
11:16:41.0134 4592  [ 9FAD0F49EDA6E16EC61BF7DD1A5107B3 ] VMnetDHCP       C:\Windows\system32\vmnetdhcp.exe
11:16:41.0155 4592  VMnetDHCP - ok
11:16:41.0167 4592  [ 386234C03F38FA9EAE752F4CCA7C8336 ] VMnetuserif     C:\Windows\system32\drivers\vmnetuserif.sys
11:16:41.0178 4592  VMnetuserif - ok
11:16:41.0231 4592  [ AFB10AD9AA91D2F70C9F0E6BDA0D119B ] vmusb           C:\Windows\system32\Drivers\vmusb.sys
11:16:41.0241 4592  vmusb - ok
11:16:41.0300 4592  [ 346AF8B2BE7E2E349B0FCA70C55CAC03 ] VMUSBArbService C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
11:16:41.0326 4592  VMUSBArbService - ok
11:16:41.0372 4592  [ D3ECFDBFAFD965AFDAC299DEBE71B4C7 ] VMware NAT Service C:\Windows\system32\vmnat.exe
11:16:41.0403 4592  VMware NAT Service - ok
11:16:41.0602 4592  [ CF8215484F00AE5268A1B3A46DD69E17 ] vmx86           C:\Windows\system32\Drivers\vmx86.sys
11:16:41.0659 4592  vmx86 - ok
11:16:41.0681 4592  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:16:41.0696 4592  volmgr - ok
11:16:41.0748 4592  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:16:41.0769 4592  volmgrx - ok
11:16:41.0806 4592  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:16:41.0826 4592  volsnap - ok
11:16:41.0871 4592  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
11:16:41.0885 4592  vsmraid - ok
11:16:41.0929 4592  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
11:16:41.0994 4592  VSS - ok
11:16:42.0045 4592  [ 476A052B3CE506ED63A94018F3E979D5 ] vstor2-ws60     M:\Program Files\VMware\vstor2-ws60.sys
11:16:42.0054 4592  vstor2-ws60 - ok
11:16:42.0150 4592  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
11:16:42.0180 4592  W32Time - ok
11:16:42.0208 4592  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
11:16:42.0252 4592  WacomPen - ok
11:16:42.0292 4592  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
11:16:42.0338 4592  Wanarp - ok
11:16:42.0341 4592  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:16:42.0363 4592  Wanarpv6 - ok
11:16:42.0400 4592  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:16:42.0426 4592  wcncsvc - ok
11:16:42.0478 4592  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:16:42.0507 4592  WcsPlugInService - ok
11:16:42.0525 4592  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
11:16:42.0537 4592  Wd - ok
11:16:42.0663 4592  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:16:42.0716 4592  Wdf01000 - ok
11:16:42.0744 4592  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:16:42.0800 4592  WdiServiceHost - ok
11:16:42.0804 4592  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:16:42.0833 4592  WdiSystemHost - ok
11:16:42.0862 4592  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
11:16:42.0881 4592  WebClient - ok
11:16:42.0961 4592  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:16:43.0001 4592  Wecsvc - ok
11:16:43.0025 4592  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:16:43.0070 4592  wercplsupport - ok
11:16:43.0110 4592  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:16:43.0159 4592  WerSvc - ok
11:16:43.0217 4592  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
11:16:43.0234 4592  WinDefend - ok
11:16:43.0238 4592  WinHttpAutoProxySvc - ok
11:16:43.0331 4592  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:16:43.0368 4592  Winmgmt - ok
11:16:43.0608 4592  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
11:16:43.0674 4592  WinRM - ok
11:16:43.0804 4592  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:16:43.0852 4592  Wlansvc - ok
11:16:44.0240 4592  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:16:44.0318 4592  wlidsvc - ok
11:16:44.0368 4592  [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
11:16:44.0427 4592  WmiAcpi - ok
11:16:44.0482 4592  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:16:44.0525 4592  wmiApSrv - ok
11:16:44.0675 4592  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
11:16:44.0756 4592  WMPNetworkSvc - ok
11:16:44.0826 4592  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:16:44.0855 4592  WPCSvc - ok
11:16:44.0891 4592  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:16:44.0926 4592  WPDBusEnum - ok
11:16:45.0289 4592  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:16:45.0331 4592  WPFFontCache_v0400 - ok
11:16:45.0358 4592  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:16:45.0384 4592  ws2ifsl - ok
11:16:45.0427 4592  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
11:16:45.0457 4592  wscsvc - ok
11:16:45.0461 4592  WSearch - ok
11:16:45.0772 4592  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
11:16:45.0880 4592  wuauserv - ok
11:16:45.0928 4592  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:16:45.0971 4592  WudfPf - ok
11:16:46.0010 4592  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:16:46.0027 4592  WUDFRd - ok
11:16:46.0046 4592  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:16:46.0080 4592  wudfsvc - ok
11:16:46.0121 4592  [ AB2D77BF7222B007717ABB61B15F9AE2 ] X10Hid          C:\Windows\system32\Drivers\x10hid.sys
11:16:46.0133 4592  X10Hid - ok
11:16:46.0182 4592  [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets         C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
11:16:46.0220 4592  x10nets ( UnsignedFile.Multi.Generic ) - warning
11:16:46.0220 4592  x10nets - detected UnsignedFile.Multi.Generic (1)
11:16:46.0293 4592  [ 9EEA6D029FEF5F3016D089B1A603837D ] xnacc           C:\Windows\system32\DRIVERS\xnacc.sys
11:16:46.0340 4592  xnacc - ok
11:16:46.0392 4592  [ 6BBF7A3BAB8FFDCCF82057FA2AAE2B7B ] XUIF            C:\Windows\system32\Drivers\x10ufx2.sys
11:16:46.0402 4592  XUIF - ok
11:16:46.0462 4592  [ F5E5F944E63A9B5F6E76C2EBB2AC462F ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
11:16:46.0496 4592  xusb21 - ok
11:16:46.0571 4592  [ 4D840C6AF3C020ED3A35EFBA9025CF4A ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\HomeCinema\PlayMovie\000.fcl
11:16:46.0598 4592  {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
11:16:46.0639 4592  [ 4D840C6AF3C020ED3A35EFBA9025CF4A ] {95808DC4-FA4A-4C74-92FE-5B863F82066B} C:\Program Files\HomeCinema\PowerDVD\000.fcl
11:16:46.0651 4592  {95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok
11:16:46.0651 4592  ================ Scan global ===============================
11:16:46.0699 4592  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
11:16:46.0749 4592  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
11:16:46.0779 4592  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
11:16:46.0867 4592  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
11:16:46.0879 4592  [Global] - ok
11:16:46.0880 4592  ================ Scan MBR ==================================
11:16:46.0907 4592  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
11:16:48.0155 4592  \Device\Harddisk0\DR0 - ok
11:16:48.0175 4592  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
11:16:48.0235 4592  \Device\Harddisk1\DR1 - ok
11:16:48.0235 4592  ================ Scan VBR ==================================
11:16:48.0248 4592  [ 0109F3E1FE8344EA7762D6AF27CF7C58 ] \Device\Harddisk0\DR0\Partition1
11:16:48.0276 4592  \Device\Harddisk0\DR0\Partition1 - ok
11:16:48.0304 4592  [ 1926AAE9EF41BF299E4D34C8836EF98A ] \Device\Harddisk0\DR0\Partition2
11:16:48.0317 4592  \Device\Harddisk0\DR0\Partition2 - ok
11:16:48.0332 4592  [ B204268FA97F5F25F10668768F3A2A4E ] \Device\Harddisk0\DR0\Partition3
11:16:48.0347 4592  \Device\Harddisk0\DR0\Partition3 - ok
11:16:48.0364 4592  [ 6FD6D1D9D0DB79DA50DFE612F89CAD97 ] \Device\Harddisk0\DR0\Partition4
11:16:48.0384 4592  \Device\Harddisk0\DR0\Partition4 - ok
11:16:48.0387 4592  [ 3A4A14D1215A7F2CE5AEA7986CA35125 ] \Device\Harddisk1\DR1\Partition1
11:16:48.0389 4592  \Device\Harddisk1\DR1\Partition1 - ok
11:16:48.0420 4592  [ BD9B042FE098F6BB0825133CD524630C ] \Device\Harddisk1\DR1\Partition2
11:16:48.0422 4592  \Device\Harddisk1\DR1\Partition2 - ok
11:16:48.0443 4592  [ C6F30967CB48EDA3DE37F9541E3AC307 ] \Device\Harddisk1\DR1\Partition3
11:16:48.0445 4592  \Device\Harddisk1\DR1\Partition3 - ok
11:16:48.0445 4592  ============================================================
11:16:48.0445 4592  Scan finished
11:16:48.0445 4592  ============================================================
11:16:48.0455 5808  Detected object count: 14
11:16:48.0455 5808  Actual detected object count: 14
11:17:52.0461 5808  cvintdrv ( UnsignedFile.Multi.Generic ) - skipped by user
11:17:52.0461 5808  cvintdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:17:52.0463 5808  DQLWinService ( UnsignedFile.Multi.Generic ) - skipped by user
11:17:52.0463 5808  DQLWinService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:17:52.0464 5808  EWBNLSS ( UnsignedFile.Multi.Generic ) - skipped by user
11:17:52.0464 5808  EWBNLSS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:17:52.0465 5808  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
11:17:52.0465 5808  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:17:52.0466 5808  GnabService ( UnsignedFile.Multi.Generic ) - skipped by user
11:17:52.0466 5808  GnabService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:17:52.0467 5808  LkCitadelServer ( UnsignedFile.Multi.Generic ) - skipped by user
11:17:52.0467 5808  LkCitadelServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:17:52.0468 5808  lkClassAds ( UnsignedFile.Multi.Generic ) - skipped by user
11:17:52.0468 5808  lkClassAds ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:17:52.0469 5808  lkTimeSync ( UnsignedFile.Multi.Generic ) - skipped by user
11:17:52.0469 5808  lkTimeSync ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:17:52.0470 5808  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:17:52.0470 5808  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:17:52.0471 5808  srvcPVR ( UnsignedFile.Multi.Generic ) - skipped by user
11:17:52.0471 5808  srvcPVR ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:17:52.0472 5808  StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
11:17:52.0472 5808  StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:17:52.0473 5808  TVECapSvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:17:52.0473 5808  TVECapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:17:52.0474 5808  TVESched ( UnsignedFile.Multi.Generic ) - skipped by user
11:17:52.0474 5808  TVESched ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:17:52.0475 5808  x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
11:17:52.0475 5808  x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:19:55.0389 0316  Deinitialize success

