| |
| |||||||
Log-Analyse und Auswertung: Trojaner via Facebook "einladung.zip"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
10.12.2012, 21:22
| #1 |
 |  Trojaner via Facebook "einladung.zip" Guten Abend liebes Forum, ich habe mir einen Trojaner über den facebook chat eingefangen. Zusätzlich befindet sich glaube ich noch andere malware auf meinen PC, da dieser stark an Performance verloren hat und oft z.B. bei der Musikwiedergabe hängt, was sehr nervig ist. Bei dem Versuch gmer durchzuführen stürzt mein PC jedes mal ab. Deshalb kann ich diesen log vorerst leider nicht liefern, obwohl ich ein 32 bit System habe. Hier die anderen geforderten logs defogger defogger_disable by jpshortstuff (23.02.10.1) Log created at 20:49 on 10/12/2012 (Christoph) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... Unable to read SafeBoot.sys -=E.O.F=- Ansonsten keine Fehlermeldung OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 10.12.2012 20:13:10 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christoph\Downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,93 Gb Total Physical Memory | 0,51 Gb Available Physical Memory | 26,50% Memory free 4,10 Gb Paging File | 1,85 Gb Available in Paging File | 45,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 139,05 Gb Total Space | 26,28 Gb Free Space | 18,90% Space Free | Partition Type: NTFS Drive D: | 9,00 Gb Total Space | 1,84 Gb Free Space | 20,44% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive F: | 1020,00 Mb Total Space | 1017,75 Mb Free Space | 99,78% Space Free | Partition Type: FAT32 Computer Name: WERNER-PC | User Name: Christoph | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.10 20:08:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Downloads\OTL.exe PRC - [2012.09.29 19:54:26 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.09.05 16:57:26 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe PRC - [2012.07.31 09:23:23 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.08 11:06:46 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 11:06:40 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.08 11:06:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.04 06:05:16 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2011.08.03 21:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2011.06.16 09:24:20 | 000,141,824 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe PRC - [2011.06.08 13:49:48 | 000,159,744 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2011.06.08 12:02:00 | 000,633,856 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2011.03.17 20:56:22 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe PRC - [2010.05.20 22:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.20 22:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2009.12.22 10:29:28 | 001,315,840 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Program Files\Hardcopy\hardcopy.exe PRC - [2009.11.11 13:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.12.05 15:11:54 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2008.12.05 13:06:42 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe PRC - [2008.05.21 01:47:18 | 000,065,296 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe PRC - [2008.05.14 21:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe PRC - [2008.05.14 01:35:40 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe PRC - [2008.05.02 21:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe PRC - [2008.04.18 14:54:02 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.04.18 14:53:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.01.21 03:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2007.10.19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE PRC - [2007.05.16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe PRC - [2007.05.16 00:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe PRC - [2007.05.16 00:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe PRC - [2007.04.13 07:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe PRC - [2007.04.03 17:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2007.02.04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe PRC - [2007.01.05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006.10.30 16:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe PRC - [2006.09.20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ========== Modules (No Company Name) ========== MOD - [2012.11.28 04:43:17 | 000,460,904 | ---- | M] () -- C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll MOD - [2012.11.28 04:43:16 | 012,456,040 | ---- | M] () -- C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll MOD - [2012.11.28 04:43:15 | 004,008,040 | ---- | M] () -- C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll MOD - [2012.11.28 04:42:30 | 000,587,880 | ---- | M] () -- C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.95\libglesv2.dll MOD - [2012.11.28 04:42:29 | 000,124,520 | ---- | M] () -- C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.95\libegl.dll MOD - [2012.11.28 04:42:22 | 000,157,304 | ---- | M] () -- C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.95\avutil-51.dll MOD - [2012.11.28 04:42:21 | 002,168,952 | ---- | M] () -- C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll MOD - [2012.11.28 04:42:21 | 000,275,576 | ---- | M] () -- C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.95\avformat-54.dll MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.05.04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2009.12.10 07:50:29 | 000,445,952 | ---- | M] () -- C:\Program Files\Hardcopy\HcDllS.dll MOD - [2009.08.19 12:20:37 | 000,043,008 | ---- | M] () -- C:\Program Files\Hardcopy\hardcopy_02.dll MOD - [2009.06.10 05:19:51 | 000,057,344 | ---- | M] () -- C:\Program Files\Hardcopy\HcDLL2_29_Win32.dll MOD - [2006.10.30 16:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe MOD - [2006.09.20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2012.12.01 11:57:45 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.14 08:42:41 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.05 16:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.08 11:06:46 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 11:06:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.03 21:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2011.06.08 12:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.12.05 15:11:54 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2008.12.05 13:06:42 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe -- (PLFlash DeviceIoControl Service) SRV - [2008.05.21 01:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker) SRV - [2008.05.21 01:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel) SRV - [2008.05.14 21:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service) SRV - [2008.05.14 01:35:40 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService) SRV - [2008.05.02 21:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService) SRV - [2008.04.18 14:54:02 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2008.04.08 13:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10) SRV - [2008.01.21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007.10.19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) SRV - [2007.05.16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca) SRV - [2007.04.13 07:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2007.01.05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.12.10 19:30:04 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.05.08 11:06:47 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 11:06:47 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.12.08 05:22:38 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2011.12.08 05:22:38 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.08.03 21:27:28 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2011.05.13 17:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2011.05.13 17:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2010.12.03 10:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.02.25 00:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey) DRV - [2009.04.29 06:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2008.11.21 20:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.11.17 14:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.05.14 01:36:26 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg) DRV - [2008.05.14 01:36:22 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock) DRV - [2008.05.14 01:36:20 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock) DRV - [2008.05.14 01:36:18 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot) DRV - [2008.03.29 16:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.01.21 03:32:52 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2007.01.18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb IE - HKLM\..\SearchScopes,DefaultScope = {6E9536DF-0AE1-466F-904E-6A1B41E15904} IE - HKLM\..\SearchScopes\{6E9536DF-0AE1-466F-904E-6A1B41E15904}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {6E9536DF-0AE1-466F-904E-6A1B41E15904} IE - HKCU\..\SearchScopes\{5B07576D-A46A-4AD8-8430-111BFCA06622}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms} IE - HKCU\..\SearchScopes\{6E9536DF-0AE1-466F-904E-6A1B41E15904}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3 FF - prefs.js..extensions.enabledAddons: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0 FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.2.3 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Christoph\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Christoph\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.18 00:04:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.09 22:10:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.14 08:42:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.03 12:44:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.07 22:08:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.10.03 12:44:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.14 08:42:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.03 12:44:40 | 000,000,000 | ---D | M] [2009.04.29 14:27:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Extensions [2012.10.28 11:19:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\fl55dsfc.default\extensions [2011.03.10 14:40:41 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\fl55dsfc.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8} [2011.09.13 08:39:08 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\fl55dsfc.default\extensions\youtube2mp3@mondayx.de [2012.07.06 20:52:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.12.09 22:10:42 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\PLUGINS\FF [2012.09.14 08:42:43 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.14 08:42:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.95\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\plugins\npDivxPlayerPlugin.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\plugins\NPOFF12.DLL CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\plugins\npwachk.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Christoph\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube to MP3 Converter = C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibcpjodfibnpbphfodohkmgmedjbgkhj\0.1.5_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [CognizanceTS] c:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe () O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background File not found O4 - Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Program Files\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) O4 - Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\server.exe (Piriform Ltd) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5955A18E-2522-44DE-A3CC-F91399D39722}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D795F9F9-52DB-4F1C-8E33-1E6D259564BA}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Christoph\Desktop\00154-10sw.jpg O24 - Desktop BackupWallPaper: C:\Users\Christoph\Desktop\00154-10sw.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0b2f6ea7-3e0d-11de-9b58-002186c25bbd}\Shell - "" = AutoRun O33 - MountPoints2\{0b2f6ea7-3e0d-11de-9b58-002186c25bbd}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{fc2f0d09-7130-11de-a163-002186c25bbd}\Shell - "" = AutoRun O33 - MountPoints2\{fc2f0d09-7130-11de-a163-002186c25bbd}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.12.10 19:29:37 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2012.12.10 19:05:19 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\install [2012.12.09 22:11:42 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers [2012.12.09 22:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.12.09 22:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2012.12.04 11:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2012.12.01 11:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2012.12.01 11:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2012.12.01 08:35:18 | 002,716,992 | R--- | C] (Piriform Ltd) -- C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\server.exe [2012.11.15 22:36:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\Users\Christoph\Documents\*.tmp files -> C:\Users\Christoph\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.10 20:05:59 | 000,000,000 | ---- | M] () -- C:\Users\Christoph\defogger_reenable [2012.12.10 20:00:04 | 000,001,136 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1267334794-2730647238-1909836484-1005UA.job [2012.12.10 19:37:18 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012.12.10 19:30:04 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2012.12.10 19:26:19 | 000,674,832 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012.12.10 19:26:19 | 000,634,650 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012.12.10 19:26:19 | 000,146,484 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012.12.10 19:26:19 | 000,120,214 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012.12.10 19:19:14 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.10 19:19:14 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.10 19:19:05 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.12.10 19:18:59 | 2073,313,280 | -HS- | M] () -- C:\hiberfil.sys [2012.12.10 19:16:21 | 000,002,140 | ---- | M] () -- C:\windows\bthservsdp.dat [2012.12.10 19:12:34 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.10 19:05:27 | 000,154,283 | -H-- | M] () -- C:\Users\Christoph\AppData\Roaming\Christoph-wchelper.dll [2012.12.10 19:04:51 | 002,716,992 | R--- | M] (Piriform Ltd) -- C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\server.exe [2012.12.10 00:00:05 | 000,001,084 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1267334794-2730647238-1909836484-1005Core.job [2012.12.09 22:11:04 | 000,000,992 | ---- | M] () -- C:\Users\Christoph\Desktop\DVDVideoSoft Free Studio.lnk [2012.12.09 22:11:03 | 000,001,151 | ---- | M] () -- C:\Users\Christoph\Desktop\Free YouTube to MP3 Converter.lnk [2012.12.04 11:57:36 | 000,001,871 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.12.04 11:57:35 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012.11.30 02:03:59 | 000,002,062 | ---- | M] () -- C:\Users\Christoph\Desktop\Google Chrome.lnk [2012.11.23 01:42:53 | 000,039,139 | ---- | M] () -- C:\Users\Christoph\Documents\Exercise Sessions.pdf [2012.11.23 01:28:12 | 000,039,139 | ---- | M] () -- C:\Users\Christoph\Documents\Beweis-coupon of a par yield bond=its ytm.pdf [2012.11.16 09:53:46 | 000,442,576 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\Users\Christoph\Documents\*.tmp files -> C:\Users\Christoph\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.10 20:05:59 | 000,000,000 | ---- | C] () -- C:\Users\Christoph\defogger_reenable [2012.12.10 19:05:27 | 000,154,283 | -H-- | C] () -- C:\Users\Christoph\AppData\Roaming\Christoph-wchelper.dll [2012.12.09 22:11:04 | 000,000,992 | ---- | C] () -- C:\Users\Christoph\Desktop\DVDVideoSoft Free Studio.lnk [2012.12.09 22:11:03 | 000,001,151 | ---- | C] () -- C:\Users\Christoph\Desktop\Free YouTube to MP3 Converter.lnk [2012.12.01 11:57:49 | 000,001,871 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012.12.01 11:57:49 | 000,001,871 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.11.23 01:42:53 | 000,039,139 | ---- | C] () -- C:\Users\Christoph\Documents\Exercise Sessions.pdf [2012.11.23 01:28:10 | 000,039,139 | ---- | C] () -- C:\Users\Christoph\Documents\Beweis-coupon of a par yield bond=its ytm.pdf [2011.09.16 11:54:48 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2011.09.16 11:54:44 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll [2011.09.16 11:54:44 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll [2011.09.16 11:54:44 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll [2011.09.16 11:54:44 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll [2011.07.08 17:19:10 | 000,000,104 | ---- | C] () -- C:\Users\Christoph\Computer - Verknüpfung.lnk [2011.02.26 22:29:38 | 000,012,021 | ---- | C] () -- C:\Users\Christoph\Silver Surfer.odt [2010.01.08 23:03:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.07.30 05:16:08 | 000,000,000 | ---- | C] () -- C:\Users\Christoph\AppData\Roaming\downloads.m3u [2009.06.10 15:37:50 | 000,000,097 | ---- | C] () -- C:\Users\Christoph\AppData\Local\fusioncache.dat [2009.05.10 23:04:12 | 000,000,680 | ---- | C] () -- C:\Users\Christoph\AppData\Local\d3d9caps.dat [2009.05.10 20:27:09 | 000,000,287 | ---- | C] () -- C:\Users\Christoph\Lokaler Datenträger (C) - Verknüpfung.lnk [2009.05.07 19:34:49 | 000,000,180 | ---- | C] () -- C:\Users\Christoph\AppData\Roaming\default.rss [2009.05.06 16:28:35 | 000,029,184 | ---- | C] () -- C:\Users\Christoph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2005.04.08 03:16:43 | 000,000,000 | -H-D | M] -- C:\Users\Christoph\AppData\Roaming\5FB987F2 [2011.10.30 12:11:26 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Canon [2012.12.09 22:11:42 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DVDVideoSoft [2012.12.09 22:11:43 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers [2012.12.10 19:21:34 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\install [2009.07.26 11:14:06 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\InterVideo [2010.10.24 17:21:31 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Miranda [2012.03.07 14:35:57 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Nokia Ovi Suite [2009.05.05 22:35:06 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\OpenOffice.org [2011.03.02 12:54:02 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\PC Suite [2011.11.03 18:44:04 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Samsung [2010.01.09 11:06:30 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\ScanSoft [2011.08.03 07:17:58 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Simfy [2012.04.17 11:42:48 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Temp [2009.04.29 14:32:48 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Thunderbird ========== Purity Check ========== < End of report > extras.xtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.12.2012 20:13:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christoph\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,93 Gb Total Physical Memory | 0,51 Gb Available Physical Memory | 26,50% Memory free
