Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Hotmail Account gehackt und verschickt automatisch Mails

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.12.2012, 22:44   #1
Aster!x
 
Hotmail Account gehackt und verschickt automatisch Mails - Standard

Hotmail Account gehackt und verschickt automatisch Mails



Hallo zusammen!
Ich bin neu hier auf dem Board. Bevor ich mein Problem beschreibe solltet Ihr Wissen, dass meine PC Kenntnisse relativ bescheiden sind.
Am Mittwoch habe ich ein Mail von einer Kollegin bekommen mit einem Englischen Inhalt und einem Verweis auf einen link den ich jetzt nicht ganz ausschreibe. ***.Goo.gl/gcosn. Leider kann ich mich nicht erinnern ob ich den Link geöffnet habe da ich einen ziemlichen Stress hatte. Am nächsten Tag habe ich von einem Kumpel von mir erfahren dass ich Ihm ein Mail mit demselben Inhalt verschickt habe. Ich versuchte daraufhin mich in mein Hotmail Account einzuloggen was jedoch nicht mehr möglich war. Ich habe heute noch versucht meinen Account zu reaktivieren, habe aber noch keine Antwort bekommen. Nun habe ich 2 Fragen an euch:
1.Für den fall das ich wieder in mein Account reinkomme. Wie bereinige ich meinen Hotmail Account so das ich keine Viren mehr verschicke?
2.Ist mein PC nun auch mit einem Virus verseucht?

Für eure Hilfe danke ich schon im Voraus.

Freundliche Grüsse

Aster!x!

Alt 22.12.2012, 20:31   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hotmail Account gehackt und verschickt automatisch Mails - Standard

Hotmail Account gehackt und verschickt automatisch Mails



Hallo und

Schon irgendwelche Scans mit Malwarebytes oder anderen Tools gemacht? Log mit Funden da? Siehe => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon etwaig vorhandene Logs posten!
__________________

__________________

Alt 22.12.2012, 22:37   #3
Aster!x
 
Hotmail Account gehackt und verschickt automatisch Mails - Standard

Hotmail Account gehackt und verschickt automatisch Mails



Hallo Cosinus!

Danke das du mir Hilfst. Ich hab bis jetzt nur einen Malewarebytes-Scan durchgeführt.

MalewareBytes Log:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.22.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
USERNAME :: PCNAME [Administrator]

Schutz: Aktiviert

22.12.2012 22:17:21
mbam-log-2012-12-22 (22-17-21).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 210312
Laufzeit: 2 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Vielen Dank und Freundliche Grüsse

Aster!x
__________________

Alt 22.12.2012, 22:58   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hotmail Account gehackt und verschickt automatisch Mails - Standard

Hotmail Account gehackt und verschickt automatisch Mails



Was hast hier dran

Zitat:
Zitat von cosinus
Bitte keine neuen Virenscans machen sondern erst nur schon etwaig vorhandene Logs posten!
eigentlich nicht verstanden?!
Ein einfaches "ich habe keine Logs und ich hatte auch noch nie Funde" oder sowas in der Art hätte mir gereicht

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.



Mach bitte einen CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:
ATTFilter
msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.12.2012, 23:31   #5
Aster!x
 
Hotmail Account gehackt und verschickt automatisch Mails - Standard

Hotmail Account gehackt und verschickt automatisch Mails



Hallo Cosinus!

Tut mir leid den letzten Satz habe ich übersehen. :S

Ich führe den Quick Scan gleich aus.

Gruss Asterix


Geändert von Aster!x (22.12.2012 um 23:52 Uhr)

Alt 22.12.2012, 23:50   #6
Aster!x
 
Hotmail Account gehackt und verschickt automatisch Mails - Standard

Hotmail Account gehackt und verschickt automatisch Mails



Hier die Ergebnisse:
Code:
ATTFilter
OTL logfile created on: 12/22/2012 11:32:56 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\USERNAME\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 61.06% Memory free
8.00 Gb Paging File | 5.88 Gb Available in Paging File | 73.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.34 Gb Total Space | 467.38 Gb Free Space | 80.12% Space Free | Partition Type: NTFS
Drive D: | 12.73 Gb Total Space | 1.51 Gb Free Space | 11.83% Space Free | Partition Type: NTFS
 
Computer Name: USERNAME | User Name: USERNAME | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/12/21 22:20:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\USERNAME\Desktop\OTL.exe
PRC - [2012/12/17 22:01:40 | 000,541,168 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/12/14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012/12/13 22:40:13 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/12/04 22:53:17 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/03 08:13:08 | 000,188,760 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/08 12:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/06/08 12:02:02 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
PRC - [2011/03/09 10:41:08 | 001,066,896 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/01/25 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/01/18 18:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2009/09/18 17:02:30 | 001,708,032 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\AirGCFG.exe
PRC - [2009/08/21 09:27:24 | 000,098,304 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2009/07/07 20:10:14 | 000,151,552 | ---- | M] () -- C:\Windows\SysWOW64\ANIWConnService.exe
PRC - [2008/11/20 18:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/12/17 22:02:24 | 000,835,072 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL.dll
MOD - [2012/12/17 22:01:39 | 020,320,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/12/17 22:01:35 | 000,968,688 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2012/12/17 22:01:34 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/12/17 22:01:34 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/12/17 22:01:34 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/12/14 21:18:26 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2012/12/04 22:53:17 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/11/15 04:04:43 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
MOD - [2012/11/15 03:55:40 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll
MOD - [2012/11/15 03:55:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/15 03:55:25 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll
MOD - [2012/11/15 03:55:17 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
MOD - [2012/11/15 03:55:06 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/15 03:55:01 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/15 03:54:59 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012/11/15 03:54:50 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/15 03:54:46 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/15 03:54:44 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/15 03:54:43 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/15 03:54:36 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/11/15 03:39:54 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\7584733b0bfcbe669ea38a81b914a83a\System.Management.ni.dll
MOD - [2012/11/15 03:38:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0acdeb764dc3715299a163fba3c7bdaa\System.Runtime.Remoting.ni.dll
MOD - [2012/11/15 03:37:34 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\739c5209c3538b3457c2f8f9ad196cbb\System.Xaml.ni.dll
MOD - [2012/11/15 03:28:09 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\960b6130c64f21d8f5d8d3eb183ae660\PresentationFramework.ni.dll
MOD - [2012/11/15 03:27:56 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\6053166746abce42f4c4432e0ec54fc7\PresentationCore.ni.dll
MOD - [2012/11/15 03:27:48 | 003,882,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\947466e2a04c48c43a8b255eb236ba71\WindowsBase.ni.dll
MOD - [2012/11/15 03:27:46 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4a2b56d6031270f0fcf7388e4d787333\PresentationFramework.Aero.ni.dll
MOD - [2012/11/15 03:15:26 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\86f1e41236b3d404d65db53bd0374d1e\System.Configuration.ni.dll
MOD - [2012/11/15 03:15:23 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e46c644e0ef0456434b32f3e91b56424\System.Xml.ni.dll
MOD - [2012/11/15 03:15:15 | 013,198,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ff1ceec110e2983a75c2c21f50274ac2\System.Windows.Forms.ni.dll
MOD - [2012/11/15 03:15:12 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9d1f9ff307e93bb9929b2b11661623cb\System.Core.ni.dll
MOD - [2012/11/15 03:15:08 | 001,666,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\20ce3ca371acfbe996c6a21b5469992d\System.Drawing.ni.dll
MOD - [2012/11/15 03:15:07 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\aaf8a137263c899815f0acff07eb1562\System.ni.dll
MOD - [2012/11/15 03:15:01 | 014,417,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\031abbfbd476fdc0c392160b67f2c662\mscorlib.ni.dll
MOD - [2012/07/12 11:28:55 | 000,115,137 | ---- | M] () -- C:\Users\USERNAME\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
MOD - [2012/06/08 12:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2010/11/13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/08/03 07:14:16 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2010/02/10 02:58:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/02/10 02:58:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/02/10 02:58:24 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2010/02/10 02:58:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2010/02/10 02:58:22 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2010/02/10 02:58:22 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2010/02/10 02:58:18 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2010/02/10 02:58:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2010/01/18 18:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MOD - [2009/07/07 18:50:04 | 000,258,048 | ---- | M] () -- C:\Windows\SysWOW64\wlanapp.dll
MOD - [2009/06/01 14:23:24 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\ANIOApi.dll
MOD - [2009/06/01 14:23:24 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIOApi.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/09/13 14:26:50 | 001,259,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (WebOptimizer)
SRV:64bit: - [2012/09/03 08:13:08 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV:64bit: - [2012/03/15 16:17:27 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/03/09 10:10:40 | 000,288,768 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2010/01/23 04:12:18 | 000,673,792 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe -- (mitsijm2011)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/12/17 22:01:40 | 000,541,168 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/12/12 18:31:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/04 22:53:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2011/03/09 10:41:10 | 000,491,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011/03/09 10:41:08 | 001,066,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/04 19:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/07/07 20:10:14 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ANIWConnService.exe -- (ANIWConnService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/25 14:30:56 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/02 06:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/06/02 06:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/06/02 06:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/04/21 02:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/31 04:00:09 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/31 04:00:09 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/15 03:31:23 | 000,912,504 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 15:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2011/01/27 07:47:10 | 000,450,680 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 06:07:06 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/01/04 16:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/12/21 06:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/12/21 06:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/12/21 06:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/21 04:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/03/04 15:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/28 18:25:04 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/08/05 21:59:48 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV - [2012/10/24 00:34:23 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20121130.005\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/09/13 07:04:58 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20121221.024\ex64.sys -- (NAVEX15)
DRV - [2012/09/13 07:04:58 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20121221.024\eng64.sys -- (NAVENG)
DRV - [2012/09/01 01:27:24 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20121221.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/10 00:01:04 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/10 00:01:04 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/01/04 16:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/12
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/12
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {03BC63FE-780D-45A6-91BD-15CC3BB7C267}
IE:64bit: - HKLM\..\SearchScopes\{03BC63FE-780D-45A6-91BD-15CC3BB7C267}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/12
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?barid={F1959716-4748-4198-822E-A0B02F7DA9B3}
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=CH&userid=521df724-c226-4be1-8063-f8b0be72bed5&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{03BC63FE-780D-45A6-91BD-15CC3BB7C267}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={F1959716-4748-4198-822E-A0B02F7DA9B3}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/12
IE - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=CH&userid=521df724-c226-4be1-8063-f8b0be72bed5&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=CH&userid=521df724-c226-4be1-8063-f8b0be72bed5&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb128?a=6R8x2GHMcO&i=26
IE - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=CH&userid=521df724-c226-4be1-8063-f8b0be72bed5&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=CH&userid=521df724-c226-4be1-8063-f8b0be72bed5&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=CH&userid=521df724-c226-4be1-8063-f8b0be72bed5&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\..\SearchScopes\{03BC63FE-780D-45A6-91BD-15CC3BB7C267}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\..\SearchScopes\{A8C3C848-BC39-4996-9B12-CBFA659C2BA1}: "URL" = hxxp://search.softonic.com/MON00005/tb_v1?q={searchTerms}&SearchSource=4&cc=
IE - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6R8x2GHMcO&i=26
IE - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={F1959716-4748-4198-822E-A0B02F7DA9B3}
IE - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.ch/"
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.1.1.5%20-%203
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2010.9.0.6
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb128/?loc=IB_DS&a=6R8x2GHMcO&&i=26&search="
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/09/20 19:40:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/04/13 02:31:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_13_2 [2012/12/21 03:19:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/29 16:37:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/09/20 19:40:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/04 22:53:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/04 22:53:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/29 16:37:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/04 22:53:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/04 22:53:15 | 000,000,000 | ---D | M]
 
[2010/10/29 14:42:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USERNAME\AppData\Roaming\mozilla\Extensions
[2012/06/25 06:59:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USERNAME\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012/10/23 20:45:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USERNAME\AppData\Roaming\mozilla\Firefox\Profiles\cppgs5l7.default\extensions
[2012/12/04 22:53:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/04/13 02:31:07 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN
[2012/12/04 22:53:17 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/11/20 21:12:14 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/19 20:10:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/18 08:51:16 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/19 20:10:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/19 20:10:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/19 20:10:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/19 20:10:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [D-Link D-Link Wireless G DWL-G122_DWA-110] C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\AirGCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [WZCSLDR2] C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\WZCSLDR2.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000..\Run: [Akamai NetSession Interface] "C:\Users\USERNAME\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe ()
O4 - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s File not found
O4 - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
O4 - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E061DEF0-4B80-46F3-920E-13AB9DDDF76E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {3AFF8DAE-BE0D-D660-4143-D66146A1FFE7} - Browser Customizations
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5A970014-AA1D-754F-FAA1-3733AE91B66C} - Microsoft Windows Media Player
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {8EC63035-DD82-DF14-9A79-0079273FAD98} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {91046522-6A97-8DCE-144B-85A655E15B07} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {D3BC8655-A25E-5830-E0C9-51B126CBA9FA} - DirectX
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/12/22 23:28:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/22 22:15:55 | 000,000,000 | ---D | C] -- C:\Users\USERNAME\AppData\Roaming\Malwarebytes
[2012/12/22 22:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/22 22:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/22 22:15:39 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/22 22:15:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/22 22:13:37 | 010,669,952 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\USERNAME\Desktop\mbam-setup-1.65.1.1000.exe
[2012/12/21 22:20:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\USERNAME\Desktop\OTL.exe
[2012/12/21 22:02:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012/12/14 21:19:40 | 000,027,456 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\cpqdfw.sys
[2012/12/14 21:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/12/14 21:16:54 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2012/12/04 22:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Users\USERNAME\Documents\*.tmp files -> C:\Users\USERNAME\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/12/22 22:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/22 22:15:41 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/12/22 22:13:47 | 010,669,952 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\USERNAME\Desktop\mbam-setup-1.65.1.1000.exe
[2012/12/22 18:12:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/22 16:49:46 | 000,003,284 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCS{E061DEF0-4B80-46F3-920E-13AB9DDDF76E}
[2012/12/22 16:49:46 | 000,003,284 | ---- | M] () -- C:\Users\USERNAME\AppData\Roaming\ANIWZCS{E061DEF0-4B80-46F3-920E-13AB9DDDF76E}
[2012/12/21 23:00:47 | 000,302,592 | ---- | M] () -- C:\Users\USERNAME\Desktop\15sod9l8.exe
[2012/12/21 22:54:18 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/21 22:54:18 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/21 22:45:25 | 000,000,355 | ---- | M] () -- C:\Users\USERNAME\Desktop\Computer - Verknüpfung.lnk
[2012/12/21 22:20:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\USERNAME\Desktop\OTL.exe
[2012/12/21 22:19:01 | 000,000,000 | ---- | M] () -- C:\Users\USERNAME\defogger_reenable
[2012/12/21 22:17:32 | 000,050,477 | ---- | M] () -- C:\Users\USERNAME\Desktop\Defogger.exe
[2012/12/21 22:02:07 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2012/12/21 03:23:54 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/21 03:23:54 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/12/21 03:23:54 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/21 03:23:54 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/12/21 03:23:54 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/21 03:19:24 | 000,560,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/21 03:18:49 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/17 21:44:38 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUSERNAME.job
[2012/12/14 21:18:50 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/11/30 12:47:32 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[1 C:\Users\USERNAME\Documents\*.tmp files -> C:\Users\USERNAME\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/12/22 22:15:41 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/12/21 23:00:46 | 000,302,592 | ---- | C] () -- C:\Users\USERNAME\Desktop\15sod9l8.exe
[2012/12/21 22:45:25 | 000,000,355 | ---- | C] () -- C:\Users\USERNAME\Desktop\Computer - Verknüpfung.lnk
[2012/12/21 22:19:01 | 000,000,000 | ---- | C] () -- C:\Users\USERNAME\defogger_reenable
[2012/12/21 22:17:32 | 000,050,477 | ---- | C] () -- C:\Users\USERNAME\Desktop\Defogger.exe
[2012/12/21 22:02:07 | 000,001,180 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2012/12/21 22:02:06 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2012/12/14 21:18:49 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/03/15 18:01:11 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/20 19:27:32 | 000,000,000 | ---- | C] () -- C:\Users\USERNAME\AppData\Roaming\wklnhst.dat
[2011/11/29 16:23:36 | 000,225,231 | ---- | C] () -- C:\Windows\hpoins40.dat
[2011/05/07 08:38:52 | 000,000,258 | ---- | C] () -- C:\Users\USERNAME\AppData\Roaming\ANICONFIG_{E061DEF0-4B80-46F3-920E-13AB9DDDF76E}.ini
[2011/02/13 15:15:21 | 000,007,168 | ---- | C] () -- C:\Users\USERNAME\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/04 16:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/01/04 16:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/01/04 16:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/01/04 16:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/01/04 16:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/11/22 14:45:18 | 000,003,284 | ---- | C] () -- C:\Users\USERNAME\AppData\Roaming\ANIWZCS{E061DEF0-4B80-46F3-920E-13AB9DDDF76E}
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/06/06 19:15:10 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Autodesk
[2012/06/21 18:13:21 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\GrabPro
[2012/06/21 18:13:17 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\OpenCandy
[2012/09/20 21:23:31 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Orbit
[2012/06/21 18:13:27 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\ProgSense
[2011/02/13 15:12:10 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Samsung
[2011/12/20 19:27:34 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Template
[2010/10/31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\WildTangent
[2012/10/03 20:29:18 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010/10/24 15:28:20 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012/12/14 21:21:44 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2012/06/06 19:52:15 | 000,000,000 | ---D | M] -- C:\David
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012/06/21 18:42:16 | 000,000,000 | ---D | M] -- C:\downloads
[2010/11/30 10:21:00 | 000,000,000 | RHSD | M] -- C:\hp
[2011/12/12 22:13:24 | 000,000,000 | ---D | M] -- C:\Militär brennen
[2012/03/15 16:04:37 | 000,000,000 | ---D | M] -- C:\MITSI 2011 Temporary Files
[2010/11/30 23:26:49 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/06/25 06:59:34 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/12/22 22:15:39 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012/12/22 22:15:40 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009/07/24 19:32:39 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012/12/14 21:15:32 | 000,000,000 | ---D | M] -- C:\swsetup
[2012/12/22 23:34:46 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010/10/24 15:27:50 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2012/08/31 11:38:00 | 000,000,000 | ---D | M] -- C:\Temp
[2012/08/17 16:42:34 | 000,000,000 | R--D | M] -- C:\Users
[2012/09/23 02:20:47 | 000,000,000 | ---D | M] -- C:\Windows
[2012/12/22 23:28:33 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010/11/28 18:46:15 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Adobe
[2012/10/20 15:04:44 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Apple Computer
[2012/06/06 19:15:10 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Autodesk
[2011/01/11 13:09:24 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\CyberLink
[2012/06/21 18:13:21 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\GrabPro
[2012/10/03 20:47:38 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Hewlett-Packard
[2012/12/21 00:03:13 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\HP Support Assistant
[2012/12/14 21:17:47 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\hpqLog
[2012/12/21 00:03:13 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\HpUpdate
[2010/10/24 15:28:24 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Identities
[2010/10/29 13:25:36 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\InstallShield
[2010/10/29 13:48:49 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Macromedia
[2012/12/22 22:15:55 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Malwarebytes
[2012/09/20 22:31:11 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\MathematicaPlayer
[2009/07/14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Media Center Programs
[2012/12/18 22:25:15 | 000,000,000 | --SD | M] -- C:\Users\USERNAME\AppData\Roaming\Microsoft
[2010/10/29 14:42:22 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Mozilla
[2012/06/21 18:13:17 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\OpenCandy
[2012/09/20 21:23:31 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Orbit
[2012/06/21 18:13:27 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\ProgSense
[2011/02/13 15:12:10 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Samsung
[2011/12/20 19:27:34 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Template
[2012/09/29 16:39:57 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\vlc
[2010/10/31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\WildTangent
[2012/10/03 20:29:18 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\WinBatch
[2012/09/22 17:14:05 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012/03/15 16:00:27 | 000,010,134 | R--- | M] () -- C:\Users\USERNAME\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2012/06/21 18:18:08 | 006,831,480 | ---- | M] () -- C:\Users\USERNAME\AppData\Roaming\OpenCandy\79795011D7A544BAB421EF2A626B22B1\Linkury_CB_FF_p1v16.exe
[2012/05/30 02:17:52 | 000,958,392 | ---- | M] (Samsung) -- C:\Users\USERNAME\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe
[2012/05/30 02:17:54 | 000,278,968 | ---- | M] () -- C:\Users\USERNAME\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe
[2012/05/30 02:17:54 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\USERNAME\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe
[2012/05/30 02:18:02 | 000,067,512 | ---- | M] (Samsung) -- C:\Users\USERNAME\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe
[2012/05/30 02:18:04 | 000,183,736 | ---- | M] () -- C:\Users\USERNAME\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012/05/30 02:18:06 | 000,021,432 | ---- | M] () -- C:\Users\USERNAME\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe
[2012/05/30 02:18:08 | 003,570,352 | ---- | M] (Freeware) -- C:\Users\USERNAME\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe
[2012/05/30 02:18:10 | 000,371,128 | ---- | M] (ml) -- C:\Users\USERNAME\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012/06/08 12:02:14 | 000,371,128 | ---- | M] (ml) -- C:\Users\USERNAME\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >
 
