Malewarebytes findet Trojan.Agent

ToJaNa · 13.03.2013, 09:43

Hallo und Guten Morgen,

nachdem wir vor drei Wochen eine eMail von abuse@t-online bekamen das ein "Hackerangriff" von uns ausgegangen sei, habe ich bei beiden Laptops und dem PC Norton Internet Security 2012 gründlich suchen lassen (NIS ist seit langen installiert und immer aktuell). Nachdem nichts gefunden wurde habe ich noch sämtliche Passwörter geändert und damit war die Sache für mich erstmal erledigt.
Bis gestern, da kam eine weitere eMail von der Telekom und gleichzeitig wurde von denen der Port 25 eingeschränkt.
Nach einer Recherche im Internet bin ich auf dieses Forum gestossen und habe darauf hin das oftmals zuerst empfohlene "Malewarebytes" laufen lassen, welches auch fündig wurde.

Hier die .txt, danach wurden die Plagegeister in die Quarantäne verschoben (diese .txt habe ich leider nicht behaltem).

Wie gehe ich weiter vor? Einfach von Malewarebytes löschen lassen? Oder weiteres laufen lassen?

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.12.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Compaq :: AU2008 [Administrator]

Schutz: Aktiviert

12.03.2013 18:49:42
MBAM-log-2013-03-12 (23-09-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 544824
Laufzeit: 2 Stunde(n), 47 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt.
C:\Program Files\RelevantKnowledge (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.

Infizierte Dateien: 7
C:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt.
C:\Windows\retadpu1000520.exe (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Keine Aktion durchgeführt.
C:\Program Files\RelevantKnowledge\rloci.bin (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.

(Ende)

Vielen Dank schon einmal im voraus!!!

Gruß
Tobias

cosinus · 14.03.2013, 16:22

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

ToJaNa · 14.03.2013, 18:17

Hallo,

ja, habe gestern GMER laufen lassen und danach den Adwcleaner

Gmer:
GMER Logfile:

Code:

ATTFilter

GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-13 19:28:28
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.BB2O 111,79GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Compaq\AppData\Local\Temp\uxddrpoc.sys


---- System - GMER 2.1 ----

SSDT            872DDE68                       ZwAlertResumeThread
SSDT            872DDF48                       ZwAlertThread
SSDT            872DCD48                       ZwAllocateVirtualMemory
SSDT            871DE560                       ZwAlpcConnectPort
SSDT            872DABC8                       ZwAssignProcessToJobObject
SSDT            872DDBB8                       ZwCreateMutant
SSDT            872EDEA0                       ZwCreateSymbolicLinkObject
SSDT            8799D208                       ZwCreateThread
SSDT            872DACA8                       ZwDebugActiveProcess
SSDT            872DCF18                       ZwDuplicateObject
SSDT            872DCB00                       ZwFreeVirtualMemory
SSDT            872DDCA8                       ZwImpersonateAnonymousToken
SSDT            872DDD88                       ZwImpersonateThread
SSDT            871DCB00                       ZwLoadDriver
SSDT            872F3FB0                       ZwMapViewOfSection
SSDT            872DDAD8                       ZwOpenEvent
SSDT            8799D0F0                       ZwOpenProcess
SSDT            872DCE38                       ZwOpenProcessToken
SSDT            872DAED0                       ZwOpenSection
SSDT            8799D020                       ZwOpenThread
SSDT            872DAAD8                       ZwProtectVirtualMemory
SSDT            872F3A60                       ZwResumeThread
SSDT            872F3D00                       ZwSetContextThread
SSDT            872F3DE0                       ZwSetInformationProcess
SSDT            872DAD88                       ZwSetSystemInformation
SSDT            872DAF90                       ZwSuspendProcess
SSDT            872F3B40                       ZwSuspendThread
SSDT            8799D2E8                       ZwTerminateProcess
SSDT            872F3C20                       ZwTerminateThread
SSDT            872F3ED0                       ZwUnmapViewOfSection
SSDT            872DCBF0                       ZwWriteVirtualMemory
SSDT            872EDF70                       ZwCreateThreadEx

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!KeSetEvent + 11D  824F87E0 8 Bytes  [68, DE, 2D, 87, 48, DF, 2D, ...]
.text           ntkrnlpa.exe!KeSetEvent + 131  824F87F4 4 Bytes  [48, CD, 2D, 87]
.text           ntkrnlpa.exe!KeSetEvent + 13D  824F8800 4 Bytes  [60, E5, 1D, 87]
.text           ntkrnlpa.exe!KeSetEvent + 191  824F8854 4 Bytes  [C8, AB, 2D, 87] {ENTER 0x2dab, 0x87}
.text           ntkrnlpa.exe!KeSetEvent + 1F5  824F88B8 4 Bytes  [B8, DB, 2D, 87]
.text           ...                            

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\tdx \Device\Tcp        SYMTDIV.SYS
AttachedDevice  \Driver\tdx \Device\Udp        SYMTDIV.SYS
AttachedDevice  \Driver\tdx \Device\RawIp      SYMTDIV.SYS

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0          unknown MBR code

---- EOF - GMER 2.1 ----

--- --- ---

Adwcleaner der erste(R1):
AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.114 - Logfile created 03/13/2013 at 19:29:42
# Updated 05/03/2013 by Xplode
# Operating system : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# User : Compaq - AU2008
# Boot Mode : Normal
# Running from : C:\Users\Compaq\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : \Software
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\Viewpoint
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Viewpoint
Folder Found : C:\Users\Compaq\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Compaq\AppData\Roaming\boost_interprocess
Folder Found : C:\Users\Compaq\AppData\Roaming\iWin
Folder Found : C:\Users\Compaq\AppData\Roaming\Mozilla\Firefox\Profiles\532q5lx5.default\extensions\toolbar@ask.com
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D08D9F98-1C78-4704-87E6-368B0023D831}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Viewpoint
Key Found : HKU\S-1-5-21-3080769578-2973585157-627236985-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (de)

File : C:\Users\Compaq\AppData\Roaming\Mozilla\Firefox\Profiles\532q5lx5.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [9193 octets] - [13/03/2013 19:29:42]

########## EOF - C:\AdwCleaner[R1].txt - [9253 octets] ##########

--- --- ---

Adwcleaner (S1):
AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.114 - Logfile created 03/13/2013 at 19:30:38
# Updated 05/03/2013 by Xplode
# Operating system : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# User : Compaq - AU2008
# Boot Mode : Normal
# Running from : C:\Users\Compaq\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : \Software
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\Compaq\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Compaq\AppData\Roaming\boost_interprocess
Folder Deleted : C:\Users\Compaq\AppData\Roaming\iWin
Folder Deleted : C:\Users\Compaq\AppData\Roaming\Mozilla\Firefox\Profiles\532q5lx5.default\extensions\toolbar@ask.com
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D08D9F98-1C78-4704-87E6-368B0023D831}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (de)

File : C:\Users\Compaq\AppData\Roaming\Mozilla\Firefox\Profiles\532q5lx5.default\prefs.js

C:\Users\Compaq\AppData\Roaming\Mozilla\Firefox\Profiles\532q5lx5.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [9322 octets] - [13/03/2013 19:29:42]
AdwCleaner[S1].txt - [9258 octets] - [13/03/2013 19:30:38]

########## EOF - C:\AdwCleaner[S1].txt - [9318 octets] ##########

[/CODE]
--- --- ---

adwcleander (R2):
AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.114 - Logfile created 03/13/2013 at 19:34:32
# Updated 05/03/2013 by Xplode
# Operating system : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# User : Compaq - AU2008
# Boot Mode : Normal
# Running from : C:\Users\Compaq\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (de)

File : C:\Users\Compaq\AppData\Roaming\Mozilla\Firefox\Profiles\532q5lx5.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [9322 octets] - [13/03/2013 19:29:42]
AdwCleaner[R2].txt - [854 octets] - [13/03/2013 19:34:33]
AdwCleaner[S1].txt - [9387 octets] - [13/03/2013 19:30:38]

########## EOF - C:\AdwCleaner[R2].txt - [973 octets] ##########

--- --- ---

adwcleaner (S2):
AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.114 - Logfile created 03/13/2013 at 19:36:06
# Updated 05/03/2013 by Xplode
# Operating system : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# User : Compaq - AU2008
# Boot Mode : Normal
# Running from : C:\Users\Compaq\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (de)

File : C:\Users\Compaq\AppData\Roaming\Mozilla\Firefox\Profiles\532q5lx5.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [9322 octets] - [13/03/2013 19:29:42]
AdwCleaner[R2].txt - [1041 octets] - [13/03/2013 19:34:33]
AdwCleaner[S1].txt - [9387 octets] - [13/03/2013 19:30:38]
AdwCleaner[S2].txt - [854 octets] - [13/03/2013 19:36:06]

########## EOF - C:\AdwCleaner[S2].txt - [913 octets] ##########

--- --- ---

Das sind die die ich habe. Hoffe ich habe nicht voreilig mit dem adwcleaner gearbeitet.