4,10 Gb Paging File | 1,85 Gb Available in Paging File | 45,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,05 Gb Total Space | 26,28 Gb Free Space | 18,90% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,84 Gb Free Space | 20,44% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 1020,00 Mb Total Space | 1017,75 Mb Free Space | 99,78% Space Free | Partition Type: FAT32
Computer Name: WERNER-PC | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2E177C19-7F1A-4906-9D78-6B8CA8D45D25}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3DA34479-2AE9-46E6-A2D7-1CC4BE085B18}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5AE111AE-CF42-438C-B82F-0EEA3A296119}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5F9DC9CD-8546-462B-99F0-E5BB63D79262}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{678C4BC4-0BE0-4A9C-9A3D-6A002752FDBE}" = rport=2869 | protocol=6 | dir=out | app=system |
"{7399FD60-8676-4D69-9C52-5C86C4313FD9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7A85D9C2-34B4-4860-8BF5-90984F99DCBE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9EEB24CE-B692-4A05-B417-33182235E6A1}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C8C9BD75-C390-420E-9FD9-56C00247EDC9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D69046B6-C7DB-4A41-B78E-4DFF7ECE11F3}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DABB7D7E-2760-439D-9D14-82DDE1A60C2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D3AB93-7C3B-4C25-9326-31DD8F4CBA58}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{013EFC4E-D387-43FA-B8ED-940C59466A2F}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{0C05A43D-1D4B-4EB5-8720-EC932137F9E0}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\pplive.exe |
"{0E8197B2-31A6-4B11-8167-0D75E5BB9E8B}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\crashreporter.exe |
"{12F3F62E-91CF-41E0-8580-000CB4125B05}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{1693C4B2-6501-414C-9352-3E79D9C15927}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\ppliveu.exe |
"{1F4C9133-AA82-4D20-A9C4-6E01CE0DA493}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppliveva_u.exe |
"{204AED56-E2CE-47F2-970F-27EE5CE6AAD1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{2B3BF4B5-0D1B-4D29-8A92-1C9A779A45E2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{37E75B66-8A5C-4136-8CEA-CA8B534BB6B2}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\downloadprogress.exe |
"{3E1EE9D8-F33B-43E4-926C-E9D79DD77C57}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\downloadprogress.exe |
"{45939B0C-7140-45AB-BC14-50284E3870D8}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\ppliveu.exe |
"{4957959C-47F7-481D-940D-E3CA34D19759}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppliveva_u.exe |
"{4DEAAFCC-E649-4415-AA68-F392BD80C0EE}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\pplive.exe |
"{523AE65B-DF13-45E3-A720-E1A2CCCC592F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{55ABE03F-CE64-4613-BC1A-D54713786F6D}" = protocol=6 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
"{5C04F82A-00F2-4632-8823-5297EF6B7FBA}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{5CAC6312-C1A9-461C-B3A6-9D27E420A72A}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{60AF6C3C-6E84-450B-BD0A-F08CB1044238}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6AA8C894-BBA7-4470-A436-D33C39058C89}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppliveva.exe |
"{786C4E6D-C95F-4219-AA55-34F9184C2EC7}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppvadownload.exe |
"{8376CB51-38A5-4ABE-A54B-17D636595FAE}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\flvpick.exe |
"{87599CC3-53FE-4EFB-82B8-7B39F4D58CBE}" = protocol=17 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
"{877AA6C7-5304-46C8-879B-3A1DE19D5C2E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8F0B0A71-21B8-442F-82CE-91F69197DBF3}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\crashreporter.exe |
"{9047FF6D-6F1C-48D0-BF31-55864FA3EB1B}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{9E522AE9-0587-42B6-AF3F-1FF82FF6BF4B}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\flvpick.exe |
"{B78E8B24-D88E-435A-98AF-0627A6B5E95E}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{BB36FAD3-C0F9-4081-A1BE-870D87BCAF05}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C3DC779F-26E5-437D-9B68-31E780DE4DD6}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C7DA3871-263A-4096-84DA-DE4D82748CA0}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{DCBF82E3-15EB-4103-A0CA-D5BCED5C5255}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppvadownload.exe |
"{E2829C72-80C0-4A45-8598-915312F76AA7}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppliveva.exe |
"{E5E32AD0-5FF5-4531-8914-36741E3D2117}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E89B9DE0-E7EC-4FD2-8A83-A49D730BBA79}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{F1D4F22F-58A0-4633-83F3-39C1232112B5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{22E25776-6E9E-4A41-A6ED-2A8B2BAD838C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{2FE66E60-0580-4D8B-9748-D9449A2AD67F}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{37995DE4-9C18-421B-B043-EE6161B12D8A}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{3E5B37B2-F64F-4A06-BBB1-EA388C76B211}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{B4330409-8968-4C08-9291-A97721920CCA}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{D6E2DFC7-C28B-4645-A154-A372D71D008C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{D8FA7555-23AE-429C-9E17-D3B4A3A2790D}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{E19F667C-42AB-45E5-904B-94DC02774573}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{E85F5646-E503-4ED1-93C3-8D4D221B72AB}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{F381E39B-C659-4CC9-B8A5-EFD653BA6DB7}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{04A13B65-F248-4107-8BD8-B5B1545162C1}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{0748CB45-C362-4150-A72F-21748B2F7B2C}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{2ED3F931-5117-4048-B9D5-784E4426F4EF}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{3FA3AC3D-918A-48C6-A74A-B4F5BCAAE721}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{5C372B41-37AF-4B4F-9D7C-793958484B7F}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{5D87F7AF-7232-45A7-8CF8-725617DB107F}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{6E488BFD-FDBE-487C-ADA9-B477F5B4A473}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{BDC1BA30-8248-49A6-B75B-9F1254EB42D9}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{D138928A-48CD-4B53-8DFF-EB0F3FBB2527}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{F166850A-2744-45A2-A80D-67052BE2DBB2}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01F81577-D786-49D7-BAAF-B8A8B44CE251}" = ESU for Microsoft Vista SP1
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0D3CECCA-A589-ECCA-EC0B-2F98F2789F60}" = simfy
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F98662A-EA83-414F-8766-3FCE46A32641}" = Credential Manager for HP ProtectTools
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{207A8D54-51C9-48B6-80E6-CBA5403B3ED4}" = Vista Default Settings
"{2086797F-A4BA-4CD3-8104-09B8D39DA5D8}" = HP JavaCard for HP ProtectTools
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{420BBA1D-B275-4891-838C-EA88FE87A632}" = HP Customer Experience Enhancements
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C203E35-B5C7-4E35-9834-619668C0FFEE}" = HP 3D DriveGuard
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{571347b6-163e-4fba-952c-506b4d594662}" = Nero BackItUp 4
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{65883ddf-2152-4cb7-8e13-b99194b13498}" = Nero BackItUp
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75c53f52-398b-4d66-b28a-f9ef170b3b34}" = Nero BackItUp
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{926F4D5F-C8FC-4FB7-8E09-BCB8A997D1C7}" = HP ProtectTools Security Manager
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{9DBD8BEE-B3EC-4D82-A81C-0F6250176DCC}" = Drive Encryption for HP ProtectTools
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A1410161-F615-4B91-A019-FA33833EF00D}" = BIOS Configuration for HP ProtectTools
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B79DB290-9F72-4B20-9776-848D7832705B}" = HP User Guides 0108
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{f61f1d76-7679-4cd4-ad8e-91f3cc46f44b}" = Nero 9
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MX700 series Benutzerregistrierung" = Canon MX700 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.36.1201
"Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Miranda IM" = Miranda IM 0.9.8
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Simfy" = simfy
"SopCast" = SopCast 3.2.9
"STANDARD" = Microsoft Office Standard 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Winamp" = Winamp
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.07.2011 03:01:58 | Computer Name = Werner-PC | Source = WinMgmt | ID = 10
Description =
Error - 31.07.2011 04:21:25 | Computer Name = Werner-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.08.2011 05:00:06 | Computer Name = Werner-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.08.2011 03:43:34 | Computer Name = Werner-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.08.2011 00:37:23 | Computer Name = Werner-PC | Source = WinMgmt | ID = 10
Description =
Error - 15.08.2011 12:38:25 | Computer Name = Werner-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.08.2011 04:42:37 | Computer Name = Werner-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.08.2011 05:29:21 | Computer Name = Werner-PC | Source = VSS | ID = 8194
Description =
Error - 16.08.2011 05:31:52 | Computer Name = Werner-PC | Source = MsiInstaller | ID = 11706
Description =
Error - 16.08.2011 05:36:00 | Computer Name = Werner-PC | Source = VSS | ID = 8194
Description =
[ Cisco AnyConnect VPN Client Events ]
Error - 03.12.2012 20:06:02 | Computer Name = Werner-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 04.12.2012 05:54:44 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 04.12.2012 21:33:07 | Computer Name = Werner-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 05.12.2012 04:35:27 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 06.12.2012 04:54:20 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 07.12.2012 17:33:00 | Computer Name = Werner-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 08.12.2012 15:34:05 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 08.12.2012 18:39:32 | Computer Name = Werner-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 09.12.2012 05:45:48 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 10.12.2012 14:19:30 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
[ OSession Events ]
Error - 12.11.2011 14:02:40 | Computer Name = Werner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22558
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 08.12.2012 18:39:21 | Computer Name = Werner-PC | Source = DCOM | ID = 10010
Description =
Error - 09.12.2012 05:46:59 | Computer Name = Werner-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 09.12.2012 05:46:59 | Computer Name = Werner-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 09.12.2012 05:49:22 | Computer Name = Werner-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 10.12.2012 12:09:55 | Computer Name = Werner-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 10.12.2012 14:13:25 | Computer Name = Werner-PC | Source = DCOM | ID = 10010
Description =
Error - 10.12.2012 14:15:52 | Computer Name = Werner-PC | Source = DCOM | ID = 10010
Description =
Error - 10.12.2012 14:20:30 | Computer Name = Werner-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10.12.2012 14:20:30 | Computer Name = Werner-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10.12.2012 14:27:20 | Computer Name = Werner-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
Und vom malwarebytes Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.10.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Christoph :: WERNER-PC [Administrator] 10.12.2012 19:30:14 mbam-log-2012-12-10 (20-08-46).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 259291 Laufzeit: 14 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\server.exe (Backdoor.RAT.Gen) -> Keine Aktion durchgeführt. C:\Users\Christoph\AppData\Roaming\install\server.exe (Backdoor.Bot.M) -> Keine Aktion durchgeführt. C:\Users\Christoph\AppData\Roaming\Christoph-wchelper.dll (Trojan.Agent.Gen) -> Keine Aktion durchgeführt. (Ende) Die durch Malwarebytes gefundenen infizierten Dateien habe ich gelöscht. Ich bedanke mich für eure Mühen im Voraus und hoffe, dass mir hier geholfen wird. Beste Grüße Christoph Geändert von crichter (10.12.2012 um 21:53 Uhr) |
|
11.12.2012, 10:37
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner via Facebook "einladung.zip" Hallo und
__________________ Hast du noch weitere Logs von Malwarebytes oder anderen Virenscannern? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten! Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
12.12.2012, 10:20
| #3 |
| | Trojaner via Facebook "einladung.zip" Hey cosinus,
__________________vielen Dank zunächst für deine Antwort. Also von Malwarebytes hab ich noch einen log vom 02.02.2012 Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.02.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Christoph :: WERNER-PC [Administrator] 02.02.2012 12:31:38 mbam-log-2012-02-02 (12-31-38).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 408856 Laufzeit: 2 Stunde(n), 20 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Habe damit aber auch noch keinen Durchlauf gestartet seit meinem Verdacht des Trojanerbefalls. |
|
12.12.2012, 13:53
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner via Facebook "einladung.zip" Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.12.2012, 22:02
| #5 |
| | Trojaner via Facebook "einladung.zip" Das aswMBR log: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-12 21:51:09
-----------------------------
21:51:09.462 OS Version: Windows 6.0.6002 Service Pack 2
21:51:09.462 Number of processors: 2 586 0xF0D
21:51:09.463 ComputerName: WERNER-PC UserName: Christoph
21:51:13.298 Initialze error 0
21:53:08.419 AVAST engine defs: 12121200
21:53:22.439 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:53:22.442 Disk 0 Vendor: Hitachi_ FB2O Size: 152627MB BusType: 3
21:53:22.471 Disk 0 MBR read successfully
21:53:22.474 Disk 0 MBR scan
21:53:22.479 Disk 0 Windows VISTA default MBR code
21:53:22.483 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 142384 MB offset 63
21:53:22.523 Disk 0 Partition 2 00 0C FAT32 LBA MSDOS5.0 1024 MB offset 291604480
21:53:22.570 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 9218 MB offset 293703344
21:53:22.596 Disk 0 scanning sectors +312581808
21:53:23.020 Disk 0 scanning C:\windows\system32\drivers
21:53:23.024 Service scanning
21:53:23.781 Modules scanning
21:53:24.633 Disk 0 trace - called modules:
21:53:24.981 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys iastor.sys
21:53:24.989 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x872d1a20]
21:53:24.995 3 CLASSPNP.SYS[88c058b3] -> nt!IofCallDriver -> [0x871ce1a0]
21:53:25.001 5 hpdskflt.sys[89bc1f92] -> nt!IofCallDriver -> [0x85fdc650]
21:53:25.008 7 acpi.sys[806966bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86049028]
21:53:25.069 AVAST engine scan C:\windows
21:53:25.077 AVAST engine scan C:\windows\system32
21:53:25.089 AVAST engine scan C:\windows\system32\drivers
21:53:25.098 AVAST engine scan C:\Users\Christoph
21:53:25.106 AVAST engine scan C:\ProgramData
21:53:25.112 Scan finished successfully
21:53:41.379 Disk 0 MBR has been saved successfully to "C:\Users\Christoph\Desktop\MBR.dat"
21:53:41.387 The log file has been saved successfully to "C:\Users\Christoph\Desktop\aswMBR.txt"
Code:
ATTFilter 21:55:46.0271 3136 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:55:46.0430 3136 ============================================================
21:55:46.0430 3136 Current date / time: 2012/12/12 21:55:46.0430
21:55:46.0430 3136 SystemInfo:
21:55:46.0430 3136
21:55:46.0430 3136 OS Version: 6.0.6002 ServicePack: 2.0
21:55:46.0430 3136 Product type: Workstation
21:55:46.0430 3136 ComputerName: WERNER-PC
21:55:46.0430 3136 UserName: Christoph
21:55:46.0430 3136 Windows directory: C:\windows
21:55:46.0430 3136 System windows directory: C:\windows
21:55:46.0430 3136 Processor architecture: Intel x86
21:55:46.0430 3136 Number of processors: 2
21:55:46.0430 3136 Page size: 0x1000
21:55:46.0430 3136 Boot type: Normal boot
21:55:46.0430 3136 ============================================================
21:55:47.0367 3136 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:55:47.0589 3136 ============================================================
21:55:47.0589 3136 \Device\Harddisk0\DR0:
21:55:47.0590 3136 MBR partitions:
21:55:47.0590 3136 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x116187C1
21:55:47.0590 3136 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x11618800, BlocksNum 0x200000
21:55:47.0590 3136 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x11818EB0, BlocksNum 0x1201000
21:55:47.0590 3136 ============================================================
21:55:47.0601 3136 C: <-> \Device\Harddisk0\DR0\Partition1
21:55:47.0645 3136 D: <-> \Device\Harddisk0\DR0\Partition3
21:55:47.0654 3136 F: <-> \Device\Harddisk0\DR0\Partition2
21:55:47.0654 3136 ============================================================
21:55:47.0654 3136 Initialize success
21:55:47.0654 3136 ============================================================
21:56:54.0205 3780 ============================================================
21:56:54.0205 3780 Scan started
21:56:54.0205 3780 Mode: Manual; SigCheck; TDLFS;
21:56:54.0205 3780 ============================================================
21:56:54.0391 3780 ================ Scan system memory ========================
21:56:54.0391 3780 System memory - ok
21:56:54.0392 3780 ================ Scan services =============================
21:56:54.0576 3780 [ CC1F1D3D70DC13C2C281488D347D4415 ] Accelerometer C:\windows\system32\DRIVERS\Accelerometer.sys
21:56:54.0683 3780 Accelerometer - ok
21:56:54.0738 3780 [ EC4A5D4E36A8E49261CD823450E0BA51 ] accoca c:\Program Files\ActivIdentity\ActivClient\accoca.exe
21:56:54.0756 3780 accoca - ok
21:56:54.0817 3780 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\windows\system32\drivers\acpi.sys
21:56:54.0841 3780 ACPI - ok
21:56:54.0890 3780 [ 364A903711E84EB1386FA04106681B7A ] ADIHdAudAddService C:\windows\system32\drivers\ADIHdAud.sys
21:56:55.0060 3780 ADIHdAudAddService - ok