Bis denne.

cosinus · 11.04.2013, 10:44

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

DanGomes · 11.04.2013, 11:44

Hi cosinus.
Vorne weg, dass "coupondropdown"-Problem besteht weiterhin, aber nur unter Firefox. Ich habe vorher nicht überprüft, nach der Infizierung mit diesem "coupondropdown"-shit, ob der Windows-Explorer auch befallen war, da ich den kaum benutze. Nun tat ich das, weil nach dem ich ComboFix durchlaufen ließ, das Programm automatisch mir ein Explorer-Icon auf dem Desktop erstellt hat. Wieso auch immer? Und unter Explorer scheint der "coupondropdown"-shit nicht zu wirken.
Nun zum ComboFix. Das Programm lief normal durch und hielt auch die 10 Min. Durchlaufzeit, die vom Programm angegeben wurde, ein. Nach dem erstellen der Log-Datei erschien auch die Fehlermeldung die Du vorher bereist erwähnt hattest, aber das Programm führte kein automatischen Neustart durch. Nach einem manuellem Neustart lief der Rechner wieder Problemlos und Fehlermeldung tauschte nicht mehr auf. Während des Suchlaufs tauchten von Seiten des Programms keine Fehlermeldungen wegen aktivierten Echzeitsscanners auf, so denke ich, weiß aber nicht was die Log-Datei darüber dokumentiert hat, da ich nichts davon verstehe. Nur Windows-Sicherheitcenter meldete mir dreimal während des Suchlaufs, wie meistens wenn man die deaktiviert, das die Scanners aus sind.
Hier nun die Log-Datei von ComboFix.

ComboFix.txt

Code:

ATTFilter

ComboFix 13-04-10.02 - Administration 11.04.2013  11:55:35.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3325.1967 [GMT 2:00]
ausgeführt von:: c:\users\Administration\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\system32\ui
c:\windows\system32\ui\BANNER\LOADINGEVENT1.SOR
c:\windows\system32\ui\BANNER\LOADINGEVENT2.SOR
c:\windows\system32\ui\BANNER\LOADINGEVENT3.SOR
c:\windows\system32\ui\BANNER\LOADINGEVENT4.SOR
c:\windows\system32\ui\BANNER\LOADINGEVENT5.SOR
c:\windows\system32\ui\BANNER\LOADINGIMGOPT.SOR
c:\windows\system32\ui\BANNER\NOTICE_BANNER1.SOR
c:\windows\system32\ui\BANNER\NOTICE_BANNER2.SOR
c:\windows\system32\ui\BANNER\NOTICE_BANNER3.SOR
c:\windows\system32\ui\BANNER\NOTICE_BANNER5.SOR
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-11 bis 2013-04-11  ))))))))))))))))))))))))))))))
.
.
2013-04-11 10:03 . 2013-04-11 10:04	--------	d-----w-	c:\users\Administration\AppData\Local\temp
2013-04-11 10:03 . 2013-04-11 10:03	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-04-11 10:03 . 2013-04-11 10:03	--------	d-----w-	c:\users\IUSR_NMPR\AppData\Local\temp
2013-04-11 10:03 . 2013-04-11 10:03	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-11 10:03 . 2013-04-11 10:03	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2013-04-10 12:18 . 2013-02-22 04:10	149616	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2013-04-10 09:33 . 2013-03-08 03:52	2067968	----a-w-	c:\windows\system32\mstscax.dll
2013-04-10 09:33 . 2013-03-08 03:53	376320	----a-w-	c:\windows\system32\winsrv.dll
2013-04-10 09:33 . 2013-03-05 01:40	2049024	----a-w-	c:\windows\system32\win32k.sys
2013-04-10 09:33 . 2013-03-03 19:07	1082232	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 09:33 . 2013-03-11 13:25	3603816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-04-10 09:33 . 2013-03-11 13:25	3551080	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-10 09:33 . 2013-03-09 03:45	49152	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-10 09:33 . 2013-03-09 01:28	64000	----a-w-	c:\windows\system32\smss.exe
2013-04-09 09:18 . 2013-04-09 11:59	--------	d-----w-	c:\windows\0AC0F1B261C74B6EACEF58FCC0B94835.TMP
2013-04-07 17:55 . 2013-04-07 17:55	--------	d-----w-	C:\_OTL
2013-04-07 17:36 . 2013-04-07 17:36	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2013-04-07 17:36 . 2013-03-27 02:16	26520	----a-w-	c:\program files\Mozilla Firefox\plugin-hang-ui.exe
2013-04-07 17:01 . 2013-04-07 17:01	--------	d-----w-	c:\windows\ERUNT
2013-04-07 17:01 . 2013-04-07 17:41	--------	d-----w-	C:\JRT
2013-04-07 14:18 . 2013-04-07 14:18	--------	d-----w-	c:\program files\Enigma Software Group
2013-04-07 14:17 . 2013-04-07 14:17	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2013-04-06 17:34 . 2013-04-06 17:38	--------	d-----w-	c:\users\Administration\AppData\Local\Koox System Optimizer
2013-04-06 17:33 . 2013-04-07 14:22	--------	d-----w-	c:\program files\Coupon Drop Down Removal Tool
2013-04-06 17:33 . 2012-12-10 08:04	81920	----a-w-	c:\windows\eSellerateControl350.dll
2013-04-06 17:33 . 2012-12-10 08:04	356352	----a-w-	c:\windows\eSellerateEngine.dll
2013-04-06 17:33 . 2009-07-23 15:32	274432	----a-w-	c:\windows\system32\ssleay32.dll
2013-04-06 17:33 . 2009-07-23 15:32	1122304	----a-w-	c:\windows\system32\libeay32.dll
2013-04-02 08:56 . 2013-04-02 08:56	--------	d-----w-	c:\users\Administration\AppData\Roaming\Malwarebytes
2013-04-02 08:55 . 2013-04-02 08:55	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-28 11:36 . 2013-03-28 11:36	--------	d-----w-	c:\program files\AGEIA Technologies
2013-03-28 11:31 . 2013-03-15 05:46	13088000	----a-w-	c:\windows\system32\nvwgf2um.dll
2013-03-28 11:31 . 2013-03-15 05:46	6271872	----a-w-	c:\windows\system32\nvopencl.dll
2013-03-28 11:31 . 2013-03-15 05:46	20542752	----a-w-	c:\windows\system32\nvoglv32.dll
2013-03-28 11:31 . 2013-03-15 05:46	8952608	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-03-28 11:31 . 2013-03-15 05:46	892704	----a-w-	c:\windows\system32\nvdispgenco3231422.dll
2013-03-28 11:31 . 2013-03-15 05:46	1012512	----a-w-	c:\windows\system32\nvdispco3231422.dll
2013-03-28 11:31 . 2013-03-15 05:46	7959000	----a-w-	c:\windows\system32\nvcuda.dll
2013-03-28 11:31 . 2013-03-15 05:46	2728736	----a-w-	c:\windows\system32\nvcuvid.dll
2013-03-28 11:31 . 2013-03-15 05:46	1995552	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-03-28 11:31 . 2013-03-15 05:46	17560352	----a-w-	c:\windows\system32\nvcompiler.dll
2013-03-22 16:03 . 2013-02-12 01:57	15872	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-03-14 08:55 . 2013-03-14 08:55	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-10 12:04 . 2013-02-24 11:42	84744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-04-10 12:04 . 2013-02-24 11:42	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-04-10 12:04 . 2013-02-24 11:42	135136	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-04-09 09:01 . 2008-04-11 21:33	0	--sh--w-	c:\windows\S1E4DD34B.tmp
2013-03-15 05:46 . 2008-12-03 07:39	15042928	----a-w-	c:\windows\system32\nvd3dum.dll
2013-03-15 05:46 . 2008-02-03 17:31	2539128	----a-w-	c:\windows\system32\nvapi.dll
2013-03-15 02:59 . 2010-04-03 16:27	4119328	----a-w-	c:\windows\system32\nvcpl.dll
2013-03-15 02:59 . 2010-04-03 16:27	3014432	----a-w-	c:\windows\system32\nvsvc.dll
2013-03-15 02:59 . 2010-04-03 16:27	634144	----a-w-	c:\windows\system32\nvvsvc.exe
2013-03-15 02:59 . 2008-12-03 07:39	2555168	----a-w-	c:\windows\system32\nvsvcr.dll
2013-03-15 02:59 . 2010-04-03 16:27	62752	----a-w-	c:\windows\system32\nvshext.dll
2013-03-15 02:59 . 2010-04-03 16:27	223008	----a-w-	c:\windows\system32\nvmctray.dll
2013-03-14 08:55 . 2012-11-30 12:42	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-03-14 08:55 . 2010-05-25 08:18	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-14 08:49 . 2013-01-19 12:11	693976	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-03-14 08:49 . 2011-07-07 15:39	73432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-19 12:19 . 2013-01-19 12:19	161792	----a-w-	c:\windows\system32\msls31.dll
2013-01-19 12:19 . 2013-01-19 12:19	86528	----a-w-	c:\windows\system32\iesysprep.dll
2013-01-19 12:19 . 2013-01-19 12:19	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-01-19 12:19 . 2013-01-19 12:19	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2013-01-19 12:19 . 2013-01-19 12:19	63488	----a-w-	c:\windows\system32\tdc.ocx
2013-01-19 12:19 . 2013-01-19 12:19	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-01-19 12:19 . 2013-01-19 12:19	367104	----a-w-	c:\windows\system32\html.iec
2013-01-19 12:19 . 2013-01-19 12:19	74752	----a-w-	c:\windows\system32\iesetup.dll
2013-01-19 12:19 . 2013-01-19 12:19	23552	----a-w-	c:\windows\system32\licmgr10.dll
2013-01-19 12:19 . 2013-01-19 12:19	152064	----a-w-	c:\windows\system32\wextract.exe
2013-01-19 12:19 . 2013-01-19 12:19	150528	----a-w-	c:\windows\system32\iexpress.exe
2013-01-19 12:19 . 2013-01-19 12:19	35840	----a-w-	c:\windows\system32\imgutil.dll
2013-01-19 12:19 . 2013-01-19 12:19	11776	----a-w-	c:\windows\system32\mshta.exe
2013-01-19 12:19 . 2013-01-19 12:19	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-01-19 12:19 . 2013-01-19 12:19	101888	----a-w-	c:\windows\system32\admparse.dll
2009-05-01 21:02 . 2013-03-11 09:32	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2013-03-11 09:32	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
2005-10-12 14:04 . 2005-10-12 14:04	131072	----a-w-	c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2013-03-27 02:17 . 2013-03-11 09:32	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-13 17:46 . 2013-03-11 09:32	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2008-06-24 132392]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2008-12-03 2181672]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-17 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-13 30192]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]
"TVEService"="c:\program files\HomeCinema\TV Enhance\TVEService.exe" [2007-10-19 155648]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-16 91432]
"RemoteControl"="c:\program files\HomeCinema\PowerDVD\PDVDServ.exe" [2008-05-14 87336]
"LanguageShortcut"="c:\program files\HomeCinema\PowerDVD\Language\Language.exe" [2008-02-22 62760]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-05 185632]
"PlayMovie"="c:\program files\HomeCinema\PlayMovie\PMVService.exe" [2008-10-30 172032]
"vmware-tray"="m:\program files\VMware\vmware-tray.exe" [2009-10-22 129584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-02 946352]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-04-10 345312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVBroadcast]
2007-08-07 22:12	797696	----a-w-	c:\program files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe
.
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 28936127
*NewlyCreated* - 35636879
*NewlyCreated* - ASWMBR
*Deregistered* - 28936127
*Deregistered* - 35636879
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-19 08:49]
.
2013-04-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-03 13:03]
.
2013-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 15:06]
.
2013-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 15:06]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Free YouTube Download - c:\users\Administration\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Administration\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4
LSP: m:\program files\VMware\vsocklib.dll
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{004DD726-7D49-47A4-9D03-9F5507481DF3}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{7A68A3AF-40A7-46E5-ADB3-202921C38410}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF - ProfilePath - c:\users\Administration\AppData\Roaming\Mozilla\Firefox\Profiles\cnmnilny.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - www.freenet.de
FF - ExtSQL: 2013-02-14 19:06; freehdsport@freehdsport.tv; c:\users\Administration\AppData\Roaming\Mozilla\Firefox\Profiles\cnmnilny.default\extensions\freehdsport@freehdsport.tv.xpi
FF - ExtSQL: !HIDDEN! 2010-02-12 08:28; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-MSServer - c:\users\ADMINI~1\AppData\Local\Temp\jkkJbxYs.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-04-11 12:04
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\HomeCinema\PlayMovie\000.fcl"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\HomeCinema\PowerDVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,65,4d,6c,0d,25,f2,6e,49,9e,8e,ab,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,65,4d,6c,0d,25,f2,6e,49,9e,8e,ab,\
.
Zeit der Fertigstellung: 2013-04-11  12:05:52
ComboFix-quarantined-files.txt  2013-04-11 10:05
.
Vor Suchlauf: 13 Verzeichnis(se), 37.815.898.112 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 38.804.606.976 Bytes frei
.
- - End Of File - - AC68252149ABFF39D138BF5C5A027ABC

Bis denne.

cosinus · 11.04.2013, 12:39

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

DanGomes · 11.04.2013, 17:44

Hi cosinus.
Vorne weg, das "coupondropdown"-problem scheint weg zu sein. Allerdings ist mir das aufgefallen, bevor ich "JRT", "adwCleaner" und "OTL" ausgeführt habe. Ich habe im Firefox unter dem Reiter Extras mir die Add-ons angeschaut. Dabei habe ich einige deaktiviert und danach den Firefox neugestartet. Seit dem ist das Problem weg. Habe auch mittlerweile die Add-ons wieder aktiviert und den Firefox erneut - sowie den Rechner neugestartet und das Problem scheint weiterhin nicht mehr vorhanden zu sein.
Habe trotzdem die Punkte durchgeführt, die Du mir aufgegeben hast. Alle Programme liefen einwandfrei.
Hier nun die entsprechenden Logs:

JRT.txt

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Administration on 11.04.2013 at 17:18:53,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Administration\AppData\Roaming\mozilla\firefox\profiles\cnmnilny.default\jetpack
Successfully deleted the following from C:\Users\Administration\AppData\Roaming\mozilla\firefox\profiles\cnmnilny.default\prefs.js

user_pref("google.toolbar.button_option.cached.gtbSearchBlogs", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchBlogs\" t
user_pref("google.toolbar.button_option.cached.gtbSearchPhotos", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchPhotos\"
user_pref("google.toolbar.button_option.cached.gtbSearchScholar", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchScholar
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_CTK0Y7F4MTG6NKYH03WT-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
Emptied folder: C:\Users\Administration\AppData\Roaming\mozilla\firefox\profiles\cnmnilny.default\minidumps [13 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.04.2013 at 17:21:07,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

adwCleaner[S4].txt

Code:

ATTFilter

# AdwCleaner v2.200 - Datei am 11/04/2013 um 17:22:56 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Administration - ADMINISTRATI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Administration\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0 (de)

Datei : C:\Users\Administration\AppData\Roaming\Mozilla\Firefox\Profiles\cnmnilny.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zknox453.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [22996 octets] - [07/04/2013 18:51:57]
AdwCleaner[R2].txt - [23057 octets] - [07/04/2013 18:52:32]
AdwCleaner[S1].txt - [22942 octets] - [07/04/2013 18:53:51]
AdwCleaner[S2].txt - [1320 octets] - [07/04/2013 19:27:37]
AdwCleaner[S3].txt - [1378 octets] - [07/04/2013 19:37:45]
AdwCleaner[S4].txt - [1200 octets] - [11/04/2013 17:22:56]

########## EOF - C:\AdwCleaner[S4].txt - [1260 octets] ##########

OTL.txt

Code:

ATTFilter

OTL logfile created on: 11.04.2013 17:49:01 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administration\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 58,54% Memory free
6,72 Gb Paging File | 5,41 Gb Available in Paging File | 80,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 241,09 Gb Total Space | 35,78 Gb Free Space | 14,84% Space Free | Partition Type: NTFS
Drive D: | 232,94 Gb Total Space | 223,98 Gb Free Space | 96,15% Space Free | Partition Type: NTFS
Drive E: | 19,99 Gb Total Space | 8,45 Gb Free Space | 42,26% Space Free | Partition Type: FAT32
Drive F: | 678,23 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 102,13 Gb Total Space | 72,89 Gb Free Space | 71,37% Space Free | Partition Type: NTFS
Drive K: | 102,54 Gb Total Space | 45,45 Gb Free Space | 44,33% Space Free | Partition Type: NTFS
Drive L: | 115,63 Gb Total Space | 115,53 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive M: | 117,19 Gb Total Space | 44,83 Gb Free Space | 38,26% Space Free | Partition Type: NTFS
 
Computer Name: ADMINISTRATI-PC | User Name: Administration | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Administration\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.)
PRC - M:\Program Files\VMware\vmware-authd.exe (VMware, Inc.)
PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
PRC - M:\Program Files\VMware\vmware-tray.exe (VMware, Inc.)
PRC - C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\EXPERTool\TBPANEL.exe (Gainward Co.)
PRC - C:\Programme\HomeCinema\PlayMovie\PMVService.exe (CyberLink Corp.)
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)
PRC - C:\Programme\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
PRC - C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe ()
PRC - C:\Programme\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
PRC - C:\Programme\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\IntelDH\CCU\CCU_Engine.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
PRC - C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
PRC - m:\Program Files\Electronics Workbench\NLS\EWBNLSS.exe ()
PRC - C:\Windows\System32\lktsrv.exe (National Instruments, Inc.)
PRC - C:\Windows\System32\lkads.exe (National Instruments, Inc.)
PRC - C:\Windows\System32\nisvcloc.exe (National Instruments Corp.)
PRC - C:\Windows\System32\lkcitdl.exe (National Instruments, Inc.)
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\EXPERTool\TBPanelExt.dll ()
MOD - C:\Programme\EXPERTool\TBMANAGE.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV - (hpdj) -- C:\Users\ADMINI~1\AppData\Local\Temp\hpdj.exe File not found
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- M:\Program Files\VMware\vmware-authd.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (ufad-ws60) -- M:\Program Files\VMware\vmware-ufad.exe (VMware, Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (TVECapSvc) -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
SRV - (TVESched) -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe ()
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (srvcPVR) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
SRV - (AlertService) -- C:\Programme\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
SRV - (QualityManager) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe (Intel(R) Corporation)
SRV - (Remote UI Service) -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
SRV - (MCLServiceATL) -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
SRV - (DHTRACE) -- C:\Programme\Common Files\Intel\IntelDH\bin\DHTraceController.exe (Intel(R) Corporation)
SRV - (ISSM) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe (Intel(R) Corporation)
SRV - (NMSCore) -- C:\Programme\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe (Intel(R) Corporation)
SRV - (M1 Server) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
SRV - (DQLWinService) -- C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (EWBNLSS) -- m:\Program Files\Electronics Workbench\NLS\EWBNLSS.exe ()
SRV - (lkTimeSync) -- C:\Windows\System32\lktsrv.exe (National Instruments, Inc.)
SRV - (lkClassAds) -- C:\Windows\System32\lkads.exe (National Instruments, Inc.)
SRV - (niSvcLoc) -- C:\Windows\System32\nisvcloc.exe (National Instruments Corp.)
SRV - (LkCitadelServer) -- C:\Windows\System32\lkcitdl.exe (National Instruments, Inc.)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SDDMI2) -- C:\Windows\system32\DDMI2.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found
DRV - (catchme) -- C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.)
DRV - (vmci) -- C:\Windows\System32\drivers\vmci.sys (VMware, Inc.)
DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (vmkbd) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.)
DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.)
DRV - (vmusb) -- C:\Windows\System32\drivers\vmusb.sys (VMware, Inc.)
DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.)
DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (vstor2-ws60) -- M:\Program Files\VMware\vstor2-ws60.sys (VMware, Inc.)
DRV - (SaiNtBus) -- C:\Windows\System32\drivers\SaiBus.sys (Saitek)
DRV - (SaiMini) -- C:\Windows\System32\drivers\SaiMini.sys (Saitek)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\HomeCinema\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (VBoxUSB) -- C:\Windows\System32\drivers\VBoxUSB.sys (Sun Microsystems, Inc.)
DRV - ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) -- C:\Programme\HomeCinema\PowerDVD\000.fcl (Cyberlink Corp.)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (NXP Semiconductors Germany GmbH)
DRV - (TSHWMDTCP) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys ()
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (SaiH5F0D) -- C:\Windows\System32\drivers\SaiH5F0D.sys (Saitek)
DRV - (SaiU5F0D) -- C:\Windows\System32\drivers\SaiU5F0D.sys (Saitek)
DRV - (TBPanel) -- C:\Windows\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (nmsunidr) -- C:\Windows\System32\drivers\nmsunidr.sys (Gteko Ltd.)
DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (cvintdrv) -- C:\Windows\System32\drivers\cvintdrv.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 5D 4C 46 EA 09 CE 01  [binary data]
IE - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA_de
IE - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-792228030-1338267176-3048093723-1012\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.freenet.de"
FF - prefs.js..extensions.enabledAddons: foxsaver%40www.foxsaver.com:2.2.8
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7Bc50ca3c4-5656-43c2-a061-13e717f73fc8%7D:4.2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.13.0.6
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.1.3
FF - prefs.js..extensions.enabledItems: foxsaver@www.foxsaver.com:2.2.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: {3EC9C995-8072-4fc0-953E-4F30620D17F3}:2.0.0.4
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2910: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.02.12 09:28:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.07 19:36:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.11 11:32:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.08.03 11:56:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.02.21 19:18:27 | 000,000,000 | ---D | M]
 