Viele Grüße
Tobias

cosinus · 14.03.2013, 23:09

Nein, adwCleaner ist ok, ich wollte eigentlich nur wissen, ob dein Virenscanner oder andere Malwarescanner noch was gefunden haben

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

ToJaNa · 15.03.2013, 12:37

Hallo,

nein, andere Files habe ich nicht. Norton hatte ja bislang nix gefunden.

Hier die OTL.txt

Code:

ATTFilter

OTL logfile created on: 15.03.2013 12:00:15 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Compaq\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,64 Gb Available Physical Memory | 32,34% Memory free
4,22 Gb Paging File | 2,60 Gb Available in Paging File | 61,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,11 Gb Total Space | 33,68 Gb Free Space | 32,98% Space Free | Partition Type: NTFS
Drive D: | 9,68 Gb Total Space | 2,53 Gb Free Space | 26,14% Space Free | Partition Type: NTFS
 
Computer Name: AU2008 | User Name: Compaq | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Compaq\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\ASCOMP Software\BackUp Maker\bkmaker.exe (ASCOMP Software GmbH)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe (Symantec Corporation)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (UsbserFilt) -- system32\DRIVERS\usbser_lowerfltj.sys File not found
DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (nmwcdnsuc) -- system32\drivers\nmwcdnsuc.sys File not found
DRV - (nmwcdnsu) -- system32\drivers\nmwcdnsu.sys File not found
DRV - (nmwcdc) -- system32\drivers\ccdcmbo.sys File not found
DRV - (nmwcd) -- system32\drivers\ccdcmb.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (Aspi32) --  File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130313.034\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130313.034\NAVENG.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130301.001\BHDrvx86.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130312.001\IDSvix86.sys (Symantec Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1309010.00E\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1309010.00E\srtspx.sys (Symantec Corporation)
DRV - (ccSet_NIS) -- C:\Windows\System32\drivers\NIS\1309010.00E\ccsetx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1309010.00E\symefa.sys (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\drivers\NIS\1309010.00E\symtdiv.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1309010.00E\ironx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1309010.00E\symds.sys (Symantec Corporation)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Company)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3080769578-2973585157-627236985-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=laptop
IE - HKU\S-1-5-21-3080769578-2973585157-627236985-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3080769578-2973585157-627236985-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3080769578-2973585157-627236985-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3080769578-2973585157-627236985-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3080769578-2973585157-627236985-1003\..\SearchScopes\{732E2BA6-DE69-4EFB-89FA-E7ABA8D48B5E}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKU\S-1-5-21-3080769578-2973585157-627236985-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3080769578-2973585157-627236985-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledAddons: service%40touchpdf.com:1.17
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: service@touchpdf.com:1.15
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.2.1.6
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.06.15 04:26:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2013.03.15 11:53:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 15:27:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.14 12:27:31 | 000,000,000 | ---D | M]
 
[2008.09.15 02:38:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Compaq\AppData\Roaming\mozilla\Extensions
[2013.03.13 19:30:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\532q5lx5.default\extensions
[2010.07.03 19:34:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\532q5lx5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.02.25 19:43:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\532q5lx5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.01.22 18:08:43 | 000,057,900 | ---- | M] () (No name found) -- C:\Users\Compaq\AppData\Roaming\mozilla\firefox\profiles\532q5lx5.default\extensions\service@touchpdf.com.xpi
[2013.03.08 15:26:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.03.08 15:27:07 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007.06.30 01:48:14 | 000,292,208 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2010.05.10 18:48:14 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.05.09 19:26:07 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.17 19:54:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.05.09 19:26:07 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.09 19:26:07 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.09 19:26:07 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.09 19:26:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3080769578-2973585157-627236985-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-3080769578-2973585157-627236985-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3080769578-2973585157-627236985-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3080769578-2973585157-627236985-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AA8DBD6-5A30-424F-B238-D41730331642}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B29000DE-BEF8-48D4-98EE-709383FFCC36}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CAC5D285-4B73-4B50-B4A4-86B24893C5BF}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Compaq\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Compaq\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.11.22 12:19:47 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{3c84cca3-2dc6-11de-a815-001eec2e1323}\Shell - "" = AutoRun
O33 - MountPoints2\{3c84cca3-2dc6-11de-a815-001eec2e1323}\Shell\AutoRun\command - "" = F:\NokiaPCIA_Autorun.exe
O33 - MountPoints2\{3d6f759c-fc40-11dd-9a99-001eec2e1323}\Shell - "" = AutoRun
O33 - MountPoints2\{3d6f759c-fc40-11dd-9a99-001eec2e1323}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{5d99aa40-72ff-11de-9af5-001eec2e1323}\Shell - "" = AutoRun
O33 - MountPoints2\{5d99aa40-72ff-11de-9af5-001eec2e1323}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{5d99aa5d-72ff-11de-9af5-001eec2e1323}\Shell - "" = AutoRun
O33 - MountPoints2\{5d99aa5d-72ff-11de-9af5-001eec2e1323}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{665f5a5f-7478-11de-a957-001eec2e1323}\Shell - "" = AutoRun
O33 - MountPoints2\{665f5a5f-7478-11de-a957-001eec2e1323}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{665f5a7c-7478-11de-a957-001eec2e1323}\Shell - "" = AutoRun
O33 - MountPoints2\{665f5a7c-7478-11de-a957-001eec2e1323}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{968b5e84-224e-11dd-b12e-001eec2e1323}\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2008.01.18 14:33:30 | 000,013,312 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{968b5e87-224e-11dd-b12e-001eec2e1323}\Shell - "" = AutoRun
O33 - MountPoints2\{968b5e87-224e-11dd-b12e-001eec2e1323}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{968b6380-224e-11dd-b12e-001eec2e1323}\Shell\Auto\command - "" = auto.exe
O33 - MountPoints2\{968b6380-224e-11dd-b12e-001eec2e1323}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
O33 - MountPoints2\{968b6380-224e-11dd-b12e-001eec2e1323}\Shell\explore\Command - "" = F:\mvxm.cmd
O33 - MountPoints2\{968b6380-224e-11dd-b12e-001eec2e1323}\Shell\open\Command - "" = F:\mvxm.cmd
O33 - MountPoints2\{aa6b3b5a-41ca-11dd-9fd6-001eec2e1323}\Shell\Auto\command - "" = F:\auto.exe
O33 - MountPoints2\{aa6b3b5a-41ca-11dd-9fd6-001eec2e1323}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\auto.exe
O33 - MountPoints2\{aa6b3b5a-41ca-11dd-9fd6-001eec2e1323}\Shell\explore\Command - "" = F:\mvxm.cmd
O33 - MountPoints2\{aa6b3b5a-41ca-11dd-9fd6-001eec2e1323}\Shell\open\Command - "" = F:\mvxm.cmd
O33 - MountPoints2\{c1b75a8b-4015-11dd-bba7-001eec2e1323}\Shell\Auto\command - "" = J:\auto.exe
O33 - MountPoints2\{c1b75a8b-4015-11dd-bba7-001eec2e1323}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\auto.exe
O33 - MountPoints2\{c1b75a8b-4015-11dd-bba7-001eec2e1323}\Shell\explore\Command - "" = J:\mvxm.cmd
O33 - MountPoints2\{c1b75a8b-4015-11dd-bba7-001eec2e1323}\Shell\open\Command - "" = J:\mvxm.cmd
O33 - MountPoints2\{c1b75a95-4015-11dd-bba7-001eec2e1323}\Shell\Auto\command - "" = auto.exe
O33 - MountPoints2\{c1b75a95-4015-11dd-bba7-001eec2e1323}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
O33 - MountPoints2\{c1b75a95-4015-11dd-bba7-001eec2e1323}\Shell\explore\Command - "" = F:\mvxm.cmd
O33 - MountPoints2\{c1b75a95-4015-11dd-bba7-001eec2e1323}\Shell\open\Command - "" = F:\mvxm.cmd
O33 - MountPoints2\{c1b75c7d-4015-11dd-bba7-001eec2e1323}\Shell\AutoRun\command - "" = J:\qwc.exe
O33 - MountPoints2\{c1b75c7d-4015-11dd-bba7-001eec2e1323}\Shell\explore\Command - "" = J:\qwc.exe
O33 - MountPoints2\{c1b75c7d-4015-11dd-bba7-001eec2e1323}\Shell\open\Command - "" = J:\qwc.exe
O33 - MountPoints2\{cae5d504-7ece-11de-815b-001eec2e1323}\Shell - "" = AutoRun
O33 - MountPoints2\{cae5d504-7ece-11de-815b-001eec2e1323}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.15 11:57:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Compaq\Desktop\OTL.exe
[2013.03.14 13:23:20 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.14 13:23:19 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.14 13:23:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.14 13:23:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.14 13:23:19 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.14 13:23:18 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.14 13:23:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.14 13:23:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.14 13:21:38 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.14 12:26:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.13 19:29:14 | 000,700,783 | R--- | C] (Swearware) -- C:\Users\Compaq\Desktop\dds+.exe
[2013.03.13 19:29:14 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Compaq\Desktop\TFC.exe
[2013.03.12 18:47:38 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.12 18:46:25 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.12 18:46:25 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.12 18:46:25 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.12 18:45:04 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Roaming\Malwarebytes
[2013.03.12 18:43:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.12 18:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.12 18:43:35 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.12 18:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.08 15:26:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.03.04 19:44:39 | 018,741,360 | ---- | C] (Solvusoft Corporation                                       ) -- C:\Users\Compaq\Desktop\FileViewPro_2013.exe
[2013.03.03 19:39:14 | 000,000,000 | ---D | C] -- C:\Users\Compaq\Desktop\CVH
[2013.03.03 10:52:53 | 000,000,000 | ---D | C] -- C:\Users\Compaq\Desktop\Übergabe Ordner Vers1
[2013.02.22 19:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.02.22 19:16:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.02.22 19:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.02.22 19:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.02.22 18:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.02.22 18:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013.02.22 18:25:13 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.22 18:25:13 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.22 18:25:11 | 002,048,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.22 18:24:51 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.15 11:57:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Compaq\Desktop\OTL.exe
[2013.03.15 11:53:19 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.15 11:53:16 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.15 11:52:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.14 12:34:27 | 000,000,422 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2013.03.13 19:30:34 | 000,649,172 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.13 19:30:34 | 000,124,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.13 11:31:34 | 000,700,783 | R--- | M] (Swearware) -- C:\Users\Compaq\Desktop\dds+.exe
[2013.03.13 11:31:12 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Compaq\Desktop\TFC.exe
[2013.03.13 11:31:04 | 000,597,667 | ---- | M] () -- C:\Users\Compaq\Desktop\adwcleaner.exe
[2013.03.13 09:09:28 | 224,503,910 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.12 18:45:42 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.12 18:45:31 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.03.12 18:45:31 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.03.12 18:45:31 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.12 18:45:31 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.12 18:45:31 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.06 19:34:26 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.06 19:34:26 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.04 19:45:36 | 018,741,360 | ---- | M] (Solvusoft Corporation                                       ) -- C:\Users\Compaq\Desktop\FileViewPro_2013.exe
[2013.03.01 20:26:15 | 000,010,455 | ---- | M] () -- C:\Users\Compaq\Documents\TobiasWittke_Wittke_elster_2048.pfx
[2013.02.23 11:54:30 | 000,000,502 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2013.02.22 19:38:14 | 000,001,634 | ---- | M] () -- C:\Users\Compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2013.02.22 19:35:05 | 000,418,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.16 20:06:00 | 002,234,524 | ---- | M] () -- C:\Users\Compaq\Desktop\Foto.JPG
 
