Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner via Facebook "einladung.zip"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 10.12.2012, 20:22   #1
crichter
 
Trojaner via Facebook "einladung.zip" - Standard

Trojaner via Facebook "einladung.zip"



Guten Abend liebes Forum,

ich habe mir einen Trojaner über den facebook chat eingefangen. Zusätzlich befindet sich glaube ich noch andere malware auf meinen PC, da dieser stark an Performance verloren hat und oft z.B. bei der Musikwiedergabe hängt, was sehr nervig ist.

Bei dem Versuch gmer durchzuführen stürzt mein PC jedes mal ab. Deshalb kann ich diesen log vorerst leider nicht liefern, obwohl ich ein 32 bit System habe.

Hier die anderen geforderten logs

defogger
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:49 on 10/12/2012 (Christoph)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read SafeBoot.sys


-=E.O.F=-

Ansonsten keine Fehlermeldung

OTL.txtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.12.2012 20:13:10 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christoph\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 0,51 Gb Available Physical Memory | 26,50% Memory free
4,10 Gb Paging File | 1,85 Gb Available in Paging File | 45,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,05 Gb Total Space | 26,28 Gb Free Space | 18,90% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,84 Gb Free Space | 20,44% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 1020,00 Mb Total Space | 1017,75 Mb Free Space | 99,78% Space Free | Partition Type: FAT32
 
Computer Name: WERNER-PC | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.10 20:08:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Downloads\OTL.exe
PRC - [2012.09.29 19:54:26 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.09.05 16:57:26 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
PRC - [2012.07.31 09:23:23 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.08 11:06:46 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 11:06:40 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.08 11:06:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.04 06:05:16 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.08.03 21:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.16 09:24:20 | 000,141,824 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2011.06.08 13:49:48 | 000,159,744 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2011.06.08 12:02:00 | 000,633,856 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2011.03.17 20:56:22 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010.05.20 22:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 22:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009.12.22 10:29:28 | 001,315,840 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Program Files\Hardcopy\hardcopy.exe
PRC - [2009.11.11 13:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.12.05 15:11:54 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008.12.05 13:06:42 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
PRC - [2008.05.21 01:47:18 | 000,065,296 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2008.05.14 21:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
PRC - [2008.05.14 01:35:40 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2008.05.02 21:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2008.04.18 14:54:02 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.04.18 14:53:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.01.21 03:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007.10.19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007.05.16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007.05.16 00:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007.05.16 00:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2007.04.13 07:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007.04.03 17:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007.02.04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2007.01.05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006.10.30 16:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2006.09.20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.28 04:43:17 | 000,460,904 | ---- | M] () -- C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
MOD - [2012.11.28 04:43:16 | 012,456,040 | ---- | M] () -- C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
MOD - [2012.11.28 04:43:15 | 004,008,040 | ---- | M] () -- C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll
MOD - [2012.11.28 04:42:30 | 000,587,880 | ---- | M] () -- C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.95\libglesv2.dll
MOD - [2012.11.28 04:42:29 | 000,124,520 | ---- | M] () -- C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.95\libegl.dll
MOD - [2012.11.28 04:42:22 | 000,157,304 | ---- | M] () -- C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.95\avutil-51.dll
MOD - [2012.11.28 04:42:21 | 002,168,952 | ---- | M] () -- C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll
MOD - [2012.11.28 04:42:21 | 000,275,576 | ---- | M] () -- C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.95\avformat-54.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.05.04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.12.10 07:50:29 | 000,445,952 | ---- | M] () -- C:\Program Files\Hardcopy\HcDllS.dll
MOD - [2009.08.19 12:20:37 | 000,043,008 | ---- | M] () -- C:\Program Files\Hardcopy\hardcopy_02.dll
MOD - [2009.06.10 05:19:51 | 000,057,344 | ---- | M] () -- C:\Program Files\Hardcopy\HcDLL2_29_Win32.dll
MOD - [2006.10.30 16:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
MOD - [2006.09.20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012.12.01 11:57:45 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.14 08:42:41 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.05 16:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 11:06:46 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 11:06:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.03 21:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011.06.08 12:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.12.05 15:11:54 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008.12.05 13:06:42 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2008.05.21 01:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2008.05.21 01:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2008.05.14 21:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2008.05.14 01:35:40 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2008.05.02 21:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2008.04.18 14:54:02 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008.04.08 13:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008.01.21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007.10.19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007.05.16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2007.04.13 07:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007.01.05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.12.10 19:30:04 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.05.08 11:06:47 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 11:06:47 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.08 05:22:38 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011.12.08 05:22:38 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.03 21:27:28 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2011.05.13 17:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011.05.13 17:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010.12.03 10:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.25 00:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey)
DRV - [2009.04.29 06:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2008.11.21 20:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.11.17 14:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.05.14 01:36:26 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2008.05.14 01:36:22 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008.05.14 01:36:20 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2008.05.14 01:36:18 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008.03.29 16:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.01.21 03:32:52 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007.01.18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKLM\..\SearchScopes,DefaultScope = {6E9536DF-0AE1-466F-904E-6A1B41E15904}
IE - HKLM\..\SearchScopes\{6E9536DF-0AE1-466F-904E-6A1B41E15904}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6E9536DF-0AE1-466F-904E-6A1B41E15904}
IE - HKCU\..\SearchScopes\{5B07576D-A46A-4AD8-8430-111BFCA06622}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}
IE - HKCU\..\SearchScopes\{6E9536DF-0AE1-466F-904E-6A1B41E15904}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.2.3
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Christoph\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Christoph\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.18 00:04:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.09 22:10:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.14 08:42:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.03 12:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.07 22:08:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.10.03 12:44:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.14 08:42:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.03 12:44:40 | 000,000,000 | ---D | M]
 
[2009.04.29 14:27:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Extensions
[2012.10.28 11:19:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\fl55dsfc.default\extensions
[2011.03.10 14:40:41 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\fl55dsfc.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2011.09.13 08:39:08 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\fl55dsfc.default\extensions\youtube2mp3@mondayx.de
[2012.07.06 20:52:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.12.09 22:10:42 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\PLUGINS\FF
[2012.09.14 08:42:43 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.14 08:42:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\plugins\NPOFF12.DLL
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\plugins\npwachk.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Christoph\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube to MP3 Converter = C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibcpjodfibnpbphfodohkmgmedjbgkhj\0.1.5_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CognizanceTS] c:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background File not found
O4 - Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Program Files\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\server.exe (Piriform Ltd)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5955A18E-2522-44DE-A3CC-F91399D39722}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D795F9F9-52DB-4F1C-8E33-1E6D259564BA}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Christoph\Desktop\00154-10sw.jpg
O24 - Desktop BackupWallPaper: C:\Users\Christoph\Desktop\00154-10sw.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0b2f6ea7-3e0d-11de-9b58-002186c25bbd}\Shell - "" = AutoRun
O33 - MountPoints2\{0b2f6ea7-3e0d-11de-9b58-002186c25bbd}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{fc2f0d09-7130-11de-a163-002186c25bbd}\Shell - "" = AutoRun
O33 - MountPoints2\{fc2f0d09-7130-11de-a163-002186c25bbd}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.10 19:29:37 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012.12.10 19:05:19 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\install
[2012.12.09 22:11:42 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.12.09 22:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.12.09 22:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.12.04 11:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.12.01 11:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012.12.01 11:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012.12.01 08:35:18 | 002,716,992 | R--- | C] (Piriform Ltd) -- C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\server.exe
[2012.11.15 22:36:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Christoph\Documents\*.tmp files -> C:\Users\Christoph\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.10 20:05:59 | 000,000,000 | ---- | M] () -- C:\Users\Christoph\defogger_reenable
[2012.12.10 20:00:04 | 000,001,136 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1267334794-2730647238-1909836484-1005UA.job
[2012.12.10 19:37:18 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.12.10 19:30:04 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012.12.10 19:26:19 | 000,674,832 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.12.10 19:26:19 | 000,634,650 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.12.10 19:26:19 | 000,146,484 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.12.10 19:26:19 | 000,120,214 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.12.10 19:19:14 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.10 19:19:14 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.10 19:19:05 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.12.10 19:18:59 | 2073,313,280 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.10 19:16:21 | 000,002,140 | ---- | M] () -- C:\windows\bthservsdp.dat
[2012.12.10 19:12:34 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.10 19:05:27 | 000,154,283 | -H-- | M] () -- C:\Users\Christoph\AppData\Roaming\Christoph-wchelper.dll
[2012.12.10 19:04:51 | 002,716,992 | R--- | M] (Piriform Ltd) -- C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\server.exe
[2012.12.10 00:00:05 | 000,001,084 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1267334794-2730647238-1909836484-1005Core.job
[2012.12.09 22:11:04 | 000,000,992 | ---- | M] () -- C:\Users\Christoph\Desktop\DVDVideoSoft Free Studio.lnk
[2012.12.09 22:11:03 | 000,001,151 | ---- | M] () -- C:\Users\Christoph\Desktop\Free YouTube to MP3 Converter.lnk
[2012.12.04 11:57:36 | 000,001,871 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.12.04 11:57:35 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.11.30 02:03:59 | 000,002,062 | ---- | M] () -- C:\Users\Christoph\Desktop\Google Chrome.lnk
[2012.11.23 01:42:53 | 000,039,139 | ---- | M] () -- C:\Users\Christoph\Documents\Exercise Sessions.pdf
[2012.11.23 01:28:12 | 000,039,139 | ---- | M] () -- C:\Users\Christoph\Documents\Beweis-coupon of a par yield bond=its ytm.pdf
[2012.11.16 09:53:46 | 000,442,576 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Christoph\Documents\*.tmp files -> C:\Users\Christoph\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.10 20:05:59 | 000,000,000 | ---- | C] () -- C:\Users\Christoph\defogger_reenable
[2012.12.10 19:05:27 | 000,154,283 | -H-- | C] () -- C:\Users\Christoph\AppData\Roaming\Christoph-wchelper.dll
[2012.12.09 22:11:04 | 000,000,992 | ---- | C] () -- C:\Users\Christoph\Desktop\DVDVideoSoft Free Studio.lnk
[2012.12.09 22:11:03 | 000,001,151 | ---- | C] () -- C:\Users\Christoph\Desktop\Free YouTube to MP3 Converter.lnk
[2012.12.01 11:57:49 | 000,001,871 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.12.01 11:57:49 | 000,001,871 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.11.23 01:42:53 | 000,039,139 | ---- | C] () -- C:\Users\Christoph\Documents\Exercise Sessions.pdf
[2012.11.23 01:28:10 | 000,039,139 | ---- | C] () -- C:\Users\Christoph\Documents\Beweis-coupon of a par yield bond=its ytm.pdf
[2011.09.16 11:54:48 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2011.09.16 11:54:44 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll
[2011.09.16 11:54:44 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll
[2011.09.16 11:54:44 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll
[2011.09.16 11:54:44 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll
[2011.07.08 17:19:10 | 000,000,104 | ---- | C] () -- C:\Users\Christoph\Computer - Verknüpfung.lnk
[2011.02.26 22:29:38 | 000,012,021 | ---- | C] () -- C:\Users\Christoph\Silver Surfer.odt
[2010.01.08 23:03:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.30 05:16:08 | 000,000,000 | ---- | C] () -- C:\Users\Christoph\AppData\Roaming\downloads.m3u
[2009.06.10 15:37:50 | 000,000,097 | ---- | C] () -- C:\Users\Christoph\AppData\Local\fusioncache.dat
[2009.05.10 23:04:12 | 000,000,680 | ---- | C] () -- C:\Users\Christoph\AppData\Local\d3d9caps.dat
[2009.05.10 20:27:09 | 000,000,287 | ---- | C] () -- C:\Users\Christoph\Lokaler Datenträger (C) - Verknüpfung.lnk
[2009.05.07 19:34:49 | 000,000,180 | ---- | C] () -- C:\Users\Christoph\AppData\Roaming\default.rss
[2009.05.06 16:28:35 | 000,029,184 | ---- | C] () -- C:\Users\Christoph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2005.04.08 03:16:43 | 000,000,000 | -H-D | M] -- C:\Users\Christoph\AppData\Roaming\5FB987F2
[2011.10.30 12:11:26 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Canon
[2012.12.09 22:11:42 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DVDVideoSoft
[2012.12.09 22:11:43 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.12.10 19:21:34 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\install
[2009.07.26 11:14:06 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\InterVideo
[2010.10.24 17:21:31 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Miranda
[2012.03.07 14:35:57 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Nokia Ovi Suite
[2009.05.05 22:35:06 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\OpenOffice.org
[2011.03.02 12:54:02 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\PC Suite
[2011.11.03 18:44:04 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Samsung
[2010.01.09 11:06:30 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\ScanSoft
[2011.08.03 07:17:58 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Simfy
[2012.04.17 11:42:48 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Temp
[2009.04.29 14:32:48 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

extras.xtOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10.12.2012 20:13:10 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christoph\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 0,51 Gb Available Physical Memory | 26,50% Memory free
4,10 Gb Paging File | 1,85 Gb Available in Paging File | 45,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,05 Gb Total Space | 26,28 Gb Free Space | 18,90% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,84 Gb Free Space | 20,44% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 1020,00 Mb Total Space | 1017,75 Mb Free Space | 99,78% Space Free | Partition Type: FAT32
 
Computer Name: WERNER-PC | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2E177C19-7F1A-4906-9D78-6B8CA8D45D25}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{3DA34479-2AE9-46E6-A2D7-1CC4BE085B18}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{5AE111AE-CF42-438C-B82F-0EEA3A296119}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5F9DC9CD-8546-462B-99F0-E5BB63D79262}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{678C4BC4-0BE0-4A9C-9A3D-6A002752FDBE}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{7399FD60-8676-4D69-9C52-5C86C4313FD9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7A85D9C2-34B4-4860-8BF5-90984F99DCBE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9EEB24CE-B692-4A05-B417-33182235E6A1}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C8C9BD75-C390-420E-9FD9-56C00247EDC9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D69046B6-C7DB-4A41-B78E-4DFF7ECE11F3}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{DABB7D7E-2760-439D-9D14-82DDE1A60C2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D3AB93-7C3B-4C25-9326-31DD8F4CBA58}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{013EFC4E-D387-43FA-B8ED-940C59466A2F}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{0C05A43D-1D4B-4EB5-8720-EC932137F9E0}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\pplive.exe | 
"{0E8197B2-31A6-4B11-8167-0D75E5BB9E8B}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\crashreporter.exe | 
"{12F3F62E-91CF-41E0-8580-000CB4125B05}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{1693C4B2-6501-414C-9352-3E79D9C15927}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\ppliveu.exe | 
"{1F4C9133-AA82-4D20-A9C4-6E01CE0DA493}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppliveva_u.exe | 
"{204AED56-E2CE-47F2-970F-27EE5CE6AAD1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{2B3BF4B5-0D1B-4D29-8A92-1C9A779A45E2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{37E75B66-8A5C-4136-8CEA-CA8B534BB6B2}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\downloadprogress.exe | 
"{3E1EE9D8-F33B-43E4-926C-E9D79DD77C57}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\downloadprogress.exe | 
"{45939B0C-7140-45AB-BC14-50284E3870D8}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\ppliveu.exe | 
"{4957959C-47F7-481D-940D-E3CA34D19759}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppliveva_u.exe | 
"{4DEAAFCC-E649-4415-AA68-F392BD80C0EE}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\pplive.exe | 
"{523AE65B-DF13-45E3-A720-E1A2CCCC592F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{55ABE03F-CE64-4613-BC1A-D54713786F6D}" = protocol=6 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe | 
"{5C04F82A-00F2-4632-8823-5297EF6B7FBA}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{5CAC6312-C1A9-461C-B3A6-9D27E420A72A}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{60AF6C3C-6E84-450B-BD0A-F08CB1044238}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6AA8C894-BBA7-4470-A436-D33C39058C89}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppliveva.exe | 
"{786C4E6D-C95F-4219-AA55-34F9184C2EC7}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppvadownload.exe | 
"{8376CB51-38A5-4ABE-A54B-17D636595FAE}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\flvpick.exe | 
"{87599CC3-53FE-4EFB-82B8-7B39F4D58CBE}" = protocol=17 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe | 
"{877AA6C7-5304-46C8-879B-3A1DE19D5C2E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8F0B0A71-21B8-442F-82CE-91F69197DBF3}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\crashreporter.exe | 
"{9047FF6D-6F1C-48D0-BF31-55864FA3EB1B}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{9E522AE9-0587-42B6-AF3F-1FF82FF6BF4B}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\flvpick.exe | 
"{B78E8B24-D88E-435A-98AF-0627A6B5E95E}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{BB36FAD3-C0F9-4081-A1BE-870D87BCAF05}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{C3DC779F-26E5-437D-9B68-31E780DE4DD6}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C7DA3871-263A-4096-84DA-DE4D82748CA0}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{DCBF82E3-15EB-4103-A0CA-D5BCED5C5255}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppvadownload.exe | 
"{E2829C72-80C0-4A45-8598-915312F76AA7}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppliveva.exe | 
"{E5E32AD0-5FF5-4531-8914-36741E3D2117}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E89B9DE0-E7EC-4FD2-8A83-A49D730BBA79}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{F1D4F22F-58A0-4633-83F3-39C1232112B5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{22E25776-6E9E-4A41-A6ED-2A8B2BAD838C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{2FE66E60-0580-4D8B-9748-D9449A2AD67F}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{37995DE4-9C18-421B-B043-EE6161B12D8A}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{3E5B37B2-F64F-4A06-BBB1-EA388C76B211}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"TCP Query User{B4330409-8968-4C08-9291-A97721920CCA}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{D6E2DFC7-C28B-4645-A154-A372D71D008C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{D8FA7555-23AE-429C-9E17-D3B4A3A2790D}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"TCP Query User{E19F667C-42AB-45E5-904B-94DC02774573}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{E85F5646-E503-4ED1-93C3-8D4D221B72AB}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"TCP Query User{F381E39B-C659-4CC9-B8A5-EFD653BA6DB7}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{04A13B65-F248-4107-8BD8-B5B1545162C1}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{0748CB45-C362-4150-A72F-21748B2F7B2C}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{2ED3F931-5117-4048-B9D5-784E4426F4EF}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{3FA3AC3D-918A-48C6-A74A-B4F5BCAAE721}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"UDP Query User{5C372B41-37AF-4B4F-9D7C-793958484B7F}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{5D87F7AF-7232-45A7-8CF8-725617DB107F}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{6E488BFD-FDBE-487C-ADA9-B477F5B4A473}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{BDC1BA30-8248-49A6-B75B-9F1254EB42D9}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{D138928A-48CD-4B53-8DFF-EB0F3FBB2527}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{F166850A-2744-45A2-A80D-67052BE2DBB2}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01F81577-D786-49D7-BAAF-B8A8B44CE251}" = ESU for Microsoft Vista SP1
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0D3CECCA-A589-ECCA-EC0B-2F98F2789F60}" = simfy
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{0F98662A-EA83-414F-8766-3FCE46A32641}" = Credential Manager for HP ProtectTools
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{207A8D54-51C9-48B6-80E6-CBA5403B3ED4}" = Vista Default Settings
"{2086797F-A4BA-4CD3-8104-09B8D39DA5D8}" = HP JavaCard for HP ProtectTools
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{420BBA1D-B275-4891-838C-EA88FE87A632}" = HP Customer Experience Enhancements
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C203E35-B5C7-4E35-9834-619668C0FFEE}" = HP 3D DriveGuard
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{571347b6-163e-4fba-952c-506b4d594662}" = Nero BackItUp 4
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{65883ddf-2152-4cb7-8e13-b99194b13498}" = Nero BackItUp
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75c53f52-398b-4d66-b28a-f9ef170b3b34}" = Nero BackItUp
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{926F4D5F-C8FC-4FB7-8E09-BCB8A997D1C7}" = HP ProtectTools Security Manager
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{9DBD8BEE-B3EC-4D82-A81C-0F6250176DCC}" = Drive Encryption for HP ProtectTools
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A1410161-F615-4B91-A019-FA33833EF00D}" = BIOS Configuration for HP ProtectTools
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B79DB290-9F72-4B20-9776-848D7832705B}" = HP User Guides 0108
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{f61f1d76-7679-4cd4-ad8e-91f3cc46f44b}" = Nero 9
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MX700 series Benutzerregistrierung" = Canon MX700 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.36.1201
"Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Miranda IM" = Miranda IM 0.9.8
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Simfy" = simfy
"SopCast" = SopCast 3.2.9
"STANDARD" = Microsoft Office Standard 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 31.07.2011 03:01:58 | Computer Name = Werner-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.07.2011 04:21:25 | Computer Name = Werner-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.08.2011 05:00:06 | Computer Name = Werner-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.08.2011 03:43:34 | Computer Name = Werner-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.08.2011 00:37:23 | Computer Name = Werner-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.08.2011 12:38:25 | Computer Name = Werner-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.08.2011 04:42:37 | Computer Name = Werner-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.08.2011 05:29:21 | Computer Name = Werner-PC | Source = VSS | ID = 8194
Description = 
 