21:56:55.0171 3780 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:56:55.0185 3780 AdobeARMservice - ok
21:56:55.0249 3780 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:56:55.0264 3780 AdobeFlashPlayerUpdateSvc - ok
21:56:55.0309 3780 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
21:56:55.0338 3780 adp94xx - ok
21:56:55.0349 3780 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\windows\system32\drivers\adpahci.sys
21:56:55.0370 3780 adpahci - ok
21:56:55.0395 3780 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\windows\system32\drivers\adpu160m.sys
21:56:55.0412 3780 adpu160m - ok
21:56:55.0424 3780 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\windows\system32\drivers\adpu320.sys
21:56:55.0442 3780 adpu320 - ok
21:56:55.0478 3780 [ 585F5793BB5D79C8754EE63BCBAF2B3A ] AEADIFilters C:\windows\system32\AEADISRV.EXE
21:56:55.0500 3780 AEADIFilters - ok
21:56:55.0525 3780 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\windows\System32\aelupsvc.dll
21:56:55.0651 3780 AeLookupSvc - ok
21:56:55.0731 3780 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\windows\system32\drivers\afd.sys
21:56:55.0782 3780 AFD - ok
21:56:55.0844 3780 [ 8ED60797908FD394EEE0D6949F493224 ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
21:56:55.0915 3780 AgereModemAudio - ok
21:56:56.0005 3780 [ 3712986CC3ABF0DC656B43525B9D1279 ] AgereSoftModem C:\windows\system32\DRIVERS\AGRSM.sys
21:56:56.0172 3780 AgereSoftModem - ok
21:56:56.0350 3780 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\windows\system32\drivers\agp440.sys
21:56:56.0366 3780 agp440 - ok
21:56:56.0394 3780 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\windows\system32\drivers\djsvs.sys
21:56:56.0410 3780 aic78xx - ok
21:56:56.0421 3780 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\windows\System32\alg.exe
21:56:56.0550 3780 ALG - ok
21:56:56.0591 3780 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\windows\system32\drivers\aliide.sys
21:56:56.0605 3780 aliide - ok
21:56:56.0636 3780 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\windows\system32\drivers\amdagp.sys
21:56:56.0651 3780 amdagp - ok
21:56:56.0656 3780 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\windows\system32\drivers\amdide.sys
21:56:56.0672 3780 amdide - ok
21:56:56.0686 3780 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\windows\system32\drivers\amdk7.sys
21:56:56.0748 3780 AmdK7 - ok
21:56:56.0783 3780 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
21:56:56.0836 3780 AmdK8 - ok
21:56:56.0962 3780 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:56:56.0993 3780 AntiVirSchedulerService - ok
21:56:57.0043 3780 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:56:57.0056 3780 AntiVirService - ok
21:56:57.0087 3780 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\windows\System32\appinfo.dll
21:56:57.0145 3780 Appinfo - ok
21:56:57.0213 3780 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:56:57.0225 3780 Apple Mobile Device - ok
21:56:57.0247 3780 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\windows\system32\drivers\arc.sys
21:56:57.0262 3780 arc - ok
21:56:57.0276 3780 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\windows\system32\drivers\arcsas.sys
21:56:57.0294 3780 arcsas - ok
21:56:57.0364 3780 [ 46BA50DE5ADD62AA4CE173EDA629245A ] ASBroker c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
21:56:57.0376 3780 ASBroker - ok
21:56:57.0399 3780 [ 7BEC093B781A2AC8B270EBD4695ADC97 ] ASChannel c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll
21:56:57.0412 3780 ASChannel - ok
21:56:57.0512 3780 [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:56:57.0524 3780 aspnet_state - ok
21:56:57.0547 3780 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
21:56:57.0586 3780 AsyncMac - ok
21:56:57.0606 3780 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\windows\system32\drivers\atapi.sys
21:56:57.0621 3780 atapi - ok
21:56:57.0674 3780 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
21:56:57.0730 3780 AudioEndpointBuilder - ok
21:56:57.0737 3780 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\windows\System32\Audiosrv.dll
21:56:57.0762 3780 Audiosrv - ok
21:56:57.0829 3780 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
21:56:57.0868 3780 avgntflt - ok
21:56:57.0893 3780 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
21:56:57.0907 3780 avipbb - ok
21:56:57.0933 3780 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
21:56:57.0946 3780 avkmgr - ok
21:56:57.0994 3780 [ 502F1C30BD50B32D00CE4DCAECC3D3C7 ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
21:56:58.0040 3780 b57nd60x - ok
21:56:58.0121 3780 [ 3F5E7621CDF6867D3D8417D13A098277 ] BCM43XX C:\windows\system32\DRIVERS\bcmwl6.sys
21:56:58.0186 3780 BCM43XX - ok
21:56:58.0260 3780 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\windows\system32\drivers\Beep.sys
21:56:58.0316 3780 Beep - ok
21:56:58.0389 3780 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\windows\System32\bfe.dll
21:56:58.0460 3780 BFE - ok
21:56:58.0532 3780 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\windows\System32\qmgr.dll
21:56:58.0622 3780 BITS - ok
21:56:58.0676 3780 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\windows\system32\drivers\blbdrive.sys
21:56:58.0721 3780 blbdrive - ok
21:56:58.0787 3780 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:56:58.0809 3780 Bonjour Service - ok
21:56:58.0860 3780 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\windows\system32\DRIVERS\bowser.sys
21:56:58.0913 3780 bowser - ok
21:56:58.0963 3780 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\drivers\brfiltlo.sys
21:56:59.0001 3780 BrFiltLo - ok
21:56:59.0024 3780 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\drivers\brfiltup.sys
21:56:59.0076 3780 BrFiltUp - ok
21:56:59.0109 3780 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\windows\System32\browser.dll
21:56:59.0155 3780 Browser - ok
21:56:59.0193 3780 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\windows\system32\drivers\brserid.sys
21:56:59.0370 3780 Brserid - ok
21:56:59.0395 3780 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\system32\drivers\brserwdm.sys
21:56:59.0458 3780 BrSerWdm - ok
21:56:59.0547 3780 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\system32\drivers\brusbmdm.sys
21:56:59.0723 3780 BrUsbMdm - ok
21:56:59.0745 3780 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\system32\drivers\brusbser.sys
21:56:59.0807 3780 BrUsbSer - ok
21:56:59.0873 3780 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\windows\system32\DRIVERS\BthEnum.sys
21:56:59.0945 3780 BthEnum - ok
21:57:00.0012 3780 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
21:57:00.0080 3780 BTHMODEM - ok
21:57:00.0150 3780 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
21:57:00.0252 3780 BthPan - ok
21:57:00.0380 3780 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\windows\system32\Drivers\BTHport.sys
21:57:00.0442 3780 BTHPORT - ok
21:57:00.0510 3780 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\windows\System32\bthserv.dll
21:57:00.0557 3780 BthServ - ok
21:57:00.0575 3780 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\windows\system32\Drivers\BTHUSB.sys
21:57:00.0605 3780 BTHUSB - ok
21:57:00.0664 3780 [ 99AEEA7CEFDFC6E4151A8F620D682088 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
21:57:00.0677 3780 btwaudio - ok
21:57:00.0721 3780 [ 195872E48A7FB01F8BC9B800F70F4054 ] btwavdt C:\windows\system32\drivers\btwavdt.sys
21:57:00.0733 3780 btwavdt - ok
21:57:00.0766 3780 [ 0724E7D6C9B6A289EDDDA33FA8176E80 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
21:57:00.0777 3780 btwrchid - ok
21:57:00.0805 3780 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
21:57:00.0861 3780 cdfs - ok
21:57:00.0928 3780 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
21:57:00.0963 3780 cdrom - ok
21:57:01.0020 3780 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\windows\System32\certprop.dll
21:57:01.0055 3780 CertPropSvc - ok
21:57:01.0082 3780 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\windows\system32\drivers\circlass.sys
21:57:01.0123 3780 circlass - ok
21:57:01.0220 3780 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\windows\system32\CLFS.sys
21:57:01.0248 3780 CLFS - ok
21:57:01.0294 3780 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:57:01.0307 3780 clr_optimization_v2.0.50727_32 - ok
21:57:01.0386 3780 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:57:01.0401 3780 clr_optimization_v4.0.30319_32 - ok
21:57:01.0440 3780 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
21:57:01.0478 3780 CmBatt - ok
21:57:01.0495 3780 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\windows\system32\drivers\cmdide.sys
21:57:01.0509 3780 cmdide - ok
21:57:01.0553 3780 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
21:57:01.0570 3780 Com4QLBEx - ok
21:57:01.0576 3780 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
21:57:01.0590 3780 Compbatt - ok
21:57:01.0598 3780 COMSysApp - ok
21:57:01.0620 3780 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
21:57:01.0635 3780 crcdisk - ok
21:57:01.0652 3780 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\windows\system32\drivers\crusoe.sys
21:57:01.0728 3780 Crusoe - ok
21:57:01.0784 3780 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\windows\system32\cryptsvc.dll
21:57:01.0827 3780 CryptSvc - ok
21:57:01.0869 3780 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\windows\system32\DRIVERS\CVirtA.sys
21:57:01.0912 3780 CVirtA - ok
21:57:01.0990 3780 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\windows\system32\rpcss.dll
21:57:02.0053 3780 DcomLaunch - ok
21:57:02.0118 3780 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\windows\system32\Drivers\dfsc.sys
21:57:02.0177 3780 DfsC - ok
21:57:02.0254 3780 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\windows\system32\DFSR.exe
21:57:02.0389 3780 DFSR - ok
21:57:02.0456 3780 [ 919F338FD36F47D860775368D0748780 ] dg_ssudbus C:\windows\system32\DRIVERS\ssudbus.sys
21:57:02.0470 3780 dg_ssudbus - ok
21:57:02.0545 3780 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\windows\System32\dhcpcsvc.dll
21:57:02.0575 3780 Dhcp - ok
21:57:02.0623 3780 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\windows\system32\drivers\disk.sys
21:57:02.0651 3780 disk - ok
21:57:02.0683 3780 [ 86D52C32A308F84BBC626BFF7C1FB710 ] DNE C:\windows\system32\DRIVERS\dne2000.sys
21:57:02.0697 3780 DNE - ok
21:57:02.0756 3780 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\windows\System32\dnsrslvr.dll
21:57:02.0795 3780 Dnscache - ok
21:57:02.0850 3780 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\windows\System32\dot3svc.dll
21:57:02.0890 3780 dot3svc - ok
21:57:02.0926 3780 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\windows\system32\dps.dll
21:57:02.0964 3780 DPS - ok
21:57:03.0008 3780 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
21:57:03.0055 3780 drmkaud - ok
21:57:03.0107 3780 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
21:57:03.0142 3780 DXGKrnl - ok
21:57:03.0154 3780 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\windows\system32\DRIVERS\E1G60I32.sys
21:57:03.0195 3780 E1G60 - ok
21:57:03.0260 3780 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\windows\System32\eapsvc.dll
21:57:03.0312 3780 EapHost - ok
21:57:03.0389 3780 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\windows\system32\drivers\ecache.sys
21:57:03.0407 3780 Ecache - ok
21:57:03.0459 3780 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\windows\system32\drivers\elxstor.sys
21:57:03.0484 3780 elxstor - ok
21:57:03.0540 3780 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\windows\system32\emdmgmt.dll
21:57:03.0666 3780 EMDMgmt - ok
21:57:03.0683 3780 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\windows\system32\drivers\errdev.sys
21:57:03.0723 3780 ErrDev - ok
21:57:03.0788 3780 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\windows\system32\es.dll
21:57:03.0856 3780 EventSystem - ok
21:57:03.0922 3780 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\windows\system32\drivers\exfat.sys
21:57:03.0988 3780 exfat - ok
21:57:04.0032 3780 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\windows\system32\drivers\fastfat.sys
21:57:04.0076 3780 fastfat - ok
21:57:04.0107 3780 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\windows\system32\DRIVERS\fdc.sys
21:57:04.0152 3780 fdc - ok
21:57:04.0194 3780 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\windows\system32\fdPHost.dll
21:57:04.0221 3780 fdPHost - ok
21:57:04.0233 3780 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\windows\system32\fdrespub.dll
21:57:04.0299 3780 FDResPub - ok
21:57:04.0339 3780 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\windows\system32\drivers\fileinfo.sys
21:57:04.0354 3780 FileInfo - ok
21:57:04.0368 3780 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\windows\system32\drivers\filetrace.sys
21:57:04.0407 3780 Filetrace - ok
21:57:04.0424 3780 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
21:57:04.0453 3780 flpydisk - ok
21:57:04.0505 3780 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
21:57:04.0524 3780 FltMgr - ok
21:57:04.0671 3780 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\windows\system32\FntCache.dll
21:57:04.0758 3780 FontCache - ok
21:57:04.0829 3780 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:57:04.0842 3780 FontCache3.0.0.0 - ok
21:57:04.0901 3780 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
21:57:04.0950 3780 Fs_Rec - ok
21:57:05.0001 3780 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
21:57:05.0016 3780 gagp30kx - ok
21:57:05.0088 3780 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
21:57:05.0098 3780 GEARAspiWDM - ok
21:57:05.0162 3780 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\windows\System32\gpsvc.dll
21:57:05.0199 3780 gpsvc - ok
21:57:05.0240 3780 [ 93AEE3434935FC2F805FEFD8DC5ED1B4 ] HBtnKey C:\windows\system32\DRIVERS\cpqbttn.sys
21:57:05.0250 3780 HBtnKey - ok
21:57:05.0288 3780 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
21:57:05.0353 3780 HdAudAddService - ok
21:57:05.0417 3780 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
21:57:05.0455 3780 HDAudBus - ok
21:57:05.0485 3780 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\windows\system32\drivers\hidbth.sys
21:57:05.0547 3780 HidBth - ok
21:57:05.0568 3780 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\windows\system32\drivers\hidir.sys
21:57:05.0630 3780 HidIr - ok
21:57:05.0680 3780 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\windows\system32\hidserv.dll
21:57:05.0726 3780 hidserv - ok
21:57:05.0765 3780 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
21:57:05.0797 3780 HidUsb - ok
21:57:05.0824 3780 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\windows\system32\kmsvc.dll
21:57:05.0860 3780 hkmsvc - ok
21:57:05.0933 3780 [ D13E6BFD7E9189D26A42E94CB2447044 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
21:57:05.0953 3780 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
21:57:05.0953 3780 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
21:57:06.0008 3780 [ 07A85D6C053A0999FF450BBCA9825FB2 ] HP ProtectTools Service c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
21:57:06.0019 3780 HP ProtectTools Service - ok
21:57:06.0041 3780 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\windows\system32\drivers\hpcisss.sys
21:57:06.0055 3780 HpCISSs - ok
21:57:06.0091 3780 [ 4EF10B866C62ABBEAF7511CDD05A19BE ] hpdskflt C:\windows\system32\DRIVERS\hpdskflt.sys
21:57:06.0101 3780 hpdskflt - ok
21:57:06.0136 3780 [ EB734EF9D7C4D02760F2D1342331BA41 ] HpFkCryptService c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
21:57:06.0150 3780 HpFkCryptService - ok
21:57:06.0183 3780 [ EF55CD76A05A0675FE930036B7773943 ] HPFSService C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
21:57:06.0198 3780 HPFSService ( UnsignedFile.Multi.Generic ) - warning
21:57:06.0198 3780 HPFSService - detected UnsignedFile.Multi.Generic (1)
21:57:06.0249 3780 [ 1210960FF8928950D2A786895B0C424A ] HpqKbFiltr C:\windows\system32\DRIVERS\HpqKbFiltr.sys
21:57:06.0298 3780 HpqKbFiltr - ok
21:57:06.0363 3780 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
21:57:06.0379 3780 hpqwmiex - ok
21:57:06.0389 3780 [ C0BEB56ED79B59B7B33D0AA6C38A0BA6 ] hpsrv C:\windows\system32\Hpservice.exe
21:57:06.0402 3780 hpsrv - ok
21:57:06.0468 3780 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\windows\system32\drivers\HTTP.sys
21:57:06.0531 3780 HTTP - ok
21:57:06.0563 3780 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\windows\system32\drivers\i2omp.sys
21:57:06.0578 3780 i2omp - ok
21:57:06.0610 3780 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
21:57:06.0657 3780 i8042prt - ok
21:57:06.0723 3780 [ 3AD7614C487C948ADD435662265750FB ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:57:06.0747 3780 IAANTMON - ok
21:57:06.0781 3780 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\windows\system32\drivers\iastor.sys
21:57:06.0796 3780 iaStor - ok
21:57:06.0832 3780 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\windows\system32\drivers\iastorv.sys
21:57:06.0851 3780 iaStorV - ok
21:57:06.0906 3780 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:57:06.0932 3780 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:57:06.0932 3780 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:57:07.0012 3780 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:57:07.0057 3780 idsvc - ok
21:57:07.0193 3780 [ D97E70E4E243C9660F91C1112E36C73B ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
21:57:07.0618 3780 igfx - ok
21:57:07.0671 3780 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\windows\system32\drivers\iirsp.sys
21:57:07.0684 3780 iirsp - ok
21:57:07.0782 3780 [ 51516252DBBFED36F70B341DBA263167 ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
21:57:07.0824 3780 IJPLMSVC ( UnsignedFile.Multi.Generic ) - warning
21:57:07.0824 3780 IJPLMSVC - detected UnsignedFile.Multi.Generic (1)
21:57:07.0878 3780 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\windows\System32\ikeext.dll
21:57:07.0913 3780 IKEEXT - ok
21:57:07.0940 3780 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\windows\system32\drivers\intelide.sys
21:57:07.0954 3780 intelide - ok
21:57:07.0990 3780 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
21:57:08.0030 3780 intelppm - ok
21:57:08.0056 3780 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\windows\system32\ipbusenum.dll
21:57:08.0104 3780 IPBusEnum - ok
21:57:08.0123 3780 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
21:57:08.0160 3780 IpFilterDriver - ok
21:57:08.0202 3780 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
21:57:08.0225 3780 iphlpsvc - ok
21:57:08.0232 3780 IpInIp - ok
21:57:08.0258 3780 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\windows\system32\drivers\ipmidrv.sys
21:57:08.0288 3780 IPMIDRV - ok
21:57:08.0305 3780 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\windows\system32\DRIVERS\ipnat.sys
21:57:08.0353 3780 IPNAT - ok
21:57:08.0434 3780 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:57:08.0476 3780 iPod Service - ok