========== Files Created - No Company Name ==========
 
[2013.03.13 19:29:14 | 000,597,667 | ---- | C] () -- C:\Users\Compaq\Desktop\adwcleaner.exe
[2013.02.16 20:05:59 | 002,234,524 | ---- | C] () -- C:\Users\Compaq\Desktop\Foto.JPG
[2011.11.08 21:04:15 | 000,000,680 | ---- | C] () -- C:\Users\Compaq\AppData\Local\d3d9caps.dat
[2011.08.01 19:52:54 | 000,150,996 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.01.18 20:54:58 | 000,001,940 | ---- | C] () -- C:\Users\Compaq\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.03.25 19:54:23 | 000,021,111 | ---- | C] () -- C:\Users\Compaq\Tobias.elfo
[2008.08.19 10:31:43 | 000,027,872 | ---- | C] () -- C:\Users\Compaq\AppData\Roaming\UserTile.png
[2008.05.15 08:36:59 | 000,162,304 | ---- | C] () -- C:\Users\Compaq\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.15 08:21:56 | 000,000,632 | RHS- | C] () -- C:\Users\Compaq\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:AC9C6AC1

< End of report >

und die Extra.txt

Code:

ATTFilter

OTL Extras logfile created on: 15.03.2013 12:00:15 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Compaq\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,64 Gb Available Physical Memory | 32,34% Memory free
4,22 Gb Paging File | 2,60 Gb Available in Paging File | 61,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,11 Gb Total Space | 33,68 Gb Free Space | 32,98% Space Free | Partition Type: NTFS
Drive D: | 9,68 Gb Total Space | 2,53 Gb Free Space | 26,14% Space Free | Partition Type: NTFS
 