Error - 16.08.2011 05:31:52 | Computer Name = Werner-PC | Source = MsiInstaller | ID = 11706
Description = 
 
Error - 16.08.2011 05:36:00 | Computer Name = Werner-PC | Source = VSS | ID = 8194
Description = 
 
[ Cisco AnyConnect VPN Client Events ]
Error - 03.12.2012 20:06:02 | Computer Name = Werner-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 04.12.2012 05:54:44 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 04.12.2012 21:33:07 | Computer Name = Werner-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 05.12.2012 04:35:27 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 06.12.2012 04:54:20 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 07.12.2012 17:33:00 | Computer Name = Werner-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 08.12.2012 15:34:05 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 08.12.2012 18:39:32 | Computer Name = Werner-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 09.12.2012 05:45:48 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 10.12.2012 14:19:30 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
[ OSession Events ]
Error - 12.11.2011 14:02:40 | Computer Name = Werner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22558
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 08.12.2012 18:39:21 | Computer Name = Werner-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 09.12.2012 05:46:59 | Computer Name = Werner-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 09.12.2012 05:46:59 | Computer Name = Werner-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 09.12.2012 05:49:22 | Computer Name = Werner-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 10.12.2012 12:09:55 | Computer Name = Werner-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 10.12.2012 14:13:25 | Computer Name = Werner-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 10.12.2012 14:15:52 | Computer Name = Werner-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 10.12.2012 14:20:30 | Computer Name = Werner-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.12.2012 14:20:30 | Computer Name = Werner-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.12.2012 14:27:20 | Computer Name = Werner-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
         
--- --- ---

Und vom malwarebytes

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.10.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Christoph :: WERNER-PC [Administrator]

10.12.2012 19:30:14
mbam-log-2012-12-10 (20-08-46).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 259291
Laufzeit: 14 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\server.exe (Backdoor.RAT.Gen) -> Keine Aktion durchgeführt.
C:\Users\Christoph\AppData\Roaming\install\server.exe (Backdoor.Bot.M) -> Keine Aktion durchgeführt.
C:\Users\Christoph\AppData\Roaming\Christoph-wchelper.dll (Trojan.Agent.Gen) -> Keine Aktion durchgeführt.

(Ende)

Die durch Malwarebytes gefundenen infizierten Dateien habe ich gelöscht.

Ich bedanke mich für eure Mühen im Voraus und hoffe, dass mir hier geholfen wird.

Beste Grüße

Christoph

Geändert von crichter (10.12.2012 um 20:53 Uhr)

Alt 11.12.2012, 09:37   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner via Facebook "einladung.zip" - Standard

Trojaner via Facebook "einladung.zip"



Hallo und

Hast du noch weitere Logs von Malwarebytes oder anderen Virenscannern? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 12.12.2012, 09:20   #3
crichter
 
Trojaner via Facebook "einladung.zip" - Standard

Trojaner via Facebook "einladung.zip"



Hey cosinus,

vielen Dank zunächst für deine Antwort.

Also von Malwarebytes hab ich noch einen log vom 02.02.2012

Code:
ATTFilter
 Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.02.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Christoph :: WERNER-PC [Administrator]

02.02.2012 12:31:38
mbam-log-2012-02-02 (12-31-38).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 408856
Laufzeit: 2 Stunde(n), 20 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Ich benutze Avira Anti Virus, dort werden mir aber keine Funde angezeigt.

Habe damit aber auch noch keinen Durchlauf gestartet seit meinem Verdacht des Trojanerbefalls.
__________________

Alt 12.12.2012, 12:53   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner via Facebook "einladung.zip" - Standard

Trojaner via Facebook "einladung.zip"



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!


Alt 12.12.2012, 21:02   #5
crichter
 
Trojaner via Facebook "einladung.zip" - Standard

Trojaner via Facebook "einladung.zip"



Das aswMBR log:
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-12 21:51:09
-----------------------------
21:51:09.462    OS Version: Windows 6.0.6002 Service Pack 2
21:51:09.462    Number of processors: 2 586 0xF0D
21:51:09.463    ComputerName: WERNER-PC  UserName: Christoph
21:51:13.298    Initialze error 0 
21:53:08.419    AVAST engine defs: 12121200
21:53:22.439    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:53:22.442    Disk 0 Vendor: Hitachi_ FB2O Size: 152627MB BusType: 3
21:53:22.471    Disk 0 MBR read successfully
21:53:22.474    Disk 0 MBR scan
21:53:22.479    Disk 0 Windows VISTA default MBR code
21:53:22.483    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       142384 MB offset 63
21:53:22.523    Disk 0 Partition 2 00     0C    FAT32 LBA MSDOS5.0     1024 MB offset 291604480
21:53:22.570    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS         9218 MB offset 293703344
21:53:22.596    Disk 0 scanning sectors +312581808
21:53:23.020    Disk 0 scanning C:\windows\system32\drivers
21:53:23.024    Service scanning
21:53:23.781    Modules scanning
21:53:24.633    Disk 0 trace - called modules:
21:53:24.981    ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys iastor.sys 
21:53:24.989    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x872d1a20]
21:53:24.995    3 CLASSPNP.SYS[88c058b3] -> nt!IofCallDriver -> [0x871ce1a0]
21:53:25.001    5 hpdskflt.sys[89bc1f92] -> nt!IofCallDriver -> [0x85fdc650]
21:53:25.008    7 acpi.sys[806966bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86049028]
21:53:25.069    AVAST engine scan C:\windows
21:53:25.077    AVAST engine scan C:\windows\system32
21:53:25.089    AVAST engine scan C:\windows\system32\drivers
21:53:25.098    AVAST engine scan C:\Users\Christoph
21:53:25.106    AVAST engine scan C:\ProgramData
21:53:25.112    Scan finished successfully
21:53:41.379    Disk 0 MBR has been saved successfully to "C:\Users\Christoph\Desktop\MBR.dat"
21:53:41.387    The log file has been saved successfully to "C:\Users\Christoph\Desktop\aswMBR.txt"
         
Das TDSSKiller log:

Code:
ATTFilter
21:55:46.0271 3136  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:55:46.0430 3136  ============================================================
21:55:46.0430 3136  Current date / time: 2012/12/12 21:55:46.0430
21:55:46.0430 3136  SystemInfo:
21:55:46.0430 3136  
21:55:46.0430 3136  OS Version: 6.0.6002 ServicePack: 2.0
21:55:46.0430 3136  Product type: Workstation
21:55:46.0430 3136  ComputerName: WERNER-PC
21:55:46.0430 3136  UserName: Christoph
21:55:46.0430 3136  Windows directory: C:\windows
21:55:46.0430 3136  System windows directory: C:\windows
21:55:46.0430 3136  Processor architecture: Intel x86
21:55:46.0430 3136  Number of processors: 2
21:55:46.0430 3136  Page size: 0x1000
21:55:46.0430 3136  Boot type: Normal boot
21:55:46.0430 3136  ============================================================
21:55:47.0367 3136  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:55:47.0589 3136  ============================================================
21:55:47.0589 3136  \Device\Harddisk0\DR0:
21:55:47.0590 3136  MBR partitions:
21:55:47.0590 3136  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x116187C1
21:55:47.0590 3136  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x11618800, BlocksNum 0x200000
21:55:47.0590 3136  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x11818EB0, BlocksNum 0x1201000
21:55:47.0590 3136  ============================================================
21:55:47.0601 3136  C: <-> \Device\Harddisk0\DR0\Partition1
21:55:47.0645 3136  D: <-> \Device\Harddisk0\DR0\Partition3
21:55:47.0654 3136  F: <-> \Device\Harddisk0\DR0\Partition2
21:55:47.0654 3136  ============================================================
21:55:47.0654 3136  Initialize success
21:55:47.0654 3136  ============================================================
21:56:54.0205 3780  ============================================================
21:56:54.0205 3780  Scan started
21:56:54.0205 3780  Mode: Manual; SigCheck; TDLFS; 
21:56:54.0205 3780  ============================================================
21:56:54.0391 3780  ================ Scan system memory ========================
21:56:54.0391 3780  System memory - ok
21:56:54.0392 3780  ================ Scan services =============================
21:56:54.0576 3780  [ CC1F1D3D70DC13C2C281488D347D4415 ] Accelerometer   C:\windows\system32\DRIVERS\Accelerometer.sys
21:56:54.0683 3780  Accelerometer - ok
21:56:54.0738 3780  [ EC4A5D4E36A8E49261CD823450E0BA51 ] accoca          c:\Program Files\ActivIdentity\ActivClient\accoca.exe
21:56:54.0756 3780  accoca - ok
21:56:54.0817 3780  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\windows\system32\drivers\acpi.sys
21:56:54.0841 3780  ACPI - ok
21:56:54.0890 3780  [ 364A903711E84EB1386FA04106681B7A ] ADIHdAudAddService C:\windows\system32\drivers\ADIHdAud.sys
21:56:55.0060 3780  ADIHdAudAddService - ok
21:56:55.0171 3780  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:56:55.0185 3780  AdobeARMservice - ok
21:56:55.0249 3780  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:56:55.0264 3780  AdobeFlashPlayerUpdateSvc - ok
21:56:55.0309 3780  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
21:56:55.0338 3780  adp94xx - ok
21:56:55.0349 3780  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\windows\system32\drivers\adpahci.sys
21:56:55.0370 3780  adpahci - ok
21:56:55.0395 3780  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\windows\system32\drivers\adpu160m.sys
21:56:55.0412 3780  adpu160m - ok
21:56:55.0424 3780  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\windows\system32\drivers\adpu320.sys
21:56:55.0442 3780  adpu320 - ok
21:56:55.0478 3780  [ 585F5793BB5D79C8754EE63BCBAF2B3A ] AEADIFilters    C:\windows\system32\AEADISRV.EXE
21:56:55.0500 3780  AEADIFilters - ok
21:56:55.0525 3780  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
21:56:55.0651 3780  AeLookupSvc - ok
21:56:55.0731 3780  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\windows\system32\drivers\afd.sys
21:56:55.0782 3780  AFD - ok
21:56:55.0844 3780  [ 8ED60797908FD394EEE0D6949F493224 ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
21:56:55.0915 3780  AgereModemAudio - ok
21:56:56.0005 3780  [ 3712986CC3ABF0DC656B43525B9D1279 ] AgereSoftModem  C:\windows\system32\DRIVERS\AGRSM.sys
21:56:56.0172 3780  AgereSoftModem - ok
21:56:56.0350 3780  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\windows\system32\drivers\agp440.sys
21:56:56.0366 3780  agp440 - ok
21:56:56.0394 3780  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\windows\system32\drivers\djsvs.sys
21:56:56.0410 3780  aic78xx - ok
21:56:56.0421 3780  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\windows\System32\alg.exe
21:56:56.0550 3780  ALG - ok
21:56:56.0591 3780  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\windows\system32\drivers\aliide.sys
21:56:56.0605 3780  aliide - ok
21:56:56.0636 3780  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\windows\system32\drivers\amdagp.sys
21:56:56.0651 3780  amdagp - ok
21:56:56.0656 3780  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\windows\system32\drivers\amdide.sys
21:56:56.0672 3780  amdide - ok
21:56:56.0686 3780  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\windows\system32\drivers\amdk7.sys
21:56:56.0748 3780  AmdK7 - ok
21:56:56.0783 3780  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
21:56:56.0836 3780  AmdK8 - ok
21:56:56.0962 3780  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:56:56.0993 3780  AntiVirSchedulerService - ok
21:56:57.0043 3780  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:56:57.0056 3780  AntiVirService - ok
21:56:57.0087 3780  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\windows\System32\appinfo.dll
21:56:57.0145 3780  Appinfo - ok
21:56:57.0213 3780  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:56:57.0225 3780  Apple Mobile Device - ok
21:56:57.0247 3780  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\windows\system32\drivers\arc.sys
21:56:57.0262 3780  arc - ok
21:56:57.0276 3780  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\windows\system32\drivers\arcsas.sys
21:56:57.0294 3780  arcsas - ok
21:56:57.0364 3780  [ 46BA50DE5ADD62AA4CE173EDA629245A ] ASBroker        c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
21:56:57.0376 3780  ASBroker - ok
21:56:57.0399 3780  [ 7BEC093B781A2AC8B270EBD4695ADC97 ] ASChannel       c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll
21:56:57.0412 3780  ASChannel - ok
21:56:57.0512 3780  [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state    C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:56:57.0524 3780  aspnet_state - ok
21:56:57.0547 3780  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
21:56:57.0586 3780  AsyncMac - ok
21:56:57.0606 3780  [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi           C:\windows\system32\drivers\atapi.sys
21:56:57.0621 3780  atapi - ok
21:56:57.0674 3780  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
21:56:57.0730 3780  AudioEndpointBuilder - ok
21:56:57.0737 3780  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\windows\System32\Audiosrv.dll
21:56:57.0762 3780  Audiosrv - ok
21:56:57.0829 3780  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\windows\system32\DRIVERS\avgntflt.sys
21:56:57.0868 3780  avgntflt - ok
21:56:57.0893 3780  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\windows\system32\DRIVERS\avipbb.sys
21:56:57.0907 3780  avipbb - ok
21:56:57.0933 3780  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\windows\system32\DRIVERS\avkmgr.sys
21:56:57.0946 3780  avkmgr - ok
21:56:57.0994 3780  [ 502F1C30BD50B32D00CE4DCAECC3D3C7 ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
21:56:58.0040 3780  b57nd60x - ok
21:56:58.0121 3780  [ 3F5E7621CDF6867D3D8417D13A098277 ] BCM43XX         C:\windows\system32\DRIVERS\bcmwl6.sys
21:56:58.0186 3780  BCM43XX - ok
21:56:58.0260 3780  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\windows\system32\drivers\Beep.sys
21:56:58.0316 3780  Beep - ok
21:56:58.0389 3780  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\windows\System32\bfe.dll
21:56:58.0460 3780  BFE - ok
21:56:58.0532 3780  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\windows\System32\qmgr.dll
21:56:58.0622 3780  BITS - ok
21:56:58.0676 3780  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\windows\system32\drivers\blbdrive.sys
21:56:58.0721 3780  blbdrive - ok
21:56:58.0787 3780  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:56:58.0809 3780  Bonjour Service - ok
21:56:58.0860 3780  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\windows\system32\DRIVERS\bowser.sys
21:56:58.0913 3780  bowser - ok
21:56:58.0963 3780  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\windows\system32\drivers\brfiltlo.sys
21:56:59.0001 3780  BrFiltLo - ok
21:56:59.0024 3780  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\windows\system32\drivers\brfiltup.sys
21:56:59.0076 3780  BrFiltUp - ok
21:56:59.0109 3780  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\windows\System32\browser.dll
21:56:59.0155 3780  Browser - ok
21:56:59.0193 3780  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\windows\system32\drivers\brserid.sys
21:56:59.0370 3780  Brserid - ok
21:56:59.0395 3780  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\windows\system32\drivers\brserwdm.sys
21:56:59.0458 3780  BrSerWdm - ok
21:56:59.0547 3780  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\windows\system32\drivers\brusbmdm.sys
21:56:59.0723 3780  BrUsbMdm - ok
21:56:59.0745 3780  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\windows\system32\drivers\brusbser.sys
21:56:59.0807 3780  BrUsbSer - ok
21:56:59.0873 3780  [ 6D39C954799B63BA866910234CF7D726 ] BthEnum         C:\windows\system32\DRIVERS\BthEnum.sys
21:56:59.0945 3780  BthEnum - ok
21:57:00.0012 3780  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
21:57:00.0080 3780  BTHMODEM - ok
21:57:00.0150 3780  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
21:57:00.0252 3780  BthPan - ok
21:57:00.0380 3780  [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT         C:\windows\system32\Drivers\BTHport.sys
21:57:00.0442 3780  BTHPORT - ok
21:57:00.0510 3780  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ         C:\windows\System32\bthserv.dll
21:57:00.0557 3780  BthServ - ok
21:57:00.0575 3780  [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB          C:\windows\system32\Drivers\BTHUSB.sys
21:57:00.0605 3780  BTHUSB - ok
21:57:00.0664 3780  [ 99AEEA7CEFDFC6E4151A8F620D682088 ] btwaudio        C:\windows\system32\drivers\btwaudio.sys
21:57:00.0677 3780  btwaudio - ok
21:57:00.0721 3780  [ 195872E48A7FB01F8BC9B800F70F4054 ] btwavdt         C:\windows\system32\drivers\btwavdt.sys
21:57:00.0733 3780  btwavdt - ok
21:57:00.0766 3780  [ 0724E7D6C9B6A289EDDDA33FA8176E80 ] btwrchid        C:\windows\system32\DRIVERS\btwrchid.sys
21:57:00.0777 3780  btwrchid - ok
21:57:00.0805 3780  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
21:57:00.0861 3780  cdfs - ok
21:57:00.0928 3780  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
21:57:00.0963 3780  cdrom - ok
21:57:01.0020 3780  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\windows\System32\certprop.dll
21:57:01.0055 3780  CertPropSvc - ok
21:57:01.0082 3780  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\windows\system32\drivers\circlass.sys
21:57:01.0123 3780  circlass - ok
21:57:01.0220 3780  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\windows\system32\CLFS.sys
21:57:01.0248 3780  CLFS - ok
21:57:01.0294 3780  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:57:01.0307 3780  clr_optimization_v2.0.50727_32 - ok
21:57:01.0386 3780  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:57:01.0401 3780  clr_optimization_v4.0.30319_32 - ok
21:57:01.0440 3780  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
21:57:01.0478 3780  CmBatt - ok
21:57:01.0495 3780  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\windows\system32\drivers\cmdide.sys
21:57:01.0509 3780  cmdide - ok
21:57:01.0553 3780  [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx       C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
21:57:01.0570 3780  Com4QLBEx - ok
21:57:01.0576 3780  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
21:57:01.0590 3780  Compbatt - ok
21:57:01.0598 3780  COMSysApp - ok
21:57:01.0620 3780  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
21:57:01.0635 3780  crcdisk - ok
21:57:01.0652 3780  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\windows\system32\drivers\crusoe.sys
21:57:01.0728 3780  Crusoe - ok
21:57:01.0784 3780  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\windows\system32\cryptsvc.dll
21:57:01.0827 3780  CryptSvc - ok
21:57:01.0869 3780  [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA          C:\windows\system32\DRIVERS\CVirtA.sys
21:57:01.0912 3780  CVirtA - ok
21:57:01.0990 3780  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\windows\system32\rpcss.dll
21:57:02.0053 3780  DcomLaunch - ok
21:57:02.0118 3780  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\windows\system32\Drivers\dfsc.sys
21:57:02.0177 3780  DfsC - ok
21:57:02.0254 3780  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\windows\system32\DFSR.exe
21:57:02.0389 3780  DFSR - ok
21:57:02.0456 3780  [ 919F338FD36F47D860775368D0748780 ] dg_ssudbus      C:\windows\system32\DRIVERS\ssudbus.sys
21:57:02.0470 3780  dg_ssudbus - ok
21:57:02.0545 3780  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\windows\System32\dhcpcsvc.dll
21:57:02.0575 3780  Dhcp - ok
21:57:02.0623 3780  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\windows\system32\drivers\disk.sys
21:57:02.0651 3780  disk - ok
21:57:02.0683 3780  [ 86D52C32A308F84BBC626BFF7C1FB710 ] DNE             C:\windows\system32\DRIVERS\dne2000.sys
21:57:02.0697 3780  DNE - ok
21:57:02.0756 3780  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\windows\System32\dnsrslvr.dll
21:57:02.0795 3780  Dnscache - ok
21:57:02.0850 3780  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\windows\System32\dot3svc.dll
21:57:02.0890 3780  dot3svc - ok
21:57:02.0926 3780  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\windows\system32\dps.dll
21:57:02.0964 3780  DPS - ok
21:57:03.0008 3780  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
21:57:03.0055 3780  drmkaud - ok
21:57:03.0107 3780  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
21:57:03.0142 3780  DXGKrnl - ok
21:57:03.0154 3780  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\windows\system32\DRIVERS\E1G60I32.sys
21:57:03.0195 3780  E1G60 - ok
21:57:03.0260 3780  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\windows\System32\eapsvc.dll
21:57:03.0312 3780  EapHost - ok
21:57:03.0389 3780  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\windows\system32\drivers\ecache.sys
21:57:03.0407 3780  Ecache - ok
21:57:03.0459 3780  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\windows\system32\drivers\elxstor.sys
21:57:03.0484 3780  elxstor - ok
21:57:03.0540 3780  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\windows\system32\emdmgmt.dll
21:57:03.0666 3780  EMDMgmt - ok
21:57:03.0683 3780  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\windows\system32\drivers\errdev.sys
21:57:03.0723 3780  ErrDev - ok
21:57:03.0788 3780  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\windows\system32\es.dll
21:57:03.0856 3780  EventSystem - ok
21:57:03.0922 3780  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\windows\system32\drivers\exfat.sys
21:57:03.0988 3780  exfat - ok
21:57:04.0032 3780  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\windows\system32\drivers\fastfat.sys
21:57:04.0076 3780  fastfat - ok
21:57:04.0107 3780  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\windows\system32\DRIVERS\fdc.sys
21:57:04.0152 3780  fdc - ok
21:57:04.0194 3780  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\windows\system32\fdPHost.dll
21:57:04.0221 3780  fdPHost - ok
21:57:04.0233 3780  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\windows\system32\fdrespub.dll
21:57:04.0299 3780  FDResPub - ok
21:57:04.0339 3780  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
21:57:04.0354 3780  FileInfo - ok
21:57:04.0368 3780  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\windows\system32\drivers\filetrace.sys
21:57:04.0407 3780  Filetrace - ok
21:57:04.0424 3780  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
21:57:04.0453 3780  flpydisk - ok
21:57:04.0505 3780  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
21:57:04.0524 3780  FltMgr - ok
21:57:04.0671 3780  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\windows\system32\FntCache.dll
21:57:04.0758 3780  FontCache - ok
21:57:04.0829 3780  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:57:04.0842 3780  FontCache3.0.0.0 - ok
21:57:04.0901 3780  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
21:57:04.0950 3780  Fs_Rec - ok
21:57:05.0001 3780  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
21:57:05.0016 3780  gagp30kx - ok
21:57:05.0088 3780  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
21:57:05.0098 3780  GEARAspiWDM - ok
21:57:05.0162 3780  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\windows\System32\gpsvc.dll
21:57:05.0199 3780  gpsvc - ok
21:57:05.0240 3780  [ 93AEE3434935FC2F805FEFD8DC5ED1B4 ] HBtnKey         C:\windows\system32\DRIVERS\cpqbttn.sys
21:57:05.0250 3780  HBtnKey - ok
21:57:05.0288 3780  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
21:57:05.0353 3780  HdAudAddService - ok
21:57:05.0417 3780  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
21:57:05.0455 3780  HDAudBus - ok
21:57:05.0485 3780  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\windows\system32\drivers\hidbth.sys
21:57:05.0547 3780  HidBth - ok
21:57:05.0568 3780  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\windows\system32\drivers\hidir.sys
21:57:05.0630 3780  HidIr - ok
21:57:05.0680 3780  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\windows\system32\hidserv.dll
21:57:05.0726 3780  hidserv - ok
21:57:05.0765 3780  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
21:57:05.0797 3780  HidUsb - ok
21:57:05.0824 3780  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\windows\system32\kmsvc.dll
21:57:05.0860 3780  hkmsvc - ok
21:57:05.0933 3780  [ D13E6BFD7E9189D26A42E94CB2447044 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
21:57:05.0953 3780  HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
21:57:05.0953 3780  HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
21:57:06.0008 3780  [ 07A85D6C053A0999FF450BBCA9825FB2 ] HP ProtectTools Service c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
21:57:06.0019 3780  HP ProtectTools Service - ok
21:57:06.0041 3780  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\windows\system32\drivers\hpcisss.sys
21:57:06.0055 3780  HpCISSs - ok
21:57:06.0091 3780  [ 4EF10B866C62ABBEAF7511CDD05A19BE ] hpdskflt        C:\windows\system32\DRIVERS\hpdskflt.sys
21:57:06.0101 3780  hpdskflt - ok
21:57:06.0136 3780  [ EB734EF9D7C4D02760F2D1342331BA41 ] HpFkCryptService c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
21:57:06.0150 3780  HpFkCryptService - ok
21:57:06.0183 3780  [ EF55CD76A05A0675FE930036B7773943 ] HPFSService     C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
21:57:06.0198 3780  HPFSService ( UnsignedFile.Multi.Generic ) - warning
21:57:06.0198 3780  HPFSService - detected UnsignedFile.Multi.Generic (1)
21:57:06.0249 3780  [ 1210960FF8928950D2A786895B0C424A ] HpqKbFiltr      C:\windows\system32\DRIVERS\HpqKbFiltr.sys
21:57:06.0298 3780  HpqKbFiltr - ok
21:57:06.0363 3780  [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
21:57:06.0379 3780  hpqwmiex - ok
21:57:06.0389 3780  [ C0BEB56ED79B59B7B33D0AA6C38A0BA6 ] hpsrv           C:\windows\system32\Hpservice.exe
21:57:06.0402 3780  hpsrv - ok
21:57:06.0468 3780  [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP            C:\windows\system32\drivers\HTTP.sys
21:57:06.0531 3780  HTTP - ok
21:57:06.0563 3780  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\windows\system32\drivers\i2omp.sys
21:57:06.0578 3780  i2omp - ok
21:57:06.0610 3780  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
21:57:06.0657 3780  i8042prt - ok
21:57:06.0723 3780  [ 3AD7614C487C948ADD435662265750FB ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:57:06.0747 3780  IAANTMON - ok
21:57:06.0781 3780  [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor          C:\windows\system32\drivers\iastor.sys
21:57:06.0796 3780  iaStor - ok
21:57:06.0832 3780  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\windows\system32\drivers\iastorv.sys
21:57:06.0851 3780  iaStorV - ok
21:57:06.0906 3780  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:57:06.0932 3780  IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:57:06.0932 3780  IDriverT - detected UnsignedFile.Multi.Generic (1)
21:57:07.0012 3780  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:57:07.0057 3780  idsvc - ok
21:57:07.0193 3780  [ D97E70E4E243C9660F91C1112E36C73B ] igfx            C:\windows\system32\DRIVERS\igdkmd32.sys
21:57:07.0618 3780  igfx - ok
21:57:07.0671 3780  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\windows\system32\drivers\iirsp.sys
21:57:07.0684 3780  iirsp - ok
21:57:07.0782 3780  [ 51516252DBBFED36F70B341DBA263167 ] IJPLMSVC        C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
21:57:07.0824 3780  IJPLMSVC ( UnsignedFile.Multi.Generic ) - warning
21:57:07.0824 3780  IJPLMSVC - detected UnsignedFile.Multi.Generic (1)
21:57:07.0878 3780  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\windows\System32\ikeext.dll
21:57:07.0913 3780  IKEEXT - ok
21:57:07.0940 3780  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\windows\system32\drivers\intelide.sys
21:57:07.0954 3780  intelide - ok
21:57:07.0990 3780  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
21:57:08.0030 3780  intelppm - ok
21:57:08.0056 3780  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\windows\system32\ipbusenum.dll
21:57:08.0104 3780  IPBusEnum - ok
21:57:08.0123 3780  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
21:57:08.0160 3780  IpFilterDriver - ok
21:57:08.0202 3780  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
21:57:08.0225 3780  iphlpsvc - ok
21:57:08.0232 3780  IpInIp - ok
21:57:08.0258 3780  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\windows\system32\drivers\ipmidrv.sys
21:57:08.0288 3780  IPMIDRV - ok
21:57:08.0305 3780  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\windows\system32\DRIVERS\ipnat.sys
21:57:08.0353 3780  IPNAT - ok
21:57:08.0434 3780  [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:57:08.0476 3780  iPod Service - ok
21:57:08.0519 3780  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
21:57:08.0573 3780  IRENUM - ok
21:57:08.0601 3780  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\windows\system32\drivers\isapnp.sys
21:57:08.0615 3780  isapnp - ok
21:57:08.0663 3780  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\windows\system32\DRIVERS\msiscsi.sys
21:57:08.0681 3780  iScsiPrt - ok
21:57:08.0689 3780  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\windows\system32\drivers\iteatapi.sys
21:57:08.0703 3780  iteatapi - ok
21:57:08.0718 3780  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\windows\system32\drivers\iteraid.sys
21:57:08.0733 3780  iteraid - ok
21:57:08.0781 3780  [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr       C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
21:57:08.0794 3780  IviRegMgr - ok
21:57:08.0805 3780  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
21:57:08.0820 3780  kbdclass - ok
21:57:08.0858 3780  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
21:57:08.0889 3780  kbdhid - ok
21:57:08.0939 3780  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\windows\system32\lsass.exe
21:57:08.0963 3780  KeyIso - ok
21:57:09.0020 3780  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
21:57:09.0048 3780  KSecDD - ok
21:57:09.0097 3780  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\windows\system32\msdtckrm.dll
21:57:09.0147 3780  KtmRm - ok
21:57:09.0195 3780  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\windows\system32\srvsvc.dll
21:57:09.0251 3780  LanmanServer - ok
21:57:09.0288 3780  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\windows\System32\wkssvc.dll
21:57:09.0351 3780  LanmanWorkstation - ok
21:57:09.0384 3780  Lavasoft Ad-Aware Service - ok
21:57:09.0400 3780  Lavasoft Kernexplorer - ok
21:57:09.0465 3780  [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd             C:\windows\system32\DRIVERS\Lbd.sys
21:57:09.0506 3780  Lbd - ok
21:57:09.0585 3780  [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:57:09.0604 3780  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
21:57:09.0604 3780  LightScribeService - detected UnsignedFile.Multi.Generic (1)
21:57:09.0637 3780  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
21:57:09.0683 3780  lltdio - ok
21:57:09.0729 3780  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\windows\System32\lltdsvc.dll
21:57:09.0768 3780  lltdsvc - ok
21:57:09.0788 3780  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\windows\System32\lmhsvc.dll
21:57:09.0854 3780  lmhosts - ok
21:57:09.0884 3780  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
21:57:09.0900 3780  LSI_FC - ok
21:57:09.0919 3780  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
21:57:09.0934 3780  LSI_SAS - ok
21:57:09.0952 3780  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
21:57:09.0968 3780  LSI_SCSI - ok
21:57:09.0987 3780  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\windows\system32\drivers\luafv.sys
21:57:10.0030 3780  luafv - ok
21:57:10.0156 3780  [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
21:57:10.0174 3780  McComponentHostService - ok
21:57:10.0219 3780  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\windows\system32\drivers\megasas.sys
21:57:10.0234 3780  megasas - ok
21:57:10.0258 3780  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\windows\system32\drivers\megasr.sys
21:57:10.0284 3780  MegaSR - ok
21:57:10.0312 3780  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\windows\system32\mmcss.dll
21:57:10.0357 3780  MMCSS - ok
21:57:10.0405 3780  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\windows\system32\drivers\modem.sys
21:57:10.0459 3780  Modem - ok
21:57:10.0528 3780  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
21:57:10.0581 3780  monitor - ok
21:57:10.0609 3780  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
21:57:10.0623 3780  mouclass - ok
21:57:10.0649 3780  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
21:57:10.0689 3780  mouhid - ok
21:57:10.0718 3780  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\windows\system32\drivers\mountmgr.sys
21:57:10.0733 3780  MountMgr - ok
21:57:10.0811 3780  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:57:10.0833 3780  MozillaMaintenance - ok
21:57:10.0877 3780  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\windows\system32\drivers\mpio.sys
21:57:10.0895 3780  mpio - ok
21:57:10.0915 3780  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
21:57:10.0958 3780  mpsdrv - ok
21:57:11.0010 3780  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\windows\system32\mpssvc.dll
21:57:11.0063 3780  MpsSvc - ok
21:57:11.0113 3780  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\windows\system32\drivers\mraid35x.sys
21:57:11.0127 3780  Mraid35x - ok
21:57:11.0170 3780  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
21:57:11.0195 3780  MRxDAV - ok
21:57:11.0241 3780  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
21:57:11.0293 3780  mrxsmb - ok
21:57:11.0347 3780  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
21:57:11.0365 3780  mrxsmb10 - ok
21:57:11.0385 3780  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
21:57:11.0401 3780  mrxsmb20 - ok
21:57:11.0414 3780  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\windows\system32\drivers\msahci.sys
21:57:11.0432 3780  msahci - ok
21:57:11.0460 3780  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\windows\system32\drivers\msdsm.sys
21:57:11.0476 3780  msdsm - ok
21:57:11.0497 3780  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\windows\System32\msdtc.exe
21:57:11.0529 3780  MSDTC - ok
21:57:11.0551 3780  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\windows\system32\drivers\Msfs.sys
21:57:11.0579 3780  Msfs - ok
21:57:11.0602 3780  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
21:57:11.0616 3780  msisadrv - ok
21:57:11.0641 3780  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
21:57:11.0671 3780  MSiSCSI - ok
21:57:11.0677 3780  msiserver - ok
21:57:11.0698 3780  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
21:57:11.0746 3780  MSKSSRV - ok
21:57:11.0785 3780  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
21:57:11.0822 3780  MSPCLOCK - ok
21:57:11.0850 3780  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
21:57:11.0895 3780  MSPQM - ok
21:57:11.0942 3780  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
21:57:11.0959 3780  MsRPC - ok
21:57:11.0978 3780  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
21:57:11.0992 3780  mssmbios - ok
21:57:12.0001 3780  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
21:57:12.0035 3780  MSTEE - ok
21:57:12.0050 3780  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\windows\system32\Drivers\mup.sys
21:57:12.0066 3780  Mup - ok
21:57:12.0114 3780  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\windows\system32\qagentRT.dll
21:57:12.0157 3780  napagent - ok
21:57:12.0205 3780  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
21:57:12.0239 3780  NativeWifiP - ok
21:57:12.0303 3780  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\windows\system32\drivers\ndis.sys
21:57:12.0334 3780  NDIS - ok
21:57:12.0365 3780  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
21:57:12.0413 3780  NdisTapi - ok
21:57:12.0446 3780  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
21:57:12.0474 3780  Ndisuio - ok
21:57:12.0528 3780  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
21:57:12.0552 3780  NdisWan - ok
21:57:12.0566 3780  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