< %SYSTEMROOT%\System32\config\*.sav >
 
< %SYSTEMROOT%\*. /mp /s >
 
< %SYSTEMROOT%\system32\*.dll /lockedfiles >
 
<           >
[2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 06:08:49 | 000,032,622 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/24 15:18:50 | 000,000,544 | ---- | C] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/05/30 15:55:27 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012/10/03 20:47:45 | 000,000,352 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForUSERNAME.job

< End of report >
         
Freundliche Grüsse

Aster!x

Alt 22.12.2012, 23:55   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hotmail Account gehackt und verschickt automatisch Mails - Standard

Hotmail Account gehackt und verschickt automatisch Mails



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.12.2012, 02:57   #8
Aster!x
 
Hotmail Account gehackt und verschickt automatisch Mails - Standard

Hotmail Account gehackt und verschickt automatisch Mails



aswMBR Log:
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-23 02:37:52
-----------------------------
02:37:52.835    OS Version: Windows x64 6.1.7601 Service Pack 1
02:37:52.835    Number of processors: 2 586 0x170A
02:37:52.835    ComputerName: PCNAME  UserName: USERNAME
02:37:54.002    Initialize success
02:39:27.235    AVAST engine defs: 12122200
02:39:38.068    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
02:39:38.070    Disk 0 Vendor: Hitachi_HDS721064CLA332 JPGOA3BF Size: 610480MB BusType: 3
02:39:38.084    Disk 0 MBR read successfully
02:39:38.087    Disk 0 MBR scan
02:39:38.090    Disk 0 unknown MBR code
02:39:38.101    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
02:39:38.110    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       597342 MB offset 206848
02:39:38.143    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        13036 MB offset 1223563264
02:39:38.188    Disk 0 scanning C:\Windows\system32\drivers
02:39:50.755    Service scanning
02:40:16.348    Modules scanning
02:40:16.349    Disk 0 trace - called modules:
02:40:16.352    
02:40:16.353    Scan finished successfully
02:41:11.388    Disk 0 MBR has been saved successfully to "C:\Users\USERNAME\Desktop\MBR.dat"
02:41:11.393    The log file has been saved successfully to "C:\Users\USERNAME\Desktop\aswMBR.txt"
         
