Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.04.2013, 13:09   #1
Ahnungslos61
 
ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen - Standard

ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen



Hallo,

ich bin neu hier und relativ ahnungslos im Umgang mit Trojanern.

Wir haben eine Mail von der Deutschen Telekom bekommen, dass über unsere Zugangskennung ein Trojaner bei uns "nistet" (sagt man das so?). Habe es bei der Telekom verifiziert, ist echt.
Greift wohl paypal an, das habe ich gelöst.
Die Deutsche Telekom schickt mit der Mail einen Link zu : https://www.botfrei.de/telekom

Das Programm (Avira) habe ich durchlaufen lassen, 3 Schäden hat er entdeckt und bereinigt.

Scheinbar hat mein Mann den Trojaner eingeschleust, er hat ihn wohl in der Firma über einen Mailanhang bekommen, glaubt er.

Mein Rechner hat windows 8.

Kann ich nochwas tun und wenn ja dann was?

Herzlichen Dank für die Hilfe

Ahnungslos61 aus Mainz

Alt 18.04.2013, 13:21   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen - Standard

ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen



Hallo und

Zitat:
Das Programm (Avira) habe ich durchlaufen lassen, 3 Schäden hat er entdeckt und bereinigt.
Schön und wo sind die Logs dazu?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 18.04.2013, 13:52   #3
Ahnungslos61
 
ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen - Standard

ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen



Hallo!
Danke für die Rückfrage, aber wo stehen die logfiles?

Gruß Ahnungslos61
__________________

Alt 18.04.2013, 13:52   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen - Standard

ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen



Warum liest du den von mir verlinkten Artikel nicht?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 18.04.2013, 13:57   #5
Ahnungslos61
 
ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen - Standard

ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen



Ich hoffe das ist die Richtige :-)


Code:
ATTFilter
Avira DE-Cleaner
Erstellungsdatum der Reportdatei: Donnerstag, 18. April 2013  09:25

Es wird nach 3841495 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : DE-Cleaner Kit
Seriennummer   : 2223078146-DECLE-0000001
Plattform      : Windows NT
Windowsversion : (plain)  [6.2.9200]
Boot Modus     : Normal gebootet
Benutzername   : Astrid-Coach
Computername   : ASTRID

Versionsinformationen:
BUILD.DAT      : 10.0.0.41      12093 Bytes  04.10.2012 10:12:00
AVSCAN.EXE     : 10.0.4.6      514216 Bytes  18.04.2013 07:24:47
AVSCAN.DLL     : 10.0.4.0       56168 Bytes  18.04.2013 07:24:47
LUKE.DLL       : 10.0.4.1      104296 Bytes  18.04.2013 07:24:49
LUKERES.DLL    : Keine Information!
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 07:25:04
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 07:25:12
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 07:25:20
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 07:25:23
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 07:25:25
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 07:25:28
VBASE006.VDF   : 7.11.34.117     2048 Bytes  29.06.2012 07:25:28
VBASE007.VDF   : 7.11.34.118     2048 Bytes  29.06.2012 07:25:28
VBASE008.VDF   : 7.11.34.119     2048 Bytes  29.06.2012 07:25:28
VBASE009.VDF   : 7.11.34.120     2048 Bytes  29.06.2012 07:25:28
VBASE010.VDF   : 7.11.34.121     2048 Bytes  29.06.2012 07:25:28
VBASE011.VDF   : 7.11.34.122     2048 Bytes  29.06.2012 07:25:28
VBASE012.VDF   : 7.11.34.123     2048 Bytes  29.06.2012 07:25:28
VBASE013.VDF   : 7.11.34.124     2048 Bytes  29.06.2012 07:25:28
VBASE014.VDF   : 7.11.34.201   169472 Bytes  02.07.2012 07:25:28
VBASE015.VDF   : 7.11.35.19    122368 Bytes  04.07.2012 07:25:28
VBASE016.VDF   : 7.11.35.20      2048 Bytes  04.07.2012 07:25:28
VBASE017.VDF   : 7.11.35.21      2048 Bytes  04.07.2012 07:25:28
VBASE018.VDF   : 7.11.35.22      2048 Bytes  04.07.2012 07:25:28
VBASE019.VDF   : 7.11.35.23      2048 Bytes  04.07.2012 07:25:28
VBASE020.VDF   : 7.11.35.24      2048 Bytes  04.07.2012 07:25:28
VBASE021.VDF   : 7.11.35.25      2048 Bytes  04.07.2012 07:25:28
VBASE022.VDF   : 7.11.35.26      2048 Bytes  04.07.2012 07:25:28
VBASE023.VDF   : 7.11.35.27      2048 Bytes  04.07.2012 07:25:28
VBASE024.VDF   : 7.11.35.28      2048 Bytes  04.07.2012 07:25:28
VBASE025.VDF   : 7.11.35.29      2048 Bytes  04.07.2012 07:25:28
VBASE026.VDF   : 7.11.35.30      2048 Bytes  04.07.2012 07:25:29
VBASE027.VDF   : 7.11.35.31      2048 Bytes  04.07.2012 07:25:29
VBASE028.VDF   : 7.11.35.32      2048 Bytes  04.07.2012 07:25:29
VBASE029.VDF   : 7.11.35.33      2048 Bytes  04.07.2012 07:25:29
VBASE030.VDF   : 7.11.35.34      2048 Bytes  04.07.2012 07:25:29
VBASE031.VDF   : 7.11.35.74     98816 Bytes  05.07.2012 07:25:29
Engineversion  : 8.2.10.104
AEVDF.DLL      : 8.1.2.8       106867 Bytes  18.04.2013 07:25:33
AESCRIPT.DLL   : 8.1.4.32      455034 Bytes  18.04.2013 07:25:33
AESCN.DLL      : 8.1.8.2       131444 Bytes  18.04.2013 07:25:33
AESBX.DLL      : 8.2.5.12      606578 Bytes  18.04.2013 07:25:33
AERDL.DLL      : 8.1.9.15      639348 Bytes  18.04.2013 07:25:32
AEPACK.DLL     : 8.2.16.22     807288 Bytes  18.04.2013 07:25:31
AEOFFICE.DLL   : 8.1.2.40      201082 Bytes  18.04.2013 07:25:31
AEHEUR.DLL     : 8.1.4.64     5009782 Bytes  18.04.2013 07:25:31
AEHELP.DLL     : 8.1.23.2      258422 Bytes  18.04.2013 07:25:30
AEGEN.DLL      : 8.1.5.30      422261 Bytes  18.04.2013 07:25:29
AEEXP.DLL      : 8.1.0.60       86388 Bytes  18.04.2013 07:25:33
AEEMU.DLL      : 8.1.3.0       393589 Bytes  18.04.2013 07:25:29
AECORE.DLL     : 8.1.25.10     201080 Bytes  18.04.2013 07:25:29
AEBB.DLL       : 8.1.1.0        53618 Bytes  18.04.2013 07:25:29
AVWINLL.DLL    : 10.0.0.0       19304 Bytes  18.04.2013 07:24:47
AVPREF.DLL     : 10.0.0.0       44904 Bytes  18.04.2013 07:24:47
AVREP.DLL      : 10.0.0.8       63848 Bytes  18.04.2013 07:24:47
AVREG.DLL      : 10.0.3.2       53096 Bytes  18.04.2013 07:24:47
AVSCPLR.DLL    : 10.0.4.1       84840 Bytes  18.04.2013 07:24:47
AVARKT.DLL     : Keine Information!
SQLITE3.DLL    : 3.6.19.0      355688 Bytes  18.04.2013 07:24:53
AVSMTP.DLL     : Keine Information!
NETNT.DLL      : Keine Information!
RCIMAGE.DLL    : 11.0.8.0       96616 Bytes  18.04.2013 07:24:52
RCTEXT.DLL     : 11.0.7.0      403304 Bytes  18.04.2013 07:24:52

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: unknown
Konfigurationsdatei...................: C:\Users\ASTRID~1\AppData\Local\Temp\decleaner\decleaner\setup\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: löschen
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
         
Zitat:
Zitat von cosinus Beitrag anzeigen
Warum liest du den von mir verlinkten Artikel nicht?
Habe keine Ahnung wer wo wann ich was schauen soll, bin nicht vom Fach! Arbeite sonst mit
Menschen, da kann man nie nach ablegten Dateien schauen!