21:57:08.0519 3780 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\windows\system32\drivers\irenum.sys
21:57:08.0573 3780 IRENUM - ok
21:57:08.0601 3780 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\windows\system32\drivers\isapnp.sys
21:57:08.0615 3780 isapnp - ok
21:57:08.0663 3780 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\windows\system32\DRIVERS\msiscsi.sys
21:57:08.0681 3780 iScsiPrt - ok
21:57:08.0689 3780 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\windows\system32\drivers\iteatapi.sys
21:57:08.0703 3780 iteatapi - ok
21:57:08.0718 3780 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\windows\system32\drivers\iteraid.sys
21:57:08.0733 3780 iteraid - ok
21:57:08.0781 3780 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
21:57:08.0794 3780 IviRegMgr - ok
21:57:08.0805 3780 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
21:57:08.0820 3780 kbdclass - ok
21:57:08.0858 3780 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
21:57:08.0889 3780 kbdhid - ok
21:57:08.0939 3780 [ A3E186B4B935905B829219502557314E ] KeyIso C:\windows\system32\lsass.exe
21:57:08.0963 3780 KeyIso - ok
21:57:09.0020 3780 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
21:57:09.0048 3780 KSecDD - ok
21:57:09.0097 3780 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\windows\system32\msdtckrm.dll
21:57:09.0147 3780 KtmRm - ok
21:57:09.0195 3780 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\windows\system32\srvsvc.dll
21:57:09.0251 3780 LanmanServer - ok
21:57:09.0288 3780 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\windows\System32\wkssvc.dll
21:57:09.0351 3780 LanmanWorkstation - ok
21:57:09.0384 3780 Lavasoft Ad-Aware Service - ok
21:57:09.0400 3780 Lavasoft Kernexplorer - ok
21:57:09.0465 3780 [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd C:\windows\system32\DRIVERS\Lbd.sys
21:57:09.0506 3780 Lbd - ok
21:57:09.0585 3780 [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:57:09.0604 3780 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
21:57:09.0604 3780 LightScribeService - detected UnsignedFile.Multi.Generic (1)
21:57:09.0637 3780 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
21:57:09.0683 3780 lltdio - ok
21:57:09.0729 3780 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\windows\System32\lltdsvc.dll
21:57:09.0768 3780 lltdsvc - ok
21:57:09.0788 3780 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\windows\System32\lmhsvc.dll
21:57:09.0854 3780 lmhosts - ok
21:57:09.0884 3780 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
21:57:09.0900 3780 LSI_FC - ok
21:57:09.0919 3780 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
21:57:09.0934 3780 LSI_SAS - ok
21:57:09.0952 3780 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
21:57:09.0968 3780 LSI_SCSI - ok
21:57:09.0987 3780 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\windows\system32\drivers\luafv.sys
21:57:10.0030 3780 luafv - ok
21:57:10.0156 3780 [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
21:57:10.0174 3780 McComponentHostService - ok
21:57:10.0219 3780 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\windows\system32\drivers\megasas.sys
21:57:10.0234 3780 megasas - ok
21:57:10.0258 3780 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\windows\system32\drivers\megasr.sys
21:57:10.0284 3780 MegaSR - ok
21:57:10.0312 3780 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\windows\system32\mmcss.dll
21:57:10.0357 3780 MMCSS - ok
21:57:10.0405 3780 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\windows\system32\drivers\modem.sys
21:57:10.0459 3780 Modem - ok
21:57:10.0528 3780 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\windows\system32\DRIVERS\monitor.sys
21:57:10.0581 3780 monitor - ok
21:57:10.0609 3780 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
21:57:10.0623 3780 mouclass - ok
21:57:10.0649 3780 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
21:57:10.0689 3780 mouhid - ok
21:57:10.0718 3780 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\windows\system32\drivers\mountmgr.sys
21:57:10.0733 3780 MountMgr - ok
21:57:10.0811 3780 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:57:10.0833 3780 MozillaMaintenance - ok
21:57:10.0877 3780 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\windows\system32\drivers\mpio.sys
21:57:10.0895 3780 mpio - ok
21:57:10.0915 3780 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
21:57:10.0958 3780 mpsdrv - ok
21:57:11.0010 3780 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\windows\system32\mpssvc.dll
21:57:11.0063 3780 MpsSvc - ok
21:57:11.0113 3780 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\windows\system32\drivers\mraid35x.sys
21:57:11.0127 3780 Mraid35x - ok
21:57:11.0170 3780 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
21:57:11.0195 3780 MRxDAV - ok
21:57:11.0241 3780 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
21:57:11.0293 3780 mrxsmb - ok
21:57:11.0347 3780 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
21:57:11.0365 3780 mrxsmb10 - ok
21:57:11.0385 3780 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
21:57:11.0401 3780 mrxsmb20 - ok
21:57:11.0414 3780 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\windows\system32\drivers\msahci.sys
21:57:11.0432 3780 msahci - ok
21:57:11.0460 3780 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\windows\system32\drivers\msdsm.sys
21:57:11.0476 3780 msdsm - ok
21:57:11.0497 3780 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\windows\System32\msdtc.exe
21:57:11.0529 3780 MSDTC - ok
21:57:11.0551 3780 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\windows\system32\drivers\Msfs.sys
21:57:11.0579 3780 Msfs - ok
21:57:11.0602 3780 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
21:57:11.0616 3780 msisadrv - ok
21:57:11.0641 3780 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\windows\system32\iscsiexe.dll
21:57:11.0671 3780 MSiSCSI - ok
21:57:11.0677 3780 msiserver - ok
21:57:11.0698 3780 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
21:57:11.0746 3780 MSKSSRV - ok
21:57:11.0785 3780 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
21:57:11.0822 3780 MSPCLOCK - ok
21:57:11.0850 3780 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\windows\system32\drivers\MSPQM.sys
21:57:11.0895 3780 MSPQM - ok
21:57:11.0942 3780 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\windows\system32\drivers\MsRPC.sys
21:57:11.0959 3780 MsRPC - ok
21:57:11.0978 3780 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
21:57:11.0992 3780 mssmbios - ok
21:57:12.0001 3780 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\windows\system32\drivers\MSTEE.sys
21:57:12.0035 3780 MSTEE - ok
21:57:12.0050 3780 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\windows\system32\Drivers\mup.sys
21:57:12.0066 3780 Mup - ok
21:57:12.0114 3780 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\windows\system32\qagentRT.dll
21:57:12.0157 3780 napagent - ok
21:57:12.0205 3780 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
21:57:12.0239 3780 NativeWifiP - ok
21:57:12.0303 3780 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\windows\system32\drivers\ndis.sys
21:57:12.0334 3780 NDIS - ok
21:57:12.0365 3780 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
21:57:12.0413 3780 NdisTapi - ok
21:57:12.0446 3780 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
21:57:12.0474 3780 Ndisuio - ok
21:57:12.0528 3780 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
21:57:12.0552 3780 NdisWan - ok
21:57:12.0566 3780 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
21:57:12.0588 3780 NDProxy - ok
21:57:12.0655 3780 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
21:57:12.0702 3780 Nero BackItUp Scheduler 4.0 - ok
21:57:12.0779 3780 [ 949941E4DE88DF1FAF49A4B3CFFB756F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:57:12.0793 3780 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:57:12.0793 3780 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:57:12.0815 3780 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
21:57:12.0842 3780 NetBIOS - ok
21:57:12.0901 3780 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\windows\system32\DRIVERS\netbt.sys
21:57:12.0936 3780 netbt - ok
21:57:12.0950 3780 [ A3E186B4B935905B829219502557314E ] Netlogon C:\windows\system32\lsass.exe
21:57:12.0967 3780 Netlogon - ok
21:57:12.0999 3780 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\windows\System32\netman.dll
21:57:13.0033 3780 Netman - ok
21:57:13.0053 3780 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\windows\System32\netprofm.dll
21:57:13.0086 3780 netprofm - ok
21:57:13.0128 3780 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:57:13.0142 3780 NetTcpPortSharing - ok
21:57:13.0259 3780 [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32 C:\windows\system32\DRIVERS\NETw5v32.sys
21:57:13.0494 3780 NETw5v32 - ok
21:57:13.0528 3780 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
21:57:13.0541 3780 nfrd960 - ok
21:57:13.0567 3780 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\windows\System32\nlasvc.dll
21:57:13.0622 3780 NlaSvc - ok
21:57:13.0666 3780 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\windows\system32\drivers\Npfs.sys
21:57:13.0707 3780 Npfs - ok
21:57:13.0727 3780 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\windows\system32\nsisvc.dll
21:57:13.0769 3780 nsi - ok
21:57:13.0776 3780 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
21:57:13.0804 3780 nsiproxy - ok
21:57:13.0877 3780 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
21:57:13.0930 3780 Ntfs - ok
21:57:13.0981 3780 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\windows\system32\drivers\ntrigdigi.sys
21:57:14.0028 3780 ntrigdigi - ok
21:57:14.0047 3780 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\windows\system32\drivers\Null.sys
21:57:14.0074 3780 Null - ok
21:57:14.0102 3780 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\windows\system32\drivers\nvraid.sys
21:57:14.0117 3780 nvraid - ok
21:57:14.0137 3780 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\windows\system32\drivers\nvstor.sys
21:57:14.0152 3780 nvstor - ok
21:57:14.0171 3780 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\windows\system32\drivers\nv_agp.sys
21:57:14.0186 3780 nv_agp - ok
21:57:14.0192 3780 NwlnkFlt - ok
21:57:14.0199 3780 NwlnkFwd - ok
21:57:14.0299 3780 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:57:14.0325 3780 odserv - ok
21:57:14.0368 3780 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
21:57:14.0396 3780 ohci1394 - ok
21:57:14.0458 3780 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:57:14.0473 3780 ose - ok
21:57:14.0537 3780 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\windows\system32\p2psvc.dll
21:57:14.0601 3780 p2pimsvc - ok
21:57:14.0615 3780 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\windows\system32\p2psvc.dll
21:57:14.0689 3780 p2psvc - ok
21:57:14.0751 3780 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\windows\system32\DRIVERS\parport.sys
21:57:14.0781 3780 Parport - ok
21:57:14.0837 3780 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\windows\system32\drivers\partmgr.sys
21:57:14.0853 3780 partmgr - ok
21:57:14.0859 3780 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
21:57:14.0888 3780 Parvdm - ok
21:57:14.0919 3780 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\windows\System32\pcasvc.dll
21:57:14.0967 3780 PcaSvc - ok
21:57:15.0003 3780 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\windows\system32\DRIVERS\pccsmcfd.sys
21:57:15.0030 3780 pccsmcfd - ok
21:57:15.0084 3780 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\windows\system32\drivers\pci.sys
21:57:15.0103 3780 pci - ok
21:57:15.0126 3780 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\windows\system32\drivers\pciide.sys
21:57:15.0141 3780 pciide - ok
21:57:15.0163 3780 [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
21:57:15.0182 3780 pcmcia - ok
21:57:15.0232 3780 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\windows\system32\drivers\peauth.sys
21:57:15.0319 3780 PEAUTH - ok
21:57:15.0556 3780 [ B1689DF169143F57053F795390C99DB3 ] pla C:\windows\system32\pla.dll
21:57:15.0716 3780 pla - ok
21:57:15.0829 3780 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
21:57:15.0836 3780 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
21:57:15.0836 3780 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
21:57:15.0908 3780 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\windows\system32\umpnpmgr.dll
21:57:15.0993 3780 PlugPlay - ok
21:57:16.0026 3780 [ 2F4CA141A609CAF5C98F6E4760EF1B9B ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:57:16.0032 3780 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:57:16.0032 3780 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:57:16.0081 3780 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\windows\system32\p2psvc.dll
21:57:16.0111 3780 PNRPAutoReg - ok
21:57:16.0126 3780 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\windows\system32\p2psvc.dll
21:57:16.0304 3780 PNRPsvc - ok
21:57:16.0362 3780 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
21:57:16.0407 3780 PolicyAgent - ok
21:57:16.0448 3780 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
21:57:16.0488 3780 PptpMiniport - ok
21:57:16.0510 3780 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\windows\system32\drivers\processr.sys
21:57:16.0539 3780 Processor - ok
21:57:16.0586 3780 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\windows\system32\profsvc.dll
21:57:16.0635 3780 ProfSvc - ok
21:57:16.0661 3780 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\windows\system32\lsass.exe
21:57:16.0676 3780 ProtectedStorage - ok
21:57:16.0734 3780 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\windows\system32\DRIVERS\pacer.sys
21:57:16.0757 3780 PSched - ok
21:57:16.0799 3780 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\windows\system32\Drivers\PxHelp20.sys
21:57:16.0810 3780 PxHelp20 - ok
21:57:16.0879 3780 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\windows\system32\drivers\ql2300.sys
21:57:16.0948 3780 ql2300 - ok
21:57:16.0995 3780 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\windows\system32\drivers\ql40xx.sys
21:57:17.0009 3780 ql40xx - ok
21:57:17.0032 3780 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\windows\system32\qwave.dll
21:57:17.0067 3780 QWAVE - ok
21:57:17.0087 3780 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
21:57:17.0117 3780 QWAVEdrv - ok
21:57:17.0136 3780 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
21:57:17.0163 3780 RasAcd - ok
21:57:17.0189 3780 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\windows\System32\rasauto.dll
21:57:17.0238 3780 RasAuto - ok
21:57:17.0286 3780 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
21:57:17.0330 3780 Rasl2tp - ok
21:57:17.0378 3780 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\windows\System32\rasmans.dll
21:57:17.0424 3780 RasMan - ok
21:57:17.0466 3780 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
21:57:17.0505 3780 RasPppoe - ok
21:57:17.0544 3780 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
21:57:17.0560 3780 RasSstp - ok
21:57:17.0614 3780 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
21:57:17.0639 3780 rdbss - ok
21:57:17.0658 3780 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
21:57:17.0685 3780 RDPCDD - ok
21:57:17.0702 3780 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\windows\system32\drivers\rdpdr.sys
21:57:17.0734 3780 rdpdr - ok
21:57:17.0740 3780 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
21:57:17.0768 3780 RDPENCDD - ok
21:57:17.0826 3780 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
21:57:17.0863 3780 RDPWD - ok
21:57:17.0907 3780 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\windows\System32\mprdim.dll
21:57:17.0937 3780 RemoteAccess - ok
21:57:17.0981 3780 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\windows\system32\regsvc.dll
21:57:18.0006 3780 RemoteRegistry - ok
21:57:18.0050 3780 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
21:57:18.0074 3780 RFCOMM - ok
21:57:18.0200 3780 [ 5C13017FC008F8492D03143634A479CE ] RoxMediaDB10 c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
21:57:18.0250 3780 RoxMediaDB10 - ok
21:57:18.0302 3780 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\windows\system32\locator.exe
21:57:18.0357 3780 RpcLocator - ok
21:57:18.0388 3780 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\windows\system32\rpcss.dll
21:57:18.0420 3780 RpcSs - ok
21:57:18.0440 3780 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
21:57:18.0468 3780 rspndr - ok
21:57:18.0492 3780 [ 3BEEFE509C414F3A6E55E5C7C4024581 ] RsvLock C:\windows\system32\drivers\RsvLock.sys
21:57:18.0504 3780 RsvLock - ok
21:57:18.0522 3780 [ 2A5EEDCB22A5D6BB0231E38A38E7A7D9 ] SafeBoot C:\windows\system32\drivers\SafeBoot.sys
21:57:18.0523 3780 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 2A5EEDCB22A5D6BB0231E38A38E7A7D9
21:57:18.0523 3780 SafeBoot ( LockedFile.Multi.Generic ) - warning
21:57:18.0523 3780 SafeBoot - detected LockedFile.Multi.Generic (1)
21:57:18.0539 3780 [ A3E186B4B935905B829219502557314E ] SamSs C:\windows\system32\lsass.exe
21:57:18.0554 3780 SamSs - ok
21:57:18.0565 3780 [ 52DCDE2D1787217E15FFDCA1CBF8CCE9 ] SbAlg C:\windows\system32\drivers\SbAlg.sys
21:57:18.0576 3780 SbAlg - ok
21:57:18.0592 3780 [ 69A5AF9CE49A0982E7AE7C7D62BDB2B1 ] SbFsLock C:\windows\system32\drivers\SbFsLock.sys
21:57:18.0602 3780 SbFsLock - ok
21:57:18.0620 3780 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\windows\system32\drivers\sbp2port.sys
21:57:18.0634 3780 sbp2port - ok
21:57:18.0687 3780 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\windows\System32\SCardSvr.dll
21:57:18.0730 3780 SCardSvr - ok
21:57:18.0797 3780 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\windows\system32\schedsvc.dll
21:57:18.0848 3780 Schedule - ok
21:57:18.0896 3780 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\windows\System32\certprop.dll
21:57:18.0919 3780 SCPolicySvc - ok
21:57:18.0946 3780 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\windows\System32\SDRSVC.dll
21:57:19.0030 3780 SDRSVC - ok
21:57:19.0060 3780 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
21:57:19.0125 3780 secdrv - ok
21:57:19.0155 3780 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\windows\system32\seclogon.dll
21:57:19.0199 3780 seclogon - ok
21:57:19.0220 3780 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\windows\System32\sens.dll
21:57:19.0259 3780 SENS - ok
21:57:19.0275 3780 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\windows\system32\drivers\serenum.sys
21:57:19.0337 3780 Serenum - ok
21:57:19.0356 3780 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\windows\system32\drivers\serial.sys
21:57:19.0404 3780 Serial - ok
21:57:19.0420 3780 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\windows\system32\drivers\sermouse.sys
21:57:19.0447 3780 sermouse - ok
21:57:19.0504 3780 [ 8C1F87F5FDD92229D1754B98F073913F ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:57:19.0530 3780 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