TDSS-Killer Log:
Code:
ATTFilter
02:44:01.0522 4084  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
02:44:02.0551 4084  ============================================================
02:44:02.0551 4084  Current date / time: 2012/12/23 02:44:02.0551
02:44:02.0551 4084  SystemInfo:
02:44:02.0551 4084  
02:44:02.0551 4084  OS Version: 6.1.7601 ServicePack: 1.0
02:44:02.0551 4084  Product type: Workstation
02:44:02.0551 4084  ComputerName: PCNAME
02:44:02.0551 4084  UserName: USERNAME
02:44:02.0551 4084  Windows directory: C:\Windows
02:44:02.0551 4084  System windows directory: C:\Windows
02:44:02.0551 4084  Running under WOW64
02:44:02.0551 4084  Processor architecture: Intel x64
02:44:02.0551 4084  Number of processors: 2
02:44:02.0551 4084  Page size: 0x1000
02:44:02.0551 4084  Boot type: Normal boot
02:44:02.0551 4084  ============================================================
02:44:04.0104 4084  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:44:04.0125 4084  ============================================================
02:44:04.0125 4084  \Device\Harddisk0\DR0:
02:44:04.0125 4084  MBR partitions:
02:44:04.0125 4084  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
02:44:04.0125 4084  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x48EAF000
02:44:04.0125 4084  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x48EE1800, BlocksNum 0x1976000
02:44:04.0125 4084  ============================================================
02:44:04.0158 4084  C: <-> \Device\Harddisk0\DR0\Partition2
02:44:04.0202 4084  D: <-> \Device\Harddisk0\DR0\Partition3
02:44:04.0202 4084  ============================================================
02:44:04.0202 4084  Initialize success
02:44:04.0202 4084  ============================================================
02:44:28.0542 4848  ============================================================
02:44:28.0542 4848  Scan started
02:44:28.0542 4848  Mode: Manual; SigCheck; TDLFS; 
02:44:28.0542 4848  ============================================================
02:44:29.0256 4848  ================ Scan system memory ========================
02:44:29.0256 4848  System memory - ok
02:44:29.0257 4848  ================ Scan services =============================
02:44:29.0415 4848  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
02:44:29.0533 4848  1394ohci - ok
02:44:29.0566 4848  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
02:44:29.0581 4848  ACPI - ok
02:44:29.0605 4848  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
02:44:29.0670 4848  AcpiPmi - ok
02:44:29.0765 4848  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
02:44:29.0776 4848  AdobeARMservice - ok
02:44:29.0882 4848  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
02:44:29.0903 4848  AdobeFlashPlayerUpdateSvc - ok
02:44:29.0972 4848  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
02:44:29.0989 4848  adp94xx - ok
02:44:30.0013 4848  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
02:44:30.0028 4848  adpahci - ok
02:44:30.0040 4848  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
02:44:30.0052 4848  adpu320 - ok
02:44:30.0074 4848  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
02:44:30.0173 4848  AeLookupSvc - ok
02:44:30.0218 4848  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
02:44:30.0272 4848  AFD - ok
02:44:30.0306 4848  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
02:44:30.0316 4848  agp440 - ok
02:44:30.0339 4848  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
02:44:30.0424 4848  ALG - ok
02:44:30.0445 4848  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
02:44:30.0456 4848  aliide - ok
02:44:30.0473 4848  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
02:44:30.0483 4848  amdide - ok
02:44:30.0508 4848  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
02:44:30.0581 4848  AmdK8 - ok
02:44:30.0595 4848  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
02:44:30.0638 4848  AmdPPM - ok
02:44:30.0671 4848  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
02:44:30.0691 4848  amdsata - ok
02:44:30.0714 4848  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
02:44:30.0727 4848  amdsbs - ok
02:44:30.0739 4848  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
02:44:30.0749 4848  amdxata - ok
02:44:30.0759 4848  ANIWConnService - ok
02:44:30.0778 4848  [ 4CCF421E6C4B2A4CBCE000715911F7CC ] anodlwf         C:\Windows\system32\DRIVERS\anodlwfx.sys
02:44:30.0815 4848  anodlwf - ok
02:44:30.0858 4848  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
02:44:31.0060 4848  AppID - ok
02:44:31.0086 4848  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
02:44:31.0151 4848  AppIDSvc - ok
02:44:31.0180 4848  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
02:44:31.0208 4848  Appinfo - ok
02:44:31.0239 4848  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
02:44:31.0250 4848  arc - ok
02:44:31.0256 4848  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
02:44:31.0269 4848  arcsas - ok
02:44:31.0362 4848  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
02:44:31.0385 4848  aspnet_state - ok
02:44:31.0417 4848  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
02:44:31.0471 4848  AsyncMac - ok
02:44:31.0495 4848  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
02:44:31.0505 4848  atapi - ok
02:44:31.0553 4848  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
02:44:31.0599 4848  AudioEndpointBuilder - ok
02:44:31.0609 4848  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
02:44:31.0642 4848  AudioSrv - ok
02:44:31.0688 4848  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
02:44:31.0748 4848  AxInstSV - ok
02:44:31.0787 4848  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
02:44:31.0830 4848  b06bdrv - ok
02:44:31.0861 4848  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
02:44:31.0937 4848  b57nd60a - ok
02:44:31.0973 4848  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
02:44:32.0018 4848  BDESVC - ok
02:44:32.0031 4848  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
02:44:32.0083 4848  Beep - ok
02:44:32.0149 4848  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
02:44:32.0217 4848  BFE - ok
02:44:32.0431 4848  [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20121130.005\BHDrvx64.sys
02:44:32.0469 4848  BHDrvx64 - ok
02:44:32.0521 4848  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
02:44:32.0614 4848  BITS - ok
02:44:32.0631 4848  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
02:44:32.0659 4848  blbdrive - ok
02:44:32.0689 4848  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
02:44:32.0717 4848  bowser - ok
02:44:32.0744 4848  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:44:32.0819 4848  BrFiltLo - ok
02:44:32.0834 4848  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:44:32.0847 4848  BrFiltUp - ok
02:44:32.0869 4848  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
02:44:32.0912 4848  Browser - ok
02:44:32.0974 4848  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
02:44:33.0021 4848  Brserid - ok
02:44:33.0044 4848  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
02:44:33.0065 4848  BrSerWdm - ok
02:44:33.0083 4848  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
02:44:33.0125 4848  BrUsbMdm - ok
02:44:33.0139 4848  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
02:44:33.0158 4848  BrUsbSer - ok
02:44:33.0170 4848  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
02:44:33.0195 4848  BTHMODEM - ok
02:44:33.0226 4848  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
02:44:33.0262 4848  bthserv - ok
02:44:33.0290 4848  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
02:44:33.0320 4848  cdfs - ok
02:44:33.0366 4848  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
02:44:33.0394 4848  cdrom - ok
02:44:33.0441 4848  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
02:44:33.0495 4848  CertPropSvc - ok
02:44:33.0521 4848  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
02:44:33.0546 4848  circlass - ok
02:44:33.0565 4848  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
02:44:33.0581 4848  CLFS - ok
02:44:33.0624 4848  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:44:33.0635 4848  clr_optimization_v2.0.50727_32 - ok
02:44:33.0667 4848  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:44:33.0679 4848  clr_optimization_v2.0.50727_64 - ok
02:44:33.0749 4848  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:44:33.0767 4848  clr_optimization_v4.0.30319_32 - ok
02:44:33.0776 4848  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:44:33.0787 4848  clr_optimization_v4.0.30319_64 - ok
02:44:33.0814 4848  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
02:44:33.0839 4848  CmBatt - ok
02:44:33.0869 4848  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
02:44:33.0879 4848  cmdide - ok
02:44:33.0937 4848  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
02:44:33.0981 4848  CNG - ok
02:44:33.0996 4848  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
02:44:34.0008 4848  Compbatt - ok
02:44:34.0028 4848  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
02:44:34.0049 4848  CompositeBus - ok
02:44:34.0062 4848  COMSysApp - ok
02:44:34.0079 4848  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
02:44:34.0090 4848  crcdisk - ok
02:44:34.0137 4848  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
02:44:34.0191 4848  CryptSvc - ok
02:44:34.0234 4848  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
02:44:34.0280 4848  DcomLaunch - ok
02:44:34.0314 4848  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
02:44:34.0358 4848  defragsvc - ok
02:44:34.0389 4848  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
02:44:34.0430 4848  DfsC - ok
02:44:34.0450 4848  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
02:44:34.0501 4848  Dhcp - ok
02:44:34.0524 4848  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
02:44:34.0564 4848  discache - ok
02:44:34.0587 4848  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
02:44:34.0597 4848  Disk - ok
02:44:34.0619 4848  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
02:44:34.0679 4848  Dnscache - ok
02:44:34.0717 4848  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
02:44:34.0788 4848  dot3svc - ok
02:44:34.0820 4848  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
02:44:34.0863 4848  DPS - ok
02:44:34.0892 4848  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
02:44:34.0919 4848  drmkaud - ok
02:44:34.0982 4848  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
02:44:35.0023 4848  DXGKrnl - ok
02:44:35.0043 4848  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
02:44:35.0082 4848  EapHost - ok
02:44:35.0143 4848  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
02:44:35.0204 4848  ebdrv - ok
02:44:35.0256 4848  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
02:44:35.0271 4848  eeCtrl - ok
02:44:35.0290 4848  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
02:44:35.0349 4848  EFS - ok
02:44:35.0405 4848  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
02:44:35.0480 4848  ehRecvr - ok
02:44:35.0503 4848  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
02:44:35.0547 4848  ehSched - ok
02:44:35.0586 4848  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
02:44:35.0604 4848  elxstor - ok
02:44:35.0623 4848  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
02:44:35.0633 4848  EraserUtilRebootDrv - ok
02:44:35.0651 4848  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
02:44:35.0674 4848  ErrDev - ok
02:44:35.0717 4848  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
02:44:35.0758 4848  EventSystem - ok
02:44:35.0782 4848  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
02:44:35.0813 4848  exfat - ok
02:44:35.0831 4848  ezSharedSvc - ok
02:44:35.0849 4848  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
02:44:35.0886 4848  fastfat - ok
02:44:35.0964 4848  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
02:44:36.0018 4848  Fax - ok
02:44:36.0031 4848  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
02:44:36.0044 4848  fdc - ok
02:44:36.0066 4848  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
02:44:36.0109 4848  fdPHost - ok
02:44:36.0130 4848  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
02:44:36.0160 4848  FDResPub - ok
02:44:36.0180 4848  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
02:44:36.0190 4848  FileInfo - ok
02:44:36.0199 4848  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
02:44:36.0241 4848  Filetrace - ok
02:44:36.0356 4848  [ A4297244D4F817278A6AE45B1899CA9C ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
02:44:36.0400 4848  FLEXnet Licensing Service 64 - ok
02:44:36.0426 4848  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
02:44:36.0451 4848  flpydisk - ok
02:44:36.0493 4848  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
02:44:36.0508 4848  FltMgr - ok
02:44:36.0554 4848  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
02:44:36.0606 4848  FontCache - ok
02:44:36.0650 4848  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:44:36.0659 4848  FontCache3.0.0.0 - ok
02:44:36.0681 4848  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
02:44:36.0691 4848  FsDepends - ok
02:44:36.0710 4848  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
02:44:36.0720 4848  Fs_Rec - ok
02:44:36.0768 4848  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
02:44:36.0795 4848  fvevol - ok
02:44:36.0825 4848  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
02:44:36.0837 4848  gagp30kx - ok
02:44:36.0881 4848  [ E53EE18A21C025DEABCFE0F72FC481BB ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
02:44:36.0892 4848  GameConsoleService - ok
02:44:36.0943 4848  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:44:36.0954 4848  GEARAspiWDM - ok
02:44:37.0018 4848  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
02:44:37.0082 4848  gpsvc - ok
02:44:37.0099 4848  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
02:44:37.0157 4848  hcw85cir - ok
02:44:37.0185 4848  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
02:44:37.0209 4848  HdAudAddService - ok
02:44:37.0231 4848  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
02:44:37.0245 4848  HDAudBus - ok
02:44:37.0262 4848  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
02:44:37.0273 4848  HidBatt - ok
02:44:37.0292 4848  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
02:44:37.0317 4848  HidBth - ok
02:44:37.0334 4848  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
02:44:37.0358 4848  HidIr - ok
02:44:37.0381 4848  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
02:44:37.0441 4848  hidserv - ok
02:44:37.0500 4848  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
02:44:37.0511 4848  HidUsb - ok
02:44:37.0546 4848  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
02:44:37.0586 4848  hkmsvc - ok
02:44:37.0621 4848  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
02:44:37.0686 4848  HomeGroupListener - ok
02:44:37.0718 4848  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
02:44:37.0741 4848  HomeGroupProvider - ok
02:44:37.0840 4848  [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
02:44:37.0847 4848  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
02:44:37.0847 4848  HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
02:44:37.0938 4848  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
02:44:37.0966 4848  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
02:44:37.0966 4848  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
02:44:38.0001 4848  [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
02:44:38.0022 4848  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
02:44:38.0023 4848  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
02:44:38.0118 4848  [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
02:44:38.0148 4848  hpqwmiex - ok
02:44:38.0199 4848  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
02:44:38.0210 4848  HpSAMD - ok
02:44:38.0249 4848  [ 7F57926169C1B8ABA9274EA7D4B70F18 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
02:44:38.0268 4848  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
02:44:38.0268 4848  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
02:44:38.0314 4848  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
02:44:38.0369 4848  HTTP - ok
02:44:38.0397 4848  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
02:44:38.0408 4848  hwpolicy - ok
02:44:38.0473 4848  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
02:44:38.0495 4848  i8042prt - ok
02:44:38.0514 4848  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
02:44:38.0532 4848  iaStorV - ok
02:44:38.0590 4848  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:44:38.0611 4848  idsvc - ok
02:44:38.0721 4848  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20121221.001\IDSvia64.sys
02:44:38.0748 4848  IDSVia64 - ok
02:44:38.0770 4848  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
02:44:38.0781 4848  iirsp - ok
02:44:38.0826 4848  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
02:44:38.0875 4848  IKEEXT - ok
02:44:38.0948 4848  [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
02:44:39.0003 4848  IntcAzAudAddService - ok
02:44:39.0018 4848  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
02:44:39.0029 4848  intelide - ok
02:44:39.0063 4848  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
02:44:39.0097 4848  intelppm - ok
02:44:39.0120 4848  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
02:44:39.0162 4848  IPBusEnum - ok
02:44:39.0193 4848  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:44:39.0227 4848  IpFilterDriver - ok
02:44:39.0264 4848  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
02:44:39.0313 4848  iphlpsvc - ok
02:44:39.0355 4848  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
02:44:39.0380 4848  IPMIDRV - ok
02:44:39.0402 4848  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
02:44:39.0444 4848  IPNAT - ok
02:44:39.0478 4848  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
02:44:39.0539 4848  IRENUM - ok
02:44:39.0554 4848  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
02:44:39.0570 4848  isapnp - ok
02:44:39.0590 4848  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
02:44:39.0605 4848  iScsiPrt - ok
02:44:39.0627 4848  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
02:44:39.0638 4848  kbdclass - ok
02:44:39.0654 4848  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
02:44:39.0674 4848  kbdhid - ok
02:44:39.0679 4848  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
02:44:39.0690 4848  KeyIso - ok
02:44:39.0720 4848  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
02:44:39.0733 4848  KSecDD - ok
02:44:39.0754 4848  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
02:44:39.0767 4848  KSecPkg - ok
02:44:39.0789 4848  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
02:44:39.0832 4848  ksthunk - ok
02:44:39.0868 4848  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
02:44:39.0919 4848  KtmRm - ok
02:44:40.0017 4848  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
02:44:40.0068 4848  LanmanServer - ok
02:44:40.0110 4848  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
02:44:40.0156 4848  LanmanWorkstation - ok
02:44:40.0185 4848  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
02:44:40.0229 4848  lltdio - ok
02:44:40.0259 4848  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
02:44:40.0298 4848  lltdsvc - ok
02:44:40.0312 4848  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
02:44:40.0343 4848  lmhosts - ok
02:44:40.0372 4848  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
02:44:40.0384 4848  LSI_FC - ok
02:44:40.0394 4848  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
02:44:40.0405 4848  LSI_SAS - ok
02:44:40.0417 4848  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:44:40.0429 4848  LSI_SAS2 - ok
02:44:40.0445 4848  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:44:40.0458 4848  LSI_SCSI - ok
02:44:40.0502 4848  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
02:44:40.0560 4848  luafv - ok
02:44:40.0608 4848  [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
02:44:40.0618 4848  MBAMProtector - ok
02:44:40.0674 4848  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
02:44:40.0688 4848  MBAMScheduler - ok
02:44:40.0713 4848  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
02:44:40.0732 4848  MBAMService - ok
02:44:40.0759 4848  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
02:44:40.0776 4848  Mcx2Svc - ok
02:44:40.0794 4848  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
02:44:40.0806 4848  megasas - ok
02:44:40.0822 4848  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
02:44:40.0836 4848  MegaSR - ok
02:44:40.0882 4848  Microsoft SharePoint Workspace Audit Service - ok
02:44:41.0047 4848  [ 6BF0A4A21FBB50FCF644E9B7E8955241 ] mitsijm2011     C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe
02:44:41.0068 4848  mitsijm2011 ( UnsignedFile.Multi.Generic ) - warning
02:44:41.0068 4848  mitsijm2011 - detected UnsignedFile.Multi.Generic (1)
02:44:41.0098 4848  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
02:44:41.0151 4848  MMCSS - ok
02:44:41.0182 4848  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
02:44:41.0212 4848  Modem - ok
02:44:41.0236 4848  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
02:44:41.0257 4848  monitor - ok
02:44:41.0295 4848  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
02:44:41.0307 4848  mouclass - ok
02:44:41.0323 4848  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
02:44:41.0347 4848  mouhid - ok
02:44:41.0377 4848  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
02:44:41.0388 4848  mountmgr - ok
02:44:41.0436 4848  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
02:44:41.0447 4848  MozillaMaintenance - ok
02:44:41.0469 4848  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
02:44:41.0483 4848  mpio - ok
02:44:41.0504 4848  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
02:44:41.0534 4848  mpsdrv - ok
02:44:41.0577 4848  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
02:44:41.0627 4848  MpsSvc - ok
02:44:41.0659 4848  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
02:44:41.0675 4848  MRxDAV - ok
02:44:41.0702 4848  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
02:44:41.0740 4848  mrxsmb - ok
02:44:41.0767 4848  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:44:41.0797 4848  mrxsmb10 - ok
02:44:41.0814 4848  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:44:41.0842 4848  mrxsmb20 - ok
02:44:41.0871 4848  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
02:44:41.0882 4848  msahci - ok
02:44:41.0895 4848  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
02:44:41.0907 4848  msdsm - ok
02:44:41.0935 4848  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
02:44:41.0974 4848  MSDTC - ok
02:44:42.0004 4848  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
02:44:42.0035 4848  Msfs - ok
02:44:42.0052 4848  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
02:44:42.0085 4848  mshidkmdf - ok
02:44:42.0099 4848  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
02:44:42.0110 4848  msisadrv - ok
02:44:42.0136 4848  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
02:44:42.0172 4848  MSiSCSI - ok
02:44:42.0177 4848  msiserver - ok
02:44:42.0200 4848  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
02:44:42.0230 4848  MSKSSRV - ok
02:44:42.0242 4848  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
02:44:42.0280 4848  MSPCLOCK - ok
02:44:42.0294 4848  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
02:44:42.0323 4848  MSPQM - ok
02:44:42.0361 4848  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
02:44:42.0376 4848  MsRPC - ok
02:44:42.0413 4848  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
02:44:42.0423 4848  mssmbios - ok
02:44:42.0446 4848  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
02:44:42.0484 4848  MSTEE - ok
02:44:42.0495 4848  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
02:44:42.0507 4848  MTConfig - ok
02:44:42.0543 4848  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
02:44:42.0554 4848  Mup - ok
02:44:42.0615 4848  [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360            C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
02:44:42.0626 4848  N360 - ok
02:44:42.0659 4848  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
02:44:42.0708 4848  napagent - ok
02:44:42.0732 4848  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
02:44:42.0756 4848  NativeWifiP - ok
02:44:42.0833 4848  [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20121221.024\ENG64.SYS
02:44:42.0842 4848  NAVENG - ok
02:44:42.0885 4848  [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20121221.024\EX64.SYS
02:44:42.0925 4848  NAVEX15 - ok
02:44:42.0976 4848  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
02:44:43.0001 4848  NDIS - ok
02:44:43.0048 4848  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
02:44:43.0088 4848  NdisCap - ok
02:44:43.0112 4848  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
02:44:43.0155 4848  NdisTapi - ok
02:44:43.0193 4848  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
02:44:43.0235 4848  Ndisuio - ok
02:44:43.0264 4848  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
02:44:43.0295 4848  NdisWan - ok
02:44:43.0329 4848  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
02:44:43.0377 4848  NDProxy - ok
02:44:43.0414 4848  [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
02:44:43.0431 4848  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
02:44:43.0432 4848  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
02:44:43.0464 4848  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
02:44:43.0508 4848  NetBIOS - ok
02:44:43.0555 4848  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
02:44:43.0586 4848  NetBT - ok
02:44:43.0599 4848  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
02:44:43.0612 4848  Netlogon - ok
02:44:43.0644 4848  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
02:44:43.0691 4848  Netman - ok
02:44:43.0711 4848  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:44:43.0722 4848  NetMsmqActivator - ok
02:44:43.0726 4848  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:44:43.0736 4848  NetPipeActivator - ok
02:44:43.0758 4848  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
02:44:43.0807 4848  netprofm - ok
02:44:43.0852 4848  [ 26672F93749AC9FD28DA1B0F94EFA78D ] netr28ux        C:\Windows\system32\DRIVERS\Dnetr28ux.sys
02:44:43.0889 4848  netr28ux - ok
02:44:43.0894 4848  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:44:43.0904 4848  NetTcpActivator - ok
02:44:43.0909 4848  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:44:43.0919 4848  NetTcpPortSharing - ok
02:44:43.0973 4848  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
02:44:43.0992 4848  nfrd960 - ok
02:44:44.0047 4848  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
02:44:44.0099 4848  NlaSvc - ok
02:44:44.0132 4848  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
02:44:44.0169 4848  Npfs - ok
02:44:44.0185 4848  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
02:44:44.0226 4848  nsi - ok
02:44:44.0244 4848  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
02:44:44.0289 4848  nsiproxy - ok
02:44:44.0351 4848  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
02:44:44.0397 4848  Ntfs - ok
02:44:44.0415 4848  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
02:44:44.0457 4848  Null - ok
02:44:44.0493 4848  [ CDDD4478757288DF4BB1494BFD084259 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
02:44:44.0502 4848  NVHDA - ok
02:44:44.0769 4848  [ 04A048659B8F77F9151308A690F14E87 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:44:44.0987 4848  nvlddmkm - ok
02:44:45.0064 4848  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
02:44:45.0126 4848  nvraid - ok
02:44:45.0167 4848  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
02:44:45.0179 4848  nvstor - ok
02:44:45.0212 4848  [ 35ED605E778509668C08ED15DB96E7CD ] nvsvc           C:\Windows\system32\nvvsvc.exe
02:44:45.0222 4848  nvsvc - ok
02:44:45.0237 4848  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
02:44:45.0250 4848  nv_agp - ok
02:44:45.0266 4848  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
02:44:45.0284 4848  ohci1394 - ok
02:44:45.0314 4848  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:44:45.0326 4848  ose - ok
02:44:45.0438 4848  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
02:44:45.0505 4848  osppsvc - ok
02:44:45.0538 4848  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
02:44:45.0609 4848  p2pimsvc - ok
02:44:45.0628 4848  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
02:44:45.0645 4848  p2psvc - ok
02:44:45.0663 4848  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
02:44:45.0689 4848  Parport - ok
02:44:45.0716 4848  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
02:44:45.0728 4848  partmgr - ok
02:44:45.0752 4848  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
02:44:45.0783 4848  PcaSvc - ok
02:44:45.0801 4848  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
02:44:45.0814 4848  pci - ok
02:44:45.0858 4848  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
02:44:45.0877 4848  pciide - ok
02:44:45.0906 4848  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
02:44:45.0920 4848  pcmcia - ok
02:44:45.0964 4848  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
02:44:45.0975 4848  pcw - ok
02:44:45.0993 4848  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
02:44:46.0037 4848  PEAUTH - ok
02:44:46.0135 4848  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
02:44:46.0160 4848  PerfHost - ok
02:44:46.0219 4848  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
02:44:46.0266 4848  pla - ok
02:44:46.0298 4848  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
02:44:46.0345 4848  PlugPlay - ok
02:44:46.0381 4848  [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
02:44:46.0399 4848  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
02:44:46.0399 4848  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
02:44:46.0423 4848  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
02:44:46.0448 4848  PNRPAutoReg - ok
02:44:46.0471 4848  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
02:44:46.0485 4848  PNRPsvc - ok
02:44:46.0521 4848  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
02:44:46.0571 4848  PolicyAgent - ok
02:44:46.0600 4848  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
02:44:46.0632 4848  Power - ok
02:44:46.0675 4848  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
02:44:46.0715 4848  PptpMiniport - ok
02:44:46.0740 4848  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
02:44:46.0765 4848  Processor - ok
02:44:46.0802 4848  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
02:44:46.0840 4848  ProfSvc - ok
02:44:46.0849 4848  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
02:44:46.0860 4848  ProtectedStorage - ok
02:44:46.0901 4848  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
02:44:46.0943 4848  Psched - ok
02:44:46.0987 4848  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
02:44:47.0020 4848  ql2300 - ok
02:44:47.0038 4848  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
02:44:47.0051 4848  ql40xx - ok
02:44:47.0075 4848  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
02:44:47.0123 4848  QWAVE - ok
02:44:47.0145 4848  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
02:44:47.0172 4848  QWAVEdrv - ok
02:44:47.0191 4848  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
02:44:47.0229 4848  RasAcd - ok
02:44:47.0254 4848  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
02:44:47.0296 4848  RasAgileVpn - ok
02:44:47.0313 4848  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
02:44:47.0344 4848  RasAuto - ok
02:44:47.0376 4848  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
02:44:47.0419 4848  Rasl2tp - ok
02:44:47.0448 4848  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
02:44:47.0487 4848  RasMan - ok
02:44:47.0513 4848  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
02:44:47.0545 4848  RasPppoe - ok
02:44:47.0552 4848  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
02:44:47.0592 4848  RasSstp - ok
02:44:47.0615 4848  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
02:44:47.0647 4848  rdbss - ok
02:44:47.0657 4848  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
02:44:47.0670 4848  rdpbus - ok
02:44:47.0685 4848  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
02:44:47.0714 4848  RDPCDD - ok
02:44:47.0724 4848  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
02:44:47.0754 4848  RDPENCDD - ok
02:44:47.0765 4848  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
02:44:47.0808 4848  RDPREFMP - ok
02:44:47.0834 4848  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
02:44:47.0890 4848  RDPWD - ok
02:44:47.0940 4848  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
02:44:47.0955 4848  rdyboost - ok
02:44:47.0975 4848  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
02:44:48.0017 4848  RemoteAccess - ok
02:44:48.0041 4848  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
02:44:48.0073 4848  RemoteRegistry - ok
02:44:48.0092 4848  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
02:44:48.0175 4848  RpcEptMapper - ok
02:44:48.0200 4848  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
02:44:48.0224 4848  RpcLocator - ok
02:44:48.0258 4848  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
02:44:48.0293 4848  RpcSs - ok
02:44:48.0313 4848  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
02:44:48.0343 4848  rspndr - ok
02:44:48.0382 4848  [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
02:44:48.0394 4848  RTL8167 - ok
02:44:48.0407 4848  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
02:44:48.0418 4848  SamSs - ok
02:44:48.0448 4848  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
02:44:48.0460 4848  sbp2port - ok
02:44:48.0482 4848  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
02:44:48.0526 4848  SCardSvr - ok
02:44:48.0562 4848  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
02:44:48.0604 4848  scfilter - ok
02:44:48.0654 4848  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
02:44:48.0706 4848  Schedule - ok
02:44:48.0741 4848  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
02:44:48.0768 4848  SCPolicySvc - ok
02:44:48.0801 4848  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
02:44:48.0849 4848  SDRSVC - ok
02:44:48.0863 4848  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
02:44:48.0899 4848  secdrv - ok
02:44:48.0914 4848  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
02:44:48.0945 4848  seclogon - ok
02:44:48.0973 4848  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
02:44:49.0018 4848  SENS - ok
02:44:49.0039 4848  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
02:44:49.0065 4848  SensrSvc - ok
02:44:49.0092 4848  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
02:44:49.0118 4848  Serenum - ok
02:44:49.0129 4848  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
02:44:49.0146 4848  Serial - ok
02:44:49.0155 4848  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
02:44:49.0176 4848  sermouse - ok
02:44:49.0218 4848  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
02:44:49.0263 4848  SessionEnv - ok
02:44:49.0297 4848  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
02:44:49.0327 4848  sffdisk - ok
02:44:49.0341 4848  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
02:44:49.0356 4848  sffp_mmc - ok
02:44:49.0372 4848  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
02:44:49.0399 4848  sffp_sd - ok
02:44:49.0412 4848  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
02:44:49.0425 4848  sfloppy - ok
02:44:49.0448 4848  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
02:44:49.0495 4848  SharedAccess - ok
02:44:49.0519 4848  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
02:44:49.0553 4848  ShellHWDetection - ok
02:44:49.0571 4848  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:44:49.0582 4848  SiSRaid2 - ok
02:44:49.0592 4848  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
02:44:49.0603 4848  SiSRaid4 - ok
02:44:49.0650 4848  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
02:44:49.0698 4848  Smb - ok
02:44:49.0721 4848  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
02:44:49.0743 4848  SNMPTRAP - ok
02:44:49.0756 4848  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
02:44:49.0766 4848  spldr - ok
02:44:49.0798 4848  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
02:44:49.0848 4848  Spooler - ok
02:44:49.0947 4848  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
02:44:50.0022 4848  sppsvc - ok
02:44:50.0043 4848  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
02:44:50.0087 4848  sppuinotify - ok
02:44:50.0214 4848  [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP           C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS
02:44:50.0253 4848  SRTSP - ok
02:44:50.0273 4848  [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX          C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS
02:44:50.0283 4848  SRTSPX - ok
02:44:50.0310 4848  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
02:44:50.0341 4848  srv - ok
02:44:50.0360 4848  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
02:44:50.0385 4848  srv2 - ok
02:44:50.0408 4848  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
02:44:50.0432 4848  srvnet - ok
02:44:50.0476 4848  [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
02:44:50.0516 4848  ssadbus - ok
02:44:50.0541 4848  [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
02:44:50.0579 4848  ssadmdfl - ok
02:44:50.0615 4848  [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
02:44:50.0634 4848  ssadmdm - ok
02:44:50.0666 4848  [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus         C:\Windows\system32\DRIVERS\sscdbus.sys
02:44:50.0677 4848  sscdbus - ok
02:44:50.0702 4848  [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl        C:\Windows\system32\DRIVERS\sscdmdfl.sys
02:44:50.0710 4848  sscdmdfl - ok
02:44:50.0725 4848  [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm         C:\Windows\system32\DRIVERS\sscdmdm.sys
02:44:50.0735 4848  sscdmdm - ok
02:44:50.0768 4848  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
02:44:50.0813 4848  SSDPSRV - ok
02:44:50.0832 4848  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
02:44:50.0881 4848  SstpSvc - ok
02:44:50.0907 4848  Steam Client Service - ok
02:44:50.0927 4848  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
02:44:50.0938 4848  stexstor - ok
02:44:50.0992 4848  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
02:44:51.0028 4848  stisvc - ok
02:44:51.0063 4848  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
02:44:51.0075 4848  swenum - ok
02:44:51.0097 4848  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
02:44:51.0133 4848  swprv - ok
02:44:51.0179 4848  [ 6160145C7A87FC7672E8E3B886888176 ] SymDS           C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS
02:44:51.0194 4848  SymDS - ok
02:44:51.0231 4848  [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA          C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS
02:44:51.0256 4848  SymEFA - ok
02:44:51.0276 4848  [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
02:44:51.0289 4848  SymEvent - ok
02:44:51.0300 4848  [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON         C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS
02:44:51.0311 4848  SymIRON - ok
02:44:51.0324 4848  [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS         C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS
02:44:51.0339 4848  SymNetS - ok
02:44:51.0395 4848  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
02:44:51.0450 4848  SysMain - ok
02:44:51.0479 4848  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
02:44:51.0510 4848  TabletInputService - ok
02:44:51.0528 4848  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
02:44:51.0576 4848  TapiSrv - ok
02:44:51.0597 4848  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
02:44:51.0641 4848  TBS - ok
02:44:51.0701 4848  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
02:44:51.0744 4848  Tcpip - ok
02:44:51.0771 4848  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
02:44:51.0803 4848  TCPIP6 - ok
02:44:51.0819 4848  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
02:44:51.0830 4848  tcpipreg - ok
02:44:51.0856 4848  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
02:44:51.0878 4848  TDPIPE - ok
02:44:51.0911 4848  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
02:44:51.0931 4848  TDTCP - ok
02:44:52.0002 4848  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
02:44:52.0030 4848  tdx - ok
02:44:52.0150 4848  [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8     C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
02:44:52.0201 4848  TeamViewer8 - ok
02:44:52.0236 4848  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
02:44:52.0249 4848  TermDD - ok
02:44:52.0291 4848  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
02:44:52.0329 4848  TermService - ok
02:44:52.0365 4848  [ CE4B6956E4E12492715A53076E58761F ] TFsExDisk       C:\Windows\System32\Drivers\TFsExDisk.sys
02:44:52.0374 4848  TFsExDisk - ok
02:44:52.0392 4848  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
02:44:52.0418 4848  Themes - ok
02:44:52.0438 4848  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
02:44:52.0469 4848  THREADORDER - ok
02:44:52.0487 4848  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
02:44:52.0537 4848  TrkWks - ok
02:44:52.0608 4848  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
02:44:52.0673 4848  TrustedInstaller - ok
02:44:52.0705 4848  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
02:44:52.0762 4848  tssecsrv - ok
02:44:52.0810 4848  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
02:44:52.0856 4848  TsUsbFlt - ok
02:44:52.0897 4848  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
02:44:52.0939 4848  tunnel - ok
02:44:52.0969 4848  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
02:44:52.0980 4848  uagp35 - ok
02:44:53.0014 4848  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
02:44:53.0057 4848  udfs - ok
02:44:53.0088 4848  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
02:44:53.0101 4848  UI0Detect - ok
02:44:53.0118 4848  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
02:44:53.0130 4848  uliagpkx - ok
02:44:53.0177 4848  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
02:44:53.0203 4848  umbus - ok
02:44:53.0226 4848  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
02:44:53.0237 4848  UmPass - ok
02:44:53.0252 4848  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
02:44:53.0286 4848  upnphost - ok
02:44:53.0294 4848  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
02:44:53.0330 4848  usbccgp - ok
02:44:53.0348 4848  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
02:44:53.0374 4848  usbcir - ok
02:44:53.0393 4848  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
02:44:53.0412 4848  usbehci - ok
02:44:53.0467 4848  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
02:44:53.0513 4848  usbhub - ok
02:44:53.0537 4848  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
02:44:53.0564 4848  usbohci - ok
02:44:53.0588 4848  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
02:44:53.0612 4848  usbprint - ok
02:44:53.0627 4848  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:44:53.0692 4848  USBSTOR - ok
02:44:53.0712 4848  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
02:44:53.0730 4848  usbuhci - ok
02:44:53.0750 4848  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
02:44:53.0782 4848  UxSms - ok
02:44:53.0790 4848  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
02:44:53.0803 4848  VaultSvc - ok
02:44:53.0814 4848  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
02:44:53.0825 4848  vdrvroot - ok
02:44:53.0863 4848  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
02:44:53.0914 4848  vds - ok
02:44:53.0967 4848  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
02:44:53.0993 4848  vga - ok
02:44:54.0005 4848  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
02:44:54.0051 4848  VgaSave - ok
02:44:54.0084 4848  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
02:44:54.0101 4848  vhdmp - ok
02:44:54.0118 4848  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
02:44:54.0128 4848  viaide - ok
02:44:54.0142 4848  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
02:44:54.0154 4848  volmgr - ok
02:44:54.0205 4848  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
02:44:54.0220 4848  volmgrx - ok
02:44:54.0232 4848  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
02:44:54.0247 4848  volsnap - ok
02:44:54.0277 4848  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
02:44:54.0289 4848  vsmraid - ok
02:44:54.0345 4848  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
02:44:54.0405 4848  VSS - ok
02:44:54.0431 4848  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
02:44:54.0453 4848  vwifibus - ok
02:44:54.0475 4848  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
02:44:54.0505 4848  vwififlt - ok
02:44:54.0533 4848  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
02:44:54.0582 4848  W32Time - ok
02:44:54.0608 4848  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
02:44:54.0620 4848  WacomPen - ok
02:44:54.0660 4848  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
02:44:54.0701 4848  WANARP - ok
02:44:54.0719 4848  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
02:44:54.0747 4848  Wanarpv6 - ok
02:44:54.0825 4848  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
02:44:54.0867 4848  WatAdminSvc - ok
02:44:54.0919 4848  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
02:44:55.0027 4848  wbengine - ok
02:44:55.0053 4848  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
02:44:55.0071 4848  WbioSrvc - ok
02:44:55.0106 4848  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
02:44:55.0142 4848  wcncsvc - ok
02:44:55.0155 4848  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
02:44:55.0225 4848  WcsPlugInService - ok
02:44:55.0235 4848  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
02:44:55.0246 4848  Wd - ok
02:44:55.0285 4848  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
02:44:55.0304 4848  WDC_SAM - ok
02:44:55.0330 4848  [ E6050FE6B60FA91188B8ABDB5B1E339F ] WDDMService     C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
02:44:55.0353 4848  WDDMService ( UnsignedFile.Multi.Generic ) - warning
02:44:55.0353 4848  WDDMService - detected UnsignedFile.Multi.Generic (1)
02:44:55.0389 4848  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
02:44:55.0426 4848  Wdf01000 - ok
02:44:55.0492 4848  [ B83D5071B32A70BEBDB3330BFA7ACB80 ] WDFME           C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
02:44:55.0515 4848  WDFME - ok
02:44:55.0524 4848  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
02:44:55.0566 4848  WdiServiceHost - ok
02:44:55.0571 4848  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
02:44:55.0589 4848  WdiSystemHost - ok
02:44:55.0601 4848  [ 517DE2C5568CBA6B2A24A557AC60C30B ] WDSC            C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
02:44:55.0614 4848  WDSC - ok
02:44:55.0651 4848  [ 5941B8AA229C6E5D7924919D3EDE0843 ] Web Assistant Updater C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
02:44:55.0660 4848  Web Assistant Updater - ok
02:44:55.0701 4848  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
02:44:55.0735 4848  WebClient - ok
02:44:55.0781 4848  [ 688399FF25A4012AF16DA2E5C3DAF050 ] WebOptimizer    C:\Windows\system32\dmwu.exe
02:44:55.0806 4848  WebOptimizer - ok
02:44:55.0833 4848  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
02:44:55.0874 4848  Wecsvc - ok
02:44:55.0889 4848  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
02:44:55.0921 4848  wercplsupport - ok
02:44:55.0927 4848  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
02:44:55.0979 4848  WerSvc - ok
02:44:56.0004 4848  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
02:44:56.0032 4848  WfpLwf - ok
02:44:56.0043 4848  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
02:44:56.0054 4848  WIMMount - ok
02:44:56.0077 4848  WinDefend - ok
02:44:56.0084 4848  WinHttpAutoProxySvc - ok
02:44:56.0123 4848  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
02:44:56.0168 4848  Winmgmt - ok
02:44:56.0250 4848  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
02:44:56.0326 4848  WinRM - ok
02:44:56.0383 4848  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
02:44:56.0397 4848  WinUsb - ok
02:44:56.0427 4848  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
02:44:56.0463 4848  Wlansvc - ok
02:44:56.0481 4848  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
02:44:56.0500 4848  WmiAcpi - ok
02:44:56.0532 4848  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
02:44:56.0562 4848  wmiApSrv - ok
02:44:56.0593 4848  WMPNetworkSvc - ok
02:44:56.0604 4848  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
02:44:56.0629 4848  WPCSvc - ok
02:44:56.0669 4848  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
02:44:56.0687 4848  WPDBusEnum - ok
02:44:56.0712 4848  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
02:44:56.0755 4848  ws2ifsl - ok
02:44:56.0782 4848  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
02:44:56.0813 4848  wscsvc - ok
02:44:56.0817 4848  WSearch - ok
02:44:56.0878 4848  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
02:44:56.0928 4848  wuauserv - ok
02:44:56.0967 4848  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
02:44:57.0003 4848  WudfPf - ok
02:44:57.0030 4848  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
02:44:57.0043 4848  WUDFRd - ok
02:44:57.0086 4848  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
02:44:57.0116 4848  wudfsvc - ok
02:44:57.0147 4848  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
02:44:57.0184 4848  WwanSvc - ok
02:44:57.0216 4848  ================ Scan global ===============================
02:44:57.0228 4848  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
02:44:57.0259 4848  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
02:44:57.0267 4848  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
02:44:57.0287 4848  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
02:44:57.0312 4848  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
02:44:57.0316 4848  [Global] - ok
02:44:57.0317 4848  ================ Scan MBR ==================================
02:44:57.0327 4848  [ B683B38A76E140687F7D39BFBC315CEB ] \Device\Harddisk0\DR0
02:44:57.0615 4848  \Device\Harddisk0\DR0 - ok
02:44:57.0616 4848  ================ Scan VBR ==================================
02:44:57.0619 4848  [ 16C9B63093234F43ECEF0621F5C46FA8 ] \Device\Harddisk0\DR0\Partition1
02:44:57.0620 4848  \Device\Harddisk0\DR0\Partition1 - ok
02:44:57.0654 4848  [ 3E870E04856EF8A87BC64ECE4286C70D ] \Device\Harddisk0\DR0\Partition2
02:44:57.0656 4848  \Device\Harddisk0\DR0\Partition2 - ok
02:44:57.0688 4848  [ 0DEA341C70C581A7B375D0DFC0AE8AFF ] \Device\Harddisk0\DR0\Partition3
02:44:57.0699 4848  \Device\Harddisk0\DR0\Partition3 - ok
02:44:57.0700 4848  ============================================================
02:44:57.0700 4848  Scan finished
02:44:57.0700 4848  ============================================================
02:44:57.0712 5916  Detected object count: 8
02:44:57.0712 5916  Actual detected object count: 8
02:45:27.0041 5916  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
02:45:27.0041 5916  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:45:27.0043 5916  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
02:45:27.0043 5916  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:45:27.0046 5916  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
02:45:27.0046 5916  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:45:27.0048 5916  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
02:45:27.0048 5916  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:45:27.0051 5916  mitsijm2011 ( UnsignedFile.Multi.Generic ) - skipped by user
02:45:27.0051 5916  mitsijm2011 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:45:27.0051 5916  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
02:45:27.0051 5916  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:45:27.0053 5916  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
02:45:27.0053 5916  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:45:27.0055 5916  WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
02:45:27.0055 5916  WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Vielen Dank und Freundliche Grüsse!