Alt 18.04.2013, 14:27   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen - Standard

ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen



Log ist unvollständig. Bitte lies die Anleitung richtig

Zitat:
Habe keine Ahnung wer wo wann ich was schauen soll, bin nicht vom Fach! Arbeite sonst mit
Menschen, da kann man nie nach ablegten Dateien schauen!
Du musst dir hier aber Mühe geben, über ein Forum arbeitet man nunmal in schriftlicher Form und dementsprechend musst du dir Beiträge und verlinkten Artikel auch genau lesen und umsetzen.
__________________
--> ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen

Alt 18.04.2013, 14:37   #7
Ahnungslos61
 
ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen - Standard

ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen



Code:
ATTFilter
Avira DE-Cleaner
Erstellungsdatum der Reportdatei: Donnerstag, 18. April 2013  09:25

Es wird nach 3841495 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : DE-Cleaner Kit
Seriennummer   : 2223078146-DECLE-0000001
Plattform      : Windows NT
Windowsversion : (plain)  [6.2.9200]
Boot Modus     : Normal gebootet
Benutzername   : Astrid-Coach
Computername   : ASTRID

Versionsinformationen:
BUILD.DAT      : 10.0.0.41      12093 Bytes  04.10.2012 10:12:00
AVSCAN.EXE     : 10.0.4.6      514216 Bytes  18.04.2013 07:24:47
AVSCAN.DLL     : 10.0.4.0       56168 Bytes  18.04.2013 07:24:47
LUKE.DLL       : 10.0.4.1      104296 Bytes  18.04.2013 07:24:49
LUKERES.DLL    : Keine Information!
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 07:25:04
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 07:25:12
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 07:25:20
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 07:25:23
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 07:25:25
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 07:25:28
VBASE006.VDF   : 7.11.34.117     2048 Bytes  29.06.2012 07:25:28
VBASE007.VDF   : 7.11.34.118     2048 Bytes  29.06.2012 07:25:28
VBASE008.VDF   : 7.11.34.119     2048 Bytes  29.06.2012 07:25:28
VBASE009.VDF   : 7.11.34.120     2048 Bytes  29.06.2012 07:25:28
VBASE010.VDF   : 7.11.34.121     2048 Bytes  29.06.2012 07:25:28
VBASE011.VDF   : 7.11.34.122     2048 Bytes  29.06.2012 07:25:28
VBASE012.VDF   : 7.11.34.123     2048 Bytes  29.06.2012 07:25:28
VBASE013.VDF   : 7.11.34.124     2048 Bytes  29.06.2012 07:25:28
VBASE014.VDF   : 7.11.34.201   169472 Bytes  02.07.2012 07:25:28
VBASE015.VDF   : 7.11.35.19    122368 Bytes  04.07.2012 07:25:28
VBASE016.VDF   : 7.11.35.20      2048 Bytes  04.07.2012 07:25:28
VBASE017.VDF   : 7.11.35.21      2048 Bytes  04.07.2012 07:25:28
VBASE018.VDF   : 7.11.35.22      2048 Bytes  04.07.2012 07:25:28
VBASE019.VDF   : 7.11.35.23      2048 Bytes  04.07.2012 07:25:28
VBASE020.VDF   : 7.11.35.24      2048 Bytes  04.07.2012 07:25:28
VBASE021.VDF   : 7.11.35.25      2048 Bytes  04.07.2012 07:25:28
VBASE022.VDF   : 7.11.35.26      2048 Bytes  04.07.2012 07:25:28
VBASE023.VDF   : 7.11.35.27      2048 Bytes  04.07.2012 07:25:28
VBASE024.VDF   : 7.11.35.28      2048 Bytes  04.07.2012 07:25:28
VBASE025.VDF   : 7.11.35.29      2048 Bytes  04.07.2012 07:25:28
VBASE026.VDF   : 7.11.35.30      2048 Bytes  04.07.2012 07:25:29
VBASE027.VDF   : 7.11.35.31      2048 Bytes  04.07.2012 07:25:29
VBASE028.VDF   : 7.11.35.32      2048 Bytes  04.07.2012 07:25:29
VBASE029.VDF   : 7.11.35.33      2048 Bytes  04.07.2012 07:25:29
VBASE030.VDF   : 7.11.35.34      2048 Bytes  04.07.2012 07:25:29
VBASE031.VDF   : 7.11.35.74     98816 Bytes  05.07.2012 07:25:29
Engineversion  : 8.2.10.104
AEVDF.DLL      : 8.1.2.8       106867 Bytes  18.04.2013 07:25:33
AESCRIPT.DLL   : 8.1.4.32      455034 Bytes  18.04.2013 07:25:33
AESCN.DLL      : 8.1.8.2       131444 Bytes  18.04.2013 07:25:33
AESBX.DLL      : 8.2.5.12      606578 Bytes  18.04.2013 07:25:33
AERDL.DLL      : 8.1.9.15      639348 Bytes  18.04.2013 07:25:32
AEPACK.DLL     : 8.2.16.22     807288 Bytes  18.04.2013 07:25:31
AEOFFICE.DLL   : 8.1.2.40      201082 Bytes  18.04.2013 07:25:31
AEHEUR.DLL     : 8.1.4.64     5009782 Bytes  18.04.2013 07:25:31
AEHELP.DLL     : 8.1.23.2      258422 Bytes  18.04.2013 07:25:30
AEGEN.DLL      : 8.1.5.30      422261 Bytes  18.04.2013 07:25:29
AEEXP.DLL      : 8.1.0.60       86388 Bytes  18.04.2013 07:25:33
AEEMU.DLL      : 8.1.3.0       393589 Bytes  18.04.2013 07:25:29
AECORE.DLL     : 8.1.25.10     201080 Bytes  18.04.2013 07:25:29
AEBB.DLL       : 8.1.1.0        53618 Bytes  18.04.2013 07:25:29
AVWINLL.DLL    : 10.0.0.0       19304 Bytes  18.04.2013 07:24:47
AVPREF.DLL     : 10.0.0.0       44904 Bytes  18.04.2013 07:24:47
AVREP.DLL      : 10.0.0.8       63848 Bytes  18.04.2013 07:24:47
AVREG.DLL      : 10.0.3.2       53096 Bytes  18.04.2013 07:24:47
AVSCPLR.DLL    : 10.0.4.1       84840 Bytes  18.04.2013 07:24:47
AVARKT.DLL     : Keine Information!
SQLITE3.DLL    : 3.6.19.0      355688 Bytes  18.04.2013 07:24:53
AVSMTP.DLL     : Keine Information!
NETNT.DLL      : Keine Information!
RCIMAGE.DLL    : 11.0.8.0       96616 Bytes  18.04.2013 07:24:52
RCTEXT.DLL     : 11.0.7.0      403304 Bytes  18.04.2013 07:24:52

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: unknown
Konfigurationsdatei...................: C:\Users\ASTRID~1\AppData\Local\Temp\decleaner\decleaner\setup\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: löschen
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Abweichende Archivtypen...............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, 
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Donnerstag, 18. April 2013  09:25

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'deCleaner.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'avwebloader.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_6_602_180.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_6_602_180.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '152' Modul(e) wurden durchsucht
Durchsuche Prozess 'WiseCare365.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'AvastUI.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'HCSynApi.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'GPMTray.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'POSD.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'MsgTranAgt.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'PHotkey.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'AvastSvc.exe' - '113' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'obexsrv.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'devmonsrv.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'rndlresolversvc.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'PMBDeviceInfoProvider.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMSServer.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMSMonitorService.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'ASLDRSrv.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'Decor8Srv.exe' - '11' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '172' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Boot>
C:\swapfile.sys
  [WARNUNG]   Die Datei konnte nicht geöffnet werden!
C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\bases_csd\klavasyswatch.dll
  [FUND]      Ist das Trojanische Pferd TR/Crypt.EPACK.Gen2
C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\sdk8\Cache\klavasyswatch.dll.2365c553620cdfe937303722826af8b9
  [FUND]      Ist das Trojanische Pferd TR/Crypt.EPACK.Gen2
C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\temporaryFolder\bases\sw2\klavasyswatch.dll
  [FUND]      Ist das Trojanische Pferd TR/Crypt.EPACK.Gen2
Beginne mit der Suche in 'D:\' <Recover>

Beginne mit der Desinfektion:
Der Systemwiederherstellungspunkt wurde erfolgreich angelegt.
C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\temporaryFolder\bases\sw2\klavasyswatch.dll
  [FUND]      Ist das Trojanische Pferd TR/Crypt.EPACK.Gen2
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 55f674e0.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\sdk8\Cache\klavasyswatch.dll.2365c553620cdfe937303722826af8b9
  [FUND]      Ist das Trojanische Pferd TR/Crypt.EPACK.Gen2
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 4d615b47.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\bases_csd\klavasyswatch.dll
  [FUND]      Ist das Trojanische Pferd TR/Crypt.EPACK.Gen2
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 1f3e01a0.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.


Ende des Suchlaufs: Donnerstag, 18. April 2013  12:50
Benötigte Zeit:  1:24:19 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  50676 Verzeichnisse wurden überprüft
 1140539 Dateien wurden geprüft
      3 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      3 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      3 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      1 Dateien konnten nicht durchsucht werden
 1140535 Dateien ohne Befall
   8043 Archive wurden durchsucht
      1 Warnungen
      3 Hinweise
         
Ich hoffe er ist jetzt vollständig! Gibt es noch einen anderen logfile?

Danke Ahnungslos61

Alt 18.04.2013, 14:42   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen - Standard

ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen



Zitat:
C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\bases_csd\klavasyswatch.dll
ZoneAlarm ist Unsinn, bitte umgehend deinstallieren und die Windows-Firewall einschalten.
Melde dich wenn das erledigt ist.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 18.04.2013, 15:16   #9
Ahnungslos61
 
ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen - Standard

ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen



Zonealarm über die Systemsteuerung deinstalliert.
WindowsFirewall ist aktiv

Danke + Gruß von Ahnungslos61

Alt 18.04.2013, 23:02   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen - Standard

ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen



Schick!