21:57:12.0588 3780  NDProxy - ok
21:57:12.0655 3780  [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
21:57:12.0702 3780  Nero BackItUp Scheduler 4.0 - ok
21:57:12.0779 3780  [ 949941E4DE88DF1FAF49A4B3CFFB756F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:57:12.0793 3780  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:57:12.0793 3780  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:57:12.0815 3780  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
21:57:12.0842 3780  NetBIOS - ok
21:57:12.0901 3780  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\windows\system32\DRIVERS\netbt.sys
21:57:12.0936 3780  netbt - ok
21:57:12.0950 3780  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\windows\system32\lsass.exe
21:57:12.0967 3780  Netlogon - ok
21:57:12.0999 3780  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\windows\System32\netman.dll
21:57:13.0033 3780  Netman - ok
21:57:13.0053 3780  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\windows\System32\netprofm.dll
21:57:13.0086 3780  netprofm - ok
21:57:13.0128 3780  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:57:13.0142 3780  NetTcpPortSharing - ok
21:57:13.0259 3780  [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32        C:\windows\system32\DRIVERS\NETw5v32.sys
21:57:13.0494 3780  NETw5v32 - ok
21:57:13.0528 3780  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
21:57:13.0541 3780  nfrd960 - ok
21:57:13.0567 3780  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\windows\System32\nlasvc.dll
21:57:13.0622 3780  NlaSvc - ok
21:57:13.0666 3780  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\windows\system32\drivers\Npfs.sys
21:57:13.0707 3780  Npfs - ok
21:57:13.0727 3780  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\windows\system32\nsisvc.dll
21:57:13.0769 3780  nsi - ok
21:57:13.0776 3780  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
21:57:13.0804 3780  nsiproxy - ok
21:57:13.0877 3780  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
21:57:13.0930 3780  Ntfs - ok
21:57:13.0981 3780  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\windows\system32\drivers\ntrigdigi.sys
21:57:14.0028 3780  ntrigdigi - ok
21:57:14.0047 3780  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\windows\system32\drivers\Null.sys
21:57:14.0074 3780  Null - ok
21:57:14.0102 3780  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\windows\system32\drivers\nvraid.sys
21:57:14.0117 3780  nvraid - ok
21:57:14.0137 3780  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\windows\system32\drivers\nvstor.sys
21:57:14.0152 3780  nvstor - ok
21:57:14.0171 3780  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
21:57:14.0186 3780  nv_agp - ok
21:57:14.0192 3780  NwlnkFlt - ok
21:57:14.0199 3780  NwlnkFwd - ok
21:57:14.0299 3780  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:57:14.0325 3780  odserv - ok
21:57:14.0368 3780  [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394        C:\windows\system32\DRIVERS\ohci1394.sys
21:57:14.0396 3780  ohci1394 - ok
21:57:14.0458 3780  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:57:14.0473 3780  ose - ok
21:57:14.0537 3780  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\windows\system32\p2psvc.dll
21:57:14.0601 3780  p2pimsvc - ok
21:57:14.0615 3780  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\windows\system32\p2psvc.dll
21:57:14.0689 3780  p2psvc - ok
21:57:14.0751 3780  [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport         C:\windows\system32\DRIVERS\parport.sys
21:57:14.0781 3780  Parport - ok
21:57:14.0837 3780  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\windows\system32\drivers\partmgr.sys
21:57:14.0853 3780  partmgr - ok
21:57:14.0859 3780  [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm          C:\windows\system32\DRIVERS\parvdm.sys
21:57:14.0888 3780  Parvdm - ok
21:57:14.0919 3780  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\windows\System32\pcasvc.dll
21:57:14.0967 3780  PcaSvc - ok
21:57:15.0003 3780  [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd        C:\windows\system32\DRIVERS\pccsmcfd.sys
21:57:15.0030 3780  pccsmcfd - ok
21:57:15.0084 3780  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\windows\system32\drivers\pci.sys
21:57:15.0103 3780  pci - ok
21:57:15.0126 3780  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\windows\system32\drivers\pciide.sys
21:57:15.0141 3780  pciide - ok
21:57:15.0163 3780  [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
21:57:15.0182 3780  pcmcia - ok
21:57:15.0232 3780  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\windows\system32\drivers\peauth.sys
21:57:15.0319 3780  PEAUTH - ok
21:57:15.0556 3780  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\windows\system32\pla.dll
21:57:15.0716 3780  pla - ok
21:57:15.0829 3780  [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
21:57:15.0836 3780  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
21:57:15.0836 3780  PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
21:57:15.0908 3780  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\windows\system32\umpnpmgr.dll
21:57:15.0993 3780  PlugPlay - ok
21:57:16.0026 3780  [ 2F4CA141A609CAF5C98F6E4760EF1B9B ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:57:16.0032 3780  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:57:16.0032 3780  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:57:16.0081 3780  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\windows\system32\p2psvc.dll
21:57:16.0111 3780  PNRPAutoReg - ok
21:57:16.0126 3780  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\windows\system32\p2psvc.dll
21:57:16.0304 3780  PNRPsvc - ok
21:57:16.0362 3780  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
21:57:16.0407 3780  PolicyAgent - ok
21:57:16.0448 3780  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
21:57:16.0488 3780  PptpMiniport - ok
21:57:16.0510 3780  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\windows\system32\drivers\processr.sys
21:57:16.0539 3780  Processor - ok
21:57:16.0586 3780  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\windows\system32\profsvc.dll
21:57:16.0635 3780  ProfSvc - ok
21:57:16.0661 3780  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\windows\system32\lsass.exe
21:57:16.0676 3780  ProtectedStorage - ok
21:57:16.0734 3780  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\windows\system32\DRIVERS\pacer.sys
21:57:16.0757 3780  PSched - ok
21:57:16.0799 3780  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\windows\system32\Drivers\PxHelp20.sys
21:57:16.0810 3780  PxHelp20 - ok
21:57:16.0879 3780  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\windows\system32\drivers\ql2300.sys
21:57:16.0948 3780  ql2300 - ok
21:57:16.0995 3780  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
21:57:17.0009 3780  ql40xx - ok
21:57:17.0032 3780  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\windows\system32\qwave.dll
21:57:17.0067 3780  QWAVE - ok
21:57:17.0087 3780  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
21:57:17.0117 3780  QWAVEdrv - ok
21:57:17.0136 3780  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
21:57:17.0163 3780  RasAcd - ok
21:57:17.0189 3780  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\windows\System32\rasauto.dll
21:57:17.0238 3780  RasAuto - ok
21:57:17.0286 3780  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
21:57:17.0330 3780  Rasl2tp - ok
21:57:17.0378 3780  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\windows\System32\rasmans.dll
21:57:17.0424 3780  RasMan - ok
21:57:17.0466 3780  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
21:57:17.0505 3780  RasPppoe - ok
21:57:17.0544 3780  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
21:57:17.0560 3780  RasSstp - ok
21:57:17.0614 3780  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
21:57:17.0639 3780  rdbss - ok
21:57:17.0658 3780  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
21:57:17.0685 3780  RDPCDD - ok
21:57:17.0702 3780  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\windows\system32\drivers\rdpdr.sys
21:57:17.0734 3780  rdpdr - ok
21:57:17.0740 3780  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
21:57:17.0768 3780  RDPENCDD - ok
21:57:17.0826 3780  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
21:57:17.0863 3780  RDPWD - ok
21:57:17.0907 3780  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\windows\System32\mprdim.dll
21:57:17.0937 3780  RemoteAccess - ok
21:57:17.0981 3780  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\windows\system32\regsvc.dll
21:57:18.0006 3780  RemoteRegistry - ok
21:57:18.0050 3780  [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
21:57:18.0074 3780  RFCOMM - ok
21:57:18.0200 3780  [ 5C13017FC008F8492D03143634A479CE ] RoxMediaDB10    c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
21:57:18.0250 3780  RoxMediaDB10 - ok
21:57:18.0302 3780  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\windows\system32\locator.exe
21:57:18.0357 3780  RpcLocator - ok
21:57:18.0388 3780  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\windows\system32\rpcss.dll
21:57:18.0420 3780  RpcSs - ok
21:57:18.0440 3780  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
21:57:18.0468 3780  rspndr - ok
21:57:18.0492 3780  [ 3BEEFE509C414F3A6E55E5C7C4024581 ] RsvLock         C:\windows\system32\drivers\RsvLock.sys
21:57:18.0504 3780  RsvLock - ok
21:57:18.0522 3780  [ 2A5EEDCB22A5D6BB0231E38A38E7A7D9 ] SafeBoot        C:\windows\system32\drivers\SafeBoot.sys
21:57:18.0523 3780  Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 2A5EEDCB22A5D6BB0231E38A38E7A7D9
21:57:18.0523 3780  SafeBoot ( LockedFile.Multi.Generic ) - warning
21:57:18.0523 3780  SafeBoot - detected LockedFile.Multi.Generic (1)
21:57:18.0539 3780  [ A3E186B4B935905B829219502557314E ] SamSs           C:\windows\system32\lsass.exe
21:57:18.0554 3780  SamSs - ok
21:57:18.0565 3780  [ 52DCDE2D1787217E15FFDCA1CBF8CCE9 ] SbAlg           C:\windows\system32\drivers\SbAlg.sys
21:57:18.0576 3780  SbAlg - ok
21:57:18.0592 3780  [ 69A5AF9CE49A0982E7AE7C7D62BDB2B1 ] SbFsLock        C:\windows\system32\drivers\SbFsLock.sys
21:57:18.0602 3780  SbFsLock - ok
21:57:18.0620 3780  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
21:57:18.0634 3780  sbp2port - ok
21:57:18.0687 3780  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\windows\System32\SCardSvr.dll
21:57:18.0730 3780  SCardSvr - ok
21:57:18.0797 3780  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\windows\system32\schedsvc.dll
21:57:18.0848 3780  Schedule - ok
21:57:18.0896 3780  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\windows\System32\certprop.dll
21:57:18.0919 3780  SCPolicySvc - ok
21:57:18.0946 3780  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\windows\System32\SDRSVC.dll
21:57:19.0030 3780  SDRSVC - ok
21:57:19.0060 3780  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\windows\system32\drivers\secdrv.sys
21:57:19.0125 3780  secdrv - ok
21:57:19.0155 3780  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\windows\system32\seclogon.dll
21:57:19.0199 3780  seclogon - ok
21:57:19.0220 3780  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\windows\System32\sens.dll
21:57:19.0259 3780  SENS - ok
21:57:19.0275 3780  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\windows\system32\drivers\serenum.sys
21:57:19.0337 3780  Serenum - ok
21:57:19.0356 3780  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\windows\system32\drivers\serial.sys
21:57:19.0404 3780  Serial - ok
21:57:19.0420 3780  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\windows\system32\drivers\sermouse.sys
21:57:19.0447 3780  sermouse - ok
21:57:19.0504 3780  [ 8C1F87F5FDD92229D1754B98F073913F ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:57:19.0530 3780  ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
21:57:19.0530 3780  ServiceLayer - detected UnsignedFile.Multi.Generic (1)
21:57:19.0608 3780  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\windows\system32\sessenv.dll
21:57:19.0652 3780  SessionEnv - ok
21:57:19.0684 3780  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
21:57:19.0707 3780  sffdisk - ok
21:57:19.0716 3780  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
21:57:19.0751 3780  sffp_mmc - ok
21:57:19.0770 3780  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
21:57:19.0798 3780  sffp_sd - ok
21:57:19.0816 3780  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
21:57:19.0872 3780  sfloppy - ok
21:57:19.0915 3780  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\windows\System32\ipnathlp.dll
21:57:19.0977 3780  SharedAccess - ok
21:57:20.0022 3780  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\windows\System32\shsvcs.dll
21:57:20.0071 3780  ShellHWDetection - ok
21:57:20.0102 3780  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\windows\system32\drivers\sisagp.sys
21:57:20.0117 3780  sisagp - ok
21:57:20.0129 3780  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\windows\system32\drivers\sisraid2.sys
21:57:20.0144 3780  SiSRaid2 - ok
21:57:20.0161 3780  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
21:57:20.0176 3780  SiSRaid4 - ok
21:57:20.0281 3780  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
21:57:20.0297 3780  SkypeUpdate - ok
21:57:20.0414 3780  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\windows\system32\SLsvc.exe
21:57:20.0651 3780  slsvc - ok
21:57:20.0694 3780  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\windows\system32\SLUINotify.dll
21:57:20.0726 3780  SLUINotify - ok
21:57:20.0776 3780  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\windows\system32\DRIVERS\smb.sys
21:57:20.0799 3780  Smb - ok
21:57:20.0832 3780  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
21:57:20.0848 3780  SNMPTRAP - ok
21:57:20.0878 3780  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\windows\system32\drivers\spldr.sys
21:57:20.0892 3780  spldr - ok
21:57:20.0952 3780  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\windows\System32\spoolsv.exe
21:57:20.0999 3780  Spooler - ok
21:57:21.0056 3780  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\windows\system32\DRIVERS\srv.sys
21:57:21.0105 3780  srv - ok
21:57:21.0160 3780  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\windows\system32\DRIVERS\srv2.sys
21:57:21.0201 3780  srv2 - ok
21:57:21.0239 3780  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
21:57:21.0272 3780  srvnet - ok
21:57:21.0310 3780  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
21:57:21.0376 3780  SSDPSRV - ok
21:57:21.0419 3780  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\windows\system32\DRIVERS\ssmdrv.sys
21:57:21.0430 3780  ssmdrv - ok
21:57:21.0452 3780  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\windows\system32\sstpsvc.dll
21:57:21.0477 3780  SstpSvc - ok
21:57:21.0521 3780  [ 8F299012EF58246F1C98DE7B7E48DBF0 ] ssudmdm         C:\windows\system32\DRIVERS\ssudmdm.sys
21:57:21.0538 3780  ssudmdm - ok
21:57:21.0574 3780  [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam        C:\windows\system32\DRIVERS\serscan.sys
21:57:21.0595 3780  StillCam - ok
21:57:21.0650 3780  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\windows\System32\wiaservc.dll
21:57:21.0678 3780  stisvc - ok
21:57:21.0737 3780  [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr        c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
21:57:21.0749 3780  stllssvr - ok
21:57:21.0785 3780  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
21:57:21.0799 3780  swenum - ok
21:57:21.0856 3780  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\windows\System32\swprv.dll
21:57:21.0902 3780  swprv - ok
21:57:21.0917 3780  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\windows\system32\drivers\symc8xx.sys
21:57:21.0930 3780  Symc8xx - ok
21:57:21.0967 3780  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\windows\system32\drivers\sym_hi.sys
21:57:21.0981 3780  Sym_hi - ok
21:57:21.0987 3780  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\windows\system32\drivers\sym_u3.sys
21:57:22.0000 3780  Sym_u3 - ok
21:57:22.0073 3780  [ 0E8676FB3BB95AA40FDF7A4A31018C8B ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
21:57:22.0137 3780  SynTP - ok
21:57:22.0216 3780  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\windows\system32\sysmain.dll
21:57:22.0260 3780  SysMain - ok
21:57:22.0308 3780  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\windows\System32\TabSvc.dll
21:57:22.0338 3780  TabletInputService - ok
21:57:22.0394 3780  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\windows\System32\tapisrv.dll
21:57:22.0433 3780  TapiSrv - ok
21:57:22.0450 3780  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\windows\System32\tbssvc.dll
21:57:22.0479 3780  TBS - ok
21:57:22.0539 3780  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
21:57:22.0615 3780  Tcpip - ok
21:57:22.0635 3780  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\windows\system32\DRIVERS\tcpip.sys
21:57:22.0702 3780  Tcpip6 - ok
21:57:22.0737 3780  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
21:57:22.0797 3780  tcpipreg - ok
21:57:22.0827 3780  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
21:57:22.0873 3780  TDPIPE - ok
21:57:22.0898 3780  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
21:57:22.0934 3780  TDTCP - ok
21:57:22.0972 3780  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
21:57:22.0995 3780  tdx - ok
21:57:23.0046 3780  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
21:57:23.0062 3780  TermDD - ok
21:57:23.0086 3780  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\windows\System32\termsrv.dll
21:57:23.0133 3780  TermService - ok
21:57:23.0178 3780  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\windows\system32\shsvcs.dll
21:57:23.0196 3780  Themes - ok
21:57:23.0211 3780  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\windows\system32\mmcss.dll
21:57:23.0240 3780  THREADORDER - ok
21:57:23.0279 3780  [ CB258C2F726F1BE73C507022BE33EBB3 ] TPM             C:\windows\system32\drivers\tpm.sys
21:57:23.0295 3780  TPM - ok
21:57:23.0318 3780  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\windows\System32\trkwks.dll
21:57:23.0362 3780  TrkWks - ok
21:57:23.0427 3780  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
21:57:23.0470 3780  TrustedInstaller - ok
21:57:23.0504 3780  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
21:57:23.0533 3780  tssecsrv - ok
21:57:23.0545 3780  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\windows\system32\DRIVERS\tunmp.sys
21:57:23.0570 3780  tunmp - ok
21:57:23.0607 3780  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
21:57:23.0637 3780  tunnel - ok
21:57:23.0678 3780  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\windows\system32\drivers\uagp35.sys
21:57:23.0693 3780  uagp35 - ok
21:57:23.0746 3780  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
21:57:23.0770 3780  udfs - ok
21:57:23.0806 3780  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\windows\system32\UI0Detect.exe
21:57:23.0850 3780  UI0Detect - ok
21:57:23.0868 3780  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
21:57:23.0883 3780  uliagpkx - ok
21:57:23.0899 3780  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\windows\system32\drivers\uliahci.sys
21:57:23.0920 3780  uliahci - ok
21:57:23.0927 3780  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\windows\system32\drivers\ulsata.sys
21:57:23.0941 3780  UlSata - ok
21:57:23.0949 3780  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\windows\system32\drivers\ulsata2.sys
21:57:23.0964 3780  ulsata2 - ok
21:57:23.0977 3780  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
21:57:24.0026 3780  umbus - ok
21:57:24.0058 3780  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\windows\System32\upnphost.dll
21:57:24.0103 3780  upnphost - ok
21:57:24.0162 3780  [ 1DF89C499BF45D878B87EBD4421D462D ] USBAAPL         C:\windows\system32\Drivers\usbaapl.sys
21:57:24.0167 3780  USBAAPL ( UnsignedFile.Multi.Generic ) - warning
21:57:24.0167 3780  USBAAPL - detected UnsignedFile.Multi.Generic (1)
21:57:24.0204 3780  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
21:57:24.0247 3780  usbccgp - ok
21:57:24.0271 3780  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\windows\system32\drivers\usbcir.sys
21:57:24.0341 3780  usbcir - ok
21:57:24.0366 3780  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
21:57:24.0407 3780  usbehci - ok
21:57:24.0452 3780  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
21:57:24.0478 3780  usbhub - ok
21:57:24.0487 3780  [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci         C:\windows\system32\DRIVERS\usbohci.sys
21:57:24.0516 3780  usbohci - ok
21:57:24.0558 3780  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
21:57:24.0599 3780  usbprint - ok
21:57:24.0616 3780  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
21:57:24.0655 3780  usbscan - ok
21:57:24.0669 3780  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
21:57:24.0709 3780  USBSTOR - ok
21:57:24.0729 3780  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\windows\system32\DRIVERS\usbuhci.sys
21:57:24.0771 3780  usbuhci - ok
21:57:24.0817 3780  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\windows\System32\uxsms.dll
21:57:24.0863 3780  UxSms - ok
21:57:24.0910 3780  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\windows\System32\vds.exe
21:57:24.0964 3780  vds - ok
21:57:25.0003 3780  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
21:57:25.0031 3780  vga - ok
21:57:25.0069 3780  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\windows\System32\drivers\vga.sys
21:57:25.0102 3780  VgaSave - ok
21:57:25.0113 3780  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\windows\system32\drivers\viaagp.sys
21:57:25.0128 3780  viaagp - ok
21:57:25.0143 3780  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\windows\system32\drivers\viac7.sys
21:57:25.0171 3780  ViaC7 - ok
21:57:25.0185 3780  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\windows\system32\drivers\viaide.sys
21:57:25.0199 3780  viaide - ok
21:57:25.0242 3780  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\windows\system32\drivers\volmgr.sys
21:57:25.0257 3780  volmgr - ok
21:57:25.0310 3780  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
21:57:25.0331 3780  volmgrx - ok
21:57:25.0379 3780  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\windows\system32\drivers\volsnap.sys
21:57:25.0399 3780  volsnap - ok
21:57:25.0511 3780  [ D6653180D162CB3144FDBC8A651CEBB1 ] vpnagent        C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
21:57:25.0544 3780  vpnagent - ok
21:57:25.0577 3780  [ FC94804932CFC35F01B3AE510E3B4D5C ] vpnva           C:\windows\system32\DRIVERS\vpnva.sys
21:57:25.0588 3780  vpnva - ok
21:57:25.0631 3780  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
21:57:25.0647 3780  vsmraid - ok
21:57:25.0682 3780  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\windows\system32\vssvc.exe
21:57:25.0758 3780  VSS - ok
21:57:25.0830 3780  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\windows\system32\w32time.dll
21:57:25.0868 3780  W32Time - ok
21:57:25.0901 3780  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\windows\system32\drivers\wacompen.sys
21:57:25.0957 3780  WacomPen - ok
21:57:25.0976 3780  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\windows\system32\DRIVERS\wanarp.sys
21:57:26.0000 3780  Wanarp - ok
21:57:26.0004 3780  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
21:57:26.0027 3780  Wanarpv6 - ok
21:57:26.0050 3780  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\windows\System32\wcncsvc.dll
21:57:26.0079 3780  wcncsvc - ok
21:57:26.0103 3780  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
21:57:26.0135 3780  WcsPlugInService - ok
21:57:26.0189 3780  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\windows\system32\drivers\wd.sys
21:57:26.0203 3780  Wd - ok
21:57:26.0255 3780  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
21:57:26.0308 3780  Wdf01000 - ok
21:57:26.0341 3780  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\windows\system32\wdi.dll
21:57:26.0388 3780  WdiServiceHost - ok
21:57:26.0392 3780  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\windows\system32\wdi.dll
21:57:26.0423 3780  WdiSystemHost - ok
21:57:26.0464 3780  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\windows\System32\webclnt.dll
21:57:26.0486 3780  WebClient - ok
21:57:26.0532 3780  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\windows\system32\wecsvc.dll
21:57:26.0591 3780  Wecsvc - ok
21:57:26.0614 3780  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\windows\System32\wercplsupport.dll
21:57:26.0638 3780  wercplsupport - ok
21:57:26.0690 3780  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\windows\System32\WerSvc.dll
21:57:26.0737 3780  WerSvc - ok
21:57:26.0795 3780  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
21:57:26.0816 3780  WinDefend - ok
21:57:26.0824 3780  WinHttpAutoProxySvc - ok
21:57:26.0865 3780  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
21:57:26.0889 3780  Winmgmt - ok
21:57:26.0965 3780  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\windows\system32\WsmSvc.dll
21:57:27.0081 3780  WinRM - ok
21:57:27.0128 3780  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\windows\System32\wlansvc.dll
21:57:27.0202 3780  Wlansvc - ok
21:57:27.0234 3780  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\windows\system32\DRIVERS\wmiacpi.sys
21:57:27.0280 3780  WmiAcpi - ok
21:57:27.0322 3780  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
21:57:27.0370 3780  wmiApSrv - ok
21:57:27.0463 3780  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
21:57:27.0528 3780  WMPNetworkSvc - ok
21:57:27.0578 3780  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\windows\System32\wpcsvc.dll
21:57:27.0610 3780  WPCSvc - ok
21:57:27.0686 3780  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
21:57:27.0717 3780  WPDBusEnum - ok
21:57:27.0743 3780  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\windows\system32\DRIVERS\wpdusb.sys
21:57:27.0783 3780  WpdUsb - ok
21:57:27.0905 3780  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:57:27.0942 3780  WPFFontCache_v0400 - ok
21:57:27.0962 3780  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
21:57:28.0005 3780  ws2ifsl - ok
21:57:28.0063 3780  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\windows\System32\wscsvc.dll
21:57:28.0082 3780  wscsvc - ok
21:57:28.0087 3780  WSearch - ok
21:57:28.0177 3780  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\windows\system32\wuaueng.dll
21:57:28.0290 3780  wuauserv - ok
21:57:28.0361 3780  [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
21:57:28.0389 3780  WudfPf - ok
21:57:28.0458 3780  [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
21:57:28.0475 3780  WUDFRd - ok
21:57:28.0486 3780  [ 2C0206FF8D2C75AC027D1096FA2FAFDA ] wudfsvc         C:\windows\System32\WUDFSvc.dll
21:57:28.0527 3780  wudfsvc - ok
21:57:28.0585 3780  [ F72D4BFFA37E857D195048C498AFC61B ] yukonwlh        C:\windows\system32\DRIVERS\yk60x86.sys
21:57:28.0630 3780  yukonwlh - ok
21:57:28.0678 3780  ================ Scan global ===============================
21:57:28.0700 3780  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\windows\system32\basesrv.dll
21:57:28.0747 3780  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\windows\system32\winsrv.dll
21:57:28.0762 3780  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\windows\system32\winsrv.dll
21:57:28.0823 3780  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\windows\system32\services.exe
21:57:28.0828 3780  [Global] - ok
21:57:28.0828 3780  ================ Scan MBR ==================================
21:57:28.0836 3780  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:57:29.0374 3780  \Device\Harddisk0\DR0 - ok
21:57:29.0375 3780  ================ Scan VBR ==================================
21:57:29.0378 3780  [ 7AC0478A26E92D1278B6542403FEFEC2 ] \Device\Harddisk0\DR0\Partition1
21:57:29.0380 3780  \Device\Harddisk0\DR0\Partition1 - ok
21:57:29.0399 3780  [ F017C84D20FA1F08F6164F5FD800FC0D ] \Device\Harddisk0\DR0\Partition2
21:57:29.0400 3780  \Device\Harddisk0\DR0\Partition2 - ok
21:57:29.0412 3780  [ FC23E135DC412AB3B84FE13EC6E4DBE6 ] \Device\Harddisk0\DR0\Partition3
21:57:29.0414 3780  \Device\Harddisk0\DR0\Partition3 - ok
21:57:29.0414 3780  ============================================================
21:57:29.0414 3780  Scan finished
21:57:29.0414 3780  ============================================================
21:57:29.0428 5964  Detected object count: 11
21:57:29.0428 5964  Actual detected object count: 11
21:58:08.0706 5964  HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:08.0706 5964  HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:58:08.0707 5964  HPFSService ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:08.0707 5964  HPFSService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:58:08.0709 5964  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:08.0709 5964  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:58:08.0712 5964  IJPLMSVC ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:08.0712 5964  IJPLMSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:58:08.0715 5964  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:08.0715 5964  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:58:08.0718 5964  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:08.0718 5964  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:58:08.0720 5964  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:08.0720 5964  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:58:08.0722 5964  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:08.0722 5964  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:58:08.0725 5964  SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
21:58:08.0725 5964  SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip 
21:58:08.0728 5964  ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:08.0728 5964  ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:58:08.0731 5964  USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:08.0731 5964  USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
         