21:57:19.0530 3780 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
21:57:19.0608 3780 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\windows\system32\sessenv.dll
21:57:19.0652 3780 SessionEnv - ok
21:57:19.0684 3780 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\windows\system32\drivers\sffdisk.sys
21:57:19.0707 3780 sffdisk - ok
21:57:19.0716 3780 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
21:57:19.0751 3780 sffp_mmc - ok
21:57:19.0770 3780 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
21:57:19.0798 3780 sffp_sd - ok
21:57:19.0816 3780 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
21:57:19.0872 3780 sfloppy - ok
21:57:19.0915 3780 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\windows\System32\ipnathlp.dll
21:57:19.0977 3780 SharedAccess - ok
21:57:20.0022 3780 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\windows\System32\shsvcs.dll
21:57:20.0071 3780 ShellHWDetection - ok
21:57:20.0102 3780 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\windows\system32\drivers\sisagp.sys
21:57:20.0117 3780 sisagp - ok
21:57:20.0129 3780 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\windows\system32\drivers\sisraid2.sys
21:57:20.0144 3780 SiSRaid2 - ok
21:57:20.0161 3780 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
21:57:20.0176 3780 SiSRaid4 - ok
21:57:20.0281 3780 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:57:20.0297 3780 SkypeUpdate - ok
21:57:20.0414 3780 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\windows\system32\SLsvc.exe
21:57:20.0651 3780 slsvc - ok
21:57:20.0694 3780 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\windows\system32\SLUINotify.dll
21:57:20.0726 3780 SLUINotify - ok
21:57:20.0776 3780 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\windows\system32\DRIVERS\smb.sys
21:57:20.0799 3780 Smb - ok
21:57:20.0832 3780 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\windows\System32\snmptrap.exe
21:57:20.0848 3780 SNMPTRAP - ok
21:57:20.0878 3780 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\windows\system32\drivers\spldr.sys
21:57:20.0892 3780 spldr - ok
21:57:20.0952 3780 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\windows\System32\spoolsv.exe
21:57:20.0999 3780 Spooler - ok
21:57:21.0056 3780 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\windows\system32\DRIVERS\srv.sys
21:57:21.0105 3780 srv - ok
21:57:21.0160 3780 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\windows\system32\DRIVERS\srv2.sys
21:57:21.0201 3780 srv2 - ok
21:57:21.0239 3780 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
21:57:21.0272 3780 srvnet - ok
21:57:21.0310 3780 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
21:57:21.0376 3780 SSDPSRV - ok
21:57:21.0419 3780 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\windows\system32\DRIVERS\ssmdrv.sys
21:57:21.0430 3780 ssmdrv - ok
21:57:21.0452 3780 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\windows\system32\sstpsvc.dll
21:57:21.0477 3780 SstpSvc - ok
21:57:21.0521 3780 [ 8F299012EF58246F1C98DE7B7E48DBF0 ] ssudmdm C:\windows\system32\DRIVERS\ssudmdm.sys
21:57:21.0538 3780 ssudmdm - ok
21:57:21.0574 3780 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\windows\system32\DRIVERS\serscan.sys
21:57:21.0595 3780 StillCam - ok
21:57:21.0650 3780 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\windows\System32\wiaservc.dll
21:57:21.0678 3780 stisvc - ok
21:57:21.0737 3780 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
21:57:21.0749 3780 stllssvr - ok
21:57:21.0785 3780 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\windows\system32\DRIVERS\swenum.sys
21:57:21.0799 3780 swenum - ok
21:57:21.0856 3780 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\windows\System32\swprv.dll
21:57:21.0902 3780 swprv - ok
21:57:21.0917 3780 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\windows\system32\drivers\symc8xx.sys
21:57:21.0930 3780 Symc8xx - ok
21:57:21.0967 3780 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\windows\system32\drivers\sym_hi.sys
21:57:21.0981 3780 Sym_hi - ok
21:57:21.0987 3780 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\windows\system32\drivers\sym_u3.sys
21:57:22.0000 3780 Sym_u3 - ok
21:57:22.0073 3780 [ 0E8676FB3BB95AA40FDF7A4A31018C8B ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
21:57:22.0137 3780 SynTP - ok
21:57:22.0216 3780 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\windows\system32\sysmain.dll
21:57:22.0260 3780 SysMain - ok
21:57:22.0308 3780 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\windows\System32\TabSvc.dll
21:57:22.0338 3780 TabletInputService - ok
21:57:22.0394 3780 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\windows\System32\tapisrv.dll
21:57:22.0433 3780 TapiSrv - ok
21:57:22.0450 3780 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\windows\System32\tbssvc.dll
21:57:22.0479 3780 TBS - ok
21:57:22.0539 3780 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\windows\system32\drivers\tcpip.sys
21:57:22.0615 3780 Tcpip - ok
21:57:22.0635 3780 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\windows\system32\DRIVERS\tcpip.sys
21:57:22.0702 3780 Tcpip6 - ok
21:57:22.0737 3780 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
21:57:22.0797 3780 tcpipreg - ok
21:57:22.0827 3780 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
21:57:22.0873 3780 TDPIPE - ok
21:57:22.0898 3780 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
21:57:22.0934 3780 TDTCP - ok
21:57:22.0972 3780 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\windows\system32\DRIVERS\tdx.sys
21:57:22.0995 3780 tdx - ok
21:57:23.0046 3780 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
21:57:23.0062 3780 TermDD - ok
21:57:23.0086 3780 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\windows\System32\termsrv.dll
21:57:23.0133 3780 TermService - ok
21:57:23.0178 3780 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\windows\system32\shsvcs.dll
21:57:23.0196 3780 Themes - ok
21:57:23.0211 3780 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\windows\system32\mmcss.dll
21:57:23.0240 3780 THREADORDER - ok
21:57:23.0279 3780 [ CB258C2F726F1BE73C507022BE33EBB3 ] TPM C:\windows\system32\drivers\tpm.sys
21:57:23.0295 3780 TPM - ok
21:57:23.0318 3780 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\windows\System32\trkwks.dll
21:57:23.0362 3780 TrkWks - ok
21:57:23.0427 3780 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
21:57:23.0470 3780 TrustedInstaller - ok
21:57:23.0504 3780 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
21:57:23.0533 3780 tssecsrv - ok
21:57:23.0545 3780 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\windows\system32\DRIVERS\tunmp.sys
21:57:23.0570 3780 tunmp - ok
21:57:23.0607 3780 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
21:57:23.0637 3780 tunnel - ok
21:57:23.0678 3780 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\windows\system32\drivers\uagp35.sys
21:57:23.0693 3780 uagp35 - ok
21:57:23.0746 3780 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\windows\system32\DRIVERS\udfs.sys
21:57:23.0770 3780 udfs - ok
21:57:23.0806 3780 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\windows\system32\UI0Detect.exe
21:57:23.0850 3780 UI0Detect - ok
21:57:23.0868 3780 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
21:57:23.0883 3780 uliagpkx - ok
21:57:23.0899 3780 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\windows\system32\drivers\uliahci.sys
21:57:23.0920 3780 uliahci - ok
21:57:23.0927 3780 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\windows\system32\drivers\ulsata.sys
21:57:23.0941 3780 UlSata - ok
21:57:23.0949 3780 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\windows\system32\drivers\ulsata2.sys
21:57:23.0964 3780 ulsata2 - ok
21:57:23.0977 3780 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\windows\system32\DRIVERS\umbus.sys
21:57:24.0026 3780 umbus - ok
21:57:24.0058 3780 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\windows\System32\upnphost.dll
21:57:24.0103 3780 upnphost - ok
21:57:24.0162 3780 [ 1DF89C499BF45D878B87EBD4421D462D ] USBAAPL C:\windows\system32\Drivers\usbaapl.sys
21:57:24.0167 3780 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
21:57:24.0167 3780 USBAAPL - detected UnsignedFile.Multi.Generic (1)
21:57:24.0204 3780 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
21:57:24.0247 3780 usbccgp - ok
21:57:24.0271 3780 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\windows\system32\drivers\usbcir.sys
21:57:24.0341 3780 usbcir - ok
21:57:24.0366 3780 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
21:57:24.0407 3780 usbehci - ok
21:57:24.0452 3780 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
21:57:24.0478 3780 usbhub - ok
21:57:24.0487 3780 [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
21:57:24.0516 3780 usbohci - ok
21:57:24.0558 3780 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
21:57:24.0599 3780 usbprint - ok
21:57:24.0616 3780 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
21:57:24.0655 3780 usbscan - ok
21:57:24.0669 3780 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
21:57:24.0709 3780 USBSTOR - ok
21:57:24.0729 3780 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
21:57:24.0771 3780 usbuhci - ok
21:57:24.0817 3780 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\windows\System32\uxsms.dll
21:57:24.0863 3780 UxSms - ok
21:57:24.0910 3780 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\windows\System32\vds.exe
21:57:24.0964 3780 vds - ok
21:57:25.0003 3780 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
21:57:25.0031 3780 vga - ok
21:57:25.0069 3780 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\windows\System32\drivers\vga.sys
21:57:25.0102 3780 VgaSave - ok
21:57:25.0113 3780 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\windows\system32\drivers\viaagp.sys
21:57:25.0128 3780 viaagp - ok
21:57:25.0143 3780 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\windows\system32\drivers\viac7.sys
21:57:25.0171 3780 ViaC7 - ok
21:57:25.0185 3780 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\windows\system32\drivers\viaide.sys
21:57:25.0199 3780 viaide - ok
21:57:25.0242 3780 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\windows\system32\drivers\volmgr.sys
21:57:25.0257 3780 volmgr - ok
21:57:25.0310 3780 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
21:57:25.0331 3780 volmgrx - ok
21:57:25.0379 3780 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\windows\system32\drivers\volsnap.sys
21:57:25.0399 3780 volsnap - ok
21:57:25.0511 3780 [ D6653180D162CB3144FDBC8A651CEBB1 ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
21:57:25.0544 3780 vpnagent - ok
21:57:25.0577 3780 [ FC94804932CFC35F01B3AE510E3B4D5C ] vpnva C:\windows\system32\DRIVERS\vpnva.sys
21:57:25.0588 3780 vpnva - ok
21:57:25.0631 3780 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
21:57:25.0647 3780 vsmraid - ok
21:57:25.0682 3780 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\windows\system32\vssvc.exe
21:57:25.0758 3780 VSS - ok
21:57:25.0830 3780 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\windows\system32\w32time.dll
21:57:25.0868 3780 W32Time - ok
21:57:25.0901 3780 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\windows\system32\drivers\wacompen.sys
21:57:25.0957 3780 WacomPen - ok
21:57:25.0976 3780 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\windows\system32\DRIVERS\wanarp.sys
21:57:26.0000 3780 Wanarp - ok
21:57:26.0004 3780 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
21:57:26.0027 3780 Wanarpv6 - ok
21:57:26.0050 3780 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\windows\System32\wcncsvc.dll
21:57:26.0079 3780 wcncsvc - ok
21:57:26.0103 3780 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
21:57:26.0135 3780 WcsPlugInService - ok
21:57:26.0189 3780 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\windows\system32\drivers\wd.sys
21:57:26.0203 3780 Wd - ok
21:57:26.0255 3780 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
21:57:26.0308 3780 Wdf01000 - ok
21:57:26.0341 3780 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\windows\system32\wdi.dll
21:57:26.0388 3780 WdiServiceHost - ok
21:57:26.0392 3780 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\windows\system32\wdi.dll
21:57:26.0423 3780 WdiSystemHost - ok
21:57:26.0464 3780 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\windows\System32\webclnt.dll
21:57:26.0486 3780 WebClient - ok
21:57:26.0532 3780 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\windows\system32\wecsvc.dll
21:57:26.0591 3780 Wecsvc - ok
21:57:26.0614 3780 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\windows\System32\wercplsupport.dll
21:57:26.0638 3780 wercplsupport - ok
21:57:26.0690 3780 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\windows\System32\WerSvc.dll
21:57:26.0737 3780 WerSvc - ok
21:57:26.0795 3780 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:57:26.0816 3780 WinDefend - ok
21:57:26.0824 3780 WinHttpAutoProxySvc - ok
21:57:26.0865 3780 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
21:57:26.0889 3780 Winmgmt - ok
21:57:26.0965 3780 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\windows\system32\WsmSvc.dll
21:57:27.0081 3780 WinRM - ok
21:57:27.0128 3780 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\windows\System32\wlansvc.dll
21:57:27.0202 3780 Wlansvc - ok
21:57:27.0234 3780 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
21:57:27.0280 3780 WmiAcpi - ok
21:57:27.0322 3780 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
21:57:27.0370 3780 wmiApSrv - ok
21:57:27.0463 3780 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:57:27.0528 3780 WMPNetworkSvc - ok
21:57:27.0578 3780 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\windows\System32\wpcsvc.dll
21:57:27.0610 3780 WPCSvc - ok
21:57:27.0686 3780 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
21:57:27.0717 3780 WPDBusEnum - ok
21:57:27.0743 3780 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\windows\system32\DRIVERS\wpdusb.sys
21:57:27.0783 3780 WpdUsb - ok
21:57:27.0905 3780 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:57:27.0942 3780 WPFFontCache_v0400 - ok
21:57:27.0962 3780 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
21:57:28.0005 3780 ws2ifsl - ok
21:57:28.0063 3780 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\windows\System32\wscsvc.dll
21:57:28.0082 3780 wscsvc - ok
21:57:28.0087 3780 WSearch - ok
21:57:28.0177 3780 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll
21:57:28.0290 3780 wuauserv - ok
21:57:28.0361 3780 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\windows\system32\drivers\WudfPf.sys
21:57:28.0389 3780 WudfPf - ok
21:57:28.0458 3780 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
21:57:28.0475 3780 WUDFRd - ok
21:57:28.0486 3780 [ 2C0206FF8D2C75AC027D1096FA2FAFDA ] wudfsvc C:\windows\System32\WUDFSvc.dll
21:57:28.0527 3780 wudfsvc - ok
21:57:28.0585 3780 [ F72D4BFFA37E857D195048C498AFC61B ] yukonwlh C:\windows\system32\DRIVERS\yk60x86.sys
21:57:28.0630 3780 yukonwlh - ok
21:57:28.0678 3780 ================ Scan global ===============================
21:57:28.0700 3780 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\windows\system32\basesrv.dll
21:57:28.0747 3780 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\windows\system32\winsrv.dll
21:57:28.0762 3780 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\windows\system32\winsrv.dll
21:57:28.0823 3780 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\windows\system32\services.exe
21:57:28.0828 3780 [Global] - ok
21:57:28.0828 3780 ================ Scan MBR ==================================
21:57:28.0836 3780 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:57:29.0374 3780 \Device\Harddisk0\DR0 - ok
21:57:29.0375 3780 ================ Scan VBR ==================================
21:57:29.0378 3780 [ 7AC0478A26E92D1278B6542403FEFEC2 ] \Device\Harddisk0\DR0\Partition1
21:57:29.0380 3780 \Device\Harddisk0\DR0\Partition1 - ok
21:57:29.0399 3780 [ F017C84D20FA1F08F6164F5FD800FC0D ] \Device\Harddisk0\DR0\Partition2
21:57:29.0400 3780 \Device\Harddisk0\DR0\Partition2 - ok
21:57:29.0412 3780 [ FC23E135DC412AB3B84FE13EC6E4DBE6 ] \Device\Harddisk0\DR0\Partition3
21:57:29.0414 3780 \Device\Harddisk0\DR0\Partition3 - ok
21:57:29.0414 3780 ============================================================
21:57:29.0414 3780 Scan finished
21:57:29.0414 3780 ============================================================
21:57:29.0428 5964 Detected object count: 11
21:57:29.0428 5964 Actual detected object count: 11
21:58:08.0706 5964 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:08.0706 5964 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:58:08.0707 5964 HPFSService ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:08.0707 5964 HPFSService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:58:08.0709 5964 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:08.0709 5964 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:58:08.0712 5964 IJPLMSVC ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:08.0712 5964 IJPLMSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:58:08.0715 5964 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:08.0715 5964 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:58:08.0718 5964 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:08.0718 5964 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:58:08.0720 5964 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:08.0720 5964 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:58:08.0722 5964 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:08.0722 5964 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:58:08.0725 5964 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
21:58:08.0725 5964 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip
21:58:08.0728 5964 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:08.0728 5964 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:58:08.0731 5964 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:08.0731 5964 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
13.12.2012, 15:15
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner via Facebook "einladung.zip" Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ --> Trojaner via Facebook "einladung.zip" |
|
13.12.2012, 20:49
| #7 |
| | Trojaner via Facebook "einladung.zip" Combofix Logfile: Code:
ATTFilter ComboFix 12-12-13.02 - Christoph 13.12.2012 19:31:51.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.49.1031.18.1976.848 [GMT 1:00]
ausgeführt von:: c:\users\Christoph\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Christoph\AppData\Roaming\Christoph-wchelper.dll
c:\users\Christoph\AppData\Roaming\install\server.exe
c:\users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\server.exe
c:\users\Christoph\Documents\~WRL3816.tmp
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\muzapp.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-13 bis 2012-12-13 ))))))))))))))))))))))))))))))
.
.