Computer Name: AU2008 | User Name: Compaq | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3080769578-2973585157-627236985-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3080769578-2973585157-627236985-1003]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0491C923-5E86-4D77-AF74-C3E1FA907A8B}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{05306EDB-53DF-425B-A3E9-973D2666B5FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1D68CF95-31F2-472E-8594-12FB6E706B73}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{2A1BE32E-D08D-4452-9A8A-EF2C6EB70A1B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3969C421-AE18-459B-B314-899A339D6487}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{430D9A08-2657-4003-894D-BD60EC6AAC56}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{70BE0E9C-405A-4B7F-B24D-6F857F41391A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{8768317C-64C3-4ACD-BC01-BC10C08B72F5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A1AA31CE-5D53-446A-9D4D-65E39EAB8C37}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{A3D657A1-118F-4CB3-BB7A-6731DE2785CE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A62FE286-9CA0-44BD-9C29-6C716D401D48}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{AA2B0F19-23BE-4D12-B4C5-5E18C2DF43F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B9F8D14C-8364-4B63-8E11-6F3413742268}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D7D8942C-8036-4365-928A-A55C26681EEB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{E8F6FB58-6B76-4CBF-95EA-04E66FE734B5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F8C41F6C-9580-4B00-AEF7-C6A7473472A6}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{FAD655C8-698F-4B7C-B00C-BEC671E59ADB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{FC25A70A-7C53-4013-8A45-E79489681B35}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{FF1D1CCD-647D-4A3D-8BFE-F31F44183DA6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0422286E-DD60-48BD-9F6A-E22DE920CDDB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{048588A0-E45D-4A8B-8C2A-8CE553F924CA}" = protocol=17 | dir=in | app=c:\windows\temp\~os7a4e.tmp\rlvknlg.exe | 
"{060FC708-2B3B-45BB-B979-D7FC71E4756F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{061ADCC0-9125-4184-88B5-CFF5CBF8328B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{11A0B681-B05C-4388-9F0D-02DF56A42530}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{16AAB70E-5B1F-44A4-A756-8CA88103668F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{17F098EA-EA01-4B78-8445-04321A3DCF6D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{189A6A12-6783-4E59-A0E4-B74E6953C5D2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{18B8FD1F-3329-4DCB-82B7-CE4A07088E82}" = protocol=17 | dir=in | app=c:\windows\temp\~osec23.tmp\rlvknlg.exe | 
"{1D842218-54C3-4F04-B4BF-7FDE214FB543}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1E48F375-439F-46CB-AA63-197ABF691560}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe | 
"{23D319C4-497A-4D6F-AA27-4552B80780F3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{327C668A-7A34-4715-95BA-105994A74F94}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{338B69E6-3A1E-487A-AEE2-0E067EEEF821}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{37AEAF55-390C-47FA-96AA-7EC9815ACD5F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3916AB70-4C33-4B7A-9304-22DA983CEFEF}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{3AF97B38-FB63-4B02-904B-A77841EA59AC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{3D18A06D-486D-4399-9E6F-5B3D1B294ACA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{41016814-FE0B-4B16-8A71-1A18FB049961}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{411836EB-F365-4F32-9100-2229966B3C62}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{44486D4A-B2D2-4434-93B4-C248F4B59EE2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4D8F4599-60F0-4F21-BDFA-5C0D5598AFDC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{4D9C46A1-EA9D-416C-8BE9-F261C550DBA9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4DB70EED-1D92-4238-8760-57ABEE59B9D5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{4F3E27C6-33CE-4D06-BCAA-784938D4DB96}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{5351C4A9-BA7E-4EB3-A7BD-1F6F2412133A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{551C1C97-560D-4017-81D0-5783FE0C36CE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{56A18EC9-CA6D-4AA7-9D29-0479CD314345}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{57AA6B9E-5210-485A-BB50-4865F802BD7E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{58F362F8-254C-490C-83D4-EA7B6842D959}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{59938901-03A1-47D6-A88D-BF0791E81B1A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5DC984DB-177E-430E-919B-2840BD606514}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5F4762F3-DAB6-4419-B649-F0069D956BF4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5F4DF4A1-927E-4ACA-88AE-E9210316DD1A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{64463F93-6DE6-4EE0-B1E0-3B79A230AAE8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6F221698-32E7-47EA-98E0-7C991DC6341E}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe | 
"{758A21DE-7E76-48B9-88E0-375CFAEA884B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7A7C3540-01F2-40B4-8D28-034180EFB62F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{7AA94A7E-F0DF-425A-96C0-6796EAFEE4E1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{7B7B757C-CAE6-4F7E-B0DA-FAFA46CC6C08}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{8DFA2A90-8087-4504-8C0C-3F2355F2A730}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{8E43442C-B0B2-41AE-A87D-B8AAE371E9E2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{8E64BBF6-D4E4-4B30-A0FD-B9F50273723C}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{9A8D274F-62D1-40A3-8D95-62F376B1930A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9B416B5E-7CAA-45FE-BD86-22364357830B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9C65E343-4812-4420-B6FB-3B85A172720E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9C8160B4-9CD1-4519-ADE1-A0409C646F45}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{9E5ED6D5-DC7A-4C0B-8BE2-FB721F202E0E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{AB30F0E9-0F6B-41FE-97D6-E2F67E8AB387}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{AC13454A-1B0F-4291-9294-14DBB34A2D84}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{ADB76D2F-2B16-403E-97D1-6EC58A95CD40}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{ADC84A76-E3DC-4246-9564-E0FA2BB1C20B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{B26D6972-0556-47FE-A4EF-EFB349B86349}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B59FC68C-A918-460B-B5E7-64F01DF16816}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B6D63895-4129-4280-B38B-D8BE704B1944}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B86F4213-4338-4A38-BC41-2773614565E9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B88A3898-E267-42B7-BE94-0ECB0B31EA24}" = dir=in | app=e:\setup\hpznui01.exe | 
"{BC818F91-4CF2-4DF8-B3B2-D8700316DF49}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C58D3586-0A11-431F-BF81-F40363B30945}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C83A6293-422D-4A2C-9779-51672AB28DAB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{C992D31A-713C-4C2F-9E26-B4620ED26565}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{CADAB097-F640-4401-A191-565164B05CE4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{CB9BAF2A-3352-4C2C-884F-6505E12263C8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{CD5097A1-2BEF-4A3F-B726-E9E58984ED6C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{CF9F6F55-3769-47FC-BBA8-7A937E815C8F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{D005DF3B-EDC7-49F8-B72A-BF4331A3ADC7}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{D23153FA-C8AF-4865-A2FC-A91866E7DE0E}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe | 
"{D34D3504-12EB-47C4-A9EE-1BCE0295BF01}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{D4AFBFC7-5534-4886-8FE7-C1089D34CEE5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D506B40C-47BC-479A-8DBA-DC5E89B17ED5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D83A9884-B3D2-4865-B6FA-E61C8581205F}" = protocol=6 | dir=in | app=c:\windows\temp\~osec23.tmp\rlvknlg.exe | 
"{DAE91B68-FEEF-416B-8037-ABF840AAD8DA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DBBB7E62-113B-4326-BEE0-900F9B4AAB5F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DBFB9E95-9628-4729-AB5C-F5A8BBCBF354}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DD1EB512-F9C1-47D5-A178-5A60F2BBC4E0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DFAAB917-30FF-44D8-8D85-126070A4797D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{DFE4C2D7-E134-493E-8C00-58CD06341B3C}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{E2153323-BE99-4058-9394-EA38F147671B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E72DEFBB-0292-458E-BA8A-798765806B6F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E940C9A9-2E8D-4869-8775-6E5C5812EB31}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | 
"{ECB9068C-7B8B-4ADC-8D71-0D0087C707D6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ED5C2D4D-B914-4CC9-89E6-0220E37D3A73}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe | 
"{EEFFC21F-6112-4C40-A15B-F39A9AB1207A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EFC06CF1-B11D-480E-8EE7-11A831A96DB2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{EFF17110-5AD2-4599-8056-0E0F0BE684F0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F1008B8F-BF29-4AB2-91B1-3C4819823B31}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{F19EDB19-DC88-41C2-8E08-F047EA8ABB46}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F22223B3-4EED-4989-AF10-C07593250DA6}" = protocol=6 | dir=in | app=c:\windows\temp\~os7a4e.tmp\rlvknlg.exe | 
"{F43DB8F3-F8FA-468B-AAFC-7CCD1FC18275}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F8FA6591-05E6-47AC-A419-653BD49DC6DF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FBB2F635-026C-4F05-AC2E-FF8AF77D735C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FF2E2A0A-1CEC-4934-B25B-21B46C12D9A5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{88D3EB07-01C9-4A00-916C-D87350CCFDC4}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{93E52334-75DB-4D51-87CB-F3AF8EB336D5}C:\program files\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare\bearshare.exe | 
"TCP Query User{E21AB5E2-5D0A-4D20-ADC2-4CFDD5BBE4FC}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{004F4394-4980-462D-9669-3D596C392235}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{30BF26F0-2155-400B-94C0-2602ECFCF5F9}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{7BD494A8-16F1-4208-BF16-2D96E7A849D9}C:\program files\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare\bearshare.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}" = HP Photosmart C4500 All-In-One Driver Software12.0 Rel .4
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{171D5A75-8CDE-11DC-AB11-000374890932}" = Internet Software Pak
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{403E07CF-040C-4653-85C6-1053B992CA53}" = C4580
"{4086BCA1-9B64-498B-8B8B-CA236029C816}" = Adobe Setup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{458CD97D-56E5-4330-81DB-5829500BBF7A}" = Adobe GoLive 9
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}" = PS_AIO_04_C4580_Software_Min
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54C7CFA4-9DDD-40c7-A58F-AF0E7916848C}" = HPPhotoGadget
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7061301A-0D44-432F-859D-AF705DA2C81F}_is1" = 4Free Video Converter 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7D386596-0E80-4808-8AAE-C1DDA8212F7F}" = Adobe Setup
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{865DB1C9-D5E4-408B-B37D-9927E605BD2D}" = ESU for Microsoft Vista
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001C-0407-0000-0000000FF1CE}" = Microsoft Office Access Runtime (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7358B07-4F10-4014-9869-7999578BE8ED}" = HP User Guides 0093
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe_25db75244653b42cb93dc27939d1c0e" = Adobe Dreamweaver CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_a7223e4b8dff4f6a5bb90518a80851d" = Adobe GoLive 9
"Audacity_is1" = Audacity 1.2.6
"AZ-Handbuch 2004" = AZ-Handbuch 2004
"BackUp Maker_is1" = BackUp Maker
"BPM-Studio 4 Profi" = BPM-Studio 4 Profi
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"ElsterFormular für Privatanwender 12.1.0.6164p" = ElsterFormular für Privatanwender
"FileZilla Client" = FileZilla Client 3.3.2.1
"Foxit Reader" = Foxit Reader
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Internet Designer Pro" = Internet Designer Pro
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"NIS" = Norton Internet Security
"SPEEDLINK TiltWheel Mouse_is1" = SPEEDLINK TiltWheel Mouse 4.0
"TeamViewer 5" = TeamViewer 5
"Techno4ever Player" = Techno4ever Player
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VideoLAN VLC media player 0.8.6h
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.02.2013 13:14:09 | Computer Name = AU2008 | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 24.02.2013 13:14:09 | Computer Name = AU2008 | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 25.02.2013 14:42:03 | Computer Name = AU2008 | Source = Application Error | ID = 1000
Description = Faulting application WinMail.exe, version 6.0.6001.18000, time stamp
 0x47918ed8, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5,
 exception code 0xc0000374, fault offset 0x000b06b7,  process id 0x7b0, application
 start time 0x01ce1387a0c91773.
 
Error - 01.03.2013 15:05:53 | Computer Name = AU2008 | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Access.
 
Error - 12.03.2013 14:35:32 | Computer Name = AU2008 | Source = Application Hang | ID = 1002
Description = The program bkmaker.exe version 6.5.0.3 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Problem Reports and Solutions control panel.  Process 
ID: 78c  Start Time: 01ce1f1ebb6a257b  Termination Time: 1756
 
Error - 13.03.2013 04:11:49 | Computer Name = AU2008 | Source = Application Error | ID = 1000
Description = Faulting application mbamservice.exe, version 1.70.0.0, time stamp
 0x50cb9148, faulting module mbamservice.exe, version 1.70.0.0, time stamp 0x50cb9148,
 exception code 0xc0000005, fault offset 0x0003f2a7,  process id 0x7b4, application
 start time 0x01ce1fc2253e7fce.
 
Error - 13.03.2013 05:26:40 | Computer Name = AU2008 | Source = Application Error | ID = 1000
Description = Faulting application gmer_2.1.19155.exe, version 2.1.19155.0, time
 stamp 0x51349f87, faulting module gmer_2.1.19155.exe, version 2.1.19155.0, time
 stamp 0x51349f87, exception code 0xc0000005, fault offset 0x00012288,  process id
 0x141c, application start time 0x01ce1fcc66031517.
 
Error - 13.03.2013 05:46:57 | Computer Name = AU2008 | Source = Perflib | ID = 1010
Description = 
 
Error - 14.03.2013 07:32:02 | Computer Name = AU2008 | Source = Application Error | ID = 1000
Description = Faulting application MsiExec.exe, version 4.5.6002.18005, time stamp
 0x49e01c42, faulting module MSIE58A.tmp, version 16.92.12.1, time stamp 0x4ebbc5f5,
 exception code 0xc0000417, fault offset 0x00005384,  process id 0xecc, application
 start time 0x01ce20a7891924f4.
 