Alt 13.12.2012, 14:15   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner via Facebook "einladung.zip" - Standard

Trojaner via Facebook "einladung.zip"



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
--> Trojaner via Facebook "einladung.zip"

Alt 13.12.2012, 19:49   #7
crichter
 
Trojaner via Facebook "einladung.zip" - Standard

Trojaner via Facebook "einladung.zip"



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-12-13.02 - Christoph 13.12.2012  19:31:51.1.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1031.18.1976.848 [GMT 1:00]
ausgeführt von:: c:\users\Christoph\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Christoph\AppData\Roaming\Christoph-wchelper.dll
c:\users\Christoph\AppData\Roaming\install\server.exe
c:\users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\server.exe
c:\users\Christoph\Documents\~WRL3816.tmp
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\muzapp.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-13 bis 2012-12-13  ))))))))))))))))))))))))))))))
.
.
2012-12-13 18:47 . 2012-12-13 18:47	--------	d-----w-	c:\users\Werner\AppData\Local\temp
2012-12-13 18:47 . 2012-12-13 19:28	--------	d-----w-	c:\users\Christoph\AppData\Local\temp
2012-12-13 18:47 . 2012-12-13 18:47	--------	d-----w-	c:\users\McAfeeMVSUser\AppData\Local\temp
2012-12-13 18:47 . 2012-12-13 18:47	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-11 15:42 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{001AE30C-419D-4341-8835-F1EF82DB3A11}\mpengine.dll
2012-12-10 18:05 . 2012-12-13 18:46	--------	d-----w-	c:\users\Christoph\AppData\Roaming\install
2012-12-09 21:11 . 2012-12-09 21:11	--------	d-----w-	c:\users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers
2012-12-09 21:10 . 2012-12-09 21:10	--------	d-----w-	c:\program files\DVDVideoSoft
2012-12-01 10:57 . 2012-12-01 10:57	--------	d-----w-	c:\programdata\McAfee Security Scan
2012-12-01 10:57 . 2012-12-04 10:57	--------	d-----w-	c:\program files\McAfee Security Scan
2012-11-15 21:26 . 2012-10-08 07:40	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-15 21:26 . 2012-10-08 08:37	140960	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2012-11-15 21:26 . 2012-10-08 07:45	194048	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2012-11-15 21:26 . 2012-10-08 07:43	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-11-15 21:26 . 2012-10-08 07:44	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-15 21:26 . 2012-10-08 07:48	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-11-15 21:26 . 2012-10-08 07:45	194560	----a-w-	c:\program files\Internet Explorer\ieproxy.dll
2012-11-15 21:25 . 2012-10-08 08:37	748704	----a-w-	c:\program files\Internet Explorer\iexplore.exe
2012-11-15 21:25 . 2012-10-08 07:56	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-15 21:25 . 2012-10-08 07:49	387584	----a-w-	c:\program files\Internet Explorer\jsdbgui.dll
2012-11-15 21:25 . 2012-10-08 07:50	678912	----a-w-	c:\program files\Internet Explorer\iedvtool.dll
2012-11-15 21:25 . 2012-10-08 07:47	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-15 13:11 . 2012-09-25 16:19	75776	----a-w-	c:\windows\system32\synceng.dll
2012-11-15 13:10 . 2012-10-12 14:29	2047488	----a-w-	c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 10:37 . 2012-07-06 09:05	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-12 10:37 . 2011-05-18 08:03	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 18:54 . 2012-02-02 09:14	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-14 07:42 . 2012-07-06 19:52	266720	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-04 21392]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-10 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-10 145944]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-17 74752]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-31 348664]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Hardcopy.LNK - c:\program files\Hardcopy\hardcopy.exe [2010-1-23 1315840]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli ASWLNPkg
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\File Sanitizer]
2008-05-02 20:17	10244096	----a-w-	c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-04-15 20:42	70912	----a-w-	c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24	54840	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51	488752	----a-w-	c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 08:16	2363392	----a-w-	c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-05 12:06	2254120	----a-w-	c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2008-05-08 00:34	238984	----a-w-	c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2008-04-21 18:21	197904	----a-w-	c:\program files\InterVideo\DVD Check\DVDCheck.exe
.
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
Cognizance	REG_MULTI_SZ   	ASBroker ASChannel
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-06 10:37]
.
2012-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1267334794-2730647238-1909836484-1005Core.job
- c:\users\Christoph\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-04 19:33]
.
2012-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1267334794-2730647238-1909836484-1005UA.job
- c:\users\Christoph\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-04 19:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\fl55dsfc.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=
FF - ExtSQL: 2012-12-09 22:10; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\Common Files\DVDVideoSoft\plugins\ff
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(704)
c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
.
- - - - - - - > 'Explorer.exe'(1120)
c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe
c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
c:\windows\system32\Hpservice.exe
c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Nero\Nero BackItUp 4\IoctlSvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-13  20:33:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-12-13 19:33
.
Vor Suchlauf: 7 Verzeichnis(se), 31.488.999.424 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 31.721.402.368 Bytes frei
.
- - End Of File - - E9F8029E49A91F39EBA03AF0784A5599
         