Aster!x

Alt 23.12.2012, 03:08   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hotmail Account gehackt und verschickt automatisch Mails - Standard

Hotmail Account gehackt und verschickt automatisch Mails



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.12.2012, 19:05   #10
Aster!x
 
Hotmail Account gehackt und verschickt automatisch Mails - Standard

Hotmail Account gehackt und verschickt automatisch Mails



Hallo Cosinus!

Hier die Ergebnisse:
Code:
ATTFilter
ComboFix 12-12-22.02 - Boos David 23.12.2012  17:30:08.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.41.1031.18.4095.2972 [GMT 1:00]
ausgeführt von:: c:\users\Boos David\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Incredibar.com
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibar.crx
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\inCRedibartlbr.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\users\Boos David\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\users\Boos David\Documents\~WRL0005.tmp
c:\users\BOOSDA~1\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-23 bis 2012-12-23  ))))))))))))))))))))))))))))))
.
.
2012-12-23 16:34 . 2012-12-23 16:34	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-23 16:27 . 2008-04-17 21:12	107368	----a-r-	c:\windows\SysWow64\GEARAspi.dll
2012-12-23 16:27 . 2008-04-17 21:12	126312	----a-r-	c:\windows\system32\GEARAspi64.dll
2012-12-22 22:28 . 2012-12-22 22:28	--------	d-----w-	C:\_OTL
2012-12-22 21:15 . 2012-12-22 21:15	--------	d-----w-	c:\users\Boos David\AppData\Roaming\Malwarebytes
2012-12-22 21:15 . 2012-12-22 21:15	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-22 21:15 . 2012-12-22 21:15	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-22 21:15 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-21 21:02 . 2012-12-21 21:02	--------	d-----w-	c:\program files (x86)\TeamViewer
2012-12-21 02:01 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-21 02:01 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-21 02:01 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-21 02:01 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-14 20:19 . 2012-05-29 14:53	27456	----a-w-	c:\windows\system32\drivers\cpqdfw.sys
2012-12-14 20:16 . 2012-12-14 20:16	--------	d-----w-	c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2012-12-12 17:49 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-12 17:48 . 2012-11-02 05:59	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-12-12 17:48 . 2012-11-02 05:11	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 02:05 . 2010-11-08 10:15	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-12-12 17:31 . 2012-05-30 14:55	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 17:31 . 2011-12-23 21:04	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-28 20:10 . 2012-10-28 20:10	163056	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-25 02:12 . 2012-10-25 02:12	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2012-10-16 08:38 . 2012-11-27 20:38	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 20:38	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 20:38	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-14 21:33	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-14 21:33	226816	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 21:33	44032	----a-w-	c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 21:33	193536	----a-w-	c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-12 17:49	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-14 21:33	1914248	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-14 21:33	70656	----a-w-	c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-14 21:33	303104	----a-w-	c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-14 21:33	246272	----a-w-	c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-14 21:33	18944	----a-w-	c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-14 21:33	216576	----a-w-	c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-14 21:33	569344	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-14 21:33	18944	----a-w-	c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-14 21:33	175104	----a-w-	c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 21:33	156672	----a-w-	c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-14 21:33	45568	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-09-25 22:47 . 2012-11-14 21:33	78336	----a-w-	c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-14 21:33	95744	----a-w-	c:\windows\system32\synceng.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
2012-09-03 07:13	167256	----a-w-	c:\program files\Web Assistant\Extension32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe" [2010-02-10 1712184]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-13 1354736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-01-25 61112]
"ANIWZCS2Service"="c:\program files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-08-21 98304]
"D-Link D-Link Wireless G DWL-G122_DWA-110"="c:\program files (x86)\D-Link\DWL-G122_DWA-110\AirGCFG.exe" [2009-09-18 1708032]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 4236288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-03-15 1436424]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2011-01-04 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-30 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-02-16 14464]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys [2009-03-06 15872]
S2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 mitsijm2011;Autodesk Moldflow Inventor Tool Suite Integration 2011 - Job-Manager;c:\program files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe [2010-01-23 673792]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 288768]
S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1066896]
S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 491920]
S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-09-03 188760]
S2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [2012-09-13 1259888]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 17:31]
.
2012-12-17 c:\windows\Tasks\HPCeeScheduleForBoos David.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
2012-11-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01 23:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://mystart.incredibar.com/mb128?a=6R8x2GHMcO&i=26
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.sweetim.com/?barid={F1959716-4748-4198-822E-A0B02F7DA9B3}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=CH&userid=521df724-c226-4be1-8063-f8b0be72bed5&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Web-Suche - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Boos David\AppData\Roaming\Mozilla\Firefox\Profiles\cppgs5l7.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb128/?loc=IB_DS&a=6R8x2GHMcO&&i=26&search=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2011-11-29 16:37; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: extensions.softonic_i.hmpg - true
FF - user.js: extensions.softonic_i.hmpgUrl - hxxp://search.softonic.com/MON00005/tb_v1?SearchSource=13&cc=
FF - user.js: extensions.softonic_i.dfltSrch - true
FF - user.js: extensions.softonic_i.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.softonic_i.keyWordUrl - hxxp://search.softonic.com/MON00005/tb_v1?SearchSource=2&cc=&q=
FF - user.js: extensions.softonic_i.dnsErr - true
FF - user.js: extensions.softonic_i.newTabUrl - hxxp://search.softonic.com/MON00005/tb_v1?SearchSource=15&cc=
FF - user.js: extensions.softonic_i.newTab - false
FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.softonic_i.id - 7ab1a2d7000000000000f07d687397b3
FF - user.js: extensions.softonic_i.instlDay - 15407
FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.59:47
FF - user.js: extensions.softonic_i.prtnrId - softonic
FF - user.js: extensions.softonic_i.prdct - softonic
FF - user.js: extensions.softonic_i.aflt - orgnl
FF - user.js: extensions.softonic_i.smplGrp - eng7
FF - user.js: extensions.softonic_i.tlbrId - eng7
FF - user.js: extensions.softonic_i.instlRef - MON00001
FF - user.js: extensions.softonic_i.dfltLng - 
FF - user.js: extensions.softonic_i.excTlbr - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8x2GHMcO&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 7ab1a2d7000000000000f07d687397b3
FF - user.js: extensions.incredibar_i.instlDay - 15516
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.148:01
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6R8x2GHMcO
FF - user.js: extensions.incredibar_i.upn2n - 92824594661509922
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10658
FF - user.js: extensions.incredibar_i.ppd - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
Toolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
Wow6432Node-HKCU-Run-KiesHelper - c:\program files (x86)\Samsung\Kies\KiesHelper.exe
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Boos David\AppData\Local\Akamai\netsession_win.exe
Wow6432Node-HKCU-Run-LightScribe Control Panel - c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-WZCSLDR2 - c:\program files (x86)\D-Link\DWL-G122_DWA-110\WZCSLDR2.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\ANIWConnService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-23  17:41:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-12-23 16:41
.
Vor Suchlauf: 13 Verzeichnis(se), 505'228'959'744 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 505'535'873'024 Bytes frei
.
- - End Of File - - F32A77F75A3817E23A9C2378E1A91FAA
         
Vielen Dank und Freundliche Grüsse

Aster!x

Alt 23.12.2012, 19:43   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hotmail Account gehackt und verschickt automatisch Mails - Standard

Hotmail Account gehackt und verschickt automatisch Mails



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.12.2012, 18:47   #12
Aster!x
 
Hotmail Account gehackt und verschickt automatisch Mails - Standard

Hotmail Account gehackt und verschickt automatisch Mails



Hallo Cosinus

Hier die Textdatei

Code:
ATTFilter
# AdwCleaner v2.102 - Datei am 24/12/2012 um 18:34:38 erstellt
# Aktualisiert am 23/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : USERNAME - PCNAME
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\USERNAME\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****

Gefunden : Web Assistant Updater
Gefunden : WebOptimizer

***** [Dateien / Ordner] *****

Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\USERNAME\Desktop\sweetpcfix.url
Ordner Gefunden : C:\Program Files\Web Assistant
Ordner Gefunden : C:\Users\USERNAME\AppData\LocalLow\incredibar.com
Ordner Gefunden : C:\Users\USERNAME\AppData\LocalLow\Softonic
Ordner Gefunden : C:\Users\USERNAME\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Windows\SysWOW64\WNLT

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\incredibar.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche
Schlüssel Gefunden : HKCU\Software\SweetIM
Schlüssel Gefunden : HKCU\Software\WNLT
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\I
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\Software\incredibar.com
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gefunden : HKLM\Software\SweetIM
Schlüssel Gefunden : HKLM\Software\Web Assistant
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gefunden : HKLM\SOFTWARE\Web Assistant
Schlüssel Gefunden : HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb128?a=6R8x2GHMcO&i=26
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=CH&userid=521df724-c226-4be1-8063-f8b0be72bed5&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=CH&userid=521df724-c226-4be1-8063-f8b0be72bed5&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?barid={F1959716-4748-4198-822E-A0B02F7DA9B3}