Error - 14.03.2013 07:38:34 | Computer Name = AU2008 | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = 
 
Error - 14.03.2013 07:38:34 | Computer Name = AU2008 | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = 
 
[ OSession Events ]
Error - 15.05.2012 15:32:06 | Computer Name = AU2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 73
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 15.05.2012 15:33:27 | Computer Name = AU2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 24
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 15.05.2012 15:46:14 | Computer Name = AU2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 15.05.2012 15:47:05 | Computer Name = AU2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 42
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 05.06.2012 15:28:40 | Computer Name = AU2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1484
 seconds with 1380 seconds of active time.  This session ended with a crash.
 
Error - 17.07.2012 12:56:49 | Computer Name = AU2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 286
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 25.10.2012 14:05:48 | Computer Name = AU2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 727
 seconds with 720 seconds of active time.  This session ended with a crash.
 
Error - 25.11.2012 09:30:14 | Computer Name = AU2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 177
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 11.12.2012 14:30:02 | Computer Name = AU2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2418
 seconds with 2160 seconds of active time.  This session ended with a crash.
 
Error - 12.12.2012 14:30:32 | Computer Name = AU2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 783
 seconds with 780 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 14.03.2013 07:27:21 | Computer Name = AU2008 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.03.2013 07:42:14 | Computer Name = AU2008 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.36 for the Network Card with network
 address 001FE11DCFE7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 14.03.2013 08:28:50 | Computer Name = AU2008 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 14.03.2013 08:28:50 | Computer Name = AU2008 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 14.03.2013 12:56:08 | Computer Name = AU2008 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.03.2013 12:56:44 | Computer Name = AU2008 | Source = DCOM | ID = 10016
Description = 
 
Error - 15.03.2013 06:52:20 | Computer Name = AU2008 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.36 for the Network Card with network
 address 001FE11DCFE7 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 15.03.2013 06:52:41 | Computer Name = AU2008 | Source = netbt | ID = 4321
Description = The name "LAPTOP         :0" could not be registered on the interface
 with IP address 192.168.1.36.  The computer with the IP address 192.168.1.34 did 
not allow the name to be claimed by  this computer.
 
Error - 15.03.2013 06:52:50 | Computer Name = AU2008 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.03.2013 06:53:27 | Computer Name = AU2008 | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >

Danke nochmal für deine Hilfe!

Viele Grüße
Tobias

cosinus · 15.03.2013, 13:37

Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten

MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

ToJaNa · 15.03.2013, 15:31

MBAR:

Code:

ATTFilter

 Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.15.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Compaq :: AU2008 [administrator]

15.03.2013 14:13:12
mbar-log-2013-03-15 (14-13-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28996
Time elapsed: 14 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

aswMBR:

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-15 14:15:32
-----------------------------
14:15:32.816    OS Version: Windows 6.0.6002 Service Pack 2
14:15:32.817    Number of processors: 1 586 0x1601
14:15:32.820    ComputerName: AU2008  UserName: Compaq
14:15:38.819    Initialize success
14:19:41.523    AVAST engine defs: 13031500
14:19:51.929    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
14:19:51.932    Disk 0 Vendor: Hitachi_ BB2O Size: 114473MB BusType: 3
14:19:51.992    Disk 0 MBR read successfully
14:19:51.996    Disk 0 MBR scan
14:19:52.007    Disk 0 unknown MBR code
14:19:52.045    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       104555 MB offset 63
14:19:52.096    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS         9915 MB offset 214130385
14:19:52.112    Disk 0 scanning sectors +234436545
14:19:52.229    Disk 0 scanning C:\Windows\system32\drivers
14:20:13.218    Service scanning
14:21:01.431    Modules scanning
14:21:15.938    Disk 0 trace - called modules:
14:21:15.969    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 
14:21:15.976    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85eb6580]
14:21:15.983    3 CLASSPNP.SYS[889a88b3] -> nt!IofCallDriver -> [0x84a621c0]
14:21:15.989    5 acpi.sys[8069d6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84a75028]
14:21:16.748    AVAST engine scan C:\Windows
14:21:20.359    AVAST engine scan C:\Windows\system32
14:27:44.640    AVAST engine scan C:\Windows\system32\drivers
14:28:12.890    AVAST engine scan C:\Users\Compaq
14:56:16.871    AVAST engine scan C:\ProgramData
15:11:01.644    Scan finished successfully
15:16:05.963    Disk 0 MBR has been saved successfully to "C:\Users\Compaq\Desktop\MBR.dat"
15:16:05.969    The log file has been saved successfully to "C:\Users\Compaq\Desktop\aswMBR.txt"

TDSSKiller:

Code:

ATTFilter

 15:23:53.0709 4752  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:23:55.0740 4752  ============================================================
15:23:55.0740 4752  Current date / time: 2013/03/15 15:23:55.0740
15:23:55.0740 4752  SystemInfo:
15:23:55.0740 4752  
15:23:55.0740 4752  OS Version: 6.0.6002 ServicePack: 2.0
15:23:55.0740 4752  Product type: Workstation
15:23:55.0740 4752  ComputerName: AU2008
15:23:55.0842 4752  UserName: Compaq
15:23:55.0842 4752  Windows directory: C:\Windows
15:23:55.0842 4752  System windows directory: C:\Windows
15:23:55.0843 4752  Processor architecture: Intel x86
15:23:55.0843 4752  Number of processors: 1
15:23:55.0843 4752  Page size: 0x1000
15:23:55.0843 4752  Boot type: Normal boot
15:23:55.0843 4752  ============================================================
15:24:02.0283 4752  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:24:02.0285 4752  ============================================================
15:24:02.0285 4752  \Device\Harddisk0\DR0:
15:24:02.0285 4752  MBR partitions:
15:24:02.0285 4752  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xCC35E92
15:24:02.0285 4752  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xCC35ED1, BlocksNum 0x135D8F0
15:24:02.0285 4752  ============================================================
15:24:02.0351 4752  C: <-> \Device\Harddisk0\DR0\Partition1
15:24:02.0484 4752  D: <-> \Device\Harddisk0\DR0\Partition2
15:24:02.0485 4752  ============================================================
15:24:02.0485 4752  Initialize success
15:24:02.0485 4752  ============================================================
15:24:31.0425 5828  ============================================================
15:24:31.0425 5828  Scan started
15:24:31.0425 5828  Mode: Manual; 
15:24:31.0425 5828  ============================================================
15:24:34.0667 5828  ================ Scan system memory ========================
15:24:34.0667 5828  Scan interrupted by user!
15:24:34.0667 5828  ================ Scan services =============================
15:24:34.0707 5828  Scan interrupted by user!
15:24:34.0736 5828  ================ Scan global ===============================
15:24:34.0736 5828  Scan interrupted by user!
15:24:34.0736 5828  ================ Scan MBR ==================================
15:24:34.0736 5828  Scan interrupted by user!
15:24:34.0736 5828  ================ Scan VBR ==================================
15:24:34.0736 5828  Scan interrupted by user!
15:24:34.0737 5828  ============================================================
15:24:34.0737 5828  Scan finished
15:24:34.0737 5828  ============================================================
15:24:34.0751 5928  Detected object count: 0
15:24:34.0751 5928  Actual detected object count: 0
15:24:43.0473 5896  ============================================================
15:24:43.0474 5896  Scan started
15:24:43.0474 5896  Mode: Manual; SigCheck; TDLFS; 
15:24:43.0474 5896  ============================================================
15:24:43.0807 5896  ================ Scan system memory ========================
15:24:43.0807 5896  System memory - ok
15:24:43.0810 5896  ================ Scan services =============================
15:24:44.0356 5896  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
15:24:44.0668 5896  ACPI - ok
15:24:44.0875 5896  [ E8FE4FCE23D2809BD88BCC1D0F8408CE ] AdobeActiveFileMonitor6.0 C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
15:24:44.0909 5896  AdobeActiveFileMonitor6.0 - ok
15:24:45.0042 5896  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:24:45.0238 5896  adp94xx - ok
15:24:45.0300 5896  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:24:45.0645 5896  adpahci - ok
15:24:45.0671 5896  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
15:24:45.0702 5896  adpu160m - ok
15:24:45.0746 5896  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:24:45.0771 5896  adpu320 - ok
15:24:45.0838 5896  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:24:46.0306 5896  AeLookupSvc - ok
15:24:46.0383 5896  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
15:24:46.0500 5896  AFD - ok
15:24:46.0584 5896  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:24:46.0604 5896  agp440 - ok
15:24:46.0633 5896  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
15:24:46.0663 5896  aic78xx - ok
15:24:46.0720 5896  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
15:24:46.0978 5896  ALG - ok
15:24:47.0005 5896  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:24:47.0023 5896  aliide - ok
15:24:47.0055 5896  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
15:24:47.0096 5896  amdagp - ok
15:24:47.0126 5896  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
15:24:47.0142 5896  amdide - ok
15:24:47.0169 5896  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
15:24:47.0405 5896  AmdK7 - ok
15:24:47.0448 5896  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:24:47.0542 5896  AmdK8 - ok
15:24:47.0608 5896  [ 3A2154B4F22AF4771F40B8F2FC7DBBF6 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
15:24:47.0671 5896  ApfiltrService - ok
15:24:47.0734 5896  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
15:24:47.0831 5896  Appinfo - ok
15:24:47.0957 5896  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:24:47.0980 5896  Apple Mobile Device - ok
15:24:48.0038 5896  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
15:24:48.0072 5896  arc - ok
15:24:48.0094 5896  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:24:48.0121 5896  arcsas - ok
15:24:48.0132 5896  Aspi32 - ok
15:24:48.0195 5896  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:24:48.0270 5896  AsyncMac - ok
15:24:48.0325 5896  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:24:48.0346 5896  atapi - ok
15:24:48.0468 5896  [ 2846F5EE802889D500FCF5CC48B28381 ] athr            C:\Windows\system32\DRIVERS\athr.sys
15:24:48.0646 5896  athr - ok
15:24:48.0737 5896  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:24:48.0785 5896  AudioEndpointBuilder - ok
15:24:48.0803 5896  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
15:24:48.0839 5896  Audiosrv - ok
15:24:48.0891 5896  [ CF6A67C90951E3E763D2135DEDE44B85 ] BCM43XV         C:\Windows\system32\DRIVERS\bcmwl6.sys
15:24:49.0039 5896  BCM43XV - ok
15:24:49.0095 5896  [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
15:24:49.0115 5896  BcmSqlStartupSvc - ok
15:24:49.0169 5896  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:24:49.0256 5896  Beep - ok
15:24:49.0325 5896  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
15:24:49.0505 5896  BFE - ok
15:24:49.0718 5896  [ D2A55F5FE6B716913FB573872F2E5944 ] BHDrvx86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130301.001\BHDrvx86.sys
15:24:49.0801 5896  BHDrvx86 - ok
15:24:49.0884 5896  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
15:24:50.0004 5896  BITS - ok
15:24:50.0020 5896  blbdrive - ok
15:24:50.0112 5896  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:24:50.0141 5896  Bonjour Service - ok
15:24:50.0192 5896  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:24:50.0470 5896  bowser - ok
15:24:50.0542 5896  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
15:24:50.0604 5896  BrFiltLo - ok
15:24:50.0654 5896  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
15:24:50.0711 5896  BrFiltUp - ok
15:24:50.0789 5896  [ 34F2F5B6A6D28B8FB872DFD57C5323AC ] Brother XP spl Service C:\Windows\system32\brsvc01a.exe
15:24:50.0862 5896  Brother XP spl Service - ok
15:24:50.0915 5896  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
15:24:50.0976 5896  Browser - ok
15:24:51.0028 5896  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
15:24:51.0103 5896  Brserid - ok
15:24:51.0130 5896  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
15:24:51.0183 5896  BrSerWdm - ok
15:24:51.0214 5896  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
15:24:51.0319 5896  BrUsbMdm - ok
15:24:51.0344 5896  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
15:24:51.0472 5896  BrUsbSer - ok
15:24:51.0500 5896  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:24:51.0585 5896  BTHMODEM - ok
15:24:51.0720 5896  [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NIS       C:\Windows\system32\drivers\NIS\1309010.00E\ccSetx86.sys
15:24:51.0762 5896  ccSet_NIS - ok
15:24:51.0825 5896  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:24:51.0870 5896  cdfs - ok
15:24:51.0929 5896  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:24:51.0968 5896  cdrom - ok
15:24:52.0016 5896  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:24:52.0072 5896  CertPropSvc - ok
15:24:52.0117 5896  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
15:24:52.0189 5896  circlass - ok
15:24:52.0276 5896  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
15:24:52.0308 5896  CLFS - ok
15:24:52.0471 5896  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:24:52.0491 5896  clr_optimization_v2.0.50727_32 - ok
15:24:52.0597 5896  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:24:52.0684 5896  clr_optimization_v4.0.30319_32 - ok
15:24:52.0730 5896  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:24:52.0806 5896  CmBatt - ok
15:24:52.0847 5896  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:24:52.0880 5896  cmdide - ok
15:24:52.0944 5896  [ 2E39F9C51912F4F211B0334AED33E7BD ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
15:24:53.0084 5896  CnxtHdAudService - ok
15:24:53.0141 5896  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:24:53.0159 5896  Compbatt - ok
15:24:53.0174 5896  COMSysApp - ok
15:24:53.0202 5896  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:24:53.0248 5896  crcdisk - ok
15:24:53.0284 5896  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
15:24:53.0366 5896  Crusoe - ok
15:24:53.0443 5896  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:24:53.0537 5896  CryptSvc - ok
15:24:53.0612 5896  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:24:53.0671 5896  DcomLaunch - ok
15:24:53.0727 5896  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:24:53.0823 5896  DfsC - ok
15:24:53.0924 5896  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
15:24:54.0135 5896  DFSR - ok
15:24:54.0219 5896  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
15:24:54.0264 5896  Dhcp - ok
15:24:54.0318 5896  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
15:24:54.0338 5896  disk - ok
15:24:54.0432 5896  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:24:54.0525 5896  Dnscache - ok
15:24:54.0588 5896  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:24:54.0632 5896  dot3svc - ok
15:24:54.0680 5896  [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
15:24:54.0732 5896  Dot4 - ok
15:24:54.0785 5896  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:24:54.0864 5896  Dot4Print - ok
15:24:54.0904 5896  [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
15:24:54.0950 5896  dot4usb - ok
15:24:55.0022 5896  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
15:24:55.0073 5896  DPS - ok
15:24:55.0135 5896  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:24:55.0162 5896  drmkaud - ok
15:24:55.0244 5896  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:24:55.0301 5896  DXGKrnl - ok
15:24:55.0357 5896  [ C0B00E55CF82D122D25983C7A6A53DEA ] E100B           C:\Windows\system32\DRIVERS\e100b325.sys
15:24:55.0473 5896  E100B - ok
15:24:55.0508 5896  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
15:24:55.0584 5896  E1G60 - ok
15:24:55.0660 5896  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
15:24:55.0708 5896  EapHost - ok
15:24:55.0769 5896  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
15:24:55.0791 5896  Ecache - ok
15:24:55.0880 5896  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:24:55.0916 5896  eeCtrl - ok
15:24:55.0979 5896  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:24:56.0066 5896  elxstor - ok
15:24:56.0148 5896  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
15:24:56.0323 5896  EMDMgmt - ok