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.04.2013, 07:25   #11
Ahnungslos61
 
ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen - Standard

ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen



Guten Morgen!
Hier kommt der file von OTL. Die "Extra-Datei" kommt als zweites.
Bin gespannt wie es weitergeht, bin aber zwischendurch unterwegs.
Mein Mann hat gestern abend "malware" drüberlaufen lassen (ohne dass ich es wusste) das
Protokoll kommt nach OTL, als "Drittes".
Danke für die Hilfe!
Ahnungslos61

"Erstes"

Code:
ATTFilter
OTL Extras logfile created on: 19.04.2013 08:04:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Astrid-Coach\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,89 Gb Total Physical Memory | 5,26 Gb Available Physical Memory | 66,71% Memory free
9,07 Gb Paging File | 6,18 Gb Available in Paging File | 68,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 869,80 Gb Total Space | 800,30 Gb Free Space | 92,01% Space Free | Partition Type: NTFS
Drive D: | 60,00 Gb Total Space | 40,90 Gb Free Space | 68,16% Space Free | Partition Type: NTFS
 
Computer Name: ASTRID | User Name: Astrid-Coach | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1212CC03-871F-4276-A446-8D26C81BC6FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{16343735-E6BC-4BF6-AB82-B585588DF1A4}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1EC42E47-9194-4F02-B2DA-98DC73E06634}" = rport=138 | protocol=17 | dir=out | app=system | 
"{202B5A30-F5B0-4D6B-B36D-3FCEE6BEBB76}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2A3FB734-6A05-48FC-9774-C32698627DD7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2A7BA9D9-4977-4665-8DD0-E6014303AA72}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{419BC377-5D0F-4C69-A4AE-33D2E7F42CB7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{55E96179-8C41-4C22-BE95-77CA36762D58}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5FBDD534-3EBB-479A-B649-AFE033CD1FAB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{89075959-3BDA-4689-A8CC-FA91AFC7AC58}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{89ED1B9A-6D90-438C-AC44-267956878D10}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8CAD0ED7-7FAE-4BDF-B7F6-B6AD64B20713}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A2C96B23-7BFC-4521-A7A7-0F1EB3CFF8B0}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{ADFF30D8-2932-4850-B1C9-5D1739E1C30A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B18286CA-57CF-4EB2-A4ED-192F702A7833}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B52DB6FB-9BD0-4FCF-97DB-34D933B1464C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B729D9E4-052E-4A53-B391-331DD080613A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BE34FC85-DF1C-4171-A739-743C1B8E6419}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CD4342CD-16C2-4129-9228-7EFB05504CBC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D61DE085-B5D0-4C60-AFBD-C62898F4B833}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D8F7672F-14C6-4F17-9058-61D04236F5AF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DD411DF8-5638-4E1B-955B-A143E18D1E75}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{E5927AC1-9F11-402F-8D8D-15DC242D4743}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{EEB76AC2-8660-454F-9D3D-0D01A02C499A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{EFA69EAC-2C86-4F01-A310-10BB981E712E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07874BCD-A3F4-4375-B1EC-D6DF0C821078}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0844533D-E375-44ED-B3B9-E115CC8C03A2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0B84B913-97C0-427A-A231-DDD71D1BCEBE}" = dir=in | name=ebay | 
"{0BA9DD78-639F-4783-B4B4-441492DCF4E9}" = dir=in | name=music maker jam | 
"{10F51AF5-FA5D-4FC6-92B6-E2DA8AD9AC0A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{1562D40E-79DD-4845-9336-0750EBAAB43A}" = dir=out | name=ebay | 
"{194182FE-F8A5-415D-A55B-756DAA7F0BB5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1F14DCA6-7485-4E51-8803-B1765244A5F5}" = dir=out | name=windows_ie_ac_001 | 
"{1FCD6BF7-18DC-4AD2-B26B-FE9AE490F46F}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{202C76FD-D565-4361-8874-876122CCABC3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2353E3BE-6CB6-4838-9EE3-6A680B9C994D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{244648D2-91C9-4495-850C-2CEF4F7D3C34}" = dir=out | name=music maker jam | 
"{266070C5-41E9-4C3A-8805-59D5C870EF06}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{26EFED50-1282-46CA-A87F-CF537F4F2FA3}" = dir=out | name=accuweather for windows 8 | 
"{2A2A5324-68D3-4EFB-91A1-8E78BCBCA3DA}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{2AB1687F-F66D-4C24-B498-117CEEA8510E}" = dir=in | app=c:\program files (x86)\laplink\pcmover\pcmover.exe | 
"{2C1C0863-ACB0-4EA4-A3D3-55CC616461E1}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{2C77F7AB-D0DD-4756-85DA-ED78F8945CA5}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{31A8C68C-0E2A-44F4-B506-688317F6B7DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3225A2B2-1C0B-45BF-BF37-90B9BF48D56F}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{33DCB526-E5EA-4148-A84B-0CD1394E7283}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{38D5E3FD-CE65-4A28-9286-239039BAB6B9}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{39F645D0-65A0-4D94-883E-3EB3F8BBE81F}" = dir=out | name=microsoft solitaire collection | 
"{3AB6E771-8EC6-4370-8D50-FBF88AF5FE3C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{3AE3C468-CC90-477D-B065-FBF286B65DF7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{401B25C7-71A3-4EC8-BA0A-A3D230D600DE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{41596E60-3955-4F2B-80B7-905921F50243}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{438E2051-5224-4F27-99DB-67EEEDAA1937}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{444B5DB3-FC44-45F6-AF9F-4012B025986A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{57F1E900-6AF5-463E-B387-64022B7041EA}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{5A89A9C2-5F6C-4F8E-B38E-8F65EB0E1912}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5C889934-4625-4655-AC86-136B03B4966A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5F633249-5A99-446D-B457-8CC89EA630D3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{611158C1-3B4F-4BE9-9AED-6DF977601802}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{624E8D26-5F44-48D5-8C2C-981EA2CCB4E7}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{6DEC399E-0853-4577-B536-AAC11CDF8C71}" = dir=in | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{6EFEDA2C-2F1C-4E44-8997-0488850DDA90}" = dir=out | name=adera | 
"{7532DC3A-CB57-4D38-A94A-39CF9B8EAF66}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{775D916E-C2F9-442F-B668-BF5556F683BB}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc2.exe | 
"{7B8883AE-AE1E-4B31-9BC3-52B305706A23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7BCD8BF1-F07A-4BE8-B674-F500AD46750A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7DCFB2DE-B478-4009-8457-AF40D39D6BE7}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{7F1CCCEC-172B-4303-8397-C7247DA0F01D}" = dir=out | name=pinball fx2 | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{817625FD-175D-4D37-93D5-A3BE191C32DF}" = dir=out | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{86039665-D3ED-4584-896E-E347897E04E9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\pdvd10serv.exe | 
"{869E3A75-1936-4059-A462-EABFC6E11A18}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe | 
"{8902D3F5-047D-4B1C-8F61-E816EA5F5665}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{8951D21A-D679-490F-B099-0A850CD0ABA3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{8BF08C86-81C2-48C3-A3C3-F1F63F62469D}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{92A82894-784B-41F6-AD19-413D73758B2C}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{94A3041B-663C-468A-ACA3-BB68068B32D7}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{9C5D82EE-A858-41FE-8DDD-73DC820B03B2}" = dir=out | name=fresh paint | 
"{A66A3477-B187-4F98-9E6B-D092C80131BE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{ABC74D6E-9A2C-4E8D-8603-5D98BEEC40D2}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{AD5DB2C2-E6CF-4D5E-8F5F-44E618EB7EFD}" = dir=out | name=powerdvd for medion | 
"{AEB1F279-484C-4599-B9E4-6CD4F0643027}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{B06D776F-4DF8-491A-8E61-3690F6922E12}" = dir=out | name=wordament | 
"{B3001210-AE7C-4490-9633-DA96835C2204}" = protocol=58 | dir=in | app=system | 
"{B8392CC2-AA50-4AAC-BA7E-995FD51B4B73}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{BC432C60-4C49-428A-AF60-80DF139C894A}" = dir=in | name=pinball fx2 | 
"{BD6CA211-7EFC-4C72-ADAC-A206B51FC453}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{BD75C830-F41F-4AB9-A5F9-D3E920378663}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{C18A70DD-534A-4C32-95DC-96DCBAAB8361}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr9.exe | 
"{C18D1F24-3C12-467C-BC95-1FF7786E3A43}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{C2172024-DBC6-49E1-9EF5-0B5E9E8CE31E}" = dir=out | name=taptiles | 
"{C37ED2E0-1436-4F48-9A2B-FA9AA34AD809}" = dir=out | name=youcam for medion | 
"{C3878C94-23F1-4313-893C-F46DF1A9EF30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C7354364-37CB-45E6-B0CD-F6BB4A949CC8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{C7AFA6F8-E1A3-42D7-8555-DB3A3121FB4C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CB1FD4B3-8FCE-44D8-B5E5-5061B6D93FBD}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc2.exe | 
"{D15A7A66-6132-4FFA-8C1B-67E0C75BFE7E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D58EBA08-D403-45A4-9232-520EEB05E672}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\device\mediaserver\clmsserver.exe | 
"{DCFE1708-4456-4303-84BB-FCA22567A1DD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DDB726E6-3742-4C85-8470-2D9975BF88B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E04E09B1-AE32-4701-B5AD-4E198460375C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E7E9A7D0-1B2B-4085-86DA-F45AB299316B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{E9C89A9E-817C-4DA4-836A-D88535331089}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{EA3B6C51-76A4-411F-890D-44B1759F4EE5}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{EB46D28F-DCDE-453F-8B22-9BC9B04291AC}" = dir=out | name=microsoft mahjong | 
"{EC5B1A4C-54B9-4742-A1DF-EACB0DF40398}" = dir=out | name=microsoft minesweeper | 
"{F282DBE2-6276-4005-B447-E4D67D4A7A01}" = protocol=6 | dir=out | app=system | 
"{F61CD37A-5817-4E16-BA26-77A7C4E05815}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{FB653721-54E8-4D60-B757-3C49E0406571}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FF16AB0E-38F9-4978-BAED-827F7DC506E5}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{1593C708-5535-47A4-8C0F-F8D4BE2B4560}" = Intel® PROSet/Wireless WiFi Software
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86417013FF}" = Java 7 Update 13 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6097158B-0184-4140-BEC3-7885794D2571}" = Intel(R) WiDi
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"CCleaner" = CCleaner
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{061FF8F3-5226-4278-8AAB-282C1B024F58}" = Photo Common
"{0DF95460-2887-4011-9344-1959CDF18ADC}" = Photo Common
"{0E1BB4B4-00FF-45B1-914B-AB8D8B9862B3}" = Windows Live UX Platform Language Pack
"{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}" = Movie Maker
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F0C818D-4A41-4E40-BAFB-BB940C82A518}" = Fotogalerija
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema 10
"{1FEE19BC-6F0C-42E4-82FF-FB597F6141DF}" = Windows Live Essentials
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3
"{3C63F944-803E-49A7-B3A2-B8AB3313E883}" = Windows Live UX Platform Language Pack
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3D4F3F4C-E364-4E46-BFB1-A00BF9777422}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{49110532-D289-4BFF-807C-45B782E66A7C}" = Photo Common
"{49F068F2-4323-417B-AFC8-1E43F479D46C}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack
"{4AF53C99-315D-4536-873F-029D2D274AE2}" = Photo Common
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{63824BC0-B747-43F3-9863-1066D64AD919}" = Photo Gallery
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C}" = Windows Live Essentials
"{701FE1BC-834A-4857-AF62-6EBA50CFBC78}" = Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{715F9B21-2817-402A-9BF0-BDA764D21F09}" = Windows Live Essentials
"{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common
"{751EB657-3F22-4150-8CE4-D79A262F1D92}" = Movie Maker
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E63F102-A9E9-4F4C-8004-BC62974736BF}" = Movie Maker
"{7E9A63B3-8572-4A4B-9F87-3C2A873BBC55}" = Windows Live UX Platform Language Pack
"{8063EB67-E777-4A56-9C1E-FAD75C2F5EC2}" = Photo Common
"{857BC375-BCFB-474E-9BD9-7EBB18EC55E0}" = Windows Live Essentials
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}" = Movie Maker
"{8F7FECEC-088F-431D-A5FB-2B59E1E69943}" = Galería de fotos
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{94ED52E0-24A0-4AD8-9BFD-0560CA680A80}" = ArcSoft TV 5.0
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker
"{A47EA9D4-BB87-415E-9239-28860434E5A0}" = Movie Maker
"{A802F1E3-34C8-4C84-9948-C1C4E37D0FA9}" = QuickLaunch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC2C8B53-E04D-4A84-B791-1741493D25DF}" = PCmover Home
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B096A0E4-26A1-4E9F-8548-577964B9434B}" = Windows Live Essentials
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5
"{C7929038-EDFB-416D-A2C9-CC65416DA0DF}" = Photo Common
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CE542E0D-E056-4426-9F98-084C13E18641}" = Windows Live UX Platform Language Pack
"{D04EBB49-C985-4A38-8695-62000861293A}" = Raccolta foto
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0E0FB88-D570-463E-A98E-733B7B656867}" = Photo Gallery
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy 1.5
"{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}" = PHotkey
"{E50E3DBC-46AA-4827-B2A6-F995D81DF526}" = Fotótár
"{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1" = Wise Care 365 version 2.25
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EFFED0C0-5299-422E-AFE6-8B8066D18A2A}" = Mediathek
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E}" = Windows Live UX Platform Language Pack
"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common
"{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"7-Zip" = 
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo AppLauncher (Medion)_is1" = Ashampoo AppLauncher (Medion) v.1.0.0
"avast" = avast! Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"bi_uninstaller" = 7-Zip Uninstaller
"Decor8" = Decor8
"FilesFrog Update Checker" = FilesFrog Update Checker
"Google Chrome" = Google Chrome
"InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = Medion Home Cinema 10
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"RealPlayer 16.0" = RealPlayer
"Samsung CLP-320 Series" = Wartung Samsung CLP-320 Series
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.04.2013 12:24:50 | Computer Name = Astrid | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Ignoring response received before we even
 began probing:    4 Astrid.local. Addr 192.168.2.51
 
Error - 08.04.2013 12:24:50 | Computer Name = Astrid | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Ignoring response received before we even
 began probing:   16 Astrid.local. AAAA FDF3:9B76:C7CC:0001:B5D0:A530:06C5:2555
 
Error - 08.04.2013 12:24:50 | Computer Name = Astrid | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Ignoring response received before we even
 began probing:   16 Astrid.local. AAAA FDF3:9B76:C7CC:0001:39BD:CACC:8BBC:0C1A
 
Error - 08.04.2013 12:24:50 | Computer Name = Astrid | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Ignoring response received before we even
 began probing:   16 Astrid.local. AAAA FE80:0000:0000:0000:B5D0:A530:06C5:2555
 
Error - 08.04.2013 12:24:51 | Computer Name = Astrid | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.53:5353   16 Astrid.local.
 AAAA FE80:0000:0000:0000:3ED0:F8FF:FE4F:B6BE
 
Error - 08.04.2013 12:24:51 | Computer Name = Astrid | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Resetting to Probing:   16 Astrid.local. 
AAAA FE80:0000:0000:0000:B5D0:A530:06C5:2555
 
Error - 08.04.2013 12:24:51 | Computer Name = Astrid | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.53:5353   16 Astrid.local.
 AAAA FE80:0000:0000:0000:3ED0:F8FF:FE4F:B6BE
 
Error - 08.04.2013 12:24:51 | Computer Name = Astrid | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Astrid.local.
 Addr 192.168.2.51
 
Error - 08.04.2013 12:24:51 | Computer Name = Astrid | Source = Bonjour Service | ID = 100
Description = Local Hostname Astrid.local already in use; will try Astrid-2.local
 instead
 
Error - 08.04.2013 12:26:21 | Computer Name = Astrid | Source = Application Hang | ID = 1002
Description = Programm soffice.bin, Version 3.4.9593.500 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1544    Startzeit:
 01ce3474c30ae222    Endzeit: 16    Anwendungspfad: C:\Program Files (x86)\OpenOffice.org
 3\program\soffice.bin    Berichts-ID: e2f5b770-a068-11e2-be9d-84a6c8351802    Vollständiger
 Name des fehlerhaften Pakets:     Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist:   
 
[ System Events ]
Error - 02.04.2013 11:13:38 | Computer Name = Astrid | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.51  registriert werden. Der Computer mit IP-Adresse 192.168.2.54
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 02.04.2013 15:23:40 | Computer Name = Astrid | Source = bowser | ID = 8003
Description = 
 
Error - 03.04.2013 11:15:28 | Computer Name = Astrid | Source = bowser | ID = 8003
Description = 
 
Error - 03.04.2013 13:46:28 | Computer Name = Astrid | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.51  registriert werden. Der Computer mit IP-Adresse 192.168.2.54
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 03.04.2013 14:09:12 | Computer Name = Astrid | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.51  registriert werden. Der Computer mit IP-Adresse 192.168.2.54
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 08.04.2013 13:14:27 | Computer Name = Astrid | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 08.04.2013 13:14:37 | Computer Name = Astrid | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 08.04.2013 13:16:54 | Computer Name = Astrid | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 08.04.2013 13:16:55 | Computer Name = Astrid | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 09.04.2013 01:47:55 | Computer Name = Astrid | Source = Service Control Manager | ID = 7031
Description = Der Dienst "avast! Antivirus" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
 
< End of report >
         
"Zweites"


Code:
ATTFilter
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Astrid-Coach\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,89 Gb Total Physical Memory | 5,26 Gb Available Physical Memory | 66,71% Memory free
9,07 Gb Paging File | 6,18 Gb Available in Paging File | 68,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 869,80 Gb Total Space | 800,30 Gb Free Space | 92,01% Space Free | Partition Type: NTFS
Drive D: | 60,00 Gb Total Space | 40,90 Gb Free Space | 68,16% Space Free | Partition Type: NTFS
 
Computer Name: ASTRID | User Name: Astrid-Coach | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1212CC03-871F-4276-A446-8D26C81BC6FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{16343735-E6BC-4BF6-AB82-B585588DF1A4}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1EC42E47-9194-4F02-B2DA-98DC73E06634}" = rport=138 | protocol=17 | dir=out | app=system | 
"{202B5A30-F5B0-4D6B-B36D-3FCEE6BEBB76}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2A3FB734-6A05-48FC-9774-C32698627DD7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2A7BA9D9-4977-4665-8DD0-E6014303AA72}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{419BC377-5D0F-4C69-A4AE-33D2E7F42CB7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{55E96179-8C41-4C22-BE95-77CA36762D58}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5FBDD534-3EBB-479A-B649-AFE033CD1FAB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{89075959-3BDA-4689-A8CC-FA91AFC7AC58}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{89ED1B9A-6D90-438C-AC44-267956878D10}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8CAD0ED7-7FAE-4BDF-B7F6-B6AD64B20713}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A2C96B23-7BFC-4521-A7A7-0F1EB3CFF8B0}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{ADFF30D8-2932-4850-B1C9-5D1739E1C30A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B18286CA-57CF-4EB2-A4ED-192F702A7833}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B52DB6FB-9BD0-4FCF-97DB-34D933B1464C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B729D9E4-052E-4A53-B391-331DD080613A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BE34FC85-DF1C-4171-A739-743C1B8E6419}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CD4342CD-16C2-4129-9228-7EFB05504CBC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D61DE085-B5D0-4C60-AFBD-C62898F4B833}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D8F7672F-14C6-4F17-9058-61D04236F5AF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DD411DF8-5638-4E1B-955B-A143E18D1E75}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{E5927AC1-9F11-402F-8D8D-15DC242D4743}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{EEB76AC2-8660-454F-9D3D-0D01A02C499A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{EFA69EAC-2C86-4F01-A310-10BB981E712E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07874BCD-A3F4-4375-B1EC-D6DF0C821078}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0844533D-E375-44ED-B3B9-E115CC8C03A2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0B84B913-97C0-427A-A231-DDD71D1BCEBE}" = dir=in | name=ebay | 
"{0BA9DD78-639F-4783-B4B4-441492DCF4E9}" = dir=in | name=music maker jam | 
"{10F51AF5-FA5D-4FC6-92B6-E2DA8AD9AC0A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{1562D40E-79DD-4845-9336-0750EBAAB43A}" = dir=out | name=ebay | 
"{194182FE-F8A5-415D-A55B-756DAA7F0BB5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1F14DCA6-7485-4E51-8803-B1765244A5F5}" = dir=out | name=windows_ie_ac_001 | 
"{1FCD6BF7-18DC-4AD2-B26B-FE9AE490F46F}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{202C76FD-D565-4361-8874-876122CCABC3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2353E3BE-6CB6-4838-9EE3-6A680B9C994D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{244648D2-91C9-4495-850C-2CEF4F7D3C34}" = dir=out | name=music maker jam | 
"{266070C5-41E9-4C3A-8805-59D5C870EF06}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{26EFED50-1282-46CA-A87F-CF537F4F2FA3}" = dir=out | name=accuweather for windows 8 | 
"{2A2A5324-68D3-4EFB-91A1-8E78BCBCA3DA}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{2AB1687F-F66D-4C24-B498-117CEEA8510E}" = dir=in | app=c:\program files (x86)\laplink\pcmover\pcmover.exe | 
"{2C1C0863-ACB0-4EA4-A3D3-55CC616461E1}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{2C77F7AB-D0DD-4756-85DA-ED78F8945CA5}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{31A8C68C-0E2A-44F4-B506-688317F6B7DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3225A2B2-1C0B-45BF-BF37-90B9BF48D56F}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{33DCB526-E5EA-4148-A84B-0CD1394E7283}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{38D5E3FD-CE65-4A28-9286-239039BAB6B9}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{39F645D0-65A0-4D94-883E-3EB3F8BBE81F}" = dir=out | name=microsoft solitaire collection | 
"{3AB6E771-8EC6-4370-8D50-FBF88AF5FE3C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{3AE3C468-CC90-477D-B065-FBF286B65DF7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{401B25C7-71A3-4EC8-BA0A-A3D230D600DE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{41596E60-3955-4F2B-80B7-905921F50243}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{438E2051-5224-4F27-99DB-67EEEDAA1937}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{444B5DB3-FC44-45F6-AF9F-4012B025986A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{57F1E900-6AF5-463E-B387-64022B7041EA}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{5A89A9C2-5F6C-4F8E-B38E-8F65EB0E1912}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5C889934-4625-4655-AC86-136B03B4966A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5F633249-5A99-446D-B457-8CC89EA630D3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{611158C1-3B4F-4BE9-9AED-6DF977601802}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{624E8D26-5F44-48D5-8C2C-981EA2CCB4E7}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{6DEC399E-0853-4577-B536-AAC11CDF8C71}" = dir=in | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{6EFEDA2C-2F1C-4E44-8997-0488850DDA90}" = dir=out | name=adera | 
"{7532DC3A-CB57-4D38-A94A-39CF9B8EAF66}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{775D916E-C2F9-442F-B668-BF5556F683BB}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc2.exe | 
"{7B8883AE-AE1E-4B31-9BC3-52B305706A23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7BCD8BF1-F07A-4BE8-B674-F500AD46750A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7DCFB2DE-B478-4009-8457-AF40D39D6BE7}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{7F1CCCEC-172B-4303-8397-C7247DA0F01D}" = dir=out | name=pinball fx2 | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{817625FD-175D-4D37-93D5-A3BE191C32DF}" = dir=out | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{86039665-D3ED-4584-896E-E347897E04E9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\pdvd10serv.exe | 
"{869E3A75-1936-4059-A462-EABFC6E11A18}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe | 
"{8902D3F5-047D-4B1C-8F61-E816EA5F5665}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{8951D21A-D679-490F-B099-0A850CD0ABA3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{8BF08C86-81C2-48C3-A3C3-F1F63F62469D}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{92A82894-784B-41F6-AD19-413D73758B2C}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{94A3041B-663C-468A-ACA3-BB68068B32D7}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{9C5D82EE-A858-41FE-8DDD-73DC820B03B2}" = dir=out | name=fresh paint | 
"{A66A3477-B187-4F98-9E6B-D092C80131BE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{ABC74D6E-9A2C-4E8D-8603-5D98BEEC40D2}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{AD5DB2C2-E6CF-4D5E-8F5F-44E618EB7EFD}" = dir=out | name=powerdvd for medion | 
"{AEB1F279-484C-4599-B9E4-6CD4F0643027}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{B06D776F-4DF8-491A-8E61-3690F6922E12}" = dir=out | name=wordament | 
"{B3001210-AE7C-4490-9633-DA96835C2204}" = protocol=58 | dir=in | app=system | 
"{B8392CC2-AA50-4AAC-BA7E-995FD51B4B73}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{BC432C60-4C49-428A-AF60-80DF139C894A}" = dir=in | name=pinball fx2 | 
"{BD6CA211-7EFC-4C72-ADAC-A206B51FC453}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{BD75C830-F41F-4AB9-A5F9-D3E920378663}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{C18A70DD-534A-4C32-95DC-96DCBAAB8361}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr9.exe | 
"{C18D1F24-3C12-467C-BC95-1FF7786E3A43}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{C2172024-DBC6-49E1-9EF5-0B5E9E8CE31E}" = dir=out | name=taptiles | 
"{C37ED2E0-1436-4F48-9A2B-FA9AA34AD809}" = dir=out | name=youcam for medion | 
"{C3878C94-23F1-4313-893C-F46DF1A9EF30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C7354364-37CB-45E6-B0CD-F6BB4A949CC8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{C7AFA6F8-E1A3-42D7-8555-DB3A3121FB4C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CB1FD4B3-8FCE-44D8-B5E5-5061B6D93FBD}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc2.exe | 
"{D15A7A66-6132-4FFA-8C1B-67E0C75BFE7E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D58EBA08-D403-45A4-9232-520EEB05E672}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\device\mediaserver\clmsserver.exe | 
"{DCFE1708-4456-4303-84BB-FCA22567A1DD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DDB726E6-3742-4C85-8470-2D9975BF88B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E04E09B1-AE32-4701-B5AD-4E198460375C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E7E9A7D0-1B2B-4085-86DA-F45AB299316B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{E9C89A9E-817C-4DA4-836A-D88535331089}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{EA3B6C51-76A4-411F-890D-44B1759F4EE5}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{EB46D28F-DCDE-453F-8B22-9BC9B04291AC}" = dir=out | name=microsoft mahjong | 
"{EC5B1A4C-54B9-4742-A1DF-EACB0DF40398}" = dir=out | name=microsoft minesweeper | 
"{F282DBE2-6276-4005-B447-E4D67D4A7A01}" = protocol=6 | dir=out | app=system | 
"{F61CD37A-5817-4E16-BA26-77A7C4E05815}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{FB653721-54E8-4D60-B757-3C49E0406571}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FF16AB0E-38F9-4978-BAED-827F7DC506E5}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{1593C708-5535-47A4-8C0F-F8D4BE2B4560}" = Intel® PROSet/Wireless WiFi Software
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86417013FF}" = Java 7 Update 13 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6097158B-0184-4140-BEC3-7885794D2571}" = Intel(R) WiDi
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"CCleaner" = CCleaner
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{061FF8F3-5226-4278-8AAB-282C1B024F58}" = Photo Common
"{0DF95460-2887-4011-9344-1959CDF18ADC}" = Photo Common
"{0E1BB4B4-00FF-45B1-914B-AB8D8B9862B3}" = Windows Live UX Platform Language Pack
"{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}" = Movie Maker
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F0C818D-4A41-4E40-BAFB-BB940C82A518}" = Fotogalerija
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema 10
"{1FEE19BC-6F0C-42E4-82FF-FB597F6141DF}" = Windows Live Essentials
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3
"{3C63F944-803E-49A7-B3A2-B8AB3313E883}" = Windows Live UX Platform Language Pack
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3D4F3F4C-E364-4E46-BFB1-A00BF9777422}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{49110532-D289-4BFF-807C-45B782E66A7C}" = Photo Common
"{49F068F2-4323-417B-AFC8-1E43F479D46C}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack
"{4AF53C99-315D-4536-873F-029D2D274AE2}" = Photo Common
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{63824BC0-B747-43F3-9863-1066D64AD919}" = Photo Gallery
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C}" = Windows Live Essentials
"{701FE1BC-834A-4857-AF62-6EBA50CFBC78}" = Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{715F9B21-2817-402A-9BF0-BDA764D21F09}" = Windows Live Essentials
"{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common
"{751EB657-3F22-4150-8CE4-D79A262F1D92}" = Movie Maker
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E63F102-A9E9-4F4C-8004-BC62974736BF}" = Movie Maker
"{7E9A63B3-8572-4A4B-9F87-3C2A873BBC55}" = Windows Live UX Platform Language Pack
"{8063EB67-E777-4A56-9C1E-FAD75C2F5EC2}" = Photo Common
"{857BC375-BCFB-474E-9BD9-7EBB18EC55E0}" = Windows Live Essentials
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}" = Movie Maker
"{8F7FECEC-088F-431D-A5FB-2B59E1E69943}" = Galería de fotos
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{94ED52E0-24A0-4AD8-9BFD-0560CA680A80}" = ArcSoft TV 5.0
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker
"{A47EA9D4-BB87-415E-9239-28860434E5A0}" = Movie Maker
"{A802F1E3-34C8-4C84-9948-C1C4E37D0FA9}" = QuickLaunch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC2C8B53-E04D-4A84-B791-1741493D25DF}" = PCmover Home
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B096A0E4-26A1-4E9F-8548-577964B9434B}" = Windows Live Essentials
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5
"{C7929038-EDFB-416D-A2C9-CC65416DA0DF}" = Photo Common
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CE542E0D-E056-4426-9F98-084C13E18641}" = Windows Live UX Platform Language Pack
"{D04EBB49-C985-4A38-8695-62000861293A}" = Raccolta foto
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0E0FB88-D570-463E-A98E-733B7B656867}" = Photo Gallery
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy 1.5
"{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}" = PHotkey
"{E50E3DBC-46AA-4827-B2A6-F995D81DF526}" = Fotótár
"{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1" = Wise Care 365 version 2.25
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EFFED0C0-5299-422E-AFE6-8B8066D18A2A}" = Mediathek
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E}" = Windows Live UX Platform Language Pack
"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common
"{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"7-Zip" = 
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo AppLauncher (Medion)_is1" = Ashampoo AppLauncher (Medion) v.1.0.0
"avast" = avast! Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"bi_uninstaller" = 7-Zip Uninstaller
"Decor8" = Decor8
"FilesFrog Update Checker" = FilesFrog Update Checker
"Google Chrome" = Google Chrome
"InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = Medion Home Cinema 10
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"RealPlayer 16.0" = RealPlayer
"Samsung CLP-320 Series" = Wartung Samsung CLP-320 Series
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.04.2013 12:24:50 | Computer Name = Astrid | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Ignoring response received before we even
 began probing:    4 Astrid.local. Addr 192.168.2.51
 
Error - 08.04.2013 12:24:50 | Computer Name = Astrid | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Ignoring response received before we even
 began probing:   16 Astrid.local. AAAA FDF3:9B76:C7CC:0001:B5D0:A530:06C5:2555
 
Error - 08.04.2013 12:24:50 | Computer Name = Astrid | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Ignoring response received before we even
 began probing:   16 Astrid.local. AAAA FDF3:9B76:C7CC:0001:39BD:CACC:8BBC:0C1A
 
Error - 08.04.2013 12:24:50 | Computer Name = Astrid | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Ignoring response received before we even
 began probing:   16 Astrid.local. AAAA FE80:0000:0000:0000:B5D0:A530:06C5:2555
 
Error - 08.04.2013 12:24:51 | Computer Name = Astrid | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.53:5353   16 Astrid.local.
 AAAA FE80:0000:0000:0000:3ED0:F8FF:FE4F:B6BE
 
Error - 08.04.2013 12:24:51 | Computer Name = Astrid | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Resetting to Probing:   16 Astrid.local. 
AAAA FE80:0000:0000:0000:B5D0:A530:06C5:2555
 
Error - 08.04.2013 12:24:51 | Computer Name = Astrid | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.53:5353   16 Astrid.local.
 AAAA FE80:0000:0000:0000:3ED0:F8FF:FE4F:B6BE
 
Error - 08.04.2013 12:24:51 | Computer Name = Astrid | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Astrid.local.
 Addr 192.168.2.51
 
Error - 08.04.2013 12:24:51 | Computer Name = Astrid | Source = Bonjour Service | ID = 100
Description = Local Hostname Astrid.local already in use; will try Astrid-2.local
 instead
 
Error - 08.04.2013 12:26:21 | Computer Name = Astrid | Source = Application Hang | ID = 1002
Description = Programm soffice.bin, Version 3.4.9593.500 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1544    Startzeit:
 01ce3474c30ae222    Endzeit: 16    Anwendungspfad: C:\Program Files (x86)\OpenOffice.org
 3\program\soffice.bin    Berichts-ID: e2f5b770-a068-11e2-be9d-84a6c8351802    Vollständiger
 Name des fehlerhaften Pakets:     Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist:   
 
[ System Events ]
Error - 02.04.2013 11:13:38 | Computer Name = Astrid | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.51  registriert werden. Der Computer mit IP-Adresse 192.168.2.54
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 02.04.2013 15:23:40 | Computer Name = Astrid | Source = bowser | ID = 8003
Description = 
 
Error - 03.04.2013 11:15:28 | Computer Name = Astrid | Source = bowser | ID = 8003
Description = 
 
Error - 03.04.2013 13:46:28 | Computer Name = Astrid | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.51  registriert werden. Der Computer mit IP-Adresse 192.168.2.54
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 03.04.2013 14:09:12 | Computer Name = Astrid | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.51  registriert werden. Der Computer mit IP-Adresse 192.168.2.54
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 08.04.2013 13:14:27 | Computer Name = Astrid | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 08.04.2013 13:14:37 | Computer Name = Astrid | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 08.04.2013 13:16:54 | Computer Name = Astrid | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 08.04.2013 13:16:55 | Computer Name = Astrid | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 09.04.2013 01:47:55 | Computer Name = Astrid | Source = Service Control Manager | ID = 7031
Description = Der Dienst "avast! Antivirus" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
 
< End of report >
         
"Drittes" malware


Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.18.07

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16540
Astrid-Coach :: ASTRID [Administrator]

18.04.2013 19:05:17
mbam-log-2013-04-18 (19-05-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 482490
Laufzeit: 52 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 19.04.2013, 14:25   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen - Standard

ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen



Bitte das andere Log von OTL nachreichen, du hast 2x die extras gepostet
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.04.2013, 15:08   #13
Ahnungslos61
 
ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen - Standard

ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen



Hier kommt der andere file. Hoffe auf rasche PC-Genesung!

Herzliche Grüße + vielen Dank!
Ahnungslos61


Code:
ATTFilter
OTL logfile created on: 19.04.2013 08:12:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Astrid-Coach\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,89 Gb Total Physical Memory | 5,02 Gb Available Physical Memory | 63,64% Memory free
9,07 Gb Paging File | 6,04 Gb Available in Paging File | 66,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 869,80 Gb Total Space | 800,28 Gb Free Space | 92,01% Space Free | Partition Type: NTFS
Drive D: | 60,00 Gb Total Space | 40,90 Gb Free Space | 68,16% Space Free | Partition Type: NTFS
 
Computer Name: ASTRID | User Name: Astrid-Coach | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Astrid-Coach\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files (x86)\Stardock\Decor8\Decor8Srv.exe (Stardock Software, Inc)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.)
PRC - C:\Program Files (x86)\PHotkey\PHotkey.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\PHotkey\GPMTray.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\PHotkey\POSD.exe ()
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink)
PRC - C:\Program Files (x86)\PHotkey\MsgTranAgt.exe ()
PRC - C:\Program Files (x86)\PHotkey\ASLDRSrv.exe ()
PRC - C:\Program Files (x86)\PHotkey\HCSynApi.exe (TODO: <Company name>)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (RichVideo64) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe ()
SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (Decor8) -- C:\Program Files (x86)\Stardock\Decor8\Decor8Srv.exe (Stardock Software, Inc)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (WiseBootAssistant) -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe (WiseCleaner.com)
SRV - (GFNEXSrv) -- C:\Program Files (x86)\PHotkey\GFNEXSrv.exe ()
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (CyberLink PowerDVD 10 MS Service) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (CyberLink)
SRV - (CyberLink PowerDVD 10 MS Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink)
SRV - (ASLDRService) -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\Drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\Drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (IT9135BDA) -- C:\Windows\SysNative\Drivers\IT9135BDA.sys (ITE                      )
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\Drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (NETwNe64) -- C:\Windows\SysNative\Drivers\NETwew00.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\Drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\Drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (XHCIPort) -- C:\Windows\SysNative\Drivers\xHCIPort.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (usb3Hub) -- C:\Windows\SysNative\Drivers\usb3Hub.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\Drivers\btmhsf.sys (Motorola Solutions, Inc.)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\Drivers\btmaux.sys (Motorola Solutions, Inc.)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\Drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\Drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\Drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek                                            )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (CLVirtualDrive) -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys (CyberLink)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\Drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (PEGAGFN) -- C:\Program Files (x86)\PHotkey\PEGAGFN.sys (PEGATRON)
DRV - (SSPORT) -- C:\Windows\SysWOW64\drivers\SSPORT.SYS (Samsung Electronics)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {56D1DADF-968A-4B01-A7F0-09EE49E5E603}
IE - HKCU\..\SearchScopes\{04CC1057-5307-4B89-A019-4CE3DDBAB50E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=9CE66B73-C973-4686-9537-361285C2CADE&apn_sauid=E05CCC3B-7D55-424B-91EA-EA286D117D30
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{56D1DADF-968A-4B01-A7F0-09EE49E5E603}: "URL" = hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN116429986201162-1001&toolbarId=base&affiliateId=1001&Lan=de&utid=3c22733a00000000000084a6c83517ff&q={searchTerms}&r=125
IE - HKCU\..\SearchScopes\{5C367D16-3786-445C-A43C-520CD1358762}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: text2voice%40vik.josh:1.10
FF - prefs.js..extensions.enabledAddons: lazarus%40interclue.com:2.3
FF - prefs.js..extensions.enabledAddons: gmailnoads%40mywebber.com:3.9.1
FF - prefs.js..extensions.enabledAddons: printedit%40DW-dev:9.0
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.01.17 17:22:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.04.06 18:27:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013.01.17 17:22:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.14 11:36:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.14 11:36:37 | 000,000,000 | ---D | M]
 
[2013.02.23 14:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\Extensions
[2013.04.19 07:24:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\Firefox\Profiles\l05874jm.default\extensions
[2013.04.19 07:24:17 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\Firefox\Profiles\l05874jm.default\extensions\firefox@ghostery.com
[2013.02.23 17:22:02 | 000,021,861 | ---- | M] () (No name found) -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\extensions\gmailnoads@mywebber.com.xpi
[2013.02.23 17:22:02 | 000,246,802 | ---- | M] () (No name found) -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\extensions\lazarus@interclue.com.xpi
[2013.02.26 21:15:13 | 000,091,139 | ---- | M] () (No name found) -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\extensions\printedit@DW-dev.xpi
[2013.02.23 17:22:02 | 000,061,608 | ---- | M] () (No name found) -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\extensions\text2voice@vik.josh.xpi
[2013.04.18 13:51:01 | 000,530,724 | ---- | M] () (No name found) -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2013.02.23 17:22:01 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.03.22 14:22:00 | 000,001,050 | ---- | M] () -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\searchplugins\11-suche.xml
[2013.03.22 14:22:00 | 000,002,418 | ---- | M] () -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\searchplugins\englische-ergebnisse.xml
[2013.03.22 14:22:00 | 000,010,701 | ---- | M] () -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\searchplugins\gmx-suche.xml
[2013.03.22 14:22:00 | 000,002,432 | ---- | M] () -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\searchplugins\lastminute.xml
[2013.03.22 14:22:00 | 000,005,682 | ---- | M] () -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\searchplugins\webde-suche.xml
[2013.04.14 11:36:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.14 11:36:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.04.14 11:36:37 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.02.16 06:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.16 06:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.16 06:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.16 06:15:47 | 000,002,669 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2013.02.16 06:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.16 06:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.16 06:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://search.conduit.com/?CUI=UN93048529532590317&ctid=CT3241949&SearchSource=48
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Intel\\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Astrid-Coach\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Astrid-Coach\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Astrid-Coach\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Astrid-Coach\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! WebRep = C:\Users\Astrid-Coach\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: Google Mail = C:\Users\Astrid-Coach\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ZoneAlarm Installer] "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r  /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml" File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ConfirmFileDelete = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8:64bit: - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-154514-44482-15/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-154514-44482-15/4 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D93110B3-007B-4A4A-8BAC-33DF59D2732D}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) -  File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.19 08:01:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Astrid-Coach\Desktop\OTL.exe
[2013.04.18 18:52:19 | 000,000,000 | ---D | C] -- C:\Users\Astrid-Coach\AppData\Roaming\Malwarebytes
[2013.04.18 18:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.18 18:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.18 18:52:05 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.18 18:52:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.18 18:51:46 | 000,000,000 | ---D | C] -- C:\Users\Astrid-Coach\AppData\Local\Programs
[2013.04.18 16:14:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.04.14 11:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.13 09:57:34 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll
[2013.04.13 09:57:31 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.04.13 09:57:30 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2013.04.13 09:57:29 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2013.04.13 09:57:27 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll
[2013.04.13 09:57:26 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.13 09:57:26 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll
[2013.04.13 09:57:26 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2013.04.13 09:57:25 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2013.04.13 09:57:25 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BCP47Langs.dll
[2013.04.13 09:57:25 | 000,327,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys
[2013.04.13 09:57:24 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll
[2013.04.13 09:57:24 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Globalization.dll
[2013.04.13 09:57:24 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll
[2013.04.13 09:57:23 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.13 09:57:23 | 000,760,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013.04.13 09:57:23 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Security.Authentication.OnlineId.dll
[2013.04.13 09:57:23 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll
[2013.04.13 09:57:23 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BCP47Langs.dll
[2013.04.13 09:57:22 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.04.13 09:57:22 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll
[2013.04.13 09:57:22 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll
[2013.04.13 09:57:21 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll
[2013.04.13 09:57:21 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Globalization.dll
[2013.04.13 09:57:21 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.04.13 09:57:21 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2013.04.13 09:57:20 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll
[2013.04.13 09:57:20 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
[2013.04.13 09:57:20 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll
[2013.04.13 09:57:20 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll
[2013.04.13 09:57:20 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll
[2013.04.13 09:57:19 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2013.04.13 09:57:19 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.04.13 09:57:19 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll
[2013.04.13 09:57:19 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2013.04.13 09:57:18 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll
[2013.04.13 09:57:18 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\discan.dll
[2013.04.13 09:57:18 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013.04.13 09:57:17 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013.04.13 09:57:17 | 000,337,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS
[2013.04.13 09:57:17 | 000,283,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys
[2013.04.13 09:57:17 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.04.13 09:57:16 | 000,194,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2013.04.13 09:57:16 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys
[2013.04.13 09:57:16 | 000,125,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys
[2013.04.13 09:57:16 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NdisImPlatform.dll
[2013.04.13 09:57:16 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storahci.sys
[2013.04.13 09:57:16 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys
[2013.04.13 09:57:16 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013.04.13 09:57:15 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll
[2013.04.13 09:57:15 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsquirt.exe
[2013.04.13 09:57:15 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl
[2013.04.13 09:57:15 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl
[2013.04.13 09:57:15 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe
[2013.04.13 09:57:15 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDPrintProxy.DLL
[2013.04.13 09:57:14 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll
[2013.04.13 09:57:14 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013.04.13 09:57:14 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncInfo.dll
[2013.04.13 09:57:14 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2013.04.13 09:57:14 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncInfo.dll
[2013.04.13 09:57:14 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2013.04.13 09:57:14 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll
[2013.04.13 09:57:13 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013.04.13 09:57:13 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013.04.13 09:57:13 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2013.04.13 09:57:12 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll
[2013.04.10 06:54:36 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.10 06:54:30 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013.04.10 06:54:29 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.10 06:54:29 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.10 06:54:27 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.10 06:54:26 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.10 06:54:24 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.10 06:54:24 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.10 06:54:24 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.10 06:54:23 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.10 06:54:17 | 006,991,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 06:54:15 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll
[2013.04.10 06:54:15 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll
[2013.04.09 07:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2013.04.08 16:11:12 | 000,000,000 | ---D | C] -- C:\Users\Astrid-Coach\AppData\Roaming\Apple Computer
[2013.04.08 16:11:12 | 000,000,000 | ---D | C] -- C:\Users\Astrid-Coach\AppData\Local\Apple Computer
[2013.04.08 16:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.04.08 16:11:06 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2013.04.08 16:10:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.04.08 16:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.04.08 16:10:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.04.08 16:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.04.08 16:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.04.08 16:09:44 | 000,000,000 | ---D | C] -- C:\Users\Astrid-Coach\AppData\Local\Apple
[2013.04.08 16:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.04.08 16:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013.04.08 16:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.04.08 16:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013.04.08 16:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.04.08 16:08:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013.04.06 18:27:40 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.04.06 18:27:40 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.04.06 18:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.04.06 18:27:38 | 000,070,992 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.04.06 18:27:38 | 000,068,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.04.06 18:27:22 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.04.06 18:27:20 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.04.06 18:27:19 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.04.06 18:26:57 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.04.06 18:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.04.06 18:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.04.04 13:46:57 | 000,000,000 | ---D | C] -- C:\Users\Astrid-Coach\Documents\CyberLink
[2013.03.27 16:17:18 | 000,000,000 | ---D | C] -- C:\Users\Astrid-Coach\Bilder Abschlußbuch Holger
[2013.03.26 11:39:42 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys
[2013.03.26 11:39:42 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys
[2013.03.25 11:22:44 | 000,000,000 | ---D | C] -- C:\Users\Astrid-Coach\Documents\OneNote-Notizbücher
[2013.03.24 12:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013.03.24 12:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013.03.24 12:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013.03.24 12:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013.03.24 12:12:49 | 000,000,000 | ---D | C] -- C:\Users\Astrid-Coach\AppData\Local\Microsoft Help
[2013.03.24 12:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013.03.24 12:12:31 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013.03.21 21:07:32 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.19 08:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.19 08:02:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.19 08:01:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Astrid-Coach\Desktop\OTL.exe
[2013.04.19 07:59:42 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat
[2013.04.19 07:25:29 | 002,789,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.19 07:25:29 | 001,284,868 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.19 07:25:29 | 000,765,294 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.19 07:25:29 | 000,681,968 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.19 07:25:29 | 000,005,640 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.18 18:52:06 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.18 17:55:59 | 000,009,755 | ---- | M] () -- C:\Users\Astrid-Coach\Documents\Kläranlage.odt
[2013.04.18 17:54:42 | 000,000,162 | -H-- | M] () -- C:\Users\Astrid-Coach\Documents\~$äranlage.odt
[2013.04.18 17:22:02 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.04.18 17:21:59 | 2478,751,743 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.18 16:11:25 | 000,002,312 | ---- | M] () -- C:\Users\Astrid-Coach\Desktop\ZoneAlarm Security-Installation fortsetzen.lnk
[2013.04.18 09:24:43 | 000,002,075 | ---- | M] () -- C:\Users\Astrid-Coach\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013.04.18 09:24:43 | 000,002,004 | ---- | M] () -- C:\Users\Astrid-Coach\Desktop\Avira DE-Cleaner.lnk
[2013.04.18 08:42:55 | 000,002,674 | ---- | M] () -- C:\Users\Astrid-Coach\Documents\cc_20130418_084244.reg
[2013.04.13 13:02:55 | 000,406,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.12 09:02:42 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.04.08 19:17:00 | 000,000,276 | ---- | M] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url
[2013.04.08 16:11:09 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.04.06 18:30:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.04.06 18:27:40 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.03 09:42:34 | 000,002,300 | ---- | M] () -- C:\Users\Astrid-Coach\Documents\cc_20130403_094225.reg
[2013.04.03 00:08:01 | 000,692,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.03 00:08:01 | 000,078,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.31 00:14:50 | 000,003,864 | ---- | M] () -- C:\Users\Astrid-Coach\Documents\cc_20130330_231442.reg
[2013.03.25 11:22:14 | 000,004,349 | ---- | M] () -- C:\Users\Astrid-Coach\Documents\Dok1.odt
 
========== Files Created - No Company Name ==========
 
[2013.04.18 18:52:06 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.18 17:54:42 | 000,000,162 | -H-- | C] () -- C:\Users\Astrid-Coach\Documents\~$äranlage.odt
[2013.04.18 17:54:38 | 000,009,755 | ---- | C] () -- C:\Users\Astrid-Coach\Documents\Kläranlage.odt
[2013.04.18 16:11:25 | 000,002,312 | ---- | C] () -- C:\Users\Astrid-Coach\Desktop\ZoneAlarm Security-Installation fortsetzen.lnk
[2013.04.18 09:24:43 | 000,002,075 | ---- | C] () -- C:\Users\Astrid-Coach\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013.04.18 09:24:43 | 000,002,004 | ---- | C] () -- C:\Users\Astrid-Coach\Desktop\Avira DE-Cleaner.lnk
[2013.04.18 08:42:46 | 000,002,674 | ---- | C] () -- C:\Users\Astrid-Coach\Documents\cc_20130418_084244.reg
[2013.04.13 13:02:42 | 000,406,336 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.13 09:57:12 | 000,387,867 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013.04.08 16:11:09 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.04.08 16:09:43 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.04.06 18:27:40 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.04.06 18:27:22 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.04.06 18:27:22 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.04.06 18:27:20 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013.04.03 09:42:28 | 000,002,300 | ---- | C] () -- C:\Users\Astrid-Coach\Documents\cc_20130403_094225.reg
[2013.03.31 00:14:47 | 000,003,864 | ---- | C] () -- C:\Users\Astrid-Coach\Documents\cc_20130330_231442.reg
[2013.03.25 11:22:09 | 000,004,349 | ---- | C] () -- C:\Users\Astrid-Coach\Documents\Dok1.odt
[2013.03.21 10:27:56 | 001,337,898 | ---- | C] () -- C:\Users\Astrid-Coach\Documents\untitled_1.odp
[2013.02.11 11:38:51 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2013.02.02 12:39:52 | 000,007,605 | ---- | C] () -- C:\Users\Astrid-Coach\AppData\Local\Resmon.ResmonCfg
[2013.01.18 09:23:06 | 001,558,432 | ---- | C] () -- C:\Windows\TotalUninstaller.exe
[2013.01.17 10:05:21 | 000,016,809 | -H-- | C] () -- C:\Windows\SysWow64\BTImages.dat
[2012.11.14 10:31:46 | 007,024,928 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.14 10:19:05 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2012.11.14 10:03:57 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.11.14 10:03:50 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.11.14 10:03:49 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.11.14 08:55:38 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | -H-- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012.04.20 15:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2012.11.14 10:30:56 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.03.02 04:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.02 10:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         

Alt 19.04.2013, 15:27   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen - Standard

ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen



Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.04.2013, 17:22   #15
Ahnungslos61
 
ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen - Standard

ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen



Würde gerne die files zusenden, aber sie sind zu groß um sie hier zu posten und
ein zip programm kriieg ich nicht installiert :-( bin zu doof dazu!

Was soll ich tun?
Danke + Gruß
Ahnungslos61

Antwort

Themen zu ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen
ahnungslos, avira, deutsche, deutschen, entdeck, entdeckt, firma, https, link, mail, mailanhang, neu, paypal, programm, rechner, relativ, schickt, schäden, telekom, troja, trojaner, umgang, was tun, was tun?, windows, zbot-trojaner, zeus trojaner, zeus/zbot




Ähnliche Themen: ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen


  1. Brief von Telekom: Sie sind mit ZeuS/ZBot-Trojaner infiziert
    Log-Analyse und Auswertung - 10.10.2013 (3)
  2. Trojaner Zeus/ZBot Telekom Abuse Brief und Mail
    Log-Analyse und Auswertung - 06.09.2013 (13)
  3. ZeuS/ZBot Trojaner laut Telekom
    Log-Analyse und Auswertung - 28.08.2013 (10)
  4. 4x | ZeuS/ZBot-Trojaner - MBAM blockiert IP-Angriffe
    Mülltonne - 17.04.2013 (1)
  5. 3x | ZeuS/ZBot-Trojaner - MBAM blockiert IP-Angriffe
    Mülltonne - 17.04.2013 (1)
  6. 2x | ZeuS/ZBot-Trojaner - MBAM meldet IP-Angriffe
    Mülltonne - 17.04.2013 (1)
  7. Zeus/ZBot TRojaner
    Log-Analyse und Auswertung - 20.02.2013 (12)
  8. Zeus/Zbot Trojaner Meldung von der Telekom
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (7)
  9. Trojaner ZeuS/ZBot Telekom Brief
    Plagegeister aller Art und deren Bekämpfung - 15.12.2012 (20)
  10. Avira Free Antivirus reagiert nicht, Malwarebytes durchlaufen lassen
    Plagegeister aller Art und deren Bekämpfung - 11.12.2012 (4)
  11. Brief von der Telekom, Trojaner, ZeuS/ZBot infiziert..?
    Plagegeister aller Art und deren Bekämpfung - 08.12.2012 (15)
  12. Brief von der Telekom, Trojaner, ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 02.12.2012 (13)
  13. Telekombrief ZeuS/ZBot (Online-Banking-Trojaner)
    Log-Analyse und Auswertung - 29.11.2012 (37)
  14. Trojaner ZeuS/ZBot
    Log-Analyse und Auswertung - 11.10.2012 (1)
  15. w7 64 bit/rootkit whistler, durch ein kaspersky tool entfernt. combofix durchlaufen lassen
    Log-Analyse und Auswertung - 20.11.2011 (24)
  16. ich hab das anti virus programm durchlaufen lassen hab alles am ande kopiert...
    Plagegeister aller Art und deren Bekämpfung - 08.06.2010 (1)
  17. Combofix durchlaufen lassen
    Antiviren-, Firewall- und andere Schutzprogramme - 05.04.2010 (6)

Zum Thema ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen - Hallo, ich bin neu hier und relativ ahnungslos im Umgang mit Trojanern. Wir haben eine Mail von der Deutschen Telekom bekommen, dass über unsere Zugangskennung ein Trojaner bei uns "nistet" - ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen...
Archiv
Du betrachtest: ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.