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\cppgs5l7.default\prefs.js

Gefunden : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb128?a=6R8x2GHMcO&loc=FF_NT");
Gefunden : user_pref("browser.search.defaultenginename", "MyStart Search");
Gefunden : user_pref("extensions.incredibar.admin", false);
Gefunden : user_pref("extensions.incredibar.aflt", "orgnl");
Gefunden : user_pref("extensions.incredibar.cntry", "CH");
Gefunden : user_pref("extensions.incredibar.dfltLng", "");
Gefunden : user_pref("extensions.incredibar.dfltSrch", false);
Gefunden : user_pref("extensions.incredibar.did", "10658");
Gefunden : user_pref("extensions.incredibar.envrmnt", "production");
Gefunden : user_pref("extensions.incredibar.excTlbr", false);
Gefunden : user_pref("extensions.incredibar.hdrMd5", "38F8AA66413CCF5F8A738B1C4FFFF809");
Gefunden : user_pref("extensions.incredibar.hmpg", false);
Gefunden : user_pref("extensions.incredibar.id", "7ab1a2d7000000000000f07d687397b3");
Gefunden : user_pref("extensions.incredibar.installerproductid", "26");
Gefunden : user_pref("extensions.incredibar.instlDay", "15516");
Gefunden : user_pref("extensions.incredibar.instlRef", "");
Gefunden : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.148:01:14");
Gefunden : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Gefunden : user_pref("extensions.incredibar.newTab", false);
Gefunden : user_pref("extensions.incredibar.noFFXTlbr", false);
Gefunden : user_pref("extensions.incredibar.ppd", "");
Gefunden : user_pref("extensions.incredibar.prdct", "incredibar");
Gefunden : user_pref("extensions.incredibar.productid", "26");
Gefunden : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Gefunden : user_pref("extensions.incredibar.sg", "none");
Gefunden : user_pref("extensions.incredibar.smplGrp", "none");
Gefunden : user_pref("extensions.incredibar.tlbrId", "base");
Gefunden : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8x2GHMcO&loc=IB_T[...]
Gefunden : user_pref("extensions.incredibar.upn2", "6R8x2GHMcO");
Gefunden : user_pref("extensions.incredibar.upn2n", "92824594661509922");
Gefunden : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar.vrsnTs", "1.5.11.148:01:14");
Gefunden : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gefunden : user_pref("extensions.incredibar_i.dfltLng", "");
Gefunden : user_pref("extensions.incredibar_i.did", "10658");
Gefunden : user_pref("extensions.incredibar_i.excTlbr", false);
Gefunden : user_pref("extensions.incredibar_i.id", "7ab1a2d7000000000000f07d687397b3");
Gefunden : user_pref("extensions.incredibar_i.installerproductid", "26");
Gefunden : user_pref("extensions.incredibar_i.instlDay", "15516");
Gefunden : user_pref("extensions.incredibar_i.instlRef", "");
Gefunden : user_pref("extensions.incredibar_i.ms_url_id", "");
Gefunden : user_pref("extensions.incredibar_i.newTab", false);
Gefunden : user_pref("extensions.incredibar_i.ppd", "");
Gefunden : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gefunden : user_pref("extensions.incredibar_i.productid", "26");
Gefunden : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gefunden : user_pref("extensions.incredibar_i.smplGrp", "none");
Gefunden : user_pref("extensions.incredibar_i.tlbrId", "base");
Gefunden : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8x2GHMcO&loc=IB[...]
Gefunden : user_pref("extensions.incredibar_i.upn2", "6R8x2GHMcO");
Gefunden : user_pref("extensions.incredibar_i.upn2n", "92824594661509922");
Gefunden : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.148:01:14");
Gefunden : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Gefunden : user_pref("extensions.softonic_i.aflt", "orgnl");
Gefunden : user_pref("extensions.softonic_i.dfltLng", "");
Gefunden : user_pref("extensions.softonic_i.dfltSrch", true);
Gefunden : user_pref("extensions.softonic_i.dnsErr", true);
Gefunden : user_pref("extensions.softonic_i.excTlbr", false);
Gefunden : user_pref("extensions.softonic_i.hmpg", true);
Gefunden : user_pref("extensions.softonic_i.hmpgUrl", "hxxp://search.softonic.com/MON00005/tb_v1?SearchSource=1[...]
Gefunden : user_pref("extensions.softonic_i.id", "7ab1a2d7000000000000f07d687397b3");
Gefunden : user_pref("extensions.softonic_i.instlDay", "15407");
Gefunden : user_pref("extensions.softonic_i.instlRef", "MON00001");
Gefunden : user_pref("extensions.softonic_i.keyWordUrl", "hxxp://search.softonic.com/MON00005/tb_v1?SearchSourc[...]
Gefunden : user_pref("extensions.softonic_i.newTab", false);
Gefunden : user_pref("extensions.softonic_i.newTabUrl", "hxxp://search.softonic.com/MON00005/tb_v1?SearchSource[...]
Gefunden : user_pref("extensions.softonic_i.prdct", "softonic");
Gefunden : user_pref("extensions.softonic_i.prtnrId", "softonic");
Gefunden : user_pref("extensions.softonic_i.smplGrp", "eng7");
Gefunden : user_pref("extensions.softonic_i.srchPrvdr", "Search the web (Softonic)");
Gefunden : user_pref("extensions.softonic_i.tlbrId", "eng7");
Gefunden : user_pref("extensions.softonic_i.tlbrSrchUrl", "hxxp://search.softonic.com/MON00001/tb_v1?SearchSour[...]
Gefunden : user_pref("extensions.softonic_i.vrsn", "1.5.11.5");
Gefunden : user_pref("extensions.softonic_i.vrsnTs", "1.5.11.59:47:53");
Gefunden : user_pref("extensions.softonic_i.vrsni", "1.5.11.5");
Gefunden : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb128/?loc=IB_DS&a=6R8x2GHMcO&&i=26&search="[...]
Gefunden : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

Datei : C:\Users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js

Gefunden : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb128?a=6R8x2GHMcO&loc=FF_NT");user_p[...]

*************************

AdwCleaner[R1].txt - [17690 octets] - [24/12/2012 18:34:38]

########## EOF - C:\AdwCleaner[R1].txt - [17751 octets] ##########
         
Vielen Dank und Freuntliche Grüsse!

Aster!x

Alt 24.12.2012, 19:13   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hotmail Account gehackt und verschickt automatisch Mails - Standard

Hotmail Account gehackt und verschickt automatisch Mails



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.12.2012, 21:56   #14
Aster!x
 
Hotmail Account gehackt und verschickt automatisch Mails - Standard

Hotmail Account gehackt und verschickt automatisch Mails



Hallo Cosinus

Hier die Textdatei von adwcleaner.exe
Code:
ATTFilter
# AdwCleaner v2.102 - Datei am 26/12/2012 um 14:29:44 erstellt
# Aktualisiert am 23/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Username - PCName
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Username\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Web Assistant Updater
Gestoppt & Gelöscht : WebOptimizer

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Username\Desktop\sweetpcfix.url
Ordner Gelöscht : C:\Program Files\Web Assistant
Ordner Gelöscht : C:\Users\Username\AppData\LocalLow\incredibar.com
Ordner Gelöscht : C:\Users\Username\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Username\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\incredibar.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\I
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\incredibar.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\Software\SweetIM
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb128?a=6R8x2GHMcO&i=26 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=CH&userid=521df724-c226-4be1-8063-f8b0be72bed5&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=CH&userid=521df724-c226-4be1-8063-f8b0be72bed5&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?barid={F1959716-4748-4198-822E-A0B02F7DA9B3} --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\cppgs5l7.default\prefs.js

C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\cppgs5l7.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb128?a=6R8x2GHMcO&loc=FF_NT");
Gelöscht : user_pref("browser.search.defaultenginename", "MyStart Search");
Gelöscht : user_pref("extensions.incredibar.admin", false);
Gelöscht : user_pref("extensions.incredibar.aflt", "orgnl");
Gelöscht : user_pref("extensions.incredibar.cntry", "CH");
Gelöscht : user_pref("extensions.incredibar.dfltLng", "");
Gelöscht : user_pref("extensions.incredibar.dfltSrch", false);
Gelöscht : user_pref("extensions.incredibar.did", "10658");
Gelöscht : user_pref("extensions.incredibar.envrmnt", "production");
Gelöscht : user_pref("extensions.incredibar.excTlbr", false);
Gelöscht : user_pref("extensions.incredibar.hdrMd5", "38F8AA66413CCF5F8A738B1C4FFFF809");
Gelöscht : user_pref("extensions.incredibar.hmpg", false);
Gelöscht : user_pref("extensions.incredibar.id", "7ab1a2d7000000000000f07d687397b3");
Gelöscht : user_pref("extensions.incredibar.installerproductid", "26");
Gelöscht : user_pref("extensions.incredibar.instlDay", "15516");
Gelöscht : user_pref("extensions.incredibar.instlRef", "");
Gelöscht : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.148:01:14");
Gelöscht : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Gelöscht : user_pref("extensions.incredibar.newTab", false);
Gelöscht : user_pref("extensions.incredibar.noFFXTlbr", false);
Gelöscht : user_pref("extensions.incredibar.ppd", "");
Gelöscht : user_pref("extensions.incredibar.prdct", "incredibar");
Gelöscht : user_pref("extensions.incredibar.productid", "26");
Gelöscht : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Gelöscht : user_pref("extensions.incredibar.sg", "none");
Gelöscht : user_pref("extensions.incredibar.smplGrp", "none");
Gelöscht : user_pref("extensions.incredibar.tlbrId", "base");
Gelöscht : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8x2GHMcO&loc=IB_T[...]
Gelöscht : user_pref("extensions.incredibar.upn2", "6R8x2GHMcO");
Gelöscht : user_pref("extensions.incredibar.upn2n", "92824594661509922");
Gelöscht : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar.vrsnTs", "1.5.11.148:01:14");
Gelöscht : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gelöscht : user_pref("extensions.incredibar_i.dfltLng", "");
Gelöscht : user_pref("extensions.incredibar_i.did", "10658");
Gelöscht : user_pref("extensions.incredibar_i.excTlbr", false);
Gelöscht : user_pref("extensions.incredibar_i.id", "7ab1a2d7000000000000f07d687397b3");
Gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26");
Gelöscht : user_pref("extensions.incredibar_i.instlDay", "15516");
Gelöscht : user_pref("extensions.incredibar_i.instlRef", "");
Gelöscht : user_pref("extensions.incredibar_i.ms_url_id", "");
Gelöscht : user_pref("extensions.incredibar_i.newTab", false);
Gelöscht : user_pref("extensions.incredibar_i.ppd", "");
Gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gelöscht : user_pref("extensions.incredibar_i.productid", "26");
Gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8x2GHMcO&loc=IB[...]
Gelöscht : user_pref("extensions.incredibar_i.upn2", "6R8x2GHMcO");
Gelöscht : user_pref("extensions.incredibar_i.upn2n", "92824594661509922");
Gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.148:01:14");
Gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Gelöscht : user_pref("extensions.softonic_i.aflt", "orgnl");
Gelöscht : user_pref("extensions.softonic_i.dfltLng", "");
Gelöscht : user_pref("extensions.softonic_i.dfltSrch", true);
Gelöscht : user_pref("extensions.softonic_i.dnsErr", true);
Gelöscht : user_pref("extensions.softonic_i.excTlbr", false);
Gelöscht : user_pref("extensions.softonic_i.hmpg", true);
Gelöscht : user_pref("extensions.softonic_i.hmpgUrl", "hxxp://search.softonic.com/MON00005/tb_v1?SearchSource=1[...]
Gelöscht : user_pref("extensions.softonic_i.id", "7ab1a2d7000000000000f07d687397b3");
Gelöscht : user_pref("extensions.softonic_i.instlDay", "15407");
Gelöscht : user_pref("extensions.softonic_i.instlRef", "MON00001");
Gelöscht : user_pref("extensions.softonic_i.keyWordUrl", "hxxp://search.softonic.com/MON00005/tb_v1?SearchSourc[...]
Gelöscht : user_pref("extensions.softonic_i.newTab", false);
Gelöscht : user_pref("extensions.softonic_i.newTabUrl", "hxxp://search.softonic.com/MON00005/tb_v1?SearchSource[...]
Gelöscht : user_pref("extensions.softonic_i.prdct", "softonic");
Gelöscht : user_pref("extensions.softonic_i.prtnrId", "softonic");
Gelöscht : user_pref("extensions.softonic_i.smplGrp", "eng7");
Gelöscht : user_pref("extensions.softonic_i.srchPrvdr", "Search the web (Softonic)");
Gelöscht : user_pref("extensions.softonic_i.tlbrId", "eng7");
Gelöscht : user_pref("extensions.softonic_i.tlbrSrchUrl", "hxxp://search.softonic.com/MON00001/tb_v1?SearchSour[...]
Gelöscht : user_pref("extensions.softonic_i.vrsn", "1.5.11.5");
Gelöscht : user_pref("extensions.softonic_i.vrsnTs", "1.5.11.59:47:53");
Gelöscht : user_pref("extensions.softonic_i.vrsni", "1.5.11.5");
Gelöscht : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb128/?loc=IB_DS&a=6R8x2GHMcO&&i=26&search="[...]
Gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

Datei : C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js

Gelöscht : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb128?a=6R8x2GHMcO&loc=FF_NT");user_p[...]

*************************

AdwCleaner[R1].txt - [17769 octets] - [24/12/2012 18:34:38]
AdwCleaner[S1].txt - [17441 octets] - [26/12/2012 14:29:44]

########## EOF - C:\AdwCleaner[S1].txt - [17502 octets] ##########
         

Und die OTL.exe
Code:
ATTFilter
OTL Extras logfile created on: 12/27/2012 9:32:08 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\UserName\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 3.07 Gb Available Physical Memory | 76.70% Memory free
8.00 Gb Paging File | 6.37 Gb Available in Paging File | 79.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.34 Gb Total Space | 470.50 Gb Free Space | 80.66% Space Free | Partition Type: NTFS
Drive D: | 12.73 Gb Total Space | 1.51 Gb Free Space | 11.83% Space Free | Partition Type: NTFS
 