--- --- ---

Alt 13.12.2012, 20:05   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner via Facebook "einladung.zip" - Standard

Trojaner via Facebook "einladung.zip"



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Alt 13.12.2012, 22:21   #9
crichter
 
Trojaner via Facebook "einladung.zip" - Standard

Trojaner via Facebook "einladung.zip"



Code:
ATTFilter
# AdwCleaner v2.100 - Datei am 13/12/2012 um 23:19:34 erstellt
# Aktualisiert am 09/12/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Benutzer : Christoph - WERNER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Christoph\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Werner\AppData\Roaming\Mozilla\Firefox\Profiles\6yz7j0qd.default\searchplugins\icqplugin.xml
Ordner Gefunden : C:\Program Files\AskTBar
Ordner Gefunden : C:\Program Files\ICQ6Toolbar
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\Users\Christoph\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\Christoph\AppData\LocalLow\pdfforge
Ordner Gefunden : C:\Users\Christoph\AppData\LocalLow\Search Settings

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Schlüssel Gefunden : HKCU\Software\Search Settings
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Software

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default 
Datei : C:\Users\Werner\AppData\Roaming\Mozilla\Firefox\Profiles\6yz7j0qd.default\prefs.js

Gefunden : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q="[...]

Profilname : default 
Datei : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\fl55dsfc.default\prefs.js

Gefunden : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q="[...]

-\\ Google Chrome v23.0.1271.97

Datei : C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2063 octets] - [13/12/2012 23:19:34]

########## EOF - C:\AdwCleaner[R1].txt - [2123 octets] ##########
         

Alt 14.12.2012, 09:25   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner via Facebook "einladung.zip" - Standard

Trojaner via Facebook "einladung.zip"



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

Alt 14.12.2012, 13:58   #11
crichter
 
Trojaner via Facebook "einladung.zip" - Standard

Trojaner via Facebook "einladung.zip"



Okay, alles soweit erledigt und hier die logs dazu.

Code:
ATTFilter
# AdwCleaner v2.100 - Datei am 14/12/2012 um 13:10:28 erstellt
# Aktualisiert am 09/12/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Benutzer : Christoph - WERNER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Christoph\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Werner\AppData\Roaming\Mozilla\Firefox\Profiles\6yz7j0qd.default\searchplugins\icqplugin.xml
Ordner Gelöscht : C:\Program Files\AskTBar
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Christoph\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Christoph\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\Christoph\AppData\LocalLow\Search Settings

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default 
Datei : C:\Users\Werner\AppData\Roaming\Mozilla\Firefox\Profiles\6yz7j0qd.default\prefs.js

C:\Users\Werner\AppData\Roaming\Mozilla\Firefox\Profiles\6yz7j0qd.default\user.js ... Gelöscht !

Gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q="[...]

Profilname : default 
Datei : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\fl55dsfc.default\prefs.js

Gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q="[...]

-\\ Google Chrome v23.0.1271.97

Datei : C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2192 octets] - [13/12/2012 23:19:34]
AdwCleaner[S1].txt - [2225 octets] - [14/12/2012 13:10:28]

########## EOF - C:\AdwCleaner[S1].txt - [2285 octets] ##########
         
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.12.2012 13:20:28 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christoph\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 0,68 Gb Available Physical Memory | 34,98% Memory free
4,10 Gb Paging File | 2,54 Gb Available in Paging File | 62,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,05 Gb Total Space | 28,93 Gb Free Space | 20,81% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,84 Gb Free Space | 20,44% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 1020,00 Mb Total Space | 1017,75 Mb Free Space | 99,78% Space Free | Partition Type: FAT32
 
Computer Name: WERNER-PC | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Christoph\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.)
PRC - c:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe (Bioscrypt Inc.)
PRC - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
PRC - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International)
PRC - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\System32\lpksetup.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
PRC - c:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
PRC - c:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe ()
PRC - C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Christoph\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll ()
MOD - C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll ()
MOD - C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.97\libglesv2.dll ()
MOD - C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.97\libegl.dll ()
MOD - C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll ()
MOD - C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll ()
MOD - C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\38e2909de0b5e7887b46dd28725ba718\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0e5254a1a3d59b3a037029e5af1bd32b\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\46215c6276fca8ba6b8a765dfa384c73\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\Hardcopy\HcDllS.dll ()
MOD - C:\Program Files\Hardcopy\hardcopy_02.dll ()
MOD - C:\Program Files\Hardcopy\HcDLL2_29_Win32.dll ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (PLFlash DeviceIoControl Service) -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (ASBroker) -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
SRV - (ASChannel) -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll (Bioscrypt Inc.)
SRV - (HP ProtectTools Service) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (HpFkCryptService) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International)
SRV - (HPFSService) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (RoxMediaDB10) -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (accoca) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (Lbd) -- C:\Windows\System32\drivers\Lbd.sys (Lavasoft AB)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBTTN.sys (Hewlett-Packard Company)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (SbAlg) -- C:\windows\System32\drivers\SbAlg.sys (SafeBoot N.V.)
DRV - (SbFsLock) -- C:\windows\System32\drivers\SbFsLock.sys (SafeBoot International)
DRV - (RsvLock) -- C:\windows\System32\drivers\rsvlock.sys (SafeBoot International)
DRV - (SafeBoot) -- C:\windows\System32\drivers\SafeBoot.sys ()
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{6E9536DF-0AE1-466F-904E-6A1B41E15904}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\..\SearchScopes\{5B07576D-A46A-4AD8-8430-111BFCA06622}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}
IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\..\SearchScopes\{6E9536DF-0AE1-466F-904E-6A1B41E15904}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de
IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.7
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.2.3
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Christoph\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Christoph\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.18 00:04:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.09 22:10:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.14 08:42:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.03 12:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.07 22:08:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.10.03 12:44:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.14 08:42:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.03 12:44:40 | 000,000,000 | ---D | M]
 
[2009.04.29 14:27:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Extensions
[2012.10.28 11:19:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\fl55dsfc.default\extensions
[2011.03.10 14:40:41 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\fl55dsfc.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2011.09.13 08:39:08 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\fl55dsfc.default\extensions\youtube2mp3@mondayx.de
[2012.07.06 20:52:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.12.09 22:10:42 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\PLUGINS\FF
[2012.09.14 08:42:43 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.14 08:42:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\plugins\NPOFF12.DLL
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\plugins\npwachk.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Christoph\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube to MP3 Converter = C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibcpjodfibnpbphfodohkmgmedjbgkhj\0.1.5_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2012.12.13 19:48:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CognizanceTS] c:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Program Files\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5955A18E-2522-44DE-A3CC-F91399D39722}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D795F9F9-52DB-4F1C-8E33-1E6D259564BA}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Christoph\Desktop\00154-10sw.jpg
O24 - Desktop BackupWallPaper: C:\Users\Christoph\Desktop\00154-10sw.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.13 23:30:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012.12.13 23:30:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012.12.13 23:30:36 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012.12.13 23:30:36 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012.12.13 23:30:36 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012.12.13 23:30:35 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012.12.13 23:30:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012.12.13 23:30:34 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012.12.13 23:27:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Wdfres.dll
[2012.12.13 23:27:01 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winusb.dll
[2012.12.13 23:27:00 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFPlatform.dll
[2012.12.13 23:26:59 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\WdfLdr.sys
[2012.12.13 23:26:56 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFCoinstaller.dll
[2012.12.13 23:26:56 | 000,034,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\winusb.sys
[2012.12.13 23:26:55 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFx.dll
[2012.12.13 20:33:46 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012.12.13 20:33:46 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\temp
[2012.12.13 20:28:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.13 19:28:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012.12.13 19:28:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012.12.13 19:28:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012.12.13 19:27:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.13 19:26:35 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012.12.13 18:54:47 | 005,010,970 | R--- | C] (Swearware) -- C:\Users\Christoph\Desktop\ComboFix.exe
[2012.12.13 04:56:54 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012.12.13 04:56:51 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpnet.dll
[2012.12.13 04:56:51 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpnsvr.exe
[2012.12.13 04:56:43 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2012.12.13 04:56:43 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2012.12.13 04:56:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2012.12.12 21:55:12 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Christoph\Desktop\tdsskiller.exe
[2012.12.12 21:49:41 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Christoph\Desktop\aswMBR.exe
[2012.12.10 20:08:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe
[2012.12.10 19:05:19 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\install
[2012.12.09 22:11:42 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.12.09 22:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.12.09 22:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.12.04 11:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.12.01 11:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012.12.01 11:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012.11.15 14:11:16 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\synceng.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.14 13:14:42 | 000,000,438 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts.ics
[2012.12.14 13:13:42 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.14 13:13:42 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.14 13:13:34 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.12.14 13:13:03 | 2073,313,280 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.14 13:11:41 | 000,002,140 | ---- | M] () -- C:\windows\bthservsdp.dat
[2012.12.14 13:00:01 | 000,001,136 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1267334794-2730647238-1909836484-1005UA.job
[2012.12.14 12:37:15 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.12.14 12:18:42 | 000,442,576 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012.12.13 23:18:24 | 000,545,819 | ---- | M] () -- C:\Users\Christoph\Desktop\adwcleaner.exe
[2012.12.13 19:56:06 | 000,634,650 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.12.13 19:56:05 | 000,674,832 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.12.13 19:56:05 | 000,146,484 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.12.13 19:56:05 | 000,120,214 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.12.13 19:48:09 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012.12.13 18:55:56 | 005,010,970 | R--- | M] (Swearware) -- C:\Users\Christoph\Desktop\ComboFix.exe
[2012.12.13 11:07:40 | 000,002,062 | ---- | M] () -- C:\Users\Christoph\Desktop\Google Chrome.lnk
[2012.12.13 00:00:02 | 000,001,084 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1267334794-2730647238-1909836484-1005Core.job
[2012.12.12 21:55:23 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Christoph\Desktop\tdsskiller.exe
[2012.12.12 21:53:41 | 000,000,512 | ---- | M] () -- C:\Users\Christoph\Desktop\MBR.dat
[2012.12.12 21:50:26 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Christoph\Desktop\aswMBR.exe
[2012.12.12 21:34:36 | 000,128,350 | ---- | M] () -- C:\Users\Christoph\Documents\Amazon.pdf
[2012.12.12 11:37:26 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012.12.12 11:37:26 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012.12.10 21:09:36 | 262,973,519 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012.12.10 20:08:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe
[2012.12.10 20:05:59 | 000,000,000 | ---- | M] () -- C:\Users\Christoph\defogger_reenable
[2012.12.10 19:12:34 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.09 22:11:04 | 000,000,992 | ---- | M] () -- C:\Users\Christoph\Desktop\DVDVideoSoft Free Studio.lnk
[2012.12.09 22:11:03 | 000,001,151 | ---- | M] () -- C:\Users\Christoph\Desktop\Free YouTube to MP3 Converter.lnk
[2012.12.04 11:57:36 | 000,001,871 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.12.04 11:57:35 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.11.23 01:42:53 | 000,039,139 | ---- | M] () -- C:\Users\Christoph\Documents\Exercise Sessions.pdf
[2012.11.23 01:28:12 | 000,039,139 | ---- | M] () -- C:\Users\Christoph\Documents\Beweis-coupon of a par yield bond=its ytm.pdf
 
========== Files Created - No Company Name ==========
 
[2012.12.13 23:27:33 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.12.13 23:27:32 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.12.13 23:18:22 | 000,545,819 | ---- | C] () -- C:\Users\Christoph\Desktop\adwcleaner.exe
[2012.12.13 19:28:04 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012.12.13 19:28:04 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012.12.13 19:28:04 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012.12.13 19:28:04 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012.12.13 19:28:04 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012.12.12 21:53:41 | 000,000,512 | ---- | C] () -- C:\Users\Christoph\Desktop\MBR.dat
[2012.12.12 21:34:36 | 000,128,350 | ---- | C] () -- C:\Users\Christoph\Documents\Amazon.pdf
[2012.12.10 20:39:35 | 262,973,519 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012.12.10 20:05:59 | 000,000,000 | ---- | C] () -- C:\Users\Christoph\defogger_reenable
[2012.12.09 22:11:04 | 000,000,992 | ---- | C] () -- C:\Users\Christoph\Desktop\DVDVideoSoft Free Studio.lnk
[2012.12.09 22:11:03 | 000,001,151 | ---- | C] () -- C:\Users\Christoph\Desktop\Free YouTube to MP3 Converter.lnk
[2012.12.01 11:57:49 | 000,001,871 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.12.01 11:57:49 | 000,001,871 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.11.23 01:42:53 | 000,039,139 | ---- | C] () -- C:\Users\Christoph\Documents\Exercise Sessions.pdf
[2012.11.23 01:28:10 | 000,039,139 | ---- | C] () -- C:\Users\Christoph\Documents\Beweis-coupon of a par yield bond=its ytm.pdf
[2011.09.16 11:54:48 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2011.09.16 11:54:44 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll
[2011.09.16 11:54:44 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll
[2011.09.16 11:54:44 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll
[2011.09.16 11:54:44 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll
[2011.07.08 17:19:10 | 000,000,104 | ---- | C] () -- C:\Users\Christoph\Computer - Verknüpfung.lnk
[2011.02.26 22:29:38 | 000,012,021 | ---- | C] () -- C:\Users\Christoph\Silver Surfer.odt
[2010.01.08 23:03:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.30 05:16:08 | 000,000,000 | ---- | C] () -- C:\Users\Christoph\AppData\Roaming\downloads.m3u
[2009.06.10 15:37:50 | 000,000,097 | ---- | C] () -- C:\Users\Christoph\AppData\Local\fusioncache.dat
[2009.05.10 23:04:12 | 000,000,680 | ---- | C] () -- C:\Users\Christoph\AppData\Local\d3d9caps.dat
[2009.05.10 20:27:09 | 000,000,287 | ---- | C] () -- C:\Users\Christoph\Lokaler Datenträger (C) - Verknüpfung.lnk
[2009.05.07 19:34:49 | 000,000,180 | ---- | C] () -- C:\Users\Christoph\AppData\Roaming\default.rss
[2009.05.06 16:28:35 | 000,029,184 | ---- | C] () -- C:\Users\Christoph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 14.12.2012 13:20:28 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christoph\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 0,68 Gb Available Physical Memory | 34,98% Memory free
4,10 Gb Paging File | 2,54 Gb Available in Paging File | 62,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,05 Gb Total Space | 28,93 Gb Free Space | 20,81% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,84 Gb Free Space | 20,44% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 1020,00 Mb Total Space | 1017,75 Mb Free Space | 99,78% Space Free | Partition Type: FAT32
 