15:24:56.0436 5896  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:24:56.0453 5896  EraserUtilRebootDrv - ok
15:24:56.0582 5896  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
15:24:56.0634 5896  EventSystem - ok
15:24:56.0689 5896  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
15:24:56.0765 5896  exfat - ok
15:24:56.0823 5896  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:24:56.0861 5896  fastfat - ok
15:24:56.0907 5896  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:24:56.0970 5896  fdc - ok
15:24:57.0016 5896  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:24:57.0060 5896  fdPHost - ok
15:24:57.0098 5896  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:24:57.0164 5896  FDResPub - ok
15:24:57.0195 5896  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:24:57.0214 5896  FileInfo - ok
15:24:57.0241 5896  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:24:57.0273 5896  Filetrace - ok
15:24:57.0331 5896  [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:24:57.0488 5896  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
15:24:57.0488 5896  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
15:24:57.0540 5896  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:24:57.0615 5896  flpydisk - ok
15:24:57.0671 5896  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:24:57.0715 5896  FltMgr - ok
15:24:57.0796 5896  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
15:24:57.0910 5896  FontCache - ok
15:24:58.0026 5896  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:24:58.0053 5896  FontCache3.0.0.0 - ok
15:24:58.0115 5896  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:24:58.0252 5896  Fs_Rec - ok
15:24:58.0298 5896  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:24:58.0318 5896  gagp30kx - ok
15:24:58.0381 5896  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:24:58.0425 5896  GEARAspiWDM - ok
15:24:58.0513 5896  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:24:58.0554 5896  gpsvc - ok
15:24:58.0598 5896  [ 93AEE3434935FC2F805FEFD8DC5ED1B4 ] HBtnKey         C:\Windows\system32\DRIVERS\cpqbttn.sys
15:24:58.0613 5896  HBtnKey - ok
15:24:58.0660 5896  [ A1BE5A64DDCB0880301CF860BE3F0A07 ] HdAudAddService C:\Windows\system32\drivers\CHDART.sys
15:24:58.0800 5896  HdAudAddService - ok
15:24:59.0090 5896  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:24:59.0429 5896  HDAudBus - ok
15:24:59.0527 5896  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:24:59.0617 5896  HidBth - ok
15:24:59.0675 5896  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:24:59.0887 5896  HidIr - ok
15:24:59.0973 5896  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
15:25:00.0091 5896  hidserv - ok
15:25:00.0154 5896  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:25:00.0228 5896  HidUsb - ok
15:25:00.0295 5896  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:25:00.0360 5896  hkmsvc - ok
15:25:00.0483 5896  [ 0D26C438E2938A3E6BDD91173BC96FF0 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
15:25:00.0492 5896  HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
15:25:00.0492 5896  HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
15:25:00.0527 5896  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
15:25:00.0570 5896  HpCISSs - ok
15:25:00.0672 5896  [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
15:25:00.0689 5896  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
15:25:00.0689 5896  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
15:25:00.0741 5896  [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
15:25:00.0762 5896  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
15:25:00.0762 5896  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
15:25:00.0822 5896  [ 1210960FF8928950D2A786895B0C424A ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
15:25:00.0907 5896  HpqKbFiltr - ok
15:25:00.0969 5896  [ 04C1DCBB226C6AE647B794833CE3CEB6 ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
15:25:01.0001 5896  hpqwmiex ( UnsignedFile.Multi.Generic ) - warning
15:25:01.0001 5896  hpqwmiex - detected UnsignedFile.Multi.Generic (1)
15:25:01.0065 5896  [ 14229263AA19C704E0D6D2E7404A8455 ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
15:25:01.0113 5896  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
15:25:01.0113 5896  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
15:25:01.0161 5896  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:25:01.0286 5896  HSFHWAZL - ok
15:25:01.0364 5896  [ CC267848CB3508E72762BE65734E764D ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:25:01.0665 5896  HSF_DPV - ok
15:25:01.0727 5896  [ A2882945CC4B6E3E4E9E825590438888 ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
15:25:01.0787 5896  HSXHWAZL - ok
15:25:01.0846 5896  [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:25:01.0940 5896  HTTP - ok
15:25:01.0994 5896  [ 4E370A583E78B614918C8F2CD5B733EF ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
15:25:02.0081 5896  hwdatacard - ok
15:25:02.0122 5896  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
15:25:02.0139 5896  i2omp - ok
15:25:02.0203 5896  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:25:02.0236 5896  i8042prt - ok
15:25:02.0326 5896  [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
15:25:02.0357 5896  IAANTMON - ok
15:25:02.0473 5896  [ 9378D57E2B96C0A185D844770AD49948 ] ialm            C:\Windows\system32\DRIVERS\igdkmd32.sys
15:25:02.0978 5896  ialm - ok
15:25:03.0049 5896  [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
15:25:03.0070 5896  iaStor - ok
15:25:03.0115 5896  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
15:25:03.0138 5896  iaStorV - ok
15:25:03.0223 5896  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:25:03.0289 5896  IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:25:03.0289 5896  IDriverT - detected UnsignedFile.Multi.Generic (1)
15:25:03.0384 5896  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:25:03.0467 5896  idsvc - ok
15:25:03.0570 5896  [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130313.003\IDSvix86.sys
15:25:03.0598 5896  IDSVix86 - ok
15:25:03.0693 5896  [ 9378D57E2B96C0A185D844770AD49948 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
15:25:03.0942 5896  igfx - ok
15:25:03.0992 5896  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:25:04.0009 5896  iirsp - ok
15:25:04.0069 5896  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:25:04.0134 5896  IKEEXT - ok
15:25:04.0186 5896  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:25:04.0215 5896  intelide - ok
15:25:04.0241 5896  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:25:04.0317 5896  intelppm - ok
15:25:04.0372 5896  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:25:04.0406 5896  IPBusEnum - ok
15:25:04.0433 5896  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:25:04.0504 5896  IpFilterDriver - ok
15:25:04.0551 5896  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:25:04.0663 5896  iphlpsvc - ok
15:25:04.0678 5896  IpInIp - ok
15:25:04.0715 5896  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
15:25:04.0817 5896  IPMIDRV - ok
15:25:04.0863 5896  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
15:25:04.0900 5896  IPNAT - ok
15:25:05.0007 5896  [ E46B17060D3962A384AE484094614788 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:25:05.0066 5896  iPod Service - ok
15:25:05.0126 5896  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:25:05.0183 5896  IRENUM - ok
15:25:05.0239 5896  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:25:05.0256 5896  isapnp - ok
15:25:05.0321 5896  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
15:25:05.0346 5896  iScsiPrt - ok
15:25:05.0376 5896  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
15:25:05.0396 5896  iteatapi - ok
15:25:05.0421 5896  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
15:25:05.0468 5896  iteraid - ok
15:25:05.0510 5896  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:25:05.0530 5896  kbdclass - ok
15:25:05.0579 5896  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:25:05.0616 5896  kbdhid - ok
15:25:05.0674 5896  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
15:25:05.0761 5896  KeyIso - ok
15:25:05.0823 5896  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:25:05.0909 5896  KSecDD - ok
15:25:05.0973 5896  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:25:06.0032 5896  KtmRm - ok
15:25:06.0091 5896  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:25:06.0193 5896  LanmanServer - ok
15:25:06.0248 5896  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:25:06.0344 5896  LanmanWorkstation - ok
15:25:06.0398 5896  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:25:06.0432 5896  lltdio - ok
15:25:06.0466 5896  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:25:06.0504 5896  lltdsvc - ok
15:25:06.0543 5896  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:25:06.0610 5896  lmhosts - ok
15:25:06.0666 5896  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:25:06.0684 5896  LSI_FC - ok
15:25:06.0712 5896  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:25:06.0730 5896  LSI_SAS - ok
15:25:06.0761 5896  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:25:06.0781 5896  LSI_SCSI - ok
15:25:06.0842 5896  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
15:25:06.0954 5896  luafv - ok
15:25:07.0014 5896  [ F0435FE3C1EC2659D2BBF073CA0752EE ] massfilter      C:\Windows\system32\DRIVERS\massfilter.sys
15:25:07.0085 5896  massfilter - ok
15:25:07.0157 5896  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
15:25:07.0173 5896  MBAMProtector - ok
15:25:07.0243 5896  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:25:07.0270 5896  MBAMScheduler - ok
15:25:07.0338 5896  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:25:07.0411 5896  MBAMService - ok
15:25:07.0486 5896  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:25:07.0573 5896  mdmxsdk - ok
15:25:07.0628 5896  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
15:25:07.0645 5896  megasas - ok
15:25:07.0700 5896  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
15:25:07.0747 5896  MMCSS - ok
15:25:07.0761 5896  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
15:25:07.0854 5896  Modem - ok
15:25:07.0907 5896  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:25:07.0970 5896  monitor - ok
15:25:08.0023 5896  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:25:08.0060 5896  mouclass - ok
15:25:08.0120 5896  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:25:08.0165 5896  mouhid - ok
15:25:08.0218 5896  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
15:25:08.0260 5896  MountMgr - ok
15:25:08.0365 5896  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:25:08.0411 5896  MozillaMaintenance - ok
15:25:08.0463 5896  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:25:08.0484 5896  mpio - ok
15:25:08.0508 5896  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:25:08.0545 5896  mpsdrv - ok
15:25:08.0613 5896  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:25:08.0667 5896  MpsSvc - ok
15:25:08.0706 5896  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
15:25:08.0728 5896  Mraid35x - ok
15:25:08.0786 5896  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:25:08.0817 5896  MRxDAV - ok
15:25:08.0872 5896  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:25:08.0978 5896  mrxsmb - ok
15:25:09.0036 5896  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:25:09.0065 5896  mrxsmb10 - ok
15:25:09.0098 5896  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:25:09.0124 5896  mrxsmb20 - ok
15:25:09.0161 5896  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:25:09.0179 5896  msahci - ok
15:25:09.0213 5896  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:25:09.0234 5896  msdsm - ok
15:25:09.0282 5896  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
15:25:09.0360 5896  MSDTC - ok
15:25:09.0388 5896  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:25:09.0440 5896  Msfs - ok