Computer Name: PCName | User Name: UserName | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1203498084-3556532659-3849733214-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1 -- ()
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B6414E-A34C-44DF-92E7-34856113E184}" = rport=138 | protocol=17 | dir=out | app=system | 
"{090494DA-63BF-404B-B2B9-148265B42A77}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{0D6A74B6-F3C6-4B07-965E-CFEB697D0213}" = lport=139 | protocol=6 | dir=in | app=system | 
"{109AC024-7C72-41BE-8C8B-DE354B6A4898}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1F2CE820-3F2B-42D9-97CC-1787A8E1572D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3228C924-A8A9-4EA2-9416-95E824810883}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3889E243-4207-4543-B2EC-8963709789F9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{54F486F2-A58C-4BD9-962A-8C52D2F663CD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6E2CE30F-6612-4774-8527-01C0A19E49AA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{98F0E916-D9CA-4493-A572-4C0751C24506}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{992BB1B9-EAD9-47BF-83F9-9690A29437E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9A19DCA7-EF2D-4174-B7CA-B089CC23E891}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9C209D8E-1F51-4A60-A42D-E49E4DA35D99}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A7DAFA1A-EF4A-48FC-BB0B-613ADBCF3AD5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B073F08E-F9E0-48DD-8FBE-D59411E6768D}" = lport=50319 | protocol=6 | dir=in | name=akamai netsession interface | 
"{C4B717AE-5A46-4BC0-A3B0-5F4C72E3BD2A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EABEB274-DE03-4C5E-B2D0-D2252BF049E8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F5270659-0450-43AF-AEA7-240ADC222044}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02DE41B9-AC0C-4B04-BB8E-344F03F68C51}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{060E633D-9F77-4D2B-882D-3A166752FE62}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{07D00233-7632-442A-B5AC-83B0BBB51E96}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{088519D6-A88A-4B5B-B728-52C121DB4B23}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0D4773AC-0406-4F4E-BDFA-0B186196DE2D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0D6D623B-8315-4B13-865E-24631A1BD6F2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | 
"{0E2767EC-B16B-4C83-8E66-4C55E8468BC8}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | 
"{0F7A610C-0F18-4AF0-AB28-1009C95B99C2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{11F6EC49-EAAB-4AC9-9887-FEDAD339E7D5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{147351C2-2102-4B00-8871-768D8D1BEB46}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1583CA86-CA17-4954-A58B-DC15A5AE7708}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{18E5B9A1-CA9E-4A23-82C1-8838D7E5A667}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | 
"{1A8E2CB7-C2A3-46D0-B2CD-953B5F68E3AA}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{1AE0CE16-37EB-406F-90FE-0A7FDA8ECDE6}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{1EA6500F-C9A7-4161-9DBB-8E4E5D1490A7}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{1EBD24BD-1BA3-4643-B27D-D190D33E5A3B}" = dir=in | app=c:\program files (x86)\autodesk\inventor fusion technology preview 3\inventor fusion.exe | 
"{202C9C4C-EC1D-4C4D-BD1B-D60DF467AED5}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{209699B4-B435-4C23-870B-EA08160A3D82}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | 
"{278E2D9D-5114-4841-A11B-91485D89F61B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{2C3E66DB-BC0D-4F40-9988-DC6E8D6874EF}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{2F1AAF45-D5D5-4E79-B9EF-AC2060DF8B7A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{34524E97-F8E8-4A26-A9CB-4D3952F0479B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{43414AE6-4146-46EC-A4A0-38219B8207F9}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{43ED0D35-ED16-456D-A5B4-2D58BD14D756}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{4BB0CB31-0F19-48BA-B8A6-F7C434E24ADB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{4F0C838A-6B0F-449B-ACF2-2507C4AEBBF4}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{4FF48148-4B42-43A5-9A81-487C517198B8}" = dir=in | app=e:\setup\hpznui40.exe | 
"{505E3B52-8822-4387-9CE8-19203E38805A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{53B5057A-02E8-4B42-9B99-9228F95DDC4E}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{55E0E349-6C05-4358-A9A4-1A83F6DFD0A5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{577011F0-923B-4A49-BBD3-A75AFF103B37}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{61F32806-537D-4D82-AC09-7FFA7043A752}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | 
"{6AC0BF00-D2CC-4764-A6A6-C021ACA743D8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{702E60D3-4CB7-40EB-8991-3FCD39F3FA1A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{806A0152-8807-4508-86F3-89F935F10A23}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{82159F9A-C32B-4AFF-B639-A75B5F49840D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{83468BD1-02ED-419B-9642-6A0841614866}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{83E6746D-7B07-4F31-8BAB-AD5DD6C5CADC}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{8C2CCE86-016D-492D-BEEE-A93C3845C9A1}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{93D9322D-A1A8-471E-8F62-F59FCD5FCAAA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{96E0715F-B469-4413-AE7E-EF0F8DD4CDEC}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{9CAB58FB-8E3D-42E3-BD7A-227AD9CB78FE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{9D5A35CA-793C-4886-993C-216A70240E1F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | 
"{AEF42831-005E-4F1D-8F80-F1151296C40F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{B3D0BBFB-894D-4C4A-8BF5-702FAAA32E86}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{B50A631C-97EC-4B8A-82A4-7E949CA090CE}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | 
"{BB813F08-A3C7-4D93-BE65-4DEFC6A18FC7}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | 
"{BF67C0DB-3093-4E1C-B455-6987E275DEFF}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{BFB8FA0F-1CFB-4F77-83AD-E0DA4F63EE2B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C2DFB4DE-6982-47DE-B01C-17FEF3967478}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{C32201E3-7287-4400-AF29-65CD49476DF9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{C752DB77-E5AB-4389-A80F-6E7BE9296D52}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe | 
"{C97A8853-D787-4C7F-B1EE-4130D1216FDF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{CBB333BA-51C8-46A5-AF64-C8582B72891A}" = protocol=17 | dir=in | app=c:\users\UserName\appdata\local\akamai\netsession_win.exe | 
"{D08652D6-A510-419A-9C06-54435D3658EA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{D0ADADDE-9F75-472D-836E-BAC0377C909C}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{D19CAD68-E63C-4D35-9B02-8C1C43E4D898}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{E243B471-6AF2-479C-BB41-A2A1CBF2972C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F1DF79F0-D14A-425A-9931-E1573682C398}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{F8C1BC65-AE18-4EA0-A58F-B645FD82C7A2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{FA3ADE03-8FE3-43A5-935F-9B11A2203158}" = protocol=6 | dir=in | app=c:\users\UserName\appdata\local\akamai\netsession_win.exe | 
"{FA83978B-AF2E-4930-91E2-5333D35F83A4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FB818A52-73A4-4685-822C-545B6ACACE85}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{07179D37-D5FE-4373-90D9-A25B992EFB3E}" = WD SmartWare
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4CF60E9D-43D7-4CDA-8281-31FE244A9A54}" = Autodesk Inventor Fusion-Änderungsverfolgung Language Pack (Sprachenpaket)
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5783F2D7-9005-0407-1102-0060B0CE6BBA}" = AutoCAD Mechanical 2011 Language Pack - Deutsch
"{5783F2D7-9005-0409-0102-0060B0CE6BBA}" = AutoCAD Mechanical 2011
"{5783F2D7-9028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2011
"{5B08AF35-B699-4A44-BB89-3E51E70611E8}" = HP MediaSmart SmartMenu
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7244B345-B413-408B-9D04-F55BE1CC93FA}" = Autodesk Inventor Content Center Libraries 2011 (Desktop Content)
"{7F4DD591-1564-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2011
"{7F4DD591-1564-0409-0001-7107D70F3DB4}" = Autodesk Inventor Professional 2011 Language Pack - Deutsch
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9FEF1A18-8F26-4F49-A5A4-956C12210624}" = HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ACF9459F-3585-487A-A84E-B1A3A0D12165}" = Autodesk Vault 2011 (Client)
"{ACF9459F-3585-487F-A84E-B1A3A0D12165}" = Autodesk Vault 2011 (Client) German Language Pack
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{EBA285DF-EF09-4AFE-89ED-E64798BA93BB}" = Autodesk Inventor Fusion-Änderungsverfolgung
"{ef7031a7-f5f5-4ef5-8d6d-e1f782b9b419}.sdb" = estamp_exe
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"2CC6CDFCB4BBBB42596B33BF910114E0982B07A6" = Windows Driver Package - Arduino LLC (www.arduino.cc) (usbser) Ports  (11/15/2007 5.1.2600.0)
"422991454CB076E9B856C21BBF99AF2B82317EDA" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (03/06/2009 1.0.0008.0)
"426BB71EACDB64FF41684DB46CC07442F338C232" = Windows Driver Package - MakerBot Industries (usbser) Ports  (11/15/2007 5.1.2600.0)
"883C04C33C70062A4AD0ED48685D05F25A854C1D" = Windows Driver Package - FTDI CDM Driver Package (03/30/2010 2.06.02)
"8E34866C72B4ED9C8D3B60249DA48CF113B9FFBE" = Windows Driver Package - MakerBot Industries (usbser) Ports  (11/15/2007 5.1.2600.0)
"ABE36B9BBD00CD433A4454EBCAD52F303406A488" = Windows Driver Package - FTDI CDM Driver Package (03/30/2010 2.06.02)
"AutoCAD Mechanical 2011" = AutoCAD Mechanical 2011
"Autodesk Inventor Fusion-Änderungsverfolgung" = Autodesk Inventor Fusion Change Manager
"Autodesk Inventor Professional 2011" = Autodesk Inventor Professional 2011 Deutsch
"A-WIN-Extras 8.0.4 2609412_is1" = Mathematica Extras 8.0 (2609412)
"DWG TrueView 2011" = DWG TrueView 2011
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Shop for HP Supplies" = Shop for HP Supplies
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0A042C19-1F48-4952-B3B6-828E8028A187}" = B209a-m
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{27AB9BD6-4A3E-4BBD-8381-CD445E474936}" = Berkeley Madonna
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B9F15ED-C087-4FBB-805E-EE24D2AE2E13}" = Mastercam X5 Demo/Home Learning Edition
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4281435C-AD1D-4C8A-B9C0-3961C11EF142}_is1" = YouTube Song Downloader
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5F753314-628E-4C13-B8AE-BFA7FD514CBE}" = D-Link Wireless G DWL-G122_DWA-110
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{9F89A209-991C-55CA-BDF6-B615F6D4F298}" = Autodesk Inventor Fusion Technology Preview 3
"{9F89A209-991C-66CA-BDF6-B615F6D4F298}" = Autodesk Inventor Fusion Technology Preview 3 Language Pack
"{A49BDCBE-590E-43A6-AB77-7C40E499B7C1}" = Autodesk Design Review 2012
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B65759DD-26C6-4EA6-9014-CA798907EBFD}" = PS_AIO_06_B209a-m_SW_Min
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5C7FD70-2C0A-401E-95E9-916363567DDA}" = HP Setup
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Autodesk Design Review 2012" = Autodesk Design Review 2012
"Autodesk Inventor Fusion Technology Preview 3" = Autodesk Inventor Fusion Technology Preview 3
"Autodesk Vault 2011 (Client)" = Autodesk Vault 2011 (Client)
"EasyBits Magic Desktop" = Magic Desktop
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{3B9F15ED-C087-4FBB-805E-EE24D2AE2E13}" = Mastercam X5 Demo/Home Learning Edition
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"M-WIN-D 8.0.4 2609533_is1" = Wolfram CDF Player (M-WIN-D 8.0.4 2609533)
"My HP Game Console" = HP Game Console
"MyFreeCodec" = MyFreeCodec
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Steam App 440" = Team Fortress 2
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 1.1.5
"WildTangent hp Master Uninstall" = HP Games
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"WT082124" = Blasterball 3
"WT082141" = FATE
"WT082168" = Penguins!
"WT082172" = Polar Bowler
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082222" = Insaniquarium Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082246" = Zuma Deluxe
"WT082396" = Diner Dash 2 Restaurant Rescue
"WT082409" = Mahjongg Artifacts
"WT082414" = Mystery P.I. - The Vegas Heist
"WT082422" = Wedding Dash
"WT082427" = Slingo Deluxe
"WT082439" = Bus Driver
"WT083492" = Agatha Christie - Death on the Nile
"WT083510" = Jewel Quest Solitaire
"WT083514" = Jewel Quest II
"WT083521" = Dream Chronicles
"WT083529" = Gem Shop
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1203498084-3556532659-3849733214-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/4/2012 6:57:33 AM | Computer Name = PCName | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 12/5/2012 4:36:38 PM | Computer Name = PCName | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 12/5/2012 7:10:12 PM | Computer Name = PCName | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 12/6/2012 5:54:55 PM | Computer Name = PCName | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 12/9/2012 4:06:15 PM | Computer Name = PCName | Source = Windows Backup | ID = 4103
Description = 
 
Error - 12/9/2012 4:54:44 PM | Computer Name = PCName | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 12/9/2012 4:55:28 PM | Computer Name = PCName | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 14.0.6123.5005 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 133c    Startzeit: 01cdd3fc720fafb3    Endzeit: 62    Anwendungspfad:
 C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE    Berichts-ID: b1997460-4242-11e2-935d-f36507d91e18

 
Error - 12/10/2012 4:29:32 PM | Computer Name = PCName | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 12/11/2012 5:57:51 AM | Computer Name = PCName | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 12/12/2012 1:31:00 PM | Computer Name = PCName | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WZCSLDR2.exe, Version: 1.0.14.9283,
 Zeitstempel: 0x4a544705  Name des fehlerhaften Moduls: MFC42.DLL, Version: 6.6.8064.0,
 Zeitstempel: 0x4d79b238  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00013613  ID des fehlerhaften
 Prozesses: 0x187c  Startzeit der fehlerhaften Anwendung: 0x01cdd0970059f67d  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\MFC42.DLL  Berichtskennung: b18129e8-4481-11e2-935d-f36507d91e18
 
[ Hewlett-Packard Events ]
Error - 11/8/2012 3:48:35 PM | Computer Name = PCName | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4095  Ram Utilization: 40  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 11/8/2012 3:48:35 PM | Computer Name = PCName | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4095  Ram Utilization: 40  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 11/15/2012 5:20:36 PM | Computer Name = PCName | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4095  Ram Utilization: 30  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 11/15/2012 5:20:39 PM | Computer Name = PCName | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4095  Ram Utilization: 30  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 11/15/2012 5:20:39 PM | Computer Name = PCName | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4095  Ram Utilization: 30  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 11/15/2012 5:20:39 PM | Computer Name = PCName | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4095  Ram Utilization: 30  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 11/22/2012 7:37:40 AM | Computer Name = PCName | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4095  Ram Utilization: 40  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 11/22/2012 7:37:40 AM | Computer Name = PCName | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4095  Ram Utilization: 40  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 11/22/2012 7:37:40 AM | Computer Name = PCName | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4095  Ram Utilization: 40  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 11/22/2012 7:37:41 AM | Computer Name = PCName | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4095  Ram Utilization: 40  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
[ System Events ]
Error - 6/24/2012 2:13:32 PM | Computer Name = PCName | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 7/3/2012 12:51:11 PM | Computer Name = PCName | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{E061DEF0-4B80-46F3-920E-13AB9DDDF76E} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 7/13/2012 5:08:41 PM | Computer Name = PCName | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{E061DEF0-4B80-46F3-920E-13AB9DDDF76E} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 8/17/2012 2:06:05 PM | Computer Name = PCName | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 8/17/2012 2:06:05 PM | Computer Name = PCName | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 9/3/2012 9:31:35 AM | Computer Name = PCName | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 9/3/2012 9:31:35 AM | Computer Name = PCName | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 9/9/2012 2:21:38 PM | Computer Name = PCName | Source = bowser | ID = 8003
Description = 
 
Error - 9/10/2012 1:17:47 AM | Computer Name = PCName | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 9/10/2012 1:17:47 AM | Computer Name = PCName | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
 
< End of report >
         
Code:
ATTFilter
OTL logfile created on: 12/27/2012 9:32:08 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\UserName\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 3.07 Gb Available Physical Memory | 76.70% Memory free
8.00 Gb Paging File | 6.37 Gb Available in Paging File | 79.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.34 Gb Total Space | 470.50 Gb Free Space | 80.66% Space Free | Partition Type: NTFS
Drive D: | 12.73 Gb Total Space | 1.51 Gb Free Space | 11.83% Space Free | Partition Type: NTFS
 
Computer Name: PCName | User Name: UserName | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Users\UserName\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
PRC - C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\AirGCFG.exe (D-Link Corp.)
PRC - C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
PRC - C:\Windows\SysWOW64\ANIWConnService.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\UserName\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll ()
MOD - C:\Program Files (x86)\Steam\SDL.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\7584733b0bfcbe669ea38a81b914a83a\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0acdeb764dc3715299a163fba3c7bdaa\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\739c5209c3538b3457c2f8f9ad196cbb\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\960b6130c64f21d8f5d8d3eb183ae660\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\6053166746abce42f4c4432e0ec54fc7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\947466e2a04c48c43a8b255eb236ba71\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4a2b56d6031270f0fcf7388e4d787333\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\86f1e41236b3d404d65db53bd0374d1e\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e46c644e0ef0456434b32f3e91b56424\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ff1ceec110e2983a75c2c21f50274ac2\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9d1f9ff307e93bb9929b2b11661623cb\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\20ce3ca371acfbe996c6a21b5469992d\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\aaf8a137263c899815f0acff07eb1562\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\031abbfbd476fdc0c392160b67f2c662\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
MOD - C:\Windows\SysWOW64\wlanapp.dll ()
MOD - C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\ANIOApi.dll ()
MOD - C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIOApi.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV:64bit: - (mitsijm2011) -- C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WDSC) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
SRV - (WDFME) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (ANIWConnService) -- C:\Windows\SysWOW64\ANIWConnService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\Dnetr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (anodlwf) -- C:\Windows\SysNative\drivers\anodlwfx.sys ()
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/12
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{03BC63FE-780D-45A6-91BD-15CC3BB7C267}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/12
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{03BC63FE-780D-45A6-91BD-15CC3BB7C267}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\..\SearchScopes\{03BC63FE-780D-45A6-91BD-15CC3BB7C267}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\..\SearchScopes\{A8C3C848-BC39-4996-9B12-CBFA659C2BA1}: "URL" = hxxp://search.softonic.com/MON00005/tb_v1?q={searchTerms}&SearchSource=4&cc=
IE - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.ch/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2010.9.0.6
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/29 16:37:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/04 22:53:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/04 22:53:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/29 16:37:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/04 22:53:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/04 22:53:15 | 000,000,000 | ---D | M]
 
[2010/10/29 14:42:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserName\AppData\Roaming\mozilla\Extensions
[2012/12/26 14:29:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserName\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012/10/23 20:45:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserName\AppData\Roaming\mozilla\Firefox\Profiles\cppgs5l7.default\extensions
[2012/12/04 22:53:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/12/04 22:53:17 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/11/20 21:12:14 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/19 20:10:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/18 08:51:16 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/19 20:10:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/19 20:10:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/19 20:10:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/19 20:10:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012/12/23 17:36:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [D-Link D-Link Wireless G DWL-G122_DWA-110] C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\AirGCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe ()
O4 - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E061DEF0-4B80-46F3-920E-13AB9DDDF76E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/12/27 21:28:03 | 000,000,000 | R--D | C] -- C:\Users\UserName\Documents\Notes
[2012/12/23 17:36:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/23 17:28:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/12/23 17:28:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/12/23 17:28:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/12/23 17:27:05 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2012/12/23 17:27:04 | 000,126,312 | R--- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012/12/23 14:41:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/23 14:40:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/12/23 13:49:43 | 005,012,898 | R--- | C] (Swearware) -- C:\Users\UserName\Desktop\ComboFix.exe
[2012/12/23 02:42:51 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\UserName\Desktop\tdsskiller.exe
[2012/12/23 00:16:37 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\UserName\Desktop\aswMBR.exe
[2012/12/22 23:28:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/22 22:15:55 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Roaming\Malwarebytes
[2012/12/22 22:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/22 22:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/22 22:15:39 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/22 22:15:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/22 22:13:37 | 010,669,952 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\UserName\Desktop\mbam-setup-1.65.1.1000.exe
[2012/12/21 22:20:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\UserName\Desktop\OTL.exe
[2012/12/21 22:02:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012/12/21 03:01:42 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/21 03:01:42 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/21 03:01:40 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/21 03:01:39 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/14 21:19:40 | 000,027,456 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\cpqdfw.sys
[2012/12/14 21:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/12/14 21:16:54 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2012/12/13 03:03:35 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/13 03:03:35 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/13 03:03:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/13 03:03:33 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/13 03:03:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/13 03:03:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/13 03:03:33 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/13 03:03:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/13 03:03:32 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/13 03:03:32 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/13 03:03:32 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/13 03:03:32 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/13 03:03:31 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/13 03:03:31 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/13 03:03:31 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/12 18:49:16 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/12/12 18:49:15 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/12 18:49:15 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/12/12 18:49:15 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/12/12 18:49:15 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/12/12 18:49:15 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/12/12 18:49:14 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/12/12 18:49:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/12/12 18:49:14 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/12/12 18:49:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/12/12 18:49:14 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/12/12 18:49:14 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/12/12 18:49:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 18:49:13 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 18:49:13 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 18:49:13 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 18:49:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 18:49:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 18:49:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 18:49:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 18:49:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 18:49:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 18:49:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 18:49:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 18:49:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 18:49:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 18:49:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 18:49:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 18:49:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 18:49:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 18:49:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 18:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 18:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 18:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 18:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 18:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 18:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 18:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 18:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 18:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 18:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 18:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 18:49:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/12/12 18:48:50 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/12 18:48:50 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/04 22:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2012/12/27 21:29:12 | 000,017,498 | ---- | M] () -- C:\Users\UserName\Desktop\1
[2012/12/27 20:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/27 20:08:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUserName.job
[2012/12/27 19:57:24 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/27 19:57:24 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/12/27 19:57:24 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/27 19:57:24 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/12/27 19:57:24 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/27 19:55:54 | 000,003,284 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCS{E061DEF0-4B80-46F3-920E-13AB9DDDF76E}
[2012/12/27 19:55:54 | 000,003,284 | ---- | M] () -- C:\Users\UserName\AppData\Roaming\ANIWZCS{E061DEF0-4B80-46F3-920E-13AB9DDDF76E}
[2012/12/27 19:55:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/26 14:38:35 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/26 14:38:35 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/26 14:31:02 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/24 18:27:22 | 000,549,359 | ---- | M] () -- C:\Users\UserName\Desktop\adwcleaner.exe
[2012/12/23 17:36:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/12/23 13:52:15 | 005,012,898 | R--- | M] (Swearware) -- C:\Users\UserName\Desktop\ComboFix.exe
[2012/12/23 02:47:27 | 000,561,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/23 02:42:51 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\UserName\Desktop\tdsskiller.exe
[2012/12/23 02:41:11 | 000,000,512 | ---- | M] () -- C:\Users\UserName\Desktop\MBR.dat
[2012/12/23 00:17:36 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\UserName\Desktop\aswMBR.exe
[2012/12/22 22:15:41 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/12/22 22:13:47 | 010,669,952 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\UserName\Desktop\mbam-setup-1.65.1.1000.exe
[2012/12/21 23:00:47 | 000,302,592 | ---- | M] () -- C:\Users\UserName\Desktop\15sod9l8.exe
[2012/12/21 22:45:25 | 000,000,355 | ---- | M] () -- C:\Users\UserName\Desktop\Computer - Verknüpfung.lnk
[2012/12/21 22:20:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\UserName\Desktop\OTL.exe
[2012/12/21 22:19:01 | 000,000,000 | ---- | M] () -- C:\Users\UserName\defogger_reenable
[2012/12/21 22:17:32 | 000,050,477 | ---- | M] () -- C:\Users\UserName\Desktop\Defogger.exe
[2012/12/21 22:02:07 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2012/12/16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/14 21:18:50 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/12/12 18:31:52 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/12 18:31:52 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/11/30 12:47:32 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
 
========== Files Created - No Company Name ==========
 
[2012/12/27 21:28:43 | 000,017,498 | ---- | C] () -- C:\Users\UserName\Desktop\1
[2012/12/24 18:27:22 | 000,549,359 | ---- | C] () -- C:\Users\UserName\Desktop\adwcleaner.exe
[2012/12/23 17:28:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/23 17:28:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/23 17:28:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/23 17:28:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/23 17:28:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/23 02:41:11 | 000,000,512 | ---- | C] () -- C:\Users\UserName\Desktop\MBR.dat
[2012/12/22 22:15:41 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/12/21 23:00:46 | 000,302,592 | ---- | C] () -- C:\Users\UserName\Desktop\15sod9l8.exe
[2012/12/21 22:45:25 | 000,000,355 | ---- | C] () -- C:\Users\UserName\Desktop\Computer - Verknüpfung.lnk
[2012/12/21 22:19:01 | 000,000,000 | ---- | C] () -- C:\Users\UserName\defogger_reenable
[2012/12/21 22:17:32 | 000,050,477 | ---- | C] () -- C:\Users\UserName\Desktop\Defogger.exe
[2012/12/21 22:02:07 | 000,001,180 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2012/12/21 22:02:06 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2012/12/14 21:18:49 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/03/15 18:01:11 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/20 19:27:32 | 000,000,000 | ---- | C] () -- C:\Users\UserName\AppData\Roaming\wklnhst.dat
[2011/11/29 16:23:36 | 000,225,231 | ---- | C] () -- C:\Windows\hpoins40.dat
[2011/05/07 08:38:52 | 000,000,258 | ---- | C] () -- C:\Users\UserName\AppData\Roaming\ANICONFIG_{E061DEF0-4B80-46F3-920E-13AB9DDDF76E}.ini
[2011/02/13 15:15:21 | 000,007,168 | ---- | C] () -- C:\Users\UserName\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/04 16:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/01/04 16:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/01/04 16:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/01/04 16:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/01/04 16:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/11/22 14:45:18 | 000,003,284 | ---- | C] () -- C:\Users\UserName\AppData\Roaming\ANIWZCS{E061DEF0-4B80-46F3-920E-13AB9DDDF76E}
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         