[2008.09.14 11:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administration\AppData\Roaming\mozilla\Extensions
[2013.04.11 13:19:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administration\AppData\Roaming\mozilla\Firefox\Profiles\cnmnilny.default\extensions
[2011.07.05 15:03:37 | 000,000,000 | ---D | M] (FoxSaver) -- C:\Users\Administration\AppData\Roaming\mozilla\Firefox\Profiles\cnmnilny.default\extensions\foxsaver@www.foxsaver.com
[2012.12.12 12:26:03 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Administration\AppData\Roaming\mozilla\firefox\profiles\cnmnilny.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.01.15 21:01:49 | 000,316,778 | ---- | M] () (No name found) -- C:\Users\Administration\AppData\Roaming\mozilla\firefox\profiles\cnmnilny.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
[2013.02.14 15:44:33 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Administration\AppData\Roaming\mozilla\firefox\profiles\cnmnilny.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2009.01.22 21:08:03 | 000,002,108 | ---- | M] () -- C:\Users\Administration\AppData\Roaming\mozilla\firefox\profiles\cnmnilny.default\searchplugins\youtube-videosuche.xml
[2013.04.07 19:36:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.27 04:17:36 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2005.10.12 16:04:02 | 000,020,480 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\NPLV80Win32.dll
[2013.03.27 05:32:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.27 05:32:09 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.03.27 05:32:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.27 05:32:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.27 05:32:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.27 05:32:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.11 12:03:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Programme\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\HomeCinema\PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vmware-tray] M:\Program Files\VMware\vmware-tray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-792228030-1338267176-3048093723-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-792228030-1338267176-3048093723-1004..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe (Gainward Co.)
O4 - HKU\S-1-5-21-792228030-1338267176-3048093723-1012..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StarOffice 8.lnk = C:\Programme\Sun\StarOffice 8\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =   [binary data]
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =   [binary data]
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-792228030-1338267176-3048093723-1012\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Free YouTube Download - C:\Users\Administration\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Administration\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - M:\Program Files\VMware\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - M:\Program Files\VMware\vsocklib.dll (VMware, Inc.)
O15 - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{004DD726-7D49-47A4-9D03-9F5507481DF3}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{365D6CE8-3EB7-4D59-9B24-20AA50C5C322}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A68A3AF-40A7-46E5-ADB3-202921C38410}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FA6207C-FA60-4C3B-A1C0-165D0EA7E675}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administration\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Administration\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2001.08.24 04:21:18 | 000,000,067 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-792228030-1338267176-3048093723-1004\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.11 17:25:43 | 000,000,000 | ---D | C] -- C:\Users\Administration\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2013.04.11 16:30:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administration\Desktop\OTL.exe
[2013.04.11 16:28:11 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Administration\Desktop\JRT.exe
[2013.04.11 12:16:20 | 000,237,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.04.11 12:05:54 | 000,000,000 | ---D | C] -- C:\Users\Administration\AppData\Local\temp
[2013.04.11 12:05:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.11 11:53:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.11 11:53:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.11 11:53:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.11 11:53:05 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.04.11 11:53:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.11 11:52:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.10 14:18:41 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.10 14:18:40 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.10 14:18:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.10 14:18:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.10 14:18:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.10 14:18:39 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.10 14:18:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.10 14:18:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.10 11:33:12 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.04.10 11:33:11 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.10 11:33:09 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 11:33:08 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 11:33:08 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.09 21:55:29 | 000,000,000 | ---D | C] -- C:\Users\Administration\Desktop\PC Problem
[2013.04.07 19:55:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.04.07 19:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013.04.07 19:01:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.07 19:01:49 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.07 16:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.04.07 16:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.04.06 19:34:20 | 000,000,000 | ---D | C] -- C:\Users\Administration\AppData\Local\Koox System Optimizer
[2013.04.06 19:33:55 | 001,122,304 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Windows\System32\libeay32.dll
[2013.04.06 19:33:55 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2013.04.06 19:33:55 | 000,274,432 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Windows\System32\ssleay32.dll
[2013.04.06 19:33:55 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2013.04.06 19:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\Coupon Drop Down Removal Tool
[2013.04.06 13:26:51 | 000,000,000 | ---D | C] -- C:\Users\Administration\Desktop\Diverse Dokumente
[2013.04.02 10:56:06 | 000,000,000 | ---D | C] -- C:\Users\Administration\AppData\Roaming\Malwarebytes
[2013.04.02 10:55:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.02 10:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.28 13:36:49 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2013.03.28 13:31:35 | 013,088,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2013.03.28 13:31:34 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2013.03.28 13:31:34 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2013.03.28 13:31:33 | 008,952,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2013.03.28 13:31:33 | 001,012,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3231422.dll
[2013.03.28 13:31:33 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3231422.dll
[2013.03.28 13:31:32 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2013.03.28 13:31:32 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2013.03.28 13:31:32 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2013.03.28 13:31:31 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2013.03.22 18:03:03 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.14 10:56:07 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.14 10:55:17 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.14 10:55:17 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.14 10:55:16 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.11 17:49:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.11 17:26:41 | 000,000,442 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2013.04.11 17:26:06 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013.04.11 17:25:34 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.11 17:24:58 | 000,005,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.11 17:24:58 | 000,005,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.11 17:24:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.11 17:24:49 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.11 17:22:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.11 16:30:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administration\Desktop\OTL.exe
[2013.04.11 16:28:44 | 000,613,083 | ---- | M] () -- C:\Users\Administration\Desktop\adwcleaner.exe
[2013.04.11 16:28:15 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Administration\Desktop\JRT.exe
[2013.04.11 14:44:43 | 000,018,574 | ---- | M] () -- C:\Users\Administration\Documents\Discounter Strom3.2.odt
[2013.04.11 14:25:24 | 000,015,655 | ---- | M] () -- C:\Users\Administration\Documents\Discounter Strom3.1.odt
[2013.04.11 12:32:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013.04.11 12:03:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.04.10 14:39:22 | 000,380,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.10 14:04:58 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.04.10 14:04:58 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.04.10 14:04:58 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.04.10 10:39:17 | 371,571,396 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.10 08:33:25 | 000,008,916 | ---- | M] () -- C:\Users\Administration\AppData\Local\d3d9caps.dat
[2013.04.08 14:40:05 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2013.04.07 19:36:18 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.06 15:34:17 | 000,641,432 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.06 15:34:17 | 000,132,104 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.06 15:34:17 | 000,008,878 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.06 15:34:17 | 000,006,488 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.02 10:23:50 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.22 18:29:44 | 000,015,426 | ---- | M] () -- C:\Users\Administration\Documents\Discounter Strom3.odt
[2013.03.15 07:46:27 | 020,542,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2013.03.15 07:46:27 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2013.03.15 07:46:27 | 015,042,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2013.03.15 07:46:27 | 013,088,000 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2013.03.15 07:46:27 | 008,952,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2013.03.15 07:46:27 | 007,959,000 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2013.03.15 07:46:27 | 006,271,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2013.03.15 07:46:27 | 002,728,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2013.03.15 07:46:27 | 002,539,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2013.03.15 07:46:27 | 001,995,552 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2013.03.15 07:46:27 | 001,012,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3231422.dll
[2013.03.15 07:46:27 | 000,892,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3231422.dll
[2013.03.15 07:46:27 | 000,013,625 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2013.03.15 04:59:30 | 004,119,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2013.03.15 04:59:30 | 003,014,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2013.03.15 04:59:27 | 002,555,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2013.03.15 04:59:26 | 000,223,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2013.03.15 04:59:26 | 000,062,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2013.03.14 10:55:46 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.14 10:55:45 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.03.14 10:55:45 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.03.14 10:55:45 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.14 10:55:45 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.14 10:55:45 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.14 10:49:32 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.14 10:49:32 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.11 16:28:39 | 000,613,083 | ---- | C] () -- C:\Users\Administration\Desktop\adwcleaner.exe
[2013.04.11 14:25:24 | 000,015,655 | ---- | C] () -- C:\Users\Administration\Documents\Discounter Strom3.1.odt
[2013.04.11 14:11:00 | 000,018,574 | ---- | C] () -- C:\Users\Administration\Documents\Discounter Strom3.2.odt
[2013.04.11 11:53:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.11 11:53:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.11 11:53:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.11 11:53:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.11 11:53:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.10 16:55:22 | 3487,748,096 | -HS- | C] () -- C:\hiberfil.sys
[2013.04.10 08:21:51 | 371,571,396 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.04.08 14:40:05 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2013.03.28 13:31:33 | 000,013,625 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2013.03.22 18:29:43 | 000,015,426 | ---- | C] () -- C:\Users\Administration\Documents\Discounter Strom3.odt
[2013.01.31 14:37:46 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013.01.31 14:05:05 | 000,008,916 | ---- | C] () -- C:\Users\Administration\AppData\Local\d3d9caps.dat
[2013.01.31 13:22:50 | 000,000,569 | ---- | C] () -- C:\Windows\eReg.dat
[2012.03.17 18:49:22 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2012.03.17 18:40:08 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008.04.21 22:24:47 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.04.12 09:14:12 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.02.04 16:43:49 | 000,223,744 | ---- | C] () -- C:\Users\Administration\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.02.04 14:48:17 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.02.03 20:07:02 | 000,000,102 | ---- | C] () -- C:\Users\Administration\AppData\Local\fusioncache.dat
[2008.02.03 16:04:32 | 000,000,101 | ---- | C] () -- C:\Users\Administration\AppData\Roaming\default.pls
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

OTL
Extra.txt

Code:

ATTFilter

OTL Extras logfile created on: 11.04.2013 17:49:01 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administration\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 58,54% Memory free
6,72 Gb Paging File | 5,41 Gb Available in Paging File | 80,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 241,09 Gb Total Space | 35,78 Gb Free Space | 14,84% Space Free | Partition Type: NTFS
Drive D: | 232,94 Gb Total Space | 223,98 Gb Free Space | 96,15% Space Free | Partition Type: NTFS
Drive E: | 19,99 Gb Total Space | 8,45 Gb Free Space | 42,26% Space Free | Partition Type: FAT32
Drive F: | 678,23 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 102,13 Gb Total Space | 72,89 Gb Free Space | 71,37% Space Free | Partition Type: NTFS
Drive K: | 102,54 Gb Total Space | 45,45 Gb Free Space | 44,33% Space Free | Partition Type: NTFS
Drive L: | 115,63 Gb Total Space | 115,53 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive M: | 117,19 Gb Total Space | 44,83 Gb Free Space | 38,26% Space Free | Partition Type: NTFS
 