2012-12-13 18:47 . 2012-12-13 18:47 -------- d-----w- c:\users\Werner\AppData\Local\temp
2012-12-13 18:47 . 2012-12-13 19:28 -------- d-----w- c:\users\Christoph\AppData\Local\temp
2012-12-13 18:47 . 2012-12-13 18:47 -------- d-----w- c:\users\McAfeeMVSUser\AppData\Local\temp
2012-12-13 18:47 . 2012-12-13 18:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-11 15:42 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{001AE30C-419D-4341-8835-F1EF82DB3A11}\mpengine.dll
2012-12-10 18:05 . 2012-12-13 18:46 -------- d-----w- c:\users\Christoph\AppData\Roaming\install
2012-12-09 21:11 . 2012-12-09 21:11 -------- d-----w- c:\users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers
2012-12-09 21:10 . 2012-12-09 21:10 -------- d-----w- c:\program files\DVDVideoSoft
2012-12-01 10:57 . 2012-12-01 10:57 -------- d-----w- c:\programdata\McAfee Security Scan
2012-12-01 10:57 . 2012-12-04 10:57 -------- d-----w- c:\program files\McAfee Security Scan
2012-11-15 21:26 . 2012-10-08 07:40 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-15 21:26 . 2012-10-08 08:37 140960 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-11-15 21:26 . 2012-10-08 07:45 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-11-15 21:26 . 2012-10-08 07:43 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-15 21:26 . 2012-10-08 07:44 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-15 21:26 . 2012-10-08 07:48 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-15 21:26 . 2012-10-08 07:45 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-11-15 21:25 . 2012-10-08 08:37 748704 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2012-11-15 21:25 . 2012-10-08 07:56 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-15 21:25 . 2012-10-08 07:49 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-11-15 21:25 . 2012-10-08 07:50 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-11-15 21:25 . 2012-10-08 07:47 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-15 13:11 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 13:10 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 10:37 . 2012-07-06 09:05 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 10:37 . 2011-05-18 08:03 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 18:54 . 2012-02-02 09:14 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 07:42 . 2012-07-06 19:52 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-04 21392]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-10 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-10 145944]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-17 74752]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-31 348664]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Hardcopy.LNK - c:\program files\Hardcopy\hardcopy.exe [2010-1-23 1315840]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\File Sanitizer]
2008-05-02 20:17 10244096 ----a-w- c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-04-15 20:42 70912 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 08:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-05 12:06 2254120 ----a-w- c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2008-05-08 00:34 238984 ----a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2008-04-21 18:21 197904 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe
.
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-06 10:37]
.
2012-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1267334794-2730647238-1909836484-1005Core.job
- c:\users\Christoph\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-04 19:33]
.
2012-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1267334794-2730647238-1909836484-1005UA.job
- c:\users\Christoph\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-04 19:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\fl55dsfc.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=
FF - ExtSQL: 2012-12-09 22:10; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\Common Files\DVDVideoSoft\plugins\ff
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(704)
c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
.
- - - - - - - > 'Explorer.exe'(1120)
c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe
c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
c:\windows\system32\Hpservice.exe
c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Nero\Nero BackItUp 4\IoctlSvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-13 20:33:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-12-13 19:33
.
Vor Suchlauf: 7 Verzeichnis(se), 31.488.999.424 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 31.721.402.368 Bytes frei
.
- - End Of File - - E9F8029E49A91F39EBA03AF0784A5599
|
|
13.12.2012, 21:05
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner via Facebook "einladung.zip" adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.12.2012, 23:21
| #9 |
| | Trojaner via Facebook "einladung.zip"Code:
ATTFilter # AdwCleaner v2.100 - Datei am 13/12/2012 um 23:19:34 erstellt
# Aktualisiert am 09/12/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Benutzer : Christoph - WERNER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Christoph\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\Werner\AppData\Roaming\Mozilla\Firefox\Profiles\6yz7j0qd.default\searchplugins\icqplugin.xml
Ordner Gefunden : C:\Program Files\AskTBar
Ordner Gefunden : C:\Program Files\ICQ6Toolbar
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\Users\Christoph\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\Christoph\AppData\LocalLow\pdfforge
Ordner Gefunden : C:\Users\Christoph\AppData\LocalLow\Search Settings
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Schlüssel Gefunden : HKCU\Software\Search Settings
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Software
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16455
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0.1 (de)
Profilname : default
Datei : C:\Users\Werner\AppData\Roaming\Mozilla\Firefox\Profiles\6yz7j0qd.default\prefs.js
Gefunden : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q="[...]
Profilname : default
Datei : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\fl55dsfc.default\prefs.js
Gefunden : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q="[...]
-\\ Google Chrome v23.0.1271.97
Datei : C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [2063 octets] - [13/12/2012 23:19:34]
########## EOF - C:\AdwCleaner[R1].txt - [2123 octets] ##########
|
|
14.12.2012, 10:25
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner via Facebook "einladung.zip" adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.12.2012, 14:58
| #11 |
| | Trojaner via Facebook "einladung.zip" Okay, alles soweit erledigt und hier die logs dazu. Code:
ATTFilter # AdwCleaner v2.100 - Datei am 14/12/2012 um 13:10:28 erstellt
# Aktualisiert am 09/12/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Benutzer : Christoph - WERNER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Christoph\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Werner\AppData\Roaming\Mozilla\Firefox\Profiles\6yz7j0qd.default\searchplugins\icqplugin.xml
Ordner Gelöscht : C:\Program Files\AskTBar
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Christoph\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Christoph\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\Christoph\AppData\LocalLow\Search Settings
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0.1 (de)
Profilname : default
Datei : C:\Users\Werner\AppData\Roaming\Mozilla\Firefox\Profiles\6yz7j0qd.default\prefs.js
C:\Users\Werner\AppData\Roaming\Mozilla\Firefox\Profiles\6yz7j0qd.default\user.js ... Gelöscht !
Gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q="[...]
Profilname : default
Datei : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\fl55dsfc.default\prefs.js
Gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q="[...]
-\\ Google Chrome v23.0.1271.97
Datei : C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [2192 octets] - [13/12/2012 23:19:34]
AdwCleaner[S1].txt - [2225 octets] - [14/12/2012 13:10:28]
########## EOF - C:\AdwCleaner[S1].txt - [2285 octets] ##########
Code:
ATTFilter OTL logfile created on: 14.12.2012 13:20:28 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christoph\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,93 Gb Total Physical Memory | 0,68 Gb Available Physical Memory | 34,98% Memory free 4,10 Gb Paging File | 2,54 Gb Available in Paging File | 62,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 139,05 Gb Total Space | 28,93 Gb Free Space | 20,81% Space Free | Partition Type: NTFS Drive D: | 9,00 Gb Total Space | 1,84 Gb Free Space | 20,44% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive F: | 1020,00 Mb Total Space | 1017,75 Mb Free Space | 99,78% Space Free | Partition Type: FAT32 Computer Name: WERNER-PC | User Name: Christoph | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Christoph\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.) PRC - c:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe (Bioscrypt Inc.) PRC - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) PRC - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International) PRC - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Windows\System32\lpksetup.exe (Microsoft Corporation) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) PRC - c:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity) PRC - c:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity) PRC - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe () PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.) PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe () PRC - C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\Christoph\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll () MOD - C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll () MOD - C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.97\libglesv2.dll () MOD - C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.97\libegl.dll () MOD - C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll () MOD - C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll () MOD - C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\38e2909de0b5e7887b46dd28725ba718\System.Management.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0e5254a1a3d59b3a037029e5af1bd32b\System.Runtime.Remoting.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\46215c6276fca8ba6b8a765dfa384c73\PresentationFramework.Aero.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll () MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files\Hardcopy\HcDllS.dll () MOD - C:\Program Files\Hardcopy\hardcopy_02.dll () MOD - C:\Program Files\Hardcopy\HcDLL2_29_Win32.dll () MOD - C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe () MOD - C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe () ========== Services (SafeList) ========== SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (PLFlash DeviceIoControl Service) -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.) SRV - (ASBroker) -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.) SRV - (ASChannel) -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll (Bioscrypt Inc.) SRV - (HP ProtectTools Service) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) SRV - (HpFkCryptService) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International) SRV - (HPFSService) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (RoxMediaDB10) -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (accoca) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity) SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe () SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\ComboFix\catchme.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company) DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company) DRV - (Lbd) -- C:\Windows\System32\drivers\Lbd.sys (Lavasoft AB) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBTTN.sys (Hewlett-Packard Company) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (SbAlg) -- C:\windows\System32\drivers\SbAlg.sys (SafeBoot N.V.) DRV - (SbFsLock) -- C:\windows\System32\drivers\SbFsLock.sys (SafeBoot International) DRV - (RsvLock) -- C:\windows\System32\drivers\rsvlock.sys (SafeBoot International) DRV - (SafeBoot) -- C:\windows\System32\drivers\SafeBoot.sys () DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6E9536DF-0AE1-466F-904E-6A1B41E15904}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\..\SearchScopes\{5B07576D-A46A-4AD8-8430-111BFCA06622}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms} IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\..\SearchScopes\{6E9536DF-0AE1-466F-904E-6A1B41E15904}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3 FF - prefs.js..extensions.enabledAddons: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.7 FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.2.3 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Christoph\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Christoph\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.18 00:04:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.09 22:10:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.14 08:42:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.03 12:44:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.07 22:08:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.10.03 12:44:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.14 08:42:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.03 12:44:40 | 000,000,000 | ---D | M] [2009.04.29 14:27:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Extensions [2012.10.28 11:19:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\fl55dsfc.default\extensions [2011.03.10 14:40:41 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\fl55dsfc.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8} [2011.09.13 08:39:08 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\fl55dsfc.default\extensions\youtube2mp3@mondayx.de [2012.07.06 20:52:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.12.09 22:10:42 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\PLUGINS\FF [2012.09.14 08:42:43 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.14 08:42:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\plugins\npDivxPlayerPlugin.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\plugins\NPOFF12.DLL CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\plugins\npwachk.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Christoph\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube to MP3 Converter = C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibcpjodfibnpbphfodohkmgmedjbgkhj\0.1.5_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2012.12.13 19:48:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [CognizanceTS] c:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe () O4 - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Program Files\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) O4 - Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5955A18E-2522-44DE-A3CC-F91399D39722}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D795F9F9-52DB-4F1C-8E33-1E6D259564BA}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Christoph\Desktop\00154-10sw.jpg O24 - Desktop BackupWallPaper: C:\Users\Christoph\Desktop\00154-10sw.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.12.13 23:30:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2012.12.13 23:30:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2012.12.13 23:30:36 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2012.12.13 23:30:36 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe [2012.12.13 23:30:36 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2012.12.13 23:30:35 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2012.12.13 23:30:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll [2012.12.13 23:30:34 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2012.12.13 23:27:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Wdfres.dll [2012.12.13 23:27:01 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winusb.dll [2012.12.13 23:27:00 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFPlatform.dll [2012.12.13 23:26:59 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\WdfLdr.sys [2012.12.13 23:26:56 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFCoinstaller.dll [2012.12.13 23:26:56 | 000,034,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\winusb.sys [2012.12.13 23:26:55 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFx.dll [2012.12.13 20:33:46 | 000,000,000 | ---D | C] -- C:\windows\temp [2012.12.13 20:33:46 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\temp [2012.12.13 20:28:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.12.13 19:28:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2012.12.13 19:28:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2012.12.13 19:28:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2012.12.13 19:27:24 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.12.13 19:26:35 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2012.12.13 18:54:47 | 005,010,970 | R--- | C] (Swearware) -- C:\Users\Christoph\Desktop\ComboFix.exe [2012.12.13 04:56:54 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2012.12.13 04:56:51 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpnet.dll [2012.12.13 04:56:51 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpnsvr.exe [2012.12.13 04:56:43 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll [2012.12.13 04:56:43 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll [2012.12.13 04:56:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll [2012.12.12 21:55:12 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Christoph\Desktop\tdsskiller.exe [2012.12.12 21:49:41 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Christoph\Desktop\aswMBR.exe [2012.12.10 20:08:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe [2012.12.10 19:05:19 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\install [2012.12.09 22:11:42 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers [2012.12.09 22:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.12.09 22:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2012.12.04 11:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2012.12.01 11:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2012.12.01 11:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2012.11.15 14:11:16 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\synceng.dll ========== Files - Modified Within 30 Days ========== [2012.12.14 13:14:42 | 000,000,438 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts.ics [2012.12.14 13:13:42 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.14 13:13:42 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.14 13:13:34 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.12.14 13:13:03 | 2073,313,280 | -HS- | M] () -- C:\hiberfil.sys [2012.12.14 13:11:41 | 000,002,140 | ---- | M] () -- C:\windows\bthservsdp.dat [2012.12.14 13:00:01 | 000,001,136 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1267334794-2730647238-1909836484-1005UA.job [2012.12.14 12:37:15 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012.12.14 12:18:42 | 000,442,576 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012.12.13 23:18:24 | 000,545,819 | ---- | M] () -- C:\Users\Christoph\Desktop\adwcleaner.exe [2012.12.13 19:56:06 | 000,634,650 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012.12.13 19:56:05 | 000,674,832 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012.12.13 19:56:05 | 000,146,484 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012.12.13 19:56:05 | 000,120,214 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012.12.13 19:48:09 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts [2012.12.13 18:55:56 | 005,010,970 | R--- | M] (Swearware) -- C:\Users\Christoph\Desktop\ComboFix.exe [2012.12.13 11:07:40 | 000,002,062 | ---- | M] () -- C:\Users\Christoph\Desktop\Google Chrome.lnk [2012.12.13 00:00:02 | 000,001,084 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1267334794-2730647238-1909836484-1005Core.job [2012.12.12 21:55:23 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Christoph\Desktop\tdsskiller.exe [2012.12.12 21:53:41 | 000,000,512 | ---- | M] () -- C:\Users\Christoph\Desktop\MBR.dat [2012.12.12 21:50:26 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Christoph\Desktop\aswMBR.exe [2012.12.12 21:34:36 | 000,128,350 | ---- | M] () -- C:\Users\Christoph\Documents\Amazon.pdf [2012.12.12 11:37:26 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2012.12.12 11:37:26 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2012.12.10 21:09:36 | 262,973,519 | ---- | M] () -- C:\windows\MEMORY.DMP [2012.12.10 20:08:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe [2012.12.10 20:05:59 | 000,000,000 | ---- | M] () -- C:\Users\Christoph\defogger_reenable [2012.12.10 19:12:34 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.09 22:11:04 | 000,000,992 | ---- | M] () -- C:\Users\Christoph\Desktop\DVDVideoSoft Free Studio.lnk [2012.12.09 22:11:03 | 000,001,151 | ---- | M] () -- C:\Users\Christoph\Desktop\Free YouTube to MP3 Converter.lnk [2012.12.04 11:57:36 | 000,001,871 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.12.04 11:57:35 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012.11.23 01:42:53 | 000,039,139 | ---- | M] () -- C:\Users\Christoph\Documents\Exercise Sessions.pdf [2012.11.23 01:28:12 | 000,039,139 | ---- | M] () -- C:\Users\Christoph\Documents\Beweis-coupon of a par yield bond=its ytm.pdf ========== Files Created - No Company Name ========== [2012.12.13 23:27:33 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.12.13 23:27:32 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.12.13 23:18:22 | 000,545,819 | ---- | C] () -- C:\Users\Christoph\Desktop\adwcleaner.exe [2012.12.13 19:28:04 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012.12.13 19:28:04 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012.12.13 19:28:04 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012.12.13 19:28:04 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012.12.13 19:28:04 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012.12.12 21:53:41 | 000,000,512 | ---- | C] () -- C:\Users\Christoph\Desktop\MBR.dat [2012.12.12 21:34:36 | 000,128,350 | ---- | C] () -- C:\Users\Christoph\Documents\Amazon.pdf [2012.12.10 20:39:35 | 262,973,519 | ---- | C] () -- C:\windows\MEMORY.DMP [2012.12.10 20:05:59 | 000,000,000 | ---- | C] () -- C:\Users\Christoph\defogger_reenable [2012.12.09 22:11:04 | 000,000,992 | ---- | C] () -- C:\Users\Christoph\Desktop\DVDVideoSoft Free Studio.lnk [2012.12.09 22:11:03 | 000,001,151 | ---- | C] () -- C:\Users\Christoph\Desktop\Free YouTube to MP3 Converter.lnk [2012.12.01 11:57:49 | 000,001,871 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012.12.01 11:57:49 | 000,001,871 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.11.23 01:42:53 | 000,039,139 | ---- | C] () -- C:\Users\Christoph\Documents\Exercise Sessions.pdf [2012.11.23 01:28:10 | 000,039,139 | ---- | C] () -- C:\Users\Christoph\Documents\Beweis-coupon of a par yield bond=its ytm.pdf [2011.09.16 11:54:48 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2011.09.16 11:54:44 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll [2011.09.16 11:54:44 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll [2011.09.16 11:54:44 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll [2011.09.16 11:54:44 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll [2011.07.08 17:19:10 | 000,000,104 | ---- | C] () -- C:\Users\Christoph\Computer - Verknüpfung.lnk [2011.02.26 22:29:38 | 000,012,021 | ---- | C] () -- C:\Users\Christoph\Silver Surfer.odt [2010.01.08 23:03:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.07.30 05:16:08 | 000,000,000 | ---- | C] () -- C:\Users\Christoph\AppData\Roaming\downloads.m3u [2009.06.10 15:37:50 | 000,000,097 | ---- | C] () -- C:\Users\Christoph\AppData\Local\fusioncache.dat [2009.05.10 23:04:12 | 000,000,680 | ---- | C] () -- C:\Users\Christoph\AppData\Local\d3d9caps.dat [2009.05.10 20:27:09 | 000,000,287 | ---- | C] () -- C:\Users\Christoph\Lokaler Datenträger (C) - Verknüpfung.lnk [2009.05.07 19:34:49 | 000,000,180 | ---- | C] () -- C:\Users\Christoph\AppData\Roaming\default.rss [2009.05.06 16:28:35 | 000,029,184 | ---- | C] () -- C:\Users\Christoph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.12.2012 13:20:28 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christoph\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,93 Gb Total Physical Memory | 0,68 Gb Available Physical Memory | 34,98% Memory free