15:25:09.0491 5896  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:25:09.0509 5896  msisadrv - ok
15:25:09.0564 5896  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:25:09.0599 5896  MSiSCSI - ok
15:25:09.0619 5896  msiserver - ok
15:25:09.0654 5896  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:25:09.0702 5896  MSKSSRV - ok
15:25:09.0750 5896  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:25:09.0803 5896  MSPCLOCK - ok
15:25:09.0839 5896  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:25:09.0884 5896  MSPQM - ok
15:25:09.0962 5896  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:25:09.0987 5896  MsRPC - ok
15:25:10.0059 5896  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:25:10.0096 5896  mssmbios - ok
15:25:10.0182 5896  MSSQL$MSSMLBIZ - ok
15:25:10.0256 5896  [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
15:25:10.0295 5896  MSSQLServerADHelper - ok
15:25:10.0339 5896  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:25:10.0389 5896  MSTEE - ok
15:25:10.0445 5896  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
15:25:10.0465 5896  Mup - ok
15:25:10.0532 5896  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
15:25:10.0579 5896  napagent - ok
15:25:10.0636 5896  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:25:10.0702 5896  NativeWifiP - ok
15:25:10.0811 5896  [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130314.041\NAVENG.SYS
15:25:10.0829 5896  NAVENG - ok
15:25:10.0906 5896  [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130314.041\NAVEX15.SYS
15:25:11.0143 5896  NAVEX15 - ok
15:25:11.0214 5896  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:25:11.0250 5896  NDIS - ok
15:25:11.0295 5896  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:25:11.0336 5896  NdisTapi - ok
15:25:11.0372 5896  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:25:11.0452 5896  Ndisuio - ok
15:25:11.0523 5896  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:25:11.0566 5896  NdisWan - ok
15:25:11.0595 5896  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:25:11.0671 5896  NDProxy - ok
15:25:11.0715 5896  [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
15:25:11.0739 5896  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:25:11.0739 5896  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:25:11.0794 5896  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:25:11.0841 5896  NetBIOS - ok
15:25:11.0900 5896  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
15:25:11.0938 5896  netbt - ok
15:25:11.0971 5896  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
15:25:11.0990 5896  Netlogon - ok
15:25:12.0016 5896  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
15:25:12.0078 5896  Netman - ok
15:25:12.0137 5896  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
15:25:12.0205 5896  netprofm - ok
15:25:12.0259 5896  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:25:12.0277 5896  NetTcpPortSharing - ok
15:25:12.0313 5896  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:25:12.0360 5896  nfrd960 - ok
15:25:12.0485 5896  [ F2840DBFE9322F35557219AE82CC4597 ] NIS             C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
15:25:12.0502 5896  NIS - ok
15:25:12.0577 5896  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:25:12.0646 5896  NlaSvc - ok
15:25:12.0662 5896  nmwcd - ok
15:25:12.0676 5896  nmwcdc - ok
15:25:12.0692 5896  nmwcdnsu - ok
15:25:12.0707 5896  nmwcdnsuc - ok
15:25:12.0772 5896  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:25:12.0847 5896  Npfs - ok
15:25:12.0897 5896  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
15:25:12.0949 5896  nsi - ok
15:25:12.0982 5896  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:25:13.0031 5896  nsiproxy - ok
15:25:13.0122 5896  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:25:13.0197 5896  Ntfs - ok
15:25:13.0245 5896  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
15:25:13.0327 5896  ntrigdigi - ok
15:25:13.0388 5896  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
15:25:13.0437 5896  Null - ok
15:25:13.0467 5896  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:25:13.0487 5896  nvraid - ok
15:25:13.0511 5896  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:25:13.0528 5896  nvstor - ok
15:25:13.0560 5896  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:25:13.0599 5896  nv_agp - ok
15:25:13.0617 5896  NwlnkFlt - ok
15:25:13.0629 5896  NwlnkFwd - ok
15:25:13.0739 5896  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:25:13.0770 5896  odserv - ok
15:25:13.0813 5896  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:25:13.0896 5896  ohci1394 - ok
15:25:13.0961 5896  [ 99BF0B1BCADF83102CBBBEA4D0D22732 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:25:14.0016 5896  ose - ok
15:25:14.0097 5896  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
15:25:14.0256 5896  p2pimsvc - ok
15:25:14.0278 5896  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:25:14.0373 5896  p2psvc - ok
15:25:14.0430 5896  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
15:25:14.0517 5896  Parport - ok
15:25:14.0567 5896  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:25:14.0586 5896  partmgr - ok
15:25:14.0602 5896  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
15:25:14.0671 5896  Parvdm - ok
15:25:14.0724 5896  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:25:14.0823 5896  PcaSvc - ok
15:25:14.0882 5896  [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
15:25:14.0984 5896  pccsmcfd - ok
15:25:15.0037 5896  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
15:25:15.0059 5896  pci - ok
15:25:15.0099 5896  [ 3B1901E401473E03EB8C874271E50C26 ] pciide          C:\Windows\system32\drivers\pciide.sys
15:25:15.0116 5896  pciide - ok
15:25:15.0150 5896  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:25:15.0209 5896  pcmcia - ok
15:25:15.0264 5896  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:25:15.0359 5896  PEAUTH - ok
15:25:15.0469 5896  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
15:25:15.0560 5896  pla - ok
15:25:15.0624 5896  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:25:15.0673 5896  PlugPlay - ok
15:25:15.0724 5896  [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
15:25:15.0747 5896  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:25:15.0747 5896  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:25:15.0797 5896  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
15:25:15.0877 5896  PNRPAutoReg - ok
15:25:15.0900 5896  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
15:25:15.0935 5896  PNRPsvc - ok
15:25:16.0009 5896  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:25:16.0054 5896  PolicyAgent - ok
15:25:16.0124 5896  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:25:16.0165 5896  PptpMiniport - ok
15:25:16.0207 5896  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
15:25:16.0312 5896  Processor - ok
15:25:16.0373 5896  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:25:16.0404 5896  ProfSvc - ok
15:25:16.0427 5896  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
15:25:16.0448 5896  ProtectedStorage - ok
15:25:16.0509 5896  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
15:25:16.0536 5896  PSched - ok
15:25:16.0596 5896  [ D86B4A68565E444D76457F14172C875A ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
15:25:16.0612 5896  PxHelp20 - ok
15:25:16.0664 5896  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:25:16.0778 5896  ql2300 - ok
15:25:16.0847 5896  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:25:16.0866 5896  ql40xx - ok
15:25:16.0922 5896  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
15:25:17.0003 5896  QWAVE - ok
15:25:17.0036 5896  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:25:17.0069 5896  QWAVEdrv - ok
15:25:17.0153 5896  [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
15:25:17.0188 5896  RapiMgr - ok
15:25:17.0240 5896  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:25:17.0283 5896  RasAcd - ok
15:25:17.0305 5896  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
15:25:17.0397 5896  RasAuto - ok
15:25:17.0424 5896  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:25:17.0515 5896  Rasl2tp - ok
15:25:17.0585 5896  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
15:25:17.0634 5896  RasMan - ok
15:25:17.0699 5896  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:25:17.0726 5896  RasPppoe - ok
15:25:17.0787 5896  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:25:17.0821 5896  RasSstp - ok
15:25:17.0879 5896  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:25:17.0922 5896  rdbss - ok
15:25:17.0967 5896  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:25:18.0013 5896  RDPCDD - ok
15:25:18.0065 5896  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
15:25:18.0132 5896  rdpdr - ok
15:25:18.0164 5896  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:25:18.0218 5896  RDPENCDD - ok
15:25:18.0288 5896  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:25:18.0398 5896  RDPWD - ok
15:25:18.0473 5896  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:25:18.0528 5896  RemoteAccess - ok
15:25:18.0590 5896  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:25:18.0622 5896  RemoteRegistry - ok
15:25:18.0707 5896  [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
15:25:18.0728 5896  RichVideo - ok
15:25:18.0782 5896  [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
15:25:18.0817 5896  ROOTMODEM - ok
15:25:18.0860 5896  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
15:25:18.0951 5896  RpcLocator - ok
15:25:19.0020 5896  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
15:25:19.0063 5896  RpcSs - ok
15:25:19.0140 5896  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:25:19.0218 5896  rspndr - ok
15:25:19.0252 5896  [ 5E01AB8AB1ACF8850B2D64A6FD068E46 ] RTL8023xp       C:\Windows\system32\DRIVERS\Rtnicxp.sys
15:25:19.0314 5896  RTL8023xp - ok
15:25:19.0371 5896  [ D1FB9A678BD6C2B1129FCB09D5FEB6DD ] RTSTOR          C:\Windows\system32\drivers\RTSTOR.SYS
15:25:19.0442 5896  RTSTOR - ok
15:25:19.0471 5896  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
15:25:19.0491 5896  SamSs - ok
15:25:19.0532 5896  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:25:19.0572 5896  sbp2port - ok
15:25:19.0627 5896  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:25:19.0694 5896  SCardSvr - ok
15:25:19.0770 5896  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
15:25:19.0883 5896  Schedule - ok
15:25:19.0935 5896  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:25:19.0962 5896  SCPolicySvc - ok
15:25:20.0024 5896  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:25:20.0177 5896  SDRSVC - ok
15:25:20.0240 5896  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:25:20.0306 5896  secdrv - ok
15:25:20.0334 5896  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
15:25:20.0383 5896  seclogon - ok
15:25:20.0440 5896  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
15:25:20.0493 5896  SENS - ok
15:25:20.0515 5896  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
15:25:20.0567 5896  Serenum - ok
15:25:20.0610 5896  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
15:25:20.0683 5896  Serial - ok
15:25:20.0727 5896  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:25:20.0759 5896  sermouse - ok
15:25:20.0862 5896  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:25:20.0913 5896  SessionEnv - ok
15:25:20.0946 5896  [ 103B79418DA647736EE95645F305F68A ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:25:21.0045 5896  sffdisk - ok
15:25:21.0074 5896  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:25:21.0126 5896  sffp_mmc - ok
15:25:21.0156 5896  [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:25:21.0227 5896  sffp_sd - ok
15:25:21.0277 5896  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:25:21.0364 5896  sfloppy - ok
15:25:21.0438 5896  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:25:21.0502 5896  SharedAccess - ok
15:25:21.0591 5896  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:25:21.0