Computer Name: ADMINISTRATI-PC | User Name: Administration | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-792228030-1338267176-3048093723-1004\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05BED537-4F2F-445E-BDB9-FABD8C91AE78}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{09A0479D-6FEC-44EC-AE35-A11F3555DF76}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery | 
"{1C8F3A52-5803-4B27-86D9-1AAB48BA2BB9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1DA6277D-6668-4352-9FAD-35A932F920FA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{22F42D4C-AC69-4ED9-B0F4-49FF6D8663D4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{243F184D-F2DA-4AB2-9C46-6A59283F96B0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{35E30DCC-99A8-4EE4-8BA6-2E94C181AFE8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{39C99774-D924-490A-AB4F-8082C868138E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{51BD869B-4D9A-455F-A777-B5D598035E5C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{568B5458-D46A-4405-A6A5-1D9D6E69CC12}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{595A6D12-FC69-4521-9C1F-25E65B93190D}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{769EEBF4-D87F-40D9-AB62-F6416984AC0B}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery | 
"{8F107B26-091E-4D03-A88E-AB4B0B947D8A}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{95C603AE-B456-4ACB-8D4D-16E51BC03FAC}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{ABF2BBA0-BA7D-48A6-897A-2EBE613C4452}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B22A4CA2-0327-425C-99D6-4CE6F4D1C0CB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C7AD2A4D-C8DE-4509-BBF3-A8B078118E08}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{CD2C0D92-A011-4370-B6BD-4680745EE7D4}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D1BE683A-009B-4BD6-9449-EF5277BA8A0B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{DA210AF0-998D-4326-A657-17BCCA3AF6A1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DCDE2A2E-1FEE-4DCE-B188-42FDCD4A4C66}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{DE97CE7E-724E-4215-B17C-5F56FEDF8197}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{E8467382-9C9E-45AA-956A-E3B4BF748819}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{E9E71E8C-0BEF-4D64-8F8F-9A4AF83C2B21}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C23F63-1C82-4C9A-83AD-3F12F37539EC}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{0718D7FE-E9B1-490D-8110-8D1D049B6EDF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0E4F2913-904F-407F-B3BF-E5C43AACAFAE}" = dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe | 
"{11A0AE7E-F2EB-42C8-9D13-DC2C76618033}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe | 
"{13AD2E8B-1AD6-47CD-975D-FB6A7EF6B8B1}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe | 
"{1CA85D05-68B4-48F8-9272-BAE64521BB97}" = protocol=17 | dir=in | app=k:\program files\midway games\stranglehold\binaries\retail-stranglehold.exe | 
"{2F8E6A1D-6A53-4033-B58A-B7C6C6755477}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 
"{308F21D1-29C3-4675-916F-D6137426272B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{35E80827-5F5D-4525-9670-B345828314ED}" = protocol=6 | dir=in | app=k:\program files\midway games\stranglehold\binaries\retail-stranglehold.exe | 
"{462204C3-531F-44C8-8F54-24FFB75FD8DD}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{4EA4E7A7-1A77-4726-B6C8-19D1998FBAD1}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{528773B3-F9C5-42B3-B101-E0447E3CD334}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{539864FB-849F-43D2-A94F-42720A2B4C15}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{64DCE4E0-BE06-4BB5-8602-7760B09F65F3}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe | 
"{67C95187-7609-4E32-A5FD-485E6BB20E73}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6BEC0D4C-61EF-44C4-9A57-4E569F4BA5E3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{763BD154-B8EB-4462-A8B1-BF42E9ACDFF6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7CD61BFE-B7B5-4252-840F-F7F31D78E18F}" = dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe | 
"{7D3CF706-04B0-4A39-84FC-3B34E4017780}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe | 
"{9A2DE70A-FBDE-4A72-AA80-658658A4F1BF}" = dir=in | app=c:\program files\homecinema\playmovie\playmovie.exe | 
"{BDA25F2D-FEF8-478B-82F0-1147F3029BC5}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 
"{C7DBDF5C-C2CA-4608-838F-9BB532F0944B}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{C85BD6CD-B19F-423E-AC37-34CC68A94692}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C9A88DBB-E3E5-4499-8C19-F992BE529F9E}" = protocol=6 | dir=in | app=m:\program files\vmware\vmware-authd.exe | 
"{D383F04C-5757-4FE6-90E7-B48D22CB8919}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe | 
"{E266203E-A6A8-44C4-855A-C45B8FF7DD87}" = dir=in | app=c:\program files\homecinema\playmovie\pmvservice.exe | 
"{EF04D381-9E3F-4009-A103-46F78CEE86E4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F8A8A00B-A18D-419C-8BC1-3B7700D4BA80}" = protocol=17 | dir=in | app=m:\program files\vmware\vmware-authd.exe | 
"{FA437D86-7525-4A37-9F58-928C0D059377}" = protocol=6 | dir=in | app=c:\program files\stampit\binary\stampit.exe | 
"{FAE57EDA-E71F-4905-976F-FF8091FB39CD}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe | 
"{FC008E8C-3A55-4593-B5F8-088EE0DF0221}" = protocol=17 | dir=in | app=c:\program files\stampit\binary\stampit.exe | 
"TCP Query User{0CD38428-2A8D-4DD8-9698-898B4FA30E61}K:\program files\konami\pro evolution soccer 2010\pes2010.exe" = protocol=6 | dir=in | app=k:\program files\konami\pro evolution soccer 2010\pes2010.exe | 
"TCP Query User{0FEEC4A7-2780-4E80-BCAE-23AA06C1A624}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{266D1772-AD27-4B46-9D14-0C4BD76FBB27}C:\program files\common files\nero\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe | 
"TCP Query User{291B55E3-6360-47C7-AF33-E892BB2FAF54}C:6\openarena\openarena-0.8.1\openarena-deprecated.exe" = protocol=6 | dir=in | app=c:6\openarena\openarena-0.8.1\openarena-deprecated.exe | 
"TCP Query User{2BABE999-5378-47A0-A291-306C93E00526}C:\users\administration\appdata\local\temp\onlineupdate8\setupxu.exe" = protocol=6 | dir=in | app=c:\users\administration\appdata\local\temp\onlineupdate8\setupxu.exe | 
"TCP Query User{3041BBB5-8190-43C8-92C3-C330972FE513}J:\program files\emule\emule.exe" = protocol=6 | dir=in | app=j:\program files\emule\emule.exe | 
"TCP Query User{3181A7DA-299D-4DA8-9230-420751E0D747}C:\users\administration\desktop\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\administration\desktop\eclipse\eclipse.exe | 
"TCP Query User{503D9B53-FC74-4A73-B7C0-A604C183F36F}J:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=j:\program files\azureus\azureus.exe | 
"TCP Query User{6A9CCA4F-0E4A-4E1D-A854-E5011D8DB243}K:\program files\konami\pro evolution soccer 2009\pes2009.exe" = protocol=6 | dir=in | app=k:\program files\konami\pro evolution soccer 2009\pes2009.exe | 
"TCP Query User{6D9FFD0A-FFB4-46F0-BBB6-C7DC09DF5FAA}K:\program files\sports interactive\football manager 2006\fm.exe" = protocol=6 | dir=in | app=k:\program files\sports interactive\football manager 2006\fm.exe | 
"TCP Query User{795AA14C-E884-4FE3-8ADA-8156AD680515}F:\ttn.exe" = protocol=6 | dir=in | app=f:\ttn.exe | 
"TCP Query User{90840F6C-EC8C-46D3-955F-7ABD9E035AFD}C:\program files\easyeclipse desktop java 1.3.1.1\eclipse.exe" = protocol=6 | dir=in | app=c:\program files\easyeclipse desktop java 1.3.1.1\eclipse.exe | 
"TCP Query User{A2D1A602-5B71-4326-B6B2-C13681AD9662}K:\program files\konami\pro evolution soccer 2008\pes2008.exe" = protocol=6 | dir=in | app=k:\program files\konami\pro evolution soccer 2008\pes2008.exe | 
"TCP Query User{B0BC4D65-8F0E-4401-9C83-6B3DC900CBD7}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"TCP Query User{BCFF028A-D034-447E-8A8A-652A1EE49F50}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{C5720FE2-9A46-4CD7-BA4D-13CF30F65E91}C:\program files\java\jdk1.6.0_16\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_16\jre\bin\javaw.exe | 
"TCP Query User{CB66A83C-9F6E-4279-8338-FB993F4235EB}J:\program files\emule\emule.exe" = protocol=6 | dir=in | app=j:\program files\emule\emule.exe | 
"TCP Query User{F0337F62-4281-4892-8406-8A3E976F38EC}J:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=j:\program files\azureus\azureus.exe | 
"TCP Query User{F0BA8F58-57F2-4DA0-8874-B7A3C3773701}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{F5DAB7D6-FC8D-4894-B644-4C8F3FCB3465}M:\program files\franzis\3d tipptrainer\ttn.exe" = protocol=6 | dir=in | app=m:\program files\franzis\3d tipptrainer\ttn.exe | 
"TCP Query User{F9D4514D-86BD-465C-91E2-E08D5874ECDF}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{FA91E12E-96F0-4C62-8488-CE51F727F6E0}C:5\openarena\openarena-0.8.1\openarena-deprecated.exe" = protocol=6 | dir=in | app=c:5\openarena\openarena-0.8.1\openarena-deprecated.exe | 
"TCP Query User{FD88C966-31E8-4210-A72B-6D96D41CF744}K:\program files\konami\pro evolution soccer 2009\pes2009.exe" = protocol=6 | dir=in | app=k:\program files\konami\pro evolution soccer 2009\pes2009.exe | 
"UDP Query User{0AAAD534-ECC0-4A8B-A55C-E20B0BA33C27}C:5\openarena\openarena-0.8.1\openarena-deprecated.exe" = protocol=17 | dir=in | app=c:5\openarena\openarena-0.8.1\openarena-deprecated.exe | 