Computer Name: WERNER-PC | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1267334794-2730647238-1909836484-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2E177C19-7F1A-4906-9D78-6B8CA8D45D25}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{3DA34479-2AE9-46E6-A2D7-1CC4BE085B18}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{5AE111AE-CF42-438C-B82F-0EEA3A296119}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5F9DC9CD-8546-462B-99F0-E5BB63D79262}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{678C4BC4-0BE0-4A9C-9A3D-6A002752FDBE}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{7399FD60-8676-4D69-9C52-5C86C4313FD9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7A85D9C2-34B4-4860-8BF5-90984F99DCBE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9EEB24CE-B692-4A05-B417-33182235E6A1}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C8C9BD75-C390-420E-9FD9-56C00247EDC9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D69046B6-C7DB-4A41-B78E-4DFF7ECE11F3}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{DABB7D7E-2760-439D-9D14-82DDE1A60C2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D3AB93-7C3B-4C25-9326-31DD8F4CBA58}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{013EFC4E-D387-43FA-B8ED-940C59466A2F}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{0C05A43D-1D4B-4EB5-8720-EC932137F9E0}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\pplive.exe | 
"{0E8197B2-31A6-4B11-8167-0D75E5BB9E8B}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\crashreporter.exe | 
"{12F3F62E-91CF-41E0-8580-000CB4125B05}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{1693C4B2-6501-414C-9352-3E79D9C15927}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\ppliveu.exe | 
"{1F4C9133-AA82-4D20-A9C4-6E01CE0DA493}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppliveva_u.exe | 
"{204AED56-E2CE-47F2-970F-27EE5CE6AAD1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{2B3BF4B5-0D1B-4D29-8A92-1C9A779A45E2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{37E75B66-8A5C-4136-8CEA-CA8B534BB6B2}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\downloadprogress.exe | 
"{3E1EE9D8-F33B-43E4-926C-E9D79DD77C57}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\downloadprogress.exe | 
"{45939B0C-7140-45AB-BC14-50284E3870D8}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\ppliveu.exe | 
"{4957959C-47F7-481D-940D-E3CA34D19759}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppliveva_u.exe | 
"{4DEAAFCC-E649-4415-AA68-F392BD80C0EE}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\pplive.exe | 
"{523AE65B-DF13-45E3-A720-E1A2CCCC592F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{55ABE03F-CE64-4613-BC1A-D54713786F6D}" = protocol=6 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe | 
"{5C04F82A-00F2-4632-8823-5297EF6B7FBA}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{5CAC6312-C1A9-461C-B3A6-9D27E420A72A}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{60AF6C3C-6E84-450B-BD0A-F08CB1044238}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6AA8C894-BBA7-4470-A436-D33C39058C89}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppliveva.exe | 
"{786C4E6D-C95F-4219-AA55-34F9184C2EC7}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppvadownload.exe | 
"{8376CB51-38A5-4ABE-A54B-17D636595FAE}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\flvpick.exe | 
"{87599CC3-53FE-4EFB-82B8-7B39F4D58CBE}" = protocol=17 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe | 
"{877AA6C7-5304-46C8-879B-3A1DE19D5C2E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8F0B0A71-21B8-442F-82CE-91F69197DBF3}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\crashreporter.exe | 
"{9047FF6D-6F1C-48D0-BF31-55864FA3EB1B}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{9E522AE9-0587-42B6-AF3F-1FF82FF6BF4B}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\flvpick.exe | 
"{B78E8B24-D88E-435A-98AF-0627A6B5E95E}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{BB36FAD3-C0F9-4081-A1BE-870D87BCAF05}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{C3DC779F-26E5-437D-9B68-31E780DE4DD6}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C7DA3871-263A-4096-84DA-DE4D82748CA0}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{DCBF82E3-15EB-4103-A0CA-D5BCED5C5255}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppvadownload.exe | 
"{E2829C72-80C0-4A45-8598-915312F76AA7}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppliveva.exe | 
"{E5E32AD0-5FF5-4531-8914-36741E3D2117}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E89B9DE0-E7EC-4FD2-8A83-A49D730BBA79}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{F1D4F22F-58A0-4633-83F3-39C1232112B5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{22E25776-6E9E-4A41-A6ED-2A8B2BAD838C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{2FE66E60-0580-4D8B-9748-D9449A2AD67F}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{37995DE4-9C18-421B-B043-EE6161B12D8A}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{3E5B37B2-F64F-4A06-BBB1-EA388C76B211}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"TCP Query User{B4330409-8968-4C08-9291-A97721920CCA}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{D6E2DFC7-C28B-4645-A154-A372D71D008C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{D8FA7555-23AE-429C-9E17-D3B4A3A2790D}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"TCP Query User{E19F667C-42AB-45E5-904B-94DC02774573}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{E85F5646-E503-4ED1-93C3-8D4D221B72AB}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"TCP Query User{F381E39B-C659-4CC9-B8A5-EFD653BA6DB7}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{04A13B65-F248-4107-8BD8-B5B1545162C1}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{0748CB45-C362-4150-A72F-21748B2F7B2C}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{2ED3F931-5117-4048-B9D5-784E4426F4EF}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{3FA3AC3D-918A-48C6-A74A-B4F5BCAAE721}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"UDP Query User{5C372B41-37AF-4B4F-9D7C-793958484B7F}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{5D87F7AF-7232-45A7-8CF8-725617DB107F}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{6E488BFD-FDBE-487C-ADA9-B477F5B4A473}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{BDC1BA30-8248-49A6-B75B-9F1254EB42D9}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{D138928A-48CD-4B53-8DFF-EB0F3FBB2527}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{F166850A-2744-45A2-A80D-67052BE2DBB2}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01F81577-D786-49D7-BAAF-B8A8B44CE251}" = ESU for Microsoft Vista SP1
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0D3CECCA-A589-ECCA-EC0B-2F98F2789F60}" = simfy
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{0F98662A-EA83-414F-8766-3FCE46A32641}" = Credential Manager for HP ProtectTools
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{207A8D54-51C9-48B6-80E6-CBA5403B3ED4}" = Vista Default Settings
"{2086797F-A4BA-4CD3-8104-09B8D39DA5D8}" = HP JavaCard for HP ProtectTools
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{420BBA1D-B275-4891-838C-EA88FE87A632}" = HP Customer Experience Enhancements
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C203E35-B5C7-4E35-9834-619668C0FFEE}" = HP 3D DriveGuard
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{571347b6-163e-4fba-952c-506b4d594662}" = Nero BackItUp 4
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{65883ddf-2152-4cb7-8e13-b99194b13498}" = Nero BackItUp
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75c53f52-398b-4d66-b28a-f9ef170b3b34}" = Nero BackItUp
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{926F4D5F-C8FC-4FB7-8E09-BCB8A997D1C7}" = HP ProtectTools Security Manager
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{9DBD8BEE-B3EC-4D82-A81C-0F6250176DCC}" = Drive Encryption for HP ProtectTools
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A1410161-F615-4B91-A019-FA33833EF00D}" = BIOS Configuration for HP ProtectTools
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B79DB290-9F72-4B20-9776-848D7832705B}" = HP User Guides 0108
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{f61f1d76-7679-4cd4-ad8e-91f3cc46f44b}" = Nero 9
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MX700 series Benutzerregistrierung" = Canon MX700 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.36.1201
"Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Miranda IM" = Miranda IM 0.9.8
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Simfy" = simfy
"SopCast" = SopCast 3.2.9
"STANDARD" = Microsoft Office Standard 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Winamp" = Winamp
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1267334794-2730647238-1909836484-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.08.2011 12:38:25 | Computer Name = Werner-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.08.2011 04:42:37 | Computer Name = Werner-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.08.2011 05:29:21 | Computer Name = Werner-PC | Source = VSS | ID = 8194
Description = 
 
Error - 16.08.2011 05:31:52 | Computer Name = Werner-PC | Source = MsiInstaller | ID = 11706
Description = 
 
Error - 16.08.2011 05:36:00 | Computer Name = Werner-PC | Source = VSS | ID = 8194
Description = 
 
Error - 16.08.2011 06:06:35 | Computer Name = Werner-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.08.2011 06:07:39 | Computer Name = Werner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 16.08.2011 06:07:51 | Computer Name = Werner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 16.08.2011 06:07:54 | Computer Name = Werner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 17.08.2011 14:34:17 | Computer Name = Werner-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Cisco AnyConnect VPN Client Events ]
Error - 12.12.2012 04:54:02 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 13.12.2012 14:52:09 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 13.12.2012 15:41:03 | Computer Name = Werner-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 13.12.2012 15:42:59 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 13.12.2012 18:31:19 | Computer Name = Werner-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 14.12.2012 07:13:31 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 14.12.2012 07:15:26 | Computer Name = Werner-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 14.12.2012 07:15:26 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 14.12.2012 07:19:32 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 14.12.2012 08:14:28 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
[ OSession Events ]
Error - 12.11.2011 14:02:40 | Computer Name = Werner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22558
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 14.12.2012 07:23:35 | Computer Name = Werner-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 14.12.2012 08:14:41 | Computer Name = Werner-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.12.2012 08:14:41 | Computer Name = Werner-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.12.2012 08:14:41 | Computer Name = Werner-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 14.12.2012 08:14:42 | Computer Name = Werner-PC | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 14.12.2012 08:14:42 | Computer Name = Werner-PC | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.102 deaktiviert,
 da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
 die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
 IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
 dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
 
Error - 14.12.2012 08:15:19 | Computer Name = Werner-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 14.12.2012 08:15:20 | Computer Name = Werner-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 14.12.2012 08:15:20 | Computer Name = Werner-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.12.2012 08:20:25 | Computer Name = Werner-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
         
--- --- ---

Alt 14.12.2012, 14:23   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner via Facebook "einladung.zip" - Standard

Trojaner via Facebook "einladung.zip"



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\..\SearchScopes\{6E9536DF-0AE1-466F-904E-6A1B41E15904}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de
IE - HKLM\..\SearchScopes\{6E9536DF-0AE1-466F-904E-6A1B41E15904}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
:Files
C:\Users\Christoph\Desktop\MBR.dat
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Alt 14.12.2012, 23:49   #13
crichter
 
Trojaner via Facebook "einladung.zip" - Standard

Trojaner via Facebook "einladung.zip"



Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry key HKEY_USERS\S-1-5-21-1267334794-2730647238-1909836484-1005\Software\Microsoft\Internet Explorer\SearchScopes\{6E9536DF-0AE1-466F-904E-6A1B41E15904}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E9536DF-0AE1-466F-904E-6A1B41E15904}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6E9536DF-0AE1-466F-904E-6A1B41E15904}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E9536DF-0AE1-466F-904E-6A1B41E15904}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
========== FILES ==========
C:\Users\Christoph\Desktop\MBR.dat moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Christoph\Desktop\cmd.bat deleted successfully.
C:\Users\Christoph\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Christoph
->Temp folder emptied: 3085 bytes
->Temporary Internet Files folder emptied: 97110459 bytes
->Java cache emptied: 25242694 bytes
->FireFox cache emptied: 77609227 bytes
->Google Chrome cache emptied: 344186480 bytes
->Flash cache emptied: 101045 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: McAfeeMVSUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Werner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 23669991 bytes
->Java cache emptied: 25301797 bytes
->FireFox cache emptied: 101686461 bytes
->Flash cache emptied: 9961 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 171922 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 663,00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 12152012_003525

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 16.12.2012, 13:48   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner via Facebook "einladung.zip" - Standard

Trojaner via Facebook "einladung.zip"



Eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

Alt 16.12.2012, 22:02   #15
crichter
 
Trojaner via Facebook "einladung.zip" - Standard

Trojaner via Facebook "einladung.zip"



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 16.12.2012 22:30:20 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christoph\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 58,29% Memory free
4,22 Gb Paging File | 2,24 Gb Available in Paging File | 52,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,05 Gb Total Space | 29,34 Gb Free Space | 21,10% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,84 Gb Free Space | 20,44% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 1020,00 Mb Total Space | 1017,75 Mb Free Space | 99,78% Space Free | Partition Type: FAT32
 
Computer Name: WERNER-PC | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Christoph\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.)
PRC - c:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe (Bioscrypt Inc.)
PRC - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
PRC - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International)
PRC - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
PRC - c:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
PRC - c:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe ()
PRC - C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Christoph\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\38e2909de0b5e7887b46dd28725ba718\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0e5254a1a3d59b3a037029e5af1bd32b\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\46215c6276fca8ba6b8a765dfa384c73\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\Hardcopy\HcDllS.dll ()
MOD - C:\Program Files\Hardcopy\hardcopy_02.dll ()
MOD - C:\Program Files\Hardcopy\HcDLL2_29_Win32.dll ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (PLFlash DeviceIoControl Service) -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (ASBroker) -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
SRV - (ASChannel) -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll (Bioscrypt Inc.)
SRV - (HP ProtectTools Service) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (HpFkCryptService) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International)
SRV - (HPFSService) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (RoxMediaDB10) -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (accoca) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (Lbd) -- C:\Windows\System32\drivers\Lbd.sys (Lavasoft AB)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBTTN.sys (Hewlett-Packard Company)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (SbAlg) -- C:\windows\System32\drivers\SbAlg.sys (SafeBoot N.V.)
DRV - (SbFsLock) -- C:\windows\System32\drivers\SbFsLock.sys (SafeBoot International)
DRV - (RsvLock) -- C:\windows\System32\drivers\rsvlock.sys (SafeBoot International)
DRV - (SafeBoot) -- C:\windows\System32\drivers\SafeBoot.sys ()
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\..\SearchScopes\{5B07576D-A46A-4AD8-8430-111BFCA06622}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}
IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.7
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.2.3
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Christoph\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Christoph\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.18 00:04:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.09 22:10:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.14 08:42:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.03 12:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.07 22:08:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.10.03 12:44:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.14 08:42:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.03 12:44:40 | 000,000,000 | ---D | M]
 
[2009.04.29 14:27:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Extensions
[2012.10.28 11:19:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\fl55dsfc.default\extensions
[2011.03.10 14:40:41 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\fl55dsfc.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2011.09.13 08:39:08 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\fl55dsfc.default\extensions\youtube2mp3@mondayx.de
[2012.07.06 20:52:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.12.09 22:10:42 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\PLUGINS\FF
[2012.09.14 08:42:43 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.14 08:42:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Christoph\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\plugins\NPOFF12.DLL
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\plugins\npwachk.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Christoph\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube to MP3 Converter = C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibcpjodfibnpbphfodohkmgmedjbgkhj\0.1.5_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2012.12.15 00:36:40 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CognizanceTS] c:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Program Files\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1267334794-2730647238-1909836484-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5955A18E-2522-44DE-A3CC-F91399D39722}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D795F9F9-52DB-4F1C-8E33-1E6D259564BA}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Christoph\Desktop\00154-10sw.jpg
O24 - Desktop BackupWallPaper: C:\Users\Christoph\Desktop\00154-10sw.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.15 00:35:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.12.13 23:30:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012.12.13 23:30:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012.12.13 23:30:36 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012.12.13 23:30:36 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012.12.13 23:30:36 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012.12.13 23:30:35 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012.12.13 23:30:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012.12.13 23:30:34 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012.12.13 23:27:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Wdfres.dll
[2012.12.13 23:27:01 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winusb.dll
[2012.12.13 23:27:00 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFPlatform.dll
[2012.12.13 23:26:59 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\WdfLdr.sys
[2012.12.13 23:26:56 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFCoinstaller.dll
[2012.12.13 23:26:56 | 000,034,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\winusb.sys
[2012.12.13 23:26:55 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFx.dll
[2012.12.13 20:33:46 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012.12.13 20:33:46 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\temp
[2012.12.13 20:28:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.13 19:28:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012.12.13 19:28:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012.12.13 19:28:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012.12.13 19:27:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.13 19:26:35 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012.12.13 18:54:47 | 005,010,970 | R--- | C] (Swearware) -- C:\Users\Christoph\Desktop\ComboFix.exe
[2012.12.13 04:56:54 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012.12.13 04:56:51 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpnet.dll
[2012.12.13 04:56:51 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dpnsvr.exe
[2012.12.13 04:56:43 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2012.12.13 04:56:43 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2012.12.13 04:56:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2012.12.12 21:55:12 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Christoph\Desktop\tdsskiller.exe
[2012.12.12 21:49:41 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Christoph\Desktop\aswMBR.exe
[2012.12.10 20:08:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe
[2012.12.10 19:05:19 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\install
[2012.12.09 22:11:42 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.12.09 22:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.12.09 22:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.12.04 11:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.12.01 11:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012.12.01 11:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.16 22:37:25 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.12.16 22:02:21 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.16 22:02:21 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.16 22:00:01 | 000,001,136 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1267334794-2730647238-1909836484-1005UA.job
[2012.12.16 12:00:39 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.12.16 00:00:00 | 000,001,084 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1267334794-2730647238-1909836484-1005Core.job
[2012.12.15 14:23:52 | 000,000,437 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts.ics
[2012.12.15 14:23:08 | 2071,252,992 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.15 01:06:58 | 000,002,140 | ---- | M] () -- C:\windows\bthservsdp.dat
[2012.12.15 00:36:40 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2012.12.14 12:18:42 | 000,442,576 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012.12.13 23:18:24 | 000,545,819 | ---- | M] () -- C:\Users\Christoph\Desktop\adwcleaner.exe
[2012.12.13 19:56:06 | 000,634,650 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.12.13 19:56:05 | 000,674,832 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.12.13 19:56:05 | 000,146,484 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.12.13 19:56:05 | 000,120,214 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.12.13 18:55:56 | 005,010,970 | R--- | M] (Swearware) -- C:\Users\Christoph\Desktop\ComboFix.exe
[2012.12.13 11:07:40 | 000,002,062 | ---- | M] () -- C:\Users\Christoph\Desktop\Google Chrome.lnk
[2012.12.12 21:55:23 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Christoph\Desktop\tdsskiller.exe
[2012.12.12 21:50:26 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Christoph\Desktop\aswMBR.exe
[2012.12.12 21:34:36 | 000,128,350 | ---- | M] () -- C:\Users\Christoph\Documents\Amazon.pdf
[2012.12.12 11:37:26 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012.12.12 11:37:26 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012.12.10 21:09:36 | 262,973,519 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012.12.10 20:08:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe
[2012.12.10 20:05:59 | 000,000,000 | ---- | M] () -- C:\Users\Christoph\defogger_reenable
[2012.12.10 19:12:34 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.09 22:11:04 | 000,000,992 | ---- | M] () -- C:\Users\Christoph\Desktop\DVDVideoSoft Free Studio.lnk
[2012.12.09 22:11:03 | 000,001,151 | ---- | M] () -- C:\Users\Christoph\Desktop\Free YouTube to MP3 Converter.lnk
[2012.12.04 11:57:36 | 000,001,871 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.12.04 11:57:35 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.11.23 01:42:53 | 000,039,139 | ---- | M] () -- C:\Users\Christoph\Documents\Exercise Sessions.pdf
[2012.11.23 01:28:12 | 000,039,139 | ---- | M] () -- C:\Users\Christoph\Documents\Beweis-coupon of a par yield bond=its ytm.pdf
 