Vielen Dank und Freuntliche Grüsse

Aster!x

Alt 27.12.2012, 21:58   #15
Aster!x
 
Hotmail Account gehackt und verschickt automatisch Mails - Standard

Hotmail Account gehackt und verschickt automatisch Mails



Hallo Cosinus

Hier die Textdatei von adwcleaner.exe
Code:
ATTFilter
# AdwCleaner v2.102 - Datei am 26/12/2012 um 14:29:44 erstellt
# Aktualisiert am 23/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Username - PCName
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Username\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Web Assistant Updater
Gestoppt & Gelöscht : WebOptimizer

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Username\Desktop\sweetpcfix.url
Ordner Gelöscht : C:\Program Files\Web Assistant
Ordner Gelöscht : C:\Users\Username\AppData\LocalLow\incredibar.com
Ordner Gelöscht : C:\Users\Username\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Username\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\incredibar.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\I
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\incredibar.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\Software\SweetIM
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb128?a=6R8x2GHMcO&i=26 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=CH&userid=521df724-c226-4be1-8063-f8b0be72bed5&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=CH&userid=521df724-c226-4be1-8063-f8b0be72bed5&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?barid={F1959716-4748-4198-822E-A0B02F7DA9B3} --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\cppgs5l7.default\prefs.js

C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\cppgs5l7.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb128?a=6R8x2GHMcO&loc=FF_NT");
Gelöscht : user_pref("browser.search.defaultenginename", "MyStart Search");
Gelöscht : user_pref("extensions.incredibar.admin", false);
Gelöscht : user_pref("extensions.incredibar.aflt", "orgnl");
Gelöscht : user_pref("extensions.incredibar.cntry", "CH");
Gelöscht : user_pref("extensions.incredibar.dfltLng", "");
Gelöscht : user_pref("extensions.incredibar.dfltSrch", false);
Gelöscht : user_pref("extensions.incredibar.did", "10658");
Gelöscht : user_pref("extensions.incredibar.envrmnt", "production");
Gelöscht : user_pref("extensions.incredibar.excTlbr", false);
Gelöscht : user_pref("extensions.incredibar.hdrMd5", "38F8AA66413CCF5F8A738B1C4FFFF809");
Gelöscht : user_pref("extensions.incredibar.hmpg", false);
Gelöscht : user_pref("extensions.incredibar.id", "7ab1a2d7000000000000f07d687397b3");
Gelöscht : user_pref("extensions.incredibar.installerproductid", "26");
Gelöscht : user_pref("extensions.incredibar.instlDay", "15516");
Gelöscht : user_pref("extensions.incredibar.instlRef", "");
Gelöscht : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.148:01:14");
Gelöscht : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Gelöscht : user_pref("extensions.incredibar.newTab", false);
Gelöscht : user_pref("extensions.incredibar.noFFXTlbr", false);
Gelöscht : user_pref("extensions.incredibar.ppd", "");
Gelöscht : user_pref("extensions.incredibar.prdct", "incredibar");
Gelöscht : user_pref("extensions.incredibar.productid", "26");
Gelöscht : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Gelöscht : user_pref("extensions.incredibar.sg", "none");
Gelöscht : user_pref("extensions.incredibar.smplGrp", "none");
Gelöscht : user_pref("extensions.incredibar.tlbrId", "base");
Gelöscht : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8x2GHMcO&loc=IB_T[...]
Gelöscht : user_pref("extensions.incredibar.upn2", "6R8x2GHMcO");
Gelöscht : user_pref("extensions.incredibar.upn2n", "92824594661509922");
Gelöscht : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar.vrsnTs", "1.5.11.148:01:14");
Gelöscht : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gelöscht : user_pref("extensions.incredibar_i.dfltLng", "");
Gelöscht : user_pref("extensions.incredibar_i.did", "10658");
Gelöscht : user_pref("extensions.incredibar_i.excTlbr", false);
Gelöscht : user_pref("extensions.incredibar_i.id", "7ab1a2d7000000000000f07d687397b3");
Gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26");
Gelöscht : user_pref("extensions.incredibar_i.instlDay", "15516");
Gelöscht : user_pref("extensions.incredibar_i.instlRef", "");
Gelöscht : user_pref("extensions.incredibar_i.ms_url_id", "");
Gelöscht : user_pref("extensions.incredibar_i.newTab", false);
Gelöscht : user_pref("extensions.incredibar_i.ppd", "");
Gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gelöscht : user_pref("extensions.incredibar_i.productid", "26");
Gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8x2GHMcO&loc=IB[...]
Gelöscht : user_pref("extensions.incredibar_i.upn2", "6R8x2GHMcO");
Gelöscht : user_pref("extensions.incredibar_i.upn2n", "92824594661509922");
Gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.148:01:14");
Gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Gelöscht : user_pref("extensions.softonic_i.aflt", "orgnl");
Gelöscht : user_pref("extensions.softonic_i.dfltLng", "");
Gelöscht : user_pref("extensions.softonic_i.dfltSrch", true);
Gelöscht : user_pref("extensions.softonic_i.dnsErr", true);
Gelöscht : user_pref("extensions.softonic_i.excTlbr", false);
Gelöscht : user_pref("extensions.softonic_i.hmpg", true);
Gelöscht : user_pref("extensions.softonic_i.hmpgUrl", "hxxp://search.softonic.com/MON00005/tb_v1?SearchSource=1[...]
Gelöscht : user_pref("extensions.softonic_i.id", "7ab1a2d7000000000000f07d687397b3");
Gelöscht : user_pref("extensions.softonic_i.instlDay", "15407");
Gelöscht : user_pref("extensions.softonic_i.instlRef", "MON00001");
Gelöscht : user_pref("extensions.softonic_i.keyWordUrl", "hxxp://search.softonic.com/MON00005/tb_v1?SearchSourc[...]
Gelöscht : user_pref("extensions.softonic_i.newTab", false);
Gelöscht : user_pref("extensions.softonic_i.newTabUrl", "hxxp://search.softonic.com/MON00005/tb_v1?SearchSource[...]
Gelöscht : user_pref("extensions.softonic_i.prdct", "softonic");
Gelöscht : user_pref("extensions.softonic_i.prtnrId", "softonic");
Gelöscht : user_pref("extensions.softonic_i.smplGrp", "eng7");
Gelöscht : user_pref("extensions.softonic_i.srchPrvdr", "Search the web (Softonic)");
Gelöscht : user_pref("extensions.softonic_i.tlbrId", "eng7");
Gelöscht : user_pref("extensions.softonic_i.tlbrSrchUrl", "hxxp://search.softonic.com/MON00001/tb_v1?SearchSour[...]
Gelöscht : user_pref("extensions.softonic_i.vrsn", "1.5.11.5");
Gelöscht : user_pref("extensions.softonic_i.vrsnTs", "1.5.11.59:47:53");
Gelöscht : user_pref("extensions.softonic_i.vrsni", "1.5.11.5");
Gelöscht : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb128/?loc=IB_DS&a=6R8x2GHMcO&&i=26&search="[...]
Gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

Datei : C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js

Gelöscht : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb128?a=6R8x2GHMcO&loc=FF_NT");user_p[...]

*************************

AdwCleaner[R1].txt - [17769 octets] - [24/12/2012 18:34:38]
AdwCleaner[S1].txt - [17441 octets] - [26/12/2012 14:29:44]

########## EOF - C:\AdwCleaner[S1].txt - [17502 octets] ##########
         

Und die OTL.exe
Code:
ATTFilter
OTL Extras logfile created on: 12/27/2012 9:32:08 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\UserName\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 3.07 Gb Available Physical Memory | 76.70% Memory free
8.00 Gb Paging File | 6.37 Gb Available in Paging File | 79.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.34 Gb Total Space | 470.50 Gb Free Space | 80.66% Space Free | Partition Type: NTFS
Drive D: | 12.73 Gb Total Space | 1.51 Gb Free Space | 11.83% Space Free | Partition Type: NTFS
 
Computer Name: PCName | User Name: UserName | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1203498084-3556532659-3849733214-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1 -- ()
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B6414E-A34C-44DF-92E7-34856113E184}" = rport=138 | protocol=17 | dir=out | app=system | 
"{090494DA-63BF-404B-B2B9-148265B42A77}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{0D6A74B6-F3C6-4B07-965E-CFEB697D0213}" = lport=139 | protocol=6 | dir=in | app=system | 
"{109AC024-7C72-41BE-8C8B-DE354B6A4898}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1F2CE820-3F2B-42D9-97CC-1787A8E1572D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3228C924-A8A9-4EA2-9416-95E824810883}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3889E243-4207-4543-B2EC-8963709789F9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{54F486F2-A58C-4BD9-962A-8C52D2F663CD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6E2CE30F-6612-4774-8527-01C0A19E49AA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{98F0E916-D9CA-4493-A572-4C0751C24506}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{992BB1B9-EAD9-47BF-83F9-9690A29437E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9A19DCA7-EF2D-4174-B7CA-B089CC23E891}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9C209D8E-1F51-4A60-A42D-E49E4DA35D99}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A7DAFA1A-EF4A-48FC-BB0B-613ADBCF3AD5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B073F08E-F9E0-48DD-8FBE-D59411E6768D}" = lport=50319 | protocol=6 | dir=in | name=akamai netsession interface | 
"{C4B717AE-5A46-4BC0-A3B0-5F4C72E3BD2A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EABEB274-DE03-4C5E-B2D0-D2252BF049E8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F5270659-0450-43AF-AEA7-240ADC222044}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02DE41B9-AC0C-4B04-BB8E-344F03F68C51}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{060E633D-9F77-4D2B-882D-3A166752FE62}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{07D00233-7632-442A-B5AC-83B0BBB51E96}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{088519D6-A88A-4B5B-B728-52C121DB4B23}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0D4773AC-0406-4F4E-BDFA-0B186196DE2D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0D6D623B-8315-4B13-865E-24631A1BD6F2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | 
"{0E2767EC-B16B-4C83-8E66-4C55E8468BC8}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | 
"{0F7A610C-0F18-4AF0-AB28-1009C95B99C2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{11F6EC49-EAAB-4AC9-9887-FEDAD339E7D5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{147351C2-2102-4B00-8871-768D8D1BEB46}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1583CA86-CA17-4954-A58B-DC15A5AE7708}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{18E5B9A1-CA9E-4A23-82C1-8838D7E5A667}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | 
"{1A8E2CB7-C2A3-46D0-B2CD-953B5F68E3AA}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{1AE0CE16-37EB-406F-90FE-0A7FDA8ECDE6}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{1EA6500F-C9A7-4161-9DBB-8E4E5D1490A7}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{1EBD24BD-1BA3-4643-B27D-D190D33E5A3B}" = dir=in | app=c:\program files (x86)\autodesk\inventor fusion technology preview 3\inventor fusion.exe | 
"{202C9C4C-EC1D-4C4D-BD1B-D60DF467AED5}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{209699B4-B435-4C23-870B-EA08160A3D82}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | 
"{278E2D9D-5114-4841-A11B-91485D89F61B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{2C3E66DB-BC0D-4F40-9988-DC6E8D6874EF}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{2F1AAF45-D5D5-4E79-B9EF-AC2060DF8B7A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{34524E97-F8E8-4A26-A9CB-4D3952F0479B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{43414AE6-4146-46EC-A4A0-38219B8207F9}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{43ED0D35-ED16-456D-A5B4-2D58BD14D756}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{4BB0CB31-0F19-48BA-B8A6-F7C434E24ADB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{4F0C838A-6B0F-449B-ACF2-2507C4AEBBF4}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{4FF48148-4B42-43A5-9A81-487C517198B8}" = dir=in | app=e:\setup\hpznui40.exe | 
"{505E3B52-8822-4387-9CE8-19203E38805A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{53B5057A-02E8-4B42-9B99-9228F95DDC4E}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{55E0E349-6C05-4358-A9A4-1A83F6DFD0A5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{577011F0-923B-4A49-BBD3-A75AFF103B37}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{61F32806-537D-4D82-AC09-7FFA7043A752}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | 
"{6AC0BF00-D2CC-4764-A6A6-C021ACA743D8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{702E60D3-4CB7-40EB-8991-3FCD39F3FA1A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{806A0152-8807-4508-86F3-89F935F10A23}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{82159F9A-C32B-4AFF-B639-A75B5F49840D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{83468BD1-02ED-419B-9642-6A0841614866}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{83E6746D-7B07-4F31-8BAB-AD5DD6C5CADC}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{8C2CCE86-016D-492D-BEEE-A93C3845C9A1}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{93D9322D-A1A8-471E-8F62-F59FCD5FCAAA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{96E0715F-B469-4413-AE7E-EF0F8DD4CDEC}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{9CAB58FB-8E3D-42E3-BD7A-227AD9CB78FE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{9D5A35CA-793C-4886-993C-216A70240E1F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | 
"{AEF42831-005E-4F1D-8F80-F1151296C40F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{B3D0BBFB-894D-4C4A-8BF5-702FAAA32E86}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{B50A631C-97EC-4B8A-82A4-7E949CA090CE}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | 
"{BB813F08-A3C7-4D93-BE65-4DEFC6A18FC7}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | 
"{BF67C0DB-3093-4E1C-B455-6987E275DEFF}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{BFB8FA0F-1CFB-4F77-83AD-E0DA4F63EE2B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C2DFB4DE-6982-47DE-B01C-17FEF3967478}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{C32201E3-7287-4400-AF29-65CD49476DF9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{C752DB77-E5AB-4389-A80F-6E7BE9296D52}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe | 
"{C97A8853-D787-4C7F-B1EE-4130D1216FDF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{CBB333BA-51C8-46A5-AF64-C8582B72891A}" = protocol=17 | dir=in | app=c:\users\UserName\appdata\local\akamai\netsession_win.exe | 
"{D08652D6-A510-419A-9C06-54435D3658EA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{D0ADADDE-9F75-472D-836E-BAC0377C909C}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{D19CAD68-E63C-4D35-9B02-8C1C43E4D898}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{E243B471-6AF2-479C-BB41-A2A1CBF2972C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F1DF79F0-D14A-425A-9931-E1573682C398}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{F8C1BC65-AE18-4EA0-A58F-B645FD82C7A2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{FA3ADE03-8FE3-43A5-935F-9B11A2203158}" = protocol=6 | dir=in | app=c:\users\UserName\appdata\local\akamai\netsession_win.exe | 
"{FA83978B-AF2E-4930-91E2-5333D35F83A4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FB818A52-73A4-4685-822C-545B6ACACE85}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{07179D37-D5FE-4373-90D9-A25B992EFB3E}" = WD SmartWare
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4CF60E9D-43D7-4CDA-8281-31FE244A9A54}" = Autodesk Inventor Fusion-Änderungsverfolgung Language Pack (Sprachenpaket)
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5783F2D7-9005-0407-1102-0060B0CE6BBA}" = AutoCAD Mechanical 2011 Language Pack - Deutsch
"{5783F2D7-9005-0409-0102-0060B0CE6BBA}" = AutoCAD Mechanical 2011
"{5783F2D7-9028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2011
"{5B08AF35-B699-4A44-BB89-3E51E70611E8}" = HP MediaSmart SmartMenu
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7244B345-B413-408B-9D04-F55BE1CC93FA}" = Autodesk Inventor Content Center Libraries 2011 (Desktop Content)
"{7F4DD591-1564-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2011
"{7F4DD591-1564-0409-0001-7107D70F3DB4}" = Autodesk Inventor Professional 2011 Language Pack - Deutsch
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9FEF1A18-8F26-4F49-A5A4-956C12210624}" = HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ACF9459F-3585-487A-A84E-B1A3A0D12165}" = Autodesk Vault 2011 (Client)
"{ACF9459F-3585-487F-A84E-B1A3A0D12165}" = Autodesk Vault 2011 (Client) German Language Pack
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{EBA285DF-EF09-4AFE-89ED-E64798BA93BB}" = Autodesk Inventor Fusion-Änderungsverfolgung
"{ef7031a7-f5f5-4ef5-8d6d-e1f782b9b419}.sdb" = estamp_exe
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"2CC6CDFCB4BBBB42596B33BF910114E0982B07A6" = Windows Driver Package - Arduino LLC (www.arduino.cc) (usbser) Ports  (11/15/2007 5.1.2600.0)
"422991454CB076E9B856C21BBF99AF2B82317EDA" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (03/06/2009 1.0.0008.0)
"426BB71EACDB64FF41684DB46CC07442F338C232" = Windows Driver Package - MakerBot Industries (usbser) Ports  (11/15/2007 5.1.2600.0)
"883C04C33C70062A4AD0ED48685D05F25A854C1D" = Windows Driver Package - FTDI CDM Driver Package (03/30/2010 2.06.02)
"8E34866C72B4ED9C8D3B60249DA48CF113B9FFBE" = Windows Driver Package - MakerBot Industries (usbser) Ports  (11/15/2007 5.1.2600.0)
"ABE36B9BBD00CD433A4454EBCAD52F303406A488" = Windows Driver Package - FTDI CDM Driver Package (03/30/2010 2.06.02)
"AutoCAD Mechanical 2011" = AutoCAD Mechanical 2011
"Autodesk Inventor Fusion-Änderungsverfolgung" = Autodesk Inventor Fusion Change Manager
"Autodesk Inventor Professional 2011" = Autodesk Inventor Professional 2011 Deutsch
"A-WIN-Extras 8.0.4 2609412_is1" = Mathematica Extras 8.0 (2609412)
"DWG TrueView 2011" = DWG TrueView 2011
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Shop for HP Supplies" = Shop for HP Supplies
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0A042C19-1F48-4952-B3B6-828E8028A187}" = B209a-m
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{27AB9BD6-4A3E-4BBD-8381-CD445E474936}" = Berkeley Madonna
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B9F15ED-C087-4FBB-805E-EE24D2AE2E13}" = Mastercam X5 Demo/Home Learning Edition
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4281435C-AD1D-4C8A-B9C0-3961C11EF142}_is1" = YouTube Song Downloader
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5F753314-628E-4C13-B8AE-BFA7FD514CBE}" = D-Link Wireless G DWL-G122_DWA-110
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{9F89A209-991C-55CA-BDF6-B615F6D4F298}" = Autodesk Inventor Fusion Technology Preview 3
"{9F89A209-991C-66CA-BDF6-B615F6D4F298}" = Autodesk Inventor Fusion Technology Preview 3 Language Pack
"{A49BDCBE-590E-43A6-AB77-7C40E499B7C1}" = Autodesk Design Review 2012
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B65759DD-26C6-4EA6-9014-CA798907EBFD}" = PS_AIO_06_B209a-m_SW_Min
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5C7FD70-2C0A-401E-95E9-916363567DDA}" = HP Setup
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Autodesk Design Review 2012" = Autodesk Design Review 2012
"Autodesk Inventor Fusion Technology Preview 3" = Autodesk Inventor Fusion Technology Preview 3
"Autodesk Vault 2011 (Client)" = Autodesk Vault 2011 (Client)
"EasyBits Magic Desktop" = Magic Desktop
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{3B9F15ED-C087-4FBB-805E-EE24D2AE2E13}" = Mastercam X5 Demo/Home Learning Edition
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"M-WIN-D 8.0.4 2609533_is1" = Wolfram CDF Player (M-WIN-D 8.0.4 2609533)
"My HP Game Console" = HP Game Console
"MyFreeCodec" = MyFreeCodec
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Steam App 440" = Team Fortress 2
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 1.1.5
"WildTangent hp Master Uninstall" = HP Games
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"WT082124" = Blasterball 3
"WT082141" = FATE
"WT082168" = Penguins!
"WT082172" = Polar Bowler
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082222" = Insaniquarium Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082246" = Zuma Deluxe
"WT082396" = Diner Dash 2 Restaurant Rescue
"WT082409" = Mahjongg Artifacts
"WT082414" = Mystery P.I. - The Vegas Heist
"WT082422" = Wedding Dash
"WT082427" = Slingo Deluxe
"WT082439" = Bus Driver
"WT083492" = Agatha Christie - Death on the Nile
"WT083510" = Jewel Quest Solitaire
"WT083514" = Jewel Quest II
"WT083521" = Dream Chronicles
"WT083529" = Gem Shop
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1203498084-3556532659-3849733214-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/4/2012 6:57:33 AM | Computer Name = PCName | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 12/5/2012 4:36:38 PM | Computer Name = PCName | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 12/5/2012 7:10:12 PM | Computer Name = PCName | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 12/6/2012 5:54:55 PM | Computer Name = PCName | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 12/9/2012 4:06:15 PM | Computer Name = PCName | Source = Windows Backup | ID = 4103
Description = 
 