"UDP Query User{0F4CB157-472D-4049-AB39-41E019534D99}K:\program files\konami\pro evolution soccer 2009\pes2009.exe" = protocol=17 | dir=in | app=k:\program files\konami\pro evolution soccer 2009\pes2009.exe | 
"UDP Query User{1535909B-D9CE-4B10-8EBE-C97C8B92AE51}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{1A2EA339-53C8-47AA-9AB3-6CD1B27F8C5C}C:\program files\java\jdk1.6.0_16\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_16\jre\bin\javaw.exe | 
"UDP Query User{40323823-0FE7-4CCF-8EAE-C8B64D3C9158}K:\program files\konami\pro evolution soccer 2009\pes2009.exe" = protocol=17 | dir=in | app=k:\program files\konami\pro evolution soccer 2009\pes2009.exe | 
"UDP Query User{468B9DBA-8CDC-4B91-B37A-D20376B6F545}C:\users\administration\appdata\local\temp\onlineupdate8\setupxu.exe" = protocol=17 | dir=in | app=c:\users\administration\appdata\local\temp\onlineupdate8\setupxu.exe | 
"UDP Query User{785F6F59-F853-4197-9476-6069DAE66205}K:\program files\konami\pro evolution soccer 2010\pes2010.exe" = protocol=17 | dir=in | app=k:\program files\konami\pro evolution soccer 2010\pes2010.exe | 
"UDP Query User{8D8FA50B-216E-4D26-A28A-4A7FB93FB968}C:\program files\easyeclipse desktop java 1.3.1.1\eclipse.exe" = protocol=17 | dir=in | app=c:\program files\easyeclipse desktop java 1.3.1.1\eclipse.exe | 
"UDP Query User{9A7C5D34-CB7F-4A73-8FEC-1706956F027D}K:\program files\sports interactive\football manager 2006\fm.exe" = protocol=17 | dir=in | app=k:\program files\sports interactive\football manager 2006\fm.exe | 
"UDP Query User{9DEE61AC-3023-41E1-9E8F-80499C51565D}J:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=j:\program files\azureus\azureus.exe | 
"UDP Query User{AF0BD7C9-44DA-43C7-A0A5-293B28845DFA}C:\program files\common files\nero\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe | 
"UDP Query User{B740C805-1124-47A6-A60D-9ED484393B47}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{BEBE341E-72E0-4EC5-8C37-82E3B07784B5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{C28BD79A-274B-4968-9F54-8F53EB677714}C:6\openarena\openarena-0.8.1\openarena-deprecated.exe" = protocol=17 | dir=in | app=c:6\openarena\openarena-0.8.1\openarena-deprecated.exe | 
"UDP Query User{C3098D05-3CD0-4D18-AC0C-25C1A1741248}J:\program files\emule\emule.exe" = protocol=17 | dir=in | app=j:\program files\emule\emule.exe | 
"UDP Query User{C3E7B11F-F1EF-490C-BBC3-5E578A10A7B5}M:\program files\franzis\3d tipptrainer\ttn.exe" = protocol=17 | dir=in | app=m:\program files\franzis\3d tipptrainer\ttn.exe | 
"UDP Query User{C720CD53-5630-43D8-B8B9-2DD9B120E7B9}F:\ttn.exe" = protocol=17 | dir=in | app=f:\ttn.exe | 
"UDP Query User{C833B95A-89A0-4EC5-AC14-8A2A6BE6DA12}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"UDP Query User{D0DE2636-0129-4EA5-ACC5-E3835396DBD4}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{D61B1E1C-FAA2-49D0-93F1-0CF8FDE0BBBD}C:\users\administration\desktop\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\administration\desktop\eclipse\eclipse.exe | 
"UDP Query User{DD032383-12C1-4213-A0D7-339DA2B82565}K:\program files\konami\pro evolution soccer 2008\pes2008.exe" = protocol=17 | dir=in | app=k:\program files\konami\pro evolution soccer 2008\pes2008.exe | 
"UDP Query User{F5F35C06-97C5-4DB2-9309-1CD1B475DEC4}J:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=j:\program files\azureus\azureus.exe | 
"UDP Query User{F65D3605-0D48-424A-82AB-32A5C9070791}J:\program files\emule\emule.exe" = protocol=17 | dir=in | app=j:\program files\emule\emule.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07FB1A47-5D14-47A2-BC3C-A3481ABBB957}" = EWB Shared Components
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0B0BEF37-B327-48ED-A2E0-BF6974676294}" = NI Logos 4.6
"{1058F383-32D3-4B8B-BFEF-10D8AFDCD24E}" = EWB Network License Server
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{255D87CE-1E45-4795-9731-454EF5371B02}" = NI USI 1.2.0
"{26A24AE4-039D-4CA4-87B4-2F83216015F0}" = Java(TM) 6 Update 15
"{26A24AE4-039D-4CA4-87B4-2F83217009F0}" = Java 7 Update 9
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{28C59BDD-55F3-4454-BF17-37AC537F894B}" = NI MDF Support
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2FDFD600-7338-4738-90D5-FC4ACA08DC36}" = Pro Evolution Soccer 2008
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32A3A4F4-B792-11D6-A78A-00B0D0160140}" = Java(TM) SE Development Kit 6 Update 14
"{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java(TM) SE Development Kit 6 Update 16
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46CA73D7-A908-4732-8DD3-217DA58526BB}" = EWB Network License Server
"{49CFD5D9-0556-4037-B7D6-E13ED4BEA4C5}" = Football Manager 2006
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5aa47dba-b584-4d47-a626-76e53fc2987d}" = JavaFX(TM) 1.2 SDK
"{60FC2242-9CF5-4264-B02A-A4A86447F560}" = NI EULA Depot
"{64B408B8-068B-4EE0-B16C-658A24E75B8B}" = Active@ UNDELETE
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A65D944-399F-4665-BA27-318B3F91E881}" = Multisim 9
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80BC3054-A6BF-4FAA-A09E-196F3DA80FB5}" = EWB Network License Server
"{818FB39B-1A57-4F1B-A54D-391C33D6C596}" = Tropico
"{8410B358-107A-4FB7-AB2B-6FD952F15A8F}" = Nero 8 Essentials
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86EDEF11-EFE4-46CB-8B08-9CBD4A936B1F}" = Stranglehold
"{87E01B1B-92A0-416F-9F8E-9BE921A05F9F}" = StarOffice 8
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B63540D-D942-4C38-B42E-A48AE0145970}" = Virtua Tennis(TM) 2009
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CD92DB1-1B3B-4296-9456-93EA6BCAA4C5}" = Enter The Matrix
"{9E0AE153-88DC-428B-99EB-6A3D984230B8}" = NI LabWindows/CVI 7.1.1 Run Time Engine
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Play Movie
"{A5D1EA23-CEE5-4B72-A0C3-8BCEDFC6F94C}" = NI LabVIEW Run-Time Engine 8.0
"{A6473724-A851-11D5-986D-00500443CF9F}" = Moorhuhn 3
"{A7472CEE-6E85-4D43-9C71-BDFC0D471F70}" = Intel® Viiv™ Software
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B1F27A23-B6D1-4397-BA2F-25F348DF135F}" = NI Uninstaller
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B571B309-5E65-3DCE-8DE7-205DE2D366C3}" = Microsoft Visual C++ 2008 Express Edition - DEU
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BBBF4CFE-9D26-4D93-A869-B2B021B3CA85}" = Intel(R) PRO Network Connections 12.2.41.0
"{C07B8BC4-AFD9-3AA4-BDF5-330A07591FDE}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{C73A0FC7-FFDC-4BAD-912A-C5791FF9EAC6}" = NI Service Locator
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCC8E84E-AB61-4EC0-890D-8B553915B3AD}" = TVsweeper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{D922EF97-6657-3075-BC93-A6CF59444E84}" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DCDD061F-3797-42C1-96E4-4B897C73E2B4}" = Multisim 9
"{DE3FCA5F-7B8A-482B-89A9-CC9BD5F656A1}" = UEFA EURO 2008™
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"3D TippTrainer_is1" = 3D TippTrainer
"7-Zip" = 7-Zip 4.65
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ALDI Foto Manager Free Nord D" = ALDI Foto Manager Free Nord
"ALDI Foto Service Nord D" = ALDI Foto Service Nord
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice
"ALDI Online Druck Service (Nord)" = ALDI Online Druck Service (Nord)
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"CloneDVD2" = CloneDVD2
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EasyEclipse Desktop Java 1.3.1.1" = EasyEclipse Desktop Java 1.3.1.1
"EXPERTool_is1" = EXPERTool 7.0
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Studio_is1" = Free Studio version 5.3.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hp deskjet 5100 series_Driver" = hp deskjet 5100 series
"Indeo® software" = Indeo® software
"InstallShield_{2FDFD600-7338-4738-90D5-FC4ACA08DC36}" = Pro Evolution Soccer 2008
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Intel(R) Configuration Center" = Intel® Viiv™ Software
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.4
"James Bond 007: Nightfire" = James Bond 007: Nightfire
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.7.0 (Full)
"MEDION Fotos auf CD Nord D" = MEDION Fotos auf CD Nord
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual C++ 2008 Express Edition - DEU" = Microsoft Visual C++ 2008 Express Edition - DEU
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"Mozilla Thunderbird (2.0.0.19)" = Mozilla Thunderbird (2.0.0.19)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSDN Library for Microsoft Visual Studio 2008 Express Editions" = MSDN Library für Microsoft Visual Studio 2008 Express Editions
"NAVIGON Fresh" = NAVIGON Fresh 3.0.2
"NI Uninstaller" = National Instruments-Software
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"PROSetDX" = Intel(R) PRO Network Connections 12.2.41.0
"RealPlayer 6.0" = RealPlayer
"SEAT" = SEAT
"SEAT Cupra GT - Screen Saver" = SEAT Cupra GT - Screen Saver
"Shockwave" = Shockwave
"ShotOnline" = ShotOnline
"SWING" = SWING
"The Dark Knight" = The Dark Knight
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.1
"VMware_Workstation" = VMware Workstation
"WinGimp-2.0_is1" = Gimp 2.6.2 Debug
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"X10Hardware" = X10 Hardware(TM)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.04.2013 11:52:29 | Computer Name = Administrati-PC | Source = vmauthd | ID = 100
Description = Malformed perfmon object, index=2   
 