4,10 Gb Paging File | 2,54 Gb Available in Paging File | 62,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,05 Gb Total Space | 28,93 Gb Free Space | 20,81% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,84 Gb Free Space | 20,44% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 1020,00 Mb Total Space | 1017,75 Mb Free Space | 99,78% Space Free | Partition Type: FAT32
Computer Name: WERNER-PC | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1267334794-2730647238-1909836484-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2E177C19-7F1A-4906-9D78-6B8CA8D45D25}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3DA34479-2AE9-46E6-A2D7-1CC4BE085B18}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5AE111AE-CF42-438C-B82F-0EEA3A296119}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5F9DC9CD-8546-462B-99F0-E5BB63D79262}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{678C4BC4-0BE0-4A9C-9A3D-6A002752FDBE}" = rport=2869 | protocol=6 | dir=out | app=system |
"{7399FD60-8676-4D69-9C52-5C86C4313FD9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7A85D9C2-34B4-4860-8BF5-90984F99DCBE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9EEB24CE-B692-4A05-B417-33182235E6A1}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C8C9BD75-C390-420E-9FD9-56C00247EDC9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D69046B6-C7DB-4A41-B78E-4DFF7ECE11F3}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DABB7D7E-2760-439D-9D14-82DDE1A60C2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D3AB93-7C3B-4C25-9326-31DD8F4CBA58}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{013EFC4E-D387-43FA-B8ED-940C59466A2F}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{0C05A43D-1D4B-4EB5-8720-EC932137F9E0}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\pplive.exe |
"{0E8197B2-31A6-4B11-8167-0D75E5BB9E8B}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\crashreporter.exe |
"{12F3F62E-91CF-41E0-8580-000CB4125B05}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{1693C4B2-6501-414C-9352-3E79D9C15927}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\ppliveu.exe |
"{1F4C9133-AA82-4D20-A9C4-6E01CE0DA493}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppliveva_u.exe |
"{204AED56-E2CE-47F2-970F-27EE5CE6AAD1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{2B3BF4B5-0D1B-4D29-8A92-1C9A779A45E2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{37E75B66-8A5C-4136-8CEA-CA8B534BB6B2}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\downloadprogress.exe |
"{3E1EE9D8-F33B-43E4-926C-E9D79DD77C57}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\downloadprogress.exe |
"{45939B0C-7140-45AB-BC14-50284E3870D8}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\ppliveu.exe |
"{4957959C-47F7-481D-940D-E3CA34D19759}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppliveva_u.exe |
"{4DEAAFCC-E649-4415-AA68-F392BD80C0EE}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\pplive.exe |
"{523AE65B-DF13-45E3-A720-E1A2CCCC592F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{55ABE03F-CE64-4613-BC1A-D54713786F6D}" = protocol=6 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
"{5C04F82A-00F2-4632-8823-5297EF6B7FBA}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{5CAC6312-C1A9-461C-B3A6-9D27E420A72A}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{60AF6C3C-6E84-450B-BD0A-F08CB1044238}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6AA8C894-BBA7-4470-A436-D33C39058C89}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppliveva.exe |
"{786C4E6D-C95F-4219-AA55-34F9184C2EC7}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppvadownload.exe |
"{8376CB51-38A5-4ABE-A54B-17D636595FAE}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\flvpick.exe |
"{87599CC3-53FE-4EFB-82B8-7B39F4D58CBE}" = protocol=17 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
"{877AA6C7-5304-46C8-879B-3A1DE19D5C2E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8F0B0A71-21B8-442F-82CE-91F69197DBF3}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\crashreporter.exe |
"{9047FF6D-6F1C-48D0-BF31-55864FA3EB1B}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{9E522AE9-0587-42B6-AF3F-1FF82FF6BF4B}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\flvpick.exe |
"{B78E8B24-D88E-435A-98AF-0627A6B5E95E}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{BB36FAD3-C0F9-4081-A1BE-870D87BCAF05}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C3DC779F-26E5-437D-9B68-31E780DE4DD6}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C7DA3871-263A-4096-84DA-DE4D82748CA0}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{DCBF82E3-15EB-4103-A0CA-D5BCED5C5255}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppvadownload.exe |
"{E2829C72-80C0-4A45-8598-915312F76AA7}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppliveva.exe |
"{E5E32AD0-5FF5-4531-8914-36741E3D2117}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E89B9DE0-E7EC-4FD2-8A83-A49D730BBA79}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{F1D4F22F-58A0-4633-83F3-39C1232112B5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{22E25776-6E9E-4A41-A6ED-2A8B2BAD838C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{2FE66E60-0580-4D8B-9748-D9449A2AD67F}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{37995DE4-9C18-421B-B043-EE6161B12D8A}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{3E5B37B2-F64F-4A06-BBB1-EA388C76B211}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{B4330409-8968-4C08-9291-A97721920CCA}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{D6E2DFC7-C28B-4645-A154-A372D71D008C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{D8FA7555-23AE-429C-9E17-D3B4A3A2790D}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{E19F667C-42AB-45E5-904B-94DC02774573}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{E85F5646-E503-4ED1-93C3-8D4D221B72AB}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{F381E39B-C659-4CC9-B8A5-EFD653BA6DB7}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{04A13B65-F248-4107-8BD8-B5B1545162C1}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{0748CB45-C362-4150-A72F-21748B2F7B2C}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{2ED3F931-5117-4048-B9D5-784E4426F4EF}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{3FA3AC3D-918A-48C6-A74A-B4F5BCAAE721}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{5C372B41-37AF-4B4F-9D7C-793958484B7F}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{5D87F7AF-7232-45A7-8CF8-725617DB107F}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{6E488BFD-FDBE-487C-ADA9-B477F5B4A473}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{BDC1BA30-8248-49A6-B75B-9F1254EB42D9}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{D138928A-48CD-4B53-8DFF-EB0F3FBB2527}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{F166850A-2744-45A2-A80D-67052BE2DBB2}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01F81577-D786-49D7-BAAF-B8A8B44CE251}" = ESU for Microsoft Vista SP1
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0D3CECCA-A589-ECCA-EC0B-2F98F2789F60}" = simfy
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F98662A-EA83-414F-8766-3FCE46A32641}" = Credential Manager for HP ProtectTools
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{207A8D54-51C9-48B6-80E6-CBA5403B3ED4}" = Vista Default Settings
"{2086797F-A4BA-4CD3-8104-09B8D39DA5D8}" = HP JavaCard for HP ProtectTools
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{420BBA1D-B275-4891-838C-EA88FE87A632}" = HP Customer Experience Enhancements
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C203E35-B5C7-4E35-9834-619668C0FFEE}" = HP 3D DriveGuard
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{571347b6-163e-4fba-952c-506b4d594662}" = Nero BackItUp 4
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{65883ddf-2152-4cb7-8e13-b99194b13498}" = Nero BackItUp
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75c53f52-398b-4d66-b28a-f9ef170b3b34}" = Nero BackItUp
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{926F4D5F-C8FC-4FB7-8E09-BCB8A997D1C7}" = HP ProtectTools Security Manager
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{9DBD8BEE-B3EC-4D82-A81C-0F6250176DCC}" = Drive Encryption for HP ProtectTools
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A1410161-F615-4B91-A019-FA33833EF00D}" = BIOS Configuration for HP ProtectTools
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B79DB290-9F72-4B20-9776-848D7832705B}" = HP User Guides 0108
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{f61f1d76-7679-4cd4-ad8e-91f3cc46f44b}" = Nero 9
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MX700 series Benutzerregistrierung" = Canon MX700 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.36.1201
"Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Miranda IM" = Miranda IM 0.9.8
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Simfy" = simfy
"SopCast" = SopCast 3.2.9
"STANDARD" = Microsoft Office Standard 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Winamp" = Winamp
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1267334794-2730647238-1909836484-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.08.2011 12:38:25 | Computer Name = Werner-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.08.2011 04:42:37 | Computer Name = Werner-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.08.2011 05:29:21 | Computer Name = Werner-PC | Source = VSS | ID = 8194
Description =
Error - 16.08.2011 05:31:52 | Computer Name = Werner-PC | Source = MsiInstaller | ID = 11706
Description =
Error - 16.08.2011 05:36:00 | Computer Name = Werner-PC | Source = VSS | ID = 8194
Description =
Error - 16.08.2011 06:06:35 | Computer Name = Werner-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.08.2011 06:07:39 | Computer Name = Werner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 16.08.2011 06:07:51 | Computer Name = Werner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 16.08.2011 06:07:54 | Computer Name = Werner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 17.08.2011 14:34:17 | Computer Name = Werner-PC | Source = WinMgmt | ID = 10
Description =
[ Cisco AnyConnect VPN Client Events ]
Error - 12.12.2012 04:54:02 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 13.12.2012 14:52:09 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 13.12.2012 15:41:03 | Computer Name = Werner-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 13.12.2012 15:42:59 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 13.12.2012 18:31:19 | Computer Name = Werner-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 14.12.2012 07:13:31 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 14.12.2012 07:15:26 | Computer Name = Werner-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 14.12.2012 07:15:26 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 14.12.2012 07:19:32 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 14.12.2012 08:14:28 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
[ OSession Events ]
Error - 12.11.2011 14:02:40 | Computer Name = Werner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22558
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 14.12.2012 07:23:35 | Computer Name = Werner-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 14.12.2012 08:14:41 | Computer Name = Werner-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.12.2012 08:14:41 | Computer Name = Werner-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.12.2012 08:14:41 | Computer Name = Werner-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 14.12.2012 08:14:42 | Computer Name = Werner-PC | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
Error - 14.12.2012 08:14:42 | Computer Name = Werner-PC | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.102 deaktiviert,
da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
Error - 14.12.2012 08:15:19 | Computer Name = Werner-PC | Source = DCOM | ID = 10005
Description =
Error - 14.12.2012 08:15:20 | Computer Name = Werner-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 14.12.2012 08:15:20 | Computer Name = Werner-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.12.2012 08:20:25 | Computer Name = Werner-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
|
|
14.12.2012, 15:23
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner via Facebook "einladung.zip"Fixen mit OTL
Code:
ATTFilter :OTL
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\..\SearchScopes\{6E9536DF-0AE1-466F-904E-6A1B41E15904}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de
IE - HKLM\..\SearchScopes\{6E9536DF-0AE1-466F-904E-6A1B41E15904}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
:Files
C:\Users\Christoph\Desktop\MBR.dat
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.12.2012, 00:49
| #13 |
| | Trojaner via Facebook "einladung.zip"Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry key HKEY_USERS\S-1-5-21-1267334794-2730647238-1909836484-1005\Software\Microsoft\Internet Explorer\SearchScopes\{6E9536DF-0AE1-466F-904E-6A1B41E15904}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E9536DF-0AE1-466F-904E-6A1B41E15904}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6E9536DF-0AE1-466F-904E-6A1B41E15904}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E9536DF-0AE1-466F-904E-6A1B41E15904}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
========== FILES ==========
C:\Users\Christoph\Desktop\MBR.dat moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Christoph\Desktop\cmd.bat deleted successfully.
C:\Users\Christoph\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Christoph
->Temp folder emptied: 3085 bytes
->Temporary Internet Files folder emptied: 97110459 bytes
->Java cache emptied: 25242694 bytes
->FireFox cache emptied: 77609227 bytes
->Google Chrome cache emptied: 344186480 bytes
->Flash cache emptied: 101045 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: McAfeeMVSUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Werner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 23669991 bytes
->Java cache emptied: 25301797 bytes
->FireFox cache emptied: 101686461 bytes
->Flash cache emptied: 9961 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 171922 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 663,00 mb
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 12152012_003525
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
16.12.2012, 14:48
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner via Facebook "einladung.zip" Eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.12.2012, 23:02
| #15 |
| | Trojaner via Facebook "einladung.zip" OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.12.2012 22:30:20 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christoph\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,93 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 58,29% Memory free 4,22 Gb Paging File | 2,24 Gb Available in Paging File | 52,99% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 139,05 Gb Total Space | 29,34 Gb Free Space | 21,10% Space Free | Partition Type: NTFS Drive D: | 9,00 Gb Total Space | 1,84 Gb Free Space | 20,44% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive F: | 1020,00 Mb Total Space | 1017,75 Mb Free Space | 99,78% Space Free | Partition Type: FAT32 Computer Name: WERNER-PC | User Name: Christoph | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Christoph\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.) PRC - c:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe (Bioscrypt Inc.) PRC - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) PRC - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International) PRC - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) PRC - c:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity) PRC - c:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity) PRC - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe () PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.) PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe () PRC - C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\Christoph\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\38e2909de0b5e7887b46dd28725ba718\System.Management.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0e5254a1a3d59b3a037029e5af1bd32b\System.Runtime.Remoting.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\46215c6276fca8ba6b8a765dfa384c73\PresentationFramework.Aero.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll () MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files\Hardcopy\HcDllS.dll () MOD - C:\Program Files\Hardcopy\hardcopy_02.dll () MOD - C:\Program Files\Hardcopy\HcDLL2_29_Win32.dll () MOD - C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe () MOD - C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe () ========== Services (SafeList) ========== SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (PLFlash DeviceIoControl Service) -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.) SRV - (ASBroker) -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.) SRV - (ASChannel) -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll (Bioscrypt Inc.) SRV - (HP ProtectTools Service) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) SRV - (HpFkCryptService) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International) SRV - (HPFSService) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (RoxMediaDB10) -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (accoca) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity) SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe () SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\ComboFix\catchme.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company) DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company) DRV - (Lbd) -- C:\Windows\System32\drivers\Lbd.sys (Lavasoft AB) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBTTN.sys (Hewlett-Packard Company) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (SbAlg) -- C:\windows\System32\drivers\SbAlg.sys (SafeBoot N.V.) DRV - (SbFsLock) -- C:\windows\System32\drivers\SbFsLock.sys (SafeBoot International) DRV - (RsvLock) -- C:\windows\System32\drivers\rsvlock.sys (SafeBoot International) DRV - (SafeBoot) -- C:\windows\System32\drivers\SafeBoot.sys () DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\..\SearchScopes\{5B07576D-A46A-4AD8-8430-111BFCA06622}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms} IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3 FF - prefs.js..extensions.enabledAddons: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.7 FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.2.3 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Christoph\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Christoph\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.18 00:04:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.09 22:10:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.14 08:42:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.03 12:44:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.07 22:08:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.10.03 12:44:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.14 08:42:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.03 12:44:40 | 000,000,000 | ---D | M] [2009.04.29 14:27:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Extensions [2012.10.28 11:19:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\fl55dsfc.default\extensions [2011.03.10 14:40:41 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\fl55dsfc.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8} [2011.09.13 08:39:08 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\fl55dsfc.default\extensions\youtube2mp3@mondayx.de [2012.07.06 20:52:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.12.09 22:10:42 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\PLUGINS\FF [2012.09.14 08:42:43 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.14 08:42:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\plugins\npDivxPlayerPlugin.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\plugins\NPOFF12.DLL CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\plugins\npwachk.