========== Files Created - No Company Name ==========
 
[2012.12.13 23:27:33 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.12.13 23:27:32 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.12.13 23:18:22 | 000,545,819 | ---- | C] () -- C:\Users\Christoph\Desktop\adwcleaner.exe
[2012.12.13 19:28:04 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012.12.13 19:28:04 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012.12.13 19:28:04 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012.12.13 19:28:04 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012.12.13 19:28:04 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012.12.12 21:34:36 | 000,128,350 | ---- | C] () -- C:\Users\Christoph\Documents\Amazon.pdf
[2012.12.10 20:39:35 | 262,973,519 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012.12.10 20:05:59 | 000,000,000 | ---- | C] () -- C:\Users\Christoph\defogger_reenable
[2012.12.09 22:11:04 | 000,000,992 | ---- | C] () -- C:\Users\Christoph\Desktop\DVDVideoSoft Free Studio.lnk
[2012.12.09 22:11:03 | 000,001,151 | ---- | C] () -- C:\Users\Christoph\Desktop\Free YouTube to MP3 Converter.lnk
[2012.12.01 11:57:49 | 000,001,871 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.12.01 11:57:49 | 000,001,871 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.11.23 01:42:53 | 000,039,139 | ---- | C] () -- C:\Users\Christoph\Documents\Exercise Sessions.pdf
[2012.11.23 01:28:10 | 000,039,139 | ---- | C] () -- C:\Users\Christoph\Documents\Beweis-coupon of a par yield bond=its ytm.pdf
[2011.09.16 11:54:48 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2011.09.16 11:54:44 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll
[2011.09.16 11:54:44 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll
[2011.09.16 11:54:44 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll
[2011.09.16 11:54:44 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll
[2011.07.08 17:19:10 | 000,000,104 | ---- | C] () -- C:\Users\Christoph\Computer - Verknüpfung.lnk
[2011.02.26 22:29:38 | 000,012,021 | ---- | C] () -- C:\Users\Christoph\Silver Surfer.odt
[2010.01.08 23:03:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.30 05:16:08 | 000,000,000 | ---- | C] () -- C:\Users\Christoph\AppData\Roaming\downloads.m3u
[2009.06.10 15:37:50 | 000,000,097 | ---- | C] () -- C:\Users\Christoph\AppData\Local\fusioncache.dat
[2009.05.10 23:04:12 | 000,000,680 | ---- | C] () -- C:\Users\Christoph\AppData\Local\d3d9caps.dat
[2009.05.10 20:27:09 | 000,000,287 | ---- | C] () -- C:\Users\Christoph\Lokaler Datenträger (C) - Verknüpfung.lnk
[2009.05.07 19:34:49 | 000,000,180 | ---- | C] () -- C:\Users\Christoph\AppData\Roaming\default.rss
[2009.05.06 16:28:35 | 000,029,184 | ---- | C] () -- C:\Users\Christoph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 16.12.2012 22:30:20 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christoph\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 58,29% Memory free
4,22 Gb Paging File | 2,24 Gb Available in Paging File | 52,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,05 Gb Total Space | 29,34 Gb Free Space | 21,10% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,84 Gb Free Space | 20,44% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 1020,00 Mb Total Space | 1017,75 Mb Free Space | 99,78% Space Free | Partition Type: FAT32
 
Computer Name: WERNER-PC | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1267334794-2730647238-1909836484-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2E177C19-7F1A-4906-9D78-6B8CA8D45D25}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{3DA34479-2AE9-46E6-A2D7-1CC4BE085B18}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{5AE111AE-CF42-438C-B82F-0EEA3A296119}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5F9DC9CD-8546-462B-99F0-E5BB63D79262}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{678C4BC4-0BE0-4A9C-9A3D-6A002752FDBE}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{7399FD60-8676-4D69-9C52-5C86C4313FD9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7A85D9C2-34B4-4860-8BF5-90984F99DCBE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9EEB24CE-B692-4A05-B417-33182235E6A1}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C8C9BD75-C390-420E-9FD9-56C00247EDC9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D69046B6-C7DB-4A41-B78E-4DFF7ECE11F3}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{DABB7D7E-2760-439D-9D14-82DDE1A60C2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D3AB93-7C3B-4C25-9326-31DD8F4CBA58}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{013EFC4E-D387-43FA-B8ED-940C59466A2F}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{0C05A43D-1D4B-4EB5-8720-EC932137F9E0}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\pplive.exe | 
"{0E8197B2-31A6-4B11-8167-0D75E5BB9E8B}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\crashreporter.exe | 
"{12F3F62E-91CF-41E0-8580-000CB4125B05}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{1693C4B2-6501-414C-9352-3E79D9C15927}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\ppliveu.exe | 
"{1F4C9133-AA82-4D20-A9C4-6E01CE0DA493}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppliveva_u.exe | 
"{204AED56-E2CE-47F2-970F-27EE5CE6AAD1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{2B3BF4B5-0D1B-4D29-8A92-1C9A779A45E2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{37E75B66-8A5C-4136-8CEA-CA8B534BB6B2}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\downloadprogress.exe | 
"{3E1EE9D8-F33B-43E4-926C-E9D79DD77C57}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\downloadprogress.exe | 
"{45939B0C-7140-45AB-BC14-50284E3870D8}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\ppliveu.exe | 
"{4957959C-47F7-481D-940D-E3CA34D19759}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppliveva_u.exe | 
"{4DEAAFCC-E649-4415-AA68-F392BD80C0EE}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\pplive.exe | 
"{523AE65B-DF13-45E3-A720-E1A2CCCC592F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{55ABE03F-CE64-4613-BC1A-D54713786F6D}" = protocol=6 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe | 
"{5C04F82A-00F2-4632-8823-5297EF6B7FBA}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{5CAC6312-C1A9-461C-B3A6-9D27E420A72A}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{60AF6C3C-6E84-450B-BD0A-F08CB1044238}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6AA8C894-BBA7-4470-A436-D33C39058C89}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppliveva.exe | 
"{786C4E6D-C95F-4219-AA55-34F9184C2EC7}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppvadownload.exe | 
"{8376CB51-38A5-4ABE-A54B-17D636595FAE}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\flvpick.exe | 
"{87599CC3-53FE-4EFB-82B8-7B39F4D58CBE}" = protocol=17 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe | 
"{877AA6C7-5304-46C8-879B-3A1DE19D5C2E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8F0B0A71-21B8-442F-82CE-91F69197DBF3}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\crashreporter.exe | 
"{9047FF6D-6F1C-48D0-BF31-55864FA3EB1B}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{9E522AE9-0587-42B6-AF3F-1FF82FF6BF4B}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\flvpick.exe | 
"{B78E8B24-D88E-435A-98AF-0627A6B5E95E}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{BB36FAD3-C0F9-4081-A1BE-870D87BCAF05}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{C3DC779F-26E5-437D-9B68-31E780DE4DD6}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C7DA3871-263A-4096-84DA-DE4D82748CA0}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{DCBF82E3-15EB-4103-A0CA-D5BCED5C5255}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppvadownload.exe | 
"{E2829C72-80C0-4A45-8598-915312F76AA7}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppliveva.exe | 
"{E5E32AD0-5FF5-4531-8914-36741E3D2117}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E89B9DE0-E7EC-4FD2-8A83-A49D730BBA79}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{F1D4F22F-58A0-4633-83F3-39C1232112B5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{22E25776-6E9E-4A41-A6ED-2A8B2BAD838C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{2FE66E60-0580-4D8B-9748-D9449A2AD67F}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{37995DE4-9C18-421B-B043-EE6161B12D8A}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{3E5B37B2-F64F-4A06-BBB1-EA388C76B211}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"TCP Query User{B4330409-8968-4C08-9291-A97721920CCA}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{D6E2DFC7-C28B-4645-A154-A372D71D008C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{D8FA7555-23AE-429C-9E17-D3B4A3A2790D}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"TCP Query User{E19F667C-42AB-45E5-904B-94DC02774573}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{E85F5646-E503-4ED1-93C3-8D4D221B72AB}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"TCP Query User{F381E39B-C659-4CC9-B8A5-EFD653BA6DB7}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{04A13B65-F248-4107-8BD8-B5B1545162C1}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{0748CB45-C362-4150-A72F-21748B2F7B2C}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{2ED3F931-5117-4048-B9D5-784E4426F4EF}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{3FA3AC3D-918A-48C6-A74A-B4F5BCAAE721}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"UDP Query User{5C372B41-37AF-4B4F-9D7C-793958484B7F}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{5D87F7AF-7232-45A7-8CF8-725617DB107F}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{6E488BFD-FDBE-487C-ADA9-B477F5B4A473}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{BDC1BA30-8248-49A6-B75B-9F1254EB42D9}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{D138928A-48CD-4B53-8DFF-EB0F3FBB2527}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{F166850A-2744-45A2-A80D-67052BE2DBB2}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01F81577-D786-49D7-BAAF-B8A8B44CE251}" = ESU for Microsoft Vista SP1
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0D3CECCA-A589-ECCA-EC0B-2F98F2789F60}" = simfy
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{0F98662A-EA83-414F-8766-3FCE46A32641}" = Credential Manager for HP ProtectTools
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{207A8D54-51C9-48B6-80E6-CBA5403B3ED4}" = Vista Default Settings
"{2086797F-A4BA-4CD3-8104-09B8D39DA5D8}" = HP JavaCard for HP ProtectTools
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{420BBA1D-B275-4891-838C-EA88FE87A632}" = HP Customer Experience Enhancements
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C203E35-B5C7-4E35-9834-619668C0FFEE}" = HP 3D DriveGuard
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{571347b6-163e-4fba-952c-506b4d594662}" = Nero BackItUp 4
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{65883ddf-2152-4cb7-8e13-b99194b13498}" = Nero BackItUp
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75c53f52-398b-4d66-b28a-f9ef170b3b34}" = Nero BackItUp
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{926F4D5F-C8FC-4FB7-8E09-BCB8A997D1C7}" = HP ProtectTools Security Manager
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{9DBD8BEE-B3EC-4D82-A81C-0F6250176DCC}" = Drive Encryption for HP ProtectTools
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A1410161-F615-4B91-A019-FA33833EF00D}" = BIOS Configuration for HP ProtectTools
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B79DB290-9F72-4B20-9776-848D7832705B}" = HP User Guides 0108
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{f61f1d76-7679-4cd4-ad8e-91f3cc46f44b}" = Nero 9
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MX700 series Benutzerregistrierung" = Canon MX700 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.36.1201
"Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Miranda IM" = Miranda IM 0.9.8
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Simfy" = simfy
"SopCast" = SopCast 3.2.9
"STANDARD" = Microsoft Office Standard 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Winamp" = Winamp
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1267334794-2730647238-1909836484-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.08.2011 04:42:37 | Computer Name = Werner-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.08.2011 05:29:21 | Computer Name = Werner-PC | Source = VSS | ID = 8194
Description = 
 
Error - 16.08.2011 05:31:52 | Computer Name = Werner-PC | Source = MsiInstaller | ID = 11706
Description = 
 
Error - 16.08.2011 05:36:00 | Computer Name = Werner-PC | Source = VSS | ID = 8194
Description = 
 
Error - 16.08.2011 06:06:35 | Computer Name = Werner-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.08.2011 06:07:39 | Computer Name = Werner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 16.08.2011 06:07:51 | Computer Name = Werner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 16.08.2011 06:07:54 | Computer Name = Werner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 17.08.2011 14:34:17 | Computer Name = Werner-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.08.2011 02:37:27 | Computer Name = Werner-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Cisco AnyConnect VPN Client Events ]
Error - 13.12.2012 15:41:03 | Computer Name = Werner-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 13.12.2012 15:42:59 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 13.12.2012 18:31:19 | Computer Name = Werner-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 14.12.2012 07:13:31 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 14.12.2012 07:15:26 | Computer Name = Werner-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 14.12.2012 07:15:26 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 14.12.2012 07:19:32 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 14.12.2012 08:14:28 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 14.12.2012 19:42:05 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 15.12.2012 09:23:48 | Computer Name = Werner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
[ OSession Events ]
Error - 12.11.2011 14:02:40 | Computer Name = Werner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22558
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 14.12.2012 19:43:09 | Computer Name = Werner-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.12.2012 19:46:48 | Computer Name = Werner-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 15.12.2012 09:23:52 | Computer Name = Werner-PC | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 15.12.2012 09:23:52 | Computer Name = Werner-PC | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.102 deaktiviert,
 da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
 die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
 IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
 dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
 
Error - 15.12.2012 09:24:51 | Computer Name = Werner-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.12.2012 09:24:51 | Computer Name = Werner-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.12.2012 09:28:43 | Computer Name = Werner-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 15.12.2012 09:34:19 | Computer Name = Werner-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 16.12.2012 07:00:31 | Computer Name = Werner-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 16.12.2012 07:00:38 | Computer Name = Werner-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
 
< End of report >
         
--- --- ---

Antwort

Themen zu Trojaner via Facebook "einladung.zip"
32 bit, 7-zip, ad-aware, adware.mywebsearch, antivir, avira, backdoor.bot.m, backdoor.rat.gen, bonjour, converter, desktop, excel, firefox, flash player, google, home, hängt, install.exe, launch, malware, mp3, msiinstaller, office 2007, plug-in, scan, security, software, svchost.exe, system, trojan.agent.ge, trojan.agent.gen, trojaner, trojaner-facebook chat



Ähnliche Themen: Trojaner via Facebook "einladung.zip"


  1. Bei Facebook-Anmeldung: "Konto wurde gesperrt, PC muss bereinigt werden"
    Log-Analyse und Auswertung - 17.06.2015 (5)
  2. Facebook Virus "Ihr Computer muss gereinigt werden"
    Plagegeister aller Art und deren Bekämpfung - 08.06.2015 (34)
  3. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  4. "WG: Webseite für [Facebookname]" - von meinem iPhone gesendet. Facebook TrojanerApp?
    Smartphone, Tablet & Handy Security - 14.09.2014 (1)
  5. "WG: Webseite für [Facebookname]" - von meinem iPhone gesendet. Facebook TrojanerApp?
    Plagegeister aller Art und deren Bekämpfung - 14.09.2014 (5)
  6. Windows7: "Facebook lol Virus/Trojaner"?
    Log-Analyse und Auswertung - 16.05.2014 (11)
  7. Problem mit der "0"-Taste: Bei druck wird FaceBook geöffnet
    Plagegeister aller Art und deren Bekämpfung - 29.11.2013 (3)
  8. google, facebook und diverse "schlaue seiten" laden nicht
    Plagegeister aller Art und deren Bekämpfung - 25.11.2013 (23)
  9. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  10. Facebook-Link angeklickt "Just 14 years Old drunk girl .."
    Plagegeister aller Art und deren Bekämpfung - 26.08.2013 (39)
  11. Programm "IMINENT" und plötzlich komische Werbung z.B. bei Facebook
    Plagegeister aller Art und deren Bekämpfung - 20.08.2013 (13)
  12. " Just 14 years Old drunk girl did this infront of all Public" auf Facebook gefunden
    Log-Analyse und Auswertung - 29.07.2013 (5)
  13. Facebook-Trojaner?: "14-y.o. girl"-Video versucht zu öffnen
    Log-Analyse und Auswertung - 28.07.2013 (1)
  14. Trojaner "Facebook.vbs" im Autostart und auf USB-sticks
    Log-Analyse und Auswertung - 01.06.2013 (17)
  15. Facebook-Virus "weeeeeeerrrr ist daaaaaass? " TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (11)
  16. Facebook Scamseite angeklickt - "StalkerTools" - Rechner nun verseucht?
    Plagegeister aller Art und deren Bekämpfung - 24.02.2011 (1)
  17. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)

Zum Thema Trojaner via Facebook "einladung.zip" - Guten Abend liebes Forum, ich habe mir einen Trojaner über den facebook chat eingefangen. Zusätzlich befindet sich glaube ich noch andere malware auf meinen PC, da dieser stark an Performance - Trojaner via Facebook "einladung.zip"...
Archiv
Du betrachtest: Trojaner via Facebook "einladung.zip" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.