Error - 11.04.2013 11:52:29 | Computer Name = Administrati-PC | Source = vmauthd | ID = 100
Description = Malformed perfmon object, index=3   
 
Error - 11.04.2013 11:52:29 | Computer Name = Administrati-PC | Source = vmauthd | ID = 100
Description = Malformed perfmon object, index=4   
 
Error - 11.04.2013 11:52:29 | Computer Name = Administrati-PC | Source = vmauthd | ID = 100
Description = Malformed perfmon object, index=5   
 
Error - 11.04.2013 11:52:45 | Computer Name = Administrati-PC | Source = vmauthd | ID = 100
Description = Malformed perfmon object, index=0   
 
Error - 11.04.2013 11:52:46 | Computer Name = Administrati-PC | Source = vmauthd | ID = 100
Description = Malformed perfmon object, index=1   
 
Error - 11.04.2013 11:52:46 | Computer Name = Administrati-PC | Source = vmauthd | ID = 100
Description = Malformed perfmon object, index=2   
 
Error - 11.04.2013 11:52:46 | Computer Name = Administrati-PC | Source = vmauthd | ID = 100
Description = Malformed perfmon object, index=3   
 
Error - 11.04.2013 11:52:46 | Computer Name = Administrati-PC | Source = vmauthd | ID = 100
Description = Malformed perfmon object, index=4   
 
Error - 11.04.2013 11:52:46 | Computer Name = Administrati-PC | Source = vmauthd | ID = 100
Description = Malformed perfmon object, index=5   
 
[ Media Center Events ]
Error - 11.04.2013 11:28:12 | Computer Name = Administrati-PC | Source = ehRecvr | ID = 4
Description = 
 
[ OSession Events ]
Error - 29.08.2011 09:08:59 | Computer Name = Administrati-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 28
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 11.04.2013 11:26:28 | Computer Name = Administrati-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 11.04.2013 11:26:28 | Computer Name = Administrati-PC | Source = Service Control Manager | ID = 7038
Description = 
 
Error - 11.04.2013 11:26:28 | Computer Name = Administrati-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 11.04.2013 11:26:28 | Computer Name = Administrati-PC | Source = Service Control Manager | ID = 7038
Description = 
 
Error - 11.04.2013 11:26:28 | Computer Name = Administrati-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 11.04.2013 11:26:28 | Computer Name = Administrati-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 11.04.2013 11:26:28 | Computer Name = Administrati-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 11.04.2013 11:26:28 | Computer Name = Administrati-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 11.04.2013 11:26:28 | Computer Name = Administrati-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 11.04.2013 11:26:33 | Computer Name = Administrati-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >

Nun weiß ich nicht, wie wir beide verbleiben werden. Möglich, dass das "coupondropdown"-Problem verdeckt in meinem System lauert und irgendwann wiederkommt oder aber das Problem an den Add-ons lag. Kannst mir ja sagen, was Du mir als nächstes empfiehlst.

Übrigens ist mein PC in den Jahren beim Hochfahren ziemlich lahm geworden. Gibt es da nicht auch irgendein Programm, der den Rechner aufräumt und wieder schneller macht?

Wenn das sonst alles sein sollte, bedanke ich mich sehr für diese sehr kompetente Hilfe und Betreuung von Dir und wünsche Deinen Kollegen und Dir natürlich weiterhin frohes Schaffen in diesem Forum. Macht weiter so. Ihr macht ein klasse Job und spart uns unwissene Users viele Kopfschmerzen sowie Geld, wegen der kostenpflichtigen Programme...

Bis denne.
Gruß, cotangens.

cosinus · 12.04.2013, 12:56

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - user.js - File not found
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

DanGomes · 12.04.2013, 18:22

Hi cosinus.
Hier nun die gewünschte Log-Datei des OTL-Fix-Laufs.

Code:

ATTFilter

All processes killed
========== OTL ==========
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Administration\Desktop\cmd.bat deleted successfully.
C:\Users\Administration\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administration
->Temp folder emptied: 128284 bytes
->Temporary Internet Files folder emptied: 8468086 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 25151266 bytes
->Flash cache emptied: 1499 bytes
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Jenny
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1500758 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42125 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 34,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 04122013_190227

Files\Folders moved on Reboot...
File move failed. C:\Windows\S1E4DD34B.tmp scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM-595935190\vmware-usbarb-SYSTEM-2632.log moved successfully.
File\Folder C:\Windows\temp\JET6A56.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Sag an was als nächstes ansteht.
Gruß, cotangens.

10.04.2013, 14:16	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	coupondropdown lässt sich immer noch nicht unter Firefox entfernen Ist eigenlich das falsche Log von MBAR Probier bitte MBAR nochmal im abgesicherten Modus mit Netzwerktreibern aus __________________ --> coupondropdown lässt sich immer noch nicht unter Firefox entfernen

coupondropdown lässt sich immer noch nicht unter Firefox entfernen

Plagegeister aller Art und deren Bekämpfung: coupondropdown lässt sich immer noch nicht unter Firefox entfernen