Error - 12/9/2012 4:54:44 PM | Computer Name = PCName | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 12/9/2012 4:55:28 PM | Computer Name = PCName | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 14.0.6123.5005 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 133c    Startzeit: 01cdd3fc720fafb3    Endzeit: 62    Anwendungspfad:
 C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE    Berichts-ID: b1997460-4242-11e2-935d-f36507d91e18

 
Error - 12/10/2012 4:29:32 PM | Computer Name = PCName | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 12/11/2012 5:57:51 AM | Computer Name = PCName | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 12/12/2012 1:31:00 PM | Computer Name = PCName | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WZCSLDR2.exe, Version: 1.0.14.9283,
 Zeitstempel: 0x4a544705  Name des fehlerhaften Moduls: MFC42.DLL, Version: 6.6.8064.0,
 Zeitstempel: 0x4d79b238  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00013613  ID des fehlerhaften
 Prozesses: 0x187c  Startzeit der fehlerhaften Anwendung: 0x01cdd0970059f67d  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\MFC42.DLL  Berichtskennung: b18129e8-4481-11e2-935d-f36507d91e18
 
[ Hewlett-Packard Events ]
Error - 11/8/2012 3:48:35 PM | Computer Name = PCName | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4095  Ram Utilization: 40  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 11/8/2012 3:48:35 PM | Computer Name = PCName | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4095  Ram Utilization: 40  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 11/15/2012 5:20:36 PM | Computer Name = PCName | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4095  Ram Utilization: 30  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 11/15/2012 5:20:39 PM | Computer Name = PCName | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4095  Ram Utilization: 30  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 11/15/2012 5:20:39 PM | Computer Name = PCName | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4095  Ram Utilization: 30  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 11/15/2012 5:20:39 PM | Computer Name = PCName | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4095  Ram Utilization: 30  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 11/22/2012 7:37:40 AM | Computer Name = PCName | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4095  Ram Utilization: 40  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 11/22/2012 7:37:40 AM | Computer Name = PCName | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4095  Ram Utilization: 40  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 11/22/2012 7:37:40 AM | Computer Name = PCName | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4095  Ram Utilization: 40  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
Error - 11/22/2012 7:37:41 AM | Computer Name = PCName | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Message: Das Objekt des Typs "System.DBNull"
 kann nicht in Typ "System.String" umgewandelt werden.  StackTrace:   bei HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
 dr, Boolean bOnlyDetected, HPSASession SFSession)  Source: HP.SupportAssistant.Common

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: de-DE  RAM: 4095  Ram Utilization: 40  TargetSite: Void SaveSessionInfo(System.Data.DataRow,
 Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)  
 
[ System Events ]
Error - 6/24/2012 2:13:32 PM | Computer Name = PCName | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 7/3/2012 12:51:11 PM | Computer Name = PCName | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{E061DEF0-4B80-46F3-920E-13AB9DDDF76E} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 7/13/2012 5:08:41 PM | Computer Name = PCName | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{E061DEF0-4B80-46F3-920E-13AB9DDDF76E} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 8/17/2012 2:06:05 PM | Computer Name = PCName | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 8/17/2012 2:06:05 PM | Computer Name = PCName | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 9/3/2012 9:31:35 AM | Computer Name = PCName | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 9/3/2012 9:31:35 AM | Computer Name = PCName | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 9/9/2012 2:21:38 PM | Computer Name = PCName | Source = bowser | ID = 8003
Description = 
 
Error - 9/10/2012 1:17:47 AM | Computer Name = PCName | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 9/10/2012 1:17:47 AM | Computer Name = PCName | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
 
< End of report >
         
Code:
ATTFilter
OTL logfile created on: 12/27/2012 9:32:08 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\UserName\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 3.07 Gb Available Physical Memory | 76.70% Memory free
8.00 Gb Paging File | 6.37 Gb Available in Paging File | 79.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.34 Gb Total Space | 470.50 Gb Free Space | 80.66% Space Free | Partition Type: NTFS
Drive D: | 12.73 Gb Total Space | 1.51 Gb Free Space | 11.83% Space Free | Partition Type: NTFS
 
Computer Name: PCName | User Name: UserName | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Users\UserName\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
PRC - C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\AirGCFG.exe (D-Link Corp.)
PRC - C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
PRC - C:\Windows\SysWOW64\ANIWConnService.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\UserName\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll ()
MOD - C:\Program Files (x86)\Steam\SDL.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\7584733b0bfcbe669ea38a81b914a83a\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0acdeb764dc3715299a163fba3c7bdaa\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\739c5209c3538b3457c2f8f9ad196cbb\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\960b6130c64f21d8f5d8d3eb183ae660\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\6053166746abce42f4c4432e0ec54fc7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\947466e2a04c48c43a8b255eb236ba71\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4a2b56d6031270f0fcf7388e4d787333\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\86f1e41236b3d404d65db53bd0374d1e\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e46c644e0ef0456434b32f3e91b56424\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ff1ceec110e2983a75c2c21f50274ac2\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9d1f9ff307e93bb9929b2b11661623cb\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\20ce3ca371acfbe996c6a21b5469992d\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\aaf8a137263c899815f0acff07eb1562\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\031abbfbd476fdc0c392160b67f2c662\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
MOD - C:\Windows\SysWOW64\wlanapp.dll ()
MOD - C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\ANIOApi.dll ()
MOD - C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIOApi.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV:64bit: - (mitsijm2011) -- C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WDSC) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
SRV - (WDFME) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (ANIWConnService) -- C:\Windows\SysWOW64\ANIWConnService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\Dnetr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (anodlwf) -- C:\Windows\SysNative\drivers\anodlwfx.sys ()
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/12
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{03BC63FE-780D-45A6-91BD-15CC3BB7C267}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/12
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{03BC63FE-780D-45A6-91BD-15CC3BB7C267}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\..\SearchScopes\{03BC63FE-780D-45A6-91BD-15CC3BB7C267}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\..\SearchScopes\{A8C3C848-BC39-4996-9B12-CBFA659C2BA1}: "URL" = hxxp://search.softonic.com/MON00005/tb_v1?q={searchTerms}&SearchSource=4&cc=
IE - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.ch/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2010.9.0.6
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/29 16:37:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/04 22:53:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/04 22:53:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/29 16:37:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/04 22:53:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/04 22:53:15 | 000,000,000 | ---D | M]
 
[2010/10/29 14:42:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserName\AppData\Roaming\mozilla\Extensions
[2012/12/26 14:29:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserName\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012/10/23 20:45:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserName\AppData\Roaming\mozilla\Firefox\Profiles\cppgs5l7.default\extensions
[2012/12/04 22:53:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/12/04 22:53:17 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/11/20 21:12:14 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/19 20:10:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/18 08:51:16 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/19 20:10:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/19 20:10:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/19 20:10:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/19 20:10:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012/12/23 17:36:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [D-Link D-Link Wireless G DWL-G122_DWA-110] C:\Program Files (x86)\D-Link\DWL-G122_DWA-110\AirGCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe ()
O4 - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1203498084-3556532659-3849733214-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E061DEF0-4B80-46F3-920E-13AB9DDDF76E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/12/27 21:28:03 | 000,000,000 | R--D | C] -- C:\Users\UserName\Documents\Notes
[2012/12/23 17:36:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/23 17:28:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/12/23 17:28:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/12/23 17:28:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/12/23 17:27:05 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2012/12/23 17:27:04 | 000,126,312 | R--- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012/12/23 14:41:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/23 14:40:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/12/23 13:49:43 | 005,012,898 | R--- | C] (Swearware) -- C:\Users\UserName\Desktop\ComboFix.exe
[2012/12/23 02:42:51 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\UserName\Desktop\tdsskiller.exe
[2012/12/23 00:16:37 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\UserName\Desktop\aswMBR.exe
[2012/12/22 23:28:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/22 22:15:55 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Roaming\Malwarebytes
[2012/12/22 22:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/22 22:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/22 22:15:39 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/22 22:15:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/22 22:13:37 | 010,669,952 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\UserName\Desktop\mbam-setup-1.65.1.1000.exe
[2012/12/21 22:20:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\UserName\Desktop\OTL.exe
[2012/12/21 22:02:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012/12/21 03:01:42 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/21 03:01:42 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/21 03:01:40 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/21 03:01:39 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/14 21:19:40 | 000,027,456 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\cpqdfw.sys
[2012/12/14 21:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/12/14 21:16:54 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2012/12/13 03:03:35 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/13 03:03:35 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/13 03:03:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/13 03:03:33 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/13 03:03:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/13 03:03:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/13 03:03:33 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/13 03:03:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/13 03:03:32 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/13 03:03:32 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/13 03:03:32 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/13 03:03:32 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/13 03:03:31 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/13 03:03:31 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/13 03:03:31 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/12 18:49:16 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/12/12 18:49:15 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/12 18:49:15 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/12/12 18:49:15 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/12/12 18:49:15 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/12/12 18:49:15 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/12/12 18:49:14 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/12/12 18:49:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/12/12 18:49:14 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/12/12 18:49:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/12/12 18:49:14 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/12/12 18:49:14 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/12/12 18:49:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 18:49:13 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 18:49:13 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 18:49:13 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 18:49:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 18:49:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 18:49:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 18:49:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 18:49:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 18:49:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 18:49:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 18:49:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 18:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 18:49:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 18:49:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 18:49:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 18:49:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 18:49:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 18:49:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 18:49:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 18:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 18:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 18:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 18:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 18:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 18:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 18:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 18:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 18:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 18:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 18:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 18:49:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/12/12 18:48:50 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/12 18:48:50 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/04 22:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2012/12/27 21:29:12 | 000,017,498 | ---- | M] () -- C:\Users\UserName\Desktop\1
[2012/12/27 20:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/27 20:08:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUserName.job
[2012/12/27 19:57:24 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/27 19:57:24 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/12/27 19:57:24 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/27 19:57:24 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/12/27 19:57:24 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/27 19:55:54 | 000,003,284 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCS{E061DEF0-4B80-46F3-920E-13AB9DDDF76E}
[2012/12/27 19:55:54 | 000,003,284 | ---- | M] () -- C:\Users\UserName\AppData\Roaming\ANIWZCS{E061DEF0-4B80-46F3-920E-13AB9DDDF76E}
[2012/12/27 19:55:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/26 14:38:35 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/26 14:38:35 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/26 14:31:02 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/24 18:27:22 | 000,549,359 | ---- | M] () -- C:\Users\UserName\Desktop\adwcleaner.exe
[2012/12/23 17:36:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/12/23 13:52:15 | 005,012,898 | R--- | M] (Swearware) -- C:\Users\UserName\Desktop\ComboFix.exe
[2012/12/23 02:47:27 | 000,561,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/23 02:42:51 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\UserName\Desktop\tdsskiller.exe
[2012/12/23 02:41:11 | 000,000,512 | ---- | M] () -- C:\Users\UserName\Desktop\MBR.dat
[2012/12/23 00:17:36 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\UserName\Desktop\aswMBR.exe
[2012/12/22 22:15:41 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/12/22 22:13:47 | 010,669,952 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\UserName\Desktop\mbam-setup-1.65.1.1000.exe
[2012/12/21 23:00:47 | 000,302,592 | ---- | M] () -- C:\Users\UserName\Desktop\15sod9l8.exe
[2012/12/21 22:45:25 | 000,000,355 | ---- | M] () -- C:\Users\UserName\Desktop\Computer - Verknüpfung.lnk
[2012/12/21 22:20:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\UserName\Desktop\OTL.exe
[2012/12/21 22:19:01 | 000,000,000 | ---- | M] () -- C:\Users\UserName\defogger_reenable
[2012/12/21 22:17:32 | 000,050,477 | ---- | M] () -- C:\Users\UserName\Desktop\Defogger.exe
[2012/12/21 22:02:07 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2012/12/16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/14 21:18:50 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/12/12 18:31:52 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/12 18:31:52 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/11/30 12:47:32 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
 
========== Files Created - No Company Name ==========
 
[2012/12/27 21:28:43 | 000,017,498 | ---- | C] () -- C:\Users\UserName\Desktop\1
[2012/12/24 18:27:22 | 000,549,359 | ---- | C] () -- C:\Users\UserName\Desktop\adwcleaner.exe
[2012/12/23 17:28:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/23 17:28:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/23 17:28:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/23 17:28:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/23 17:28:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/23 02:41:11 | 000,000,512 | ---- | C] () -- C:\Users\UserName\Desktop\MBR.dat
[2012/12/22 22:15:41 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/12/21 23:00:46 | 000,302,592 | ---- | C] () -- C:\Users\UserName\Desktop\15sod9l8.exe
[2012/12/21 22:45:25 | 000,000,355 | ---- | C] () -- C:\Users\UserName\Desktop\Computer - Verknüpfung.lnk
[2012/12/21 22:19:01 | 000,000,000 | ---- | C] () -- C:\Users\UserName\defogger_reenable
[2012/12/21 22:17:32 | 000,050,477 | ---- | C] () -- C:\Users\UserName\Desktop\Defogger.exe
[2012/12/21 22:02:07 | 000,001,180 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2012/12/21 22:02:06 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2012/12/14 21:18:49 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/03/15 18:01:11 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/20 19:27:32 | 000,000,000 | ---- | C] () -- C:\Users\UserName\AppData\Roaming\wklnhst.dat
[2011/11/29 16:23:36 | 000,225,231 | ---- | C] () -- C:\Windows\hpoins40.dat
[2011/05/07 08:38:52 | 000,000,258 | ---- | C] () -- C:\Users\UserName\AppData\Roaming\ANICONFIG_{E061DEF0-4B80-46F3-920E-13AB9DDDF76E}.ini
[2011/02/13 15:15:21 | 000,007,168 | ---- | C] () -- C:\Users\UserName\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/04 16:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/01/04 16:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/01/04 16:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/01/04 16:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/01/04 16:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/11/22 14:45:18 | 000,003,284 | ---- | C] () -- C:\Users\UserName\AppData\Roaming\ANIWZCS{E061DEF0-4B80-46F3-920E-13AB9DDDF76E}
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         

Vielen Dank und Freuntliche Grüsse

Aster!x

Antwort

Themen zu Hotmail Account gehackt und verschickt automatisch Mails
account, antwort, automatisch, frage, fragen, gehackt, hallo zusammen, heute, hotmail, keine viren, kumpel, link, link geöffnet, mail, mails, mittwoch, neu, nicht mehr, problem, reaktivieren, relativ, trojaner, verschickt, verseucht, viren, virus, virus verseucht, zusammen



Ähnliche Themen: Hotmail Account gehackt und verschickt automatisch Mails


  1. Mail Account verschickt automatisch Phishing Mails
    Plagegeister aller Art und deren Bekämpfung - 03.09.2014 (1)
  2. E-Mail Account gehackt - unauthorisierte Mails von meinem Account werden verschickt
    Log-Analyse und Auswertung - 19.04.2014 (5)
  3. Mail Account verschickt automatisch Spam Mails
    Plagegeister aller Art und deren Bekämpfung - 01.04.2014 (11)
  4. Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte
    Log-Analyse und Auswertung - 29.04.2013 (13)
  5. Mail-Account gehackt? Hab komische Mails verschickt...
    Log-Analyse und Auswertung - 15.04.2013 (9)
  6. Mail-Account verschickt regelmäßig automatisch Spam-Mails aus meinem Postkorb
    Log-Analyse und Auswertung - 13.08.2012 (34)
  7. Mein Hotmail verschickt automatisch Junk-Mails von Diät Pillen o.O
    Log-Analyse und Auswertung - 16.07.2012 (7)
  8. spam-mails von hotmail-account verschickt --> trojaner?
    Plagegeister aller Art und deren Bekämpfung - 09.07.2012 (14)
  9. (2x) Mail Account verschickt automatisch emails Hotmail
    Mülltonne - 22.06.2012 (1)
  10. Spam E-Mails werden automatisch über GMX-Account verschickt
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (1)
  11. Mein Yahhoo Account verschickt automatisch spam mails
    Plagegeister aller Art und deren Bekämpfung - 28.03.2012 (3)
  12. MSN - Hotmail verschickt von alleine Spam Mails
    Plagegeister aller Art und deren Bekämpfung - 28.11.2011 (1)
  13. Spam Mails werden automatisch vom Yahoo Account verschickt
    Log-Analyse und Auswertung - 28.08.2011 (2)
  14. Hotmail verschickt automatisch Spam mails
    Plagegeister aller Art und deren Bekämpfung - 17.08.2011 (1)
  15. Hotmail verschickt Spam-Mails
    Überwachung, Datenschutz und Spam - 16.08.2011 (1)
  16. Mein Hotmail Konto verschickt automatisch Spam-Mails an mein Adressbuch =/
    Plagegeister aller Art und deren Bekämpfung - 16.02.2011 (7)
  17. Hotmail Account verschickt automatisch Spam Mails!
    Plagegeister aller Art und deren Bekämpfung - 14.02.2011 (7)

Zum Thema Hotmail Account gehackt und verschickt automatisch Mails - Hallo zusammen! Ich bin neu hier auf dem Board. Bevor ich mein Problem beschreibe solltet Ihr Wissen, dass meine PC Kenntnisse relativ bescheiden sind. Am Mittwoch habe ich ein Mail - Hotmail Account gehackt und verschickt automatisch Mails...
Archiv
Du betrachtest: Hotmail Account gehackt und verschickt automatisch Mails auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.