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Christoph\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube to MP3 Converter = C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibcpjodfibnpbphfodohkmgmedjbgkhj\0.1.5_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2012.12.15 00:36:40 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [CognizanceTS] c:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe () O4 - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Program Files\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) O4 - Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5955A18E-2522-44DE-A3CC-F91399D39722}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D795F9F9-52DB-4F1C-8E33-1E6D259564BA}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Christoph\Desktop\00154-10sw.jpg O24 - Desktop BackupWallPaper: C:\Users\Christoph\Desktop\00154-10sw.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.12.15 00:35:25 | 000,000,000 | ---D | C] -- C:\_OTL [2012.12.13 23:30:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2012.12.13 23:30:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2012.12.13 23:30:36 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2012.12.13 23:30:36 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe [2012.12.13 23:30:36 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2012.12.13 23:30:35 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2012.12.13 23:30:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll [2012.12.13 23:30:34 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2012.12.13 23:27:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Wdfres.dll [2012.12.13 23:27:01 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winusb.dll [2012.12.13 23:27:00 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFPlatform.dll [2012.12.13 23:26:59 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\WdfLdr.sys [2012.12.13 23:26:56 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFCoinstaller.dll [2012.12.13 23:26:56 | 000,034,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\winusb.sys [2012.12.13 23:26:55 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFx.dll [2012.12.13 20:33:46 | 000,000,000 | ---D | C] -- C:\windows\temp [2012.12.13 20:33:46 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\temp [2012.12.13 20:28:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.12.13 19:28:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2012.12.13 19:28:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2012.12.13 19:28:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2012.12.13 19:27:24 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.12.13 19:26:35 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2012.12.13 18:54:47 | 005,010,970 | R--- | C] (Swearware) -- C:\Users\Christoph\Desktop\ComboFix.exe [2012.12.13 04:56:54 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2012.12.13 04:56:51 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpnet.dll [2012.12.13 04:56:51 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpnsvr.exe [2012.12.13 04:56:43 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll [2012.12.13 04:56:43 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll [2012.12.13 04:56:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll [2012.12.12 21:55:12 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Christoph\Desktop\tdsskiller.exe [2012.12.12 21:49:41 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Christoph\Desktop\aswMBR.exe [2012.12.10 20:08:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe [2012.12.10 19:05:19 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\install [2012.12.09 22:11:42 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers [2012.12.09 22:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.12.09 22:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2012.12.04 11:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2012.12.01 11:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2012.12.01 11:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan ========== Files - Modified Within 30 Days ========== [2012.12.16 22:37:25 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012.12.16 22:02:21 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.16 22:02:21 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.16 22:00:01 | 000,001,136 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1267334794-2730647238-1909836484-1005UA.job [2012.12.16 12:00:39 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.12.16 00:00:00 | 000,001,084 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1267334794-2730647238-1909836484-1005Core.job [2012.12.15 14:23:52 | 000,000,437 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts.ics [2012.12.15 14:23:08 | 2071,252,992 | -HS- | M] () -- C:\hiberfil.sys [2012.12.15 01:06:58 | 000,002,140 | ---- | M] () -- C:\windows\bthservsdp.dat [2012.12.15 00:36:40 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts [2012.12.14 12:18:42 | 000,442,576 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012.12.13 23:18:24 | 000,545,819 | ---- | M] () -- C:\Users\Christoph\Desktop\adwcleaner.exe [2012.12.13 19:56:06 | 000,634,650 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012.12.13 19:56:05 | 000,674,832 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012.12.13 19:56:05 | 000,146,484 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012.12.13 19:56:05 | 000,120,214 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012.12.13 18:55:56 | 005,010,970 | R--- | M] (Swearware) -- C:\Users\Christoph\Desktop\ComboFix.exe [2012.12.13 11:07:40 | 000,002,062 | ---- | M] () -- C:\Users\Christoph\Desktop\Google Chrome.lnk [2012.12.12 21:55:23 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Christoph\Desktop\tdsskiller.exe [2012.12.12 21:50:26 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Christoph\Desktop\aswMBR.exe [2012.12.12 21:34:36 | 000,128,350 | ---- | M] () -- C:\Users\Christoph\Documents\Amazon.pdf [2012.12.12 11:37:26 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2012.12.12 11:37:26 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2012.12.10 21:09:36 | 262,973,519 | ---- | M] () -- C:\windows\MEMORY.DMP [2012.12.10 20:08:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe [2012.12.10 20:05:59 | 000,000,000 | ---- | M] () -- C:\Users\Christoph\defogger_reenable [2012.12.10 19:12:34 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.09 22:11:04 | 000,000,992 | ---- | M] () -- C:\Users\Christoph\Desktop\DVDVideoSoft Free Studio.lnk [2012.12.09 22:11:03 | 000,001,151 | ---- | M] () -- C:\Users\Christoph\Desktop\Free YouTube to MP3 Converter.lnk [2012.12.04 11:57:36 | 000,001,871 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.12.04 11:57:35 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012.11.23 01:42:53 | 000,039,139 | ---- | M] () -- C:\Users\Christoph\Documents\Exercise Sessions.pdf [2012.11.23 01:28:12 | 000,039,139 | ---- | M] () -- C:\Users\Christoph\Documents\Beweis-coupon of a par yield bond=its ytm.pdf ========== Files Created - No Company Name ========== [2012.12.13 23:27:33 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.12.13 23:27:32 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.12.13 23:18:22 | 000,545,819 | ---- | C] () -- C:\Users\Christoph\Desktop\adwcleaner.exe [2012.12.13 19:28:04 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012.12.13 19:28:04 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012.12.13 19:28:04 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012.12.13 19:28:04 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012.12.13 19:28:04 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012.12.12 21:34:36 | 000,128,350 | ---- | C] () -- C:\Users\Christoph\Documents\Amazon.pdf [2012.12.10 20:39:35 | 262,973,519 | ---- | C] () -- C:\windows\MEMORY.DMP [2012.12.10 20:05:59 | 000,000,000 | ---- | C] () -- C:\Users\Christoph\defogger_reenable [2012.12.09 22:11:04 | 000,000,992 | ---- | C] () -- C:\Users\Christoph\Desktop\DVDVideoSoft Free Studio.lnk [2012.12.09 22:11:03 | 000,001,151 | ---- | C] () -- C:\Users\Christoph\Desktop\Free YouTube to MP3 Converter.lnk [2012.12.01 11:57:49 | 000,001,871 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012.12.01 11:57:49 | 000,001,871 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.11.23 01:42:53 | 000,039,139 | ---- | C] () -- C:\Users\Christoph\Documents\Exercise Sessions.pdf [2012.11.23 01:28:10 | 000,039,139 | ---- | C] () -- C:\Users\Christoph\Documents\Beweis-coupon of a par yield bond=its ytm.pdf [2011.09.16 11:54:48 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2011.09.16 11:54:44 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll [2011.09.16 11:54:44 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll [2011.09.16 11:54:44 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll [2011.09.16 11:54:44 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll [2011.07.08 17:19:10 | 000,000,104 | ---- | C] () -- C:\Users\Christoph\Computer - Verknüpfung.lnk [2011.02.26 22:29:38 | 000,012,021 | ---- | C] () -- C:\Users\Christoph\Silver Surfer.odt [2010.01.08 23:03:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.07.30 05:16:08 | 000,000,000 | ---- | C] () -- C:\Users\Christoph\AppData\Roaming\downloads.m3u [2009.06.10 15:37:50 | 000,000,097 | ---- | C] () -- C:\Users\Christoph\AppData\Local\fusioncache.dat [2009.05.10 23:04:12 | 000,000,680 | ---- | C] () -- C:\Users\Christoph\AppData\Local\d3d9caps.dat [2009.05.10 20:27:09 | 000,000,287 | ---- | C] () -- C:\Users\Christoph\Lokaler Datenträger (C) - Verknüpfung.lnk [2009.05.07 19:34:49 | 000,000,180 | ---- | C] () -- C:\Users\Christoph\AppData\Roaming\default.rss [2009.05.06 16:28:35 | 000,029,184 | ---- | C] () -- C:\Users\Christoph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.12.2012 22:30:20 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christoph\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,93 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 58,29% Memory free
4,22 Gb Paging File | 2,24 Gb Available in Paging File | 52,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,05 Gb Total Space | 29,34 Gb Free Space | 21,10% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,84 Gb Free Space | 20,44% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 1020,00 Mb Total Space | 1017,75 Mb Free Space | 99,78% Space Free | Partition Type: FAT32
Computer Name: WERNER-PC | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1267334794-2730647238-1909836484-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2E177C19-7F1A-4906-9D78-6B8CA8D45D25}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3DA34479-2AE9-46E6-A2D7-1CC4BE085B18}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5AE111AE-CF42-438C-B82F-0EEA3A296119}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5F9DC9CD-8546-462B-99F0-E5BB63D79262}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{678C4BC4-0BE0-4A9C-9A3D-6A002752FDBE}" = rport=2869 | protocol=6 | dir=out | app=system |
"{7399FD60-8676-4D69-9C52-5C86C4313FD9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7A85D9C2-34B4-4860-8BF5-90984F99DCBE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9EEB24CE-B692-4A05-B417-33182235E6A1}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C8C9BD75-C390-420E-9FD9-56C00247EDC9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D69046B6-C7DB-4A41-B78E-4DFF7ECE11F3}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DABB7D7E-2760-439D-9D14-82DDE1A60C2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D3AB93-7C3B-4C25-9326-31DD8F4CBA58}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{013EFC4E-D387-43FA-B8ED-940C59466A2F}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{0C05A43D-1D4B-4EB5-8720-EC932137F9E0}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\pplive.exe |
"{0E8197B2-31A6-4B11-8167-0D75E5BB9E8B}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\crashreporter.exe |
"{12F3F62E-91CF-41E0-8580-000CB4125B05}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{1693C4B2-6501-414C-9352-3E79D9C15927}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\ppliveu.exe |
"{1F4C9133-AA82-4D20-A9C4-6E01CE0DA493}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppliveva_u.exe |
"{204AED56-E2CE-47F2-970F-27EE5CE6AAD1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{2B3BF4B5-0D1B-4D29-8A92-1C9A779A45E2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{37E75B66-8A5C-4136-8CEA-CA8B534BB6B2}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\downloadprogress.exe |
"{3E1EE9D8-F33B-43E4-926C-E9D79DD77C57}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\downloadprogress.exe |
"{45939B0C-7140-45AB-BC14-50284E3870D8}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\ppliveu.exe |
"{4957959C-47F7-481D-940D-E3CA34D19759}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppliveva_u.exe |
"{4DEAAFCC-E649-4415-AA68-F392BD80C0EE}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\pplive.exe |
"{523AE65B-DF13-45E3-A720-E1A2CCCC592F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{55ABE03F-CE64-4613-BC1A-D54713786F6D}" = protocol=6 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
"{5C04F82A-00F2-4632-8823-5297EF6B7FBA}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{5CAC6312-C1A9-461C-B3A6-9D27E420A72A}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{60AF6C3C-6E84-450B-BD0A-F08CB1044238}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6AA8C894-BBA7-4470-A436-D33C39058C89}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppliveva.exe |
"{786C4E6D-C95F-4219-AA55-34F9184C2EC7}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppvadownload.exe |
"{8376CB51-38A5-4ABE-A54B-17D636595FAE}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\flvpick.exe |
"{87599CC3-53FE-4EFB-82B8-7B39F4D58CBE}" = protocol=17 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
"{877AA6C7-5304-46C8-879B-3A1DE19D5C2E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8F0B0A71-21B8-442F-82CE-91F69197DBF3}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\crashreporter.exe |
"{9047FF6D-6F1C-48D0-BF31-55864FA3EB1B}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{9E522AE9-0587-42B6-AF3F-1FF82FF6BF4B}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\flvpick.exe |
"{B78E8B24-D88E-435A-98AF-0627A6B5E95E}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{BB36FAD3-C0F9-4081-A1BE-870D87BCAF05}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C3DC779F-26E5-437D-9B68-31E780DE4DD6}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C7DA3871-263A-4096-84DA-DE4D82748CA0}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{DCBF82E3-15EB-4103-A0CA-D5BCED5C5255}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppvadownload.exe |
"{E2829C72-80C0-4A45-8598-915312F76AA7}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppliveva.exe |
"{E5E32AD0-5FF5-4531-8914-36741E3D2117}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E89B9DE0-E7EC-4FD2-8A83-A49D730BBA79}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{F1D4F22F-58A0-4633-83F3-39C1232112B5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{22E25776-6E9E-4A41-A6ED-2A8B2BAD838C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{2FE66E60-0580-4D8B-9748-D9449A2AD67F}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{37995DE4-9C18-421B-B043-EE6161B12D8A}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{3E5B37B2-F64F-4A06-BBB1-EA388C76B211}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{B4330409-8968-4C08-9291-A97721920CCA}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{D6E2DFC7-C28B-4645-A154-A372D71D008C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{D8FA7555-23AE-429C-9E17-D3B4A3A2790D}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{E19F667C-42AB-45E5-904B-94DC02774573}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{E85F5646-E503-4ED1-93C3-8D4D221B72AB}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{F381E39B-C659-4CC9-B8A5-EFD653BA6DB7}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{04A13B65-F248-4107-8BD8-B5B1545162C1}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{0748CB45-C362-4150-A72F-21748B2F7B2C}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{2ED3F931-5117-4048-B9D5-784E4426F4EF}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{3FA3AC3D-918A-48C6-A74A-B4F5BCAAE721}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{5C372B41-37AF-4B4F-9D7C-793958484B7F}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{5D87F7AF-7232-45A7-8CF8-725617DB107F}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{6E488BFD-FDBE-487C-ADA9-B477F5B4A473}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{BDC1BA30-8248-49A6-B75B-9F1254EB42D9}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{D138928A-48CD-4B53-8DFF-EB0F3FBB2527}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{F166850A-2744-45A2-A80D-67052BE2DBB2}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01F81577-D786-49D7-BAAF-B8A8B44CE251}" = ESU for Microsoft Vista SP1
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0D3CECCA-A589-ECCA-EC0B-2F98F2789F60}" = simfy
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F98662A-EA83-414F-8766-3FCE46A32641}" = Credential Manager for HP ProtectTools
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{207A8D54-51C9-48B6-80E6-CBA5403B3ED4}" = Vista Default Settings
"{2086797F-A4BA-4CD3-8104-09B8D39DA5D8}" = HP JavaCard for HP ProtectTools
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{420BBA1D-B275-4891-838C-EA88FE87A632}" = HP Customer Experience Enhancements
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C203E35-B5C7-4E35-9834-619668C0FFEE}" = HP 3D DriveGuard
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{571347b6-163e-4fba-952c-506b4d594662}" = Nero BackItUp 4
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{65883ddf-2152-4cb7-8e13-b99194b13498}" = Nero BackItUp
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75c53f52-398b-4d66-b28a-f9ef170b3b34}" = Nero BackItUp
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{926F4D5F-C8FC-4FB7-8E09-BCB8A997D1C7}" = HP ProtectTools Security Manager
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{9DBD8BEE-B3EC-4D82-A81C-0F6250176DCC}" = Drive Encryption for HP ProtectTools
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A1410161-F615-4B91-A019-FA33833EF00D}" = BIOS Configuration for HP ProtectTools
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B79DB290-9F72-4B20-9776-848D7832705B}" = HP User Guides 0108
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{f61f1d76-7679-4cd4-ad8e-91f3cc46f44b}" = Nero 9
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MX700 series Benutzerregistrierung" = Canon MX700 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.36.1201
"Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Miranda IM" = Miranda IM 0.9.8
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Simfy" = simfy
"SopCast" = SopCast 3.2.9
"STANDARD" = Microsoft Office Standard 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Winamp" = Winamp
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1267334794-2730647238-1909836484-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16.08.2011 04:42:37 | Computer Name = Werner-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.08.2011 05:29:21 | Computer Name = Werner-PC | Source = VSS | ID = 8194
Description =
Error - 16.08.2011 05:31:52 | Computer Name = Werner-PC | Source = MsiInstaller | ID = 11706
Description =
Error - 16.08.2011 05:36:00 | Computer Name = Werner-PC | Source = VSS | ID = 8194
Description =
Error - 16.08.2011 06:06:35 | Computer Name = Werner-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.08.2011 06:07:39 | Computer Name = Werner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 16.08.2011 06:07:51 | Computer Name = Werner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 16.08.2011 06:07:54 | Computer Name = Werner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 17.08.2011 14:34:17 | Computer Name = Werner-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.08.2011 02:37:27 | Computer Name = Werner-PC | Source = WinMgmt | ID = 10
Description =
[ Cisco AnyConnect VPN Client Events ]
Error - 13.12.2012 15:41:03 | Computer Name = Werner-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 13.12.2012 15:42:59 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 13.12.2012 18:31:19 | Computer Name = Werner-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 14.12.2012 07:13:31 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 14.12.2012 07:15:26 | Computer Name = Werner-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 14.12.2012 07:15:26 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 14.12.2012 07:19:32 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 14.12.2012 08:14:28 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 14.12.2012 19:42:05 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 15.12.2012 09:23:48 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
[ OSession Events ]
Error - 12.11.2011 14:02:40 | Computer Name = Werner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22558
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 14.12.2012 19:43:09 | Computer Name = Werner-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.12.2012 19:46:48 | Computer Name = Werner-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 15.12.2012 09:23:52 | Computer Name = Werner-PC | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
Error - 15.12.2012 09:23:52 | Computer Name = Werner-PC | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.102 deaktiviert,
da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
Error - 15.12.2012 09:24:51 | Computer Name = Werner-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.12.2012 09:24:51 | Computer Name = Werner-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.12.2012 09:28:43 | Computer Name = Werner-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 15.12.2012 09:34:19 | Computer Name = Werner-PC | Source = DCOM | ID = 10010
Description =
Error - 16.12.2012 07:00:31 | Computer Name = Werner-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 16.12.2012 07:00:38 | Computer Name = Werner-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
< End of report >
|
|
| Themen zu Trojaner via Facebook "einladung.zip" |
| 32 bit, 7-zip, ad-aware, adware.mywebsearch, antivir, avira, backdoor.bot.m, backdoor.rat.gen, bonjour, canon, converter, desktop, excel, firefox, flash player, google, home, hängt, install.exe, launch, malware, mp3, msiinstaller, office 2007, plug-in, scan, security, software, svchost.exe, system, trojan.agent.ge, trojan.agent.gen, trojaner, trojaner-facebook chat |
Textbox. 
Linear-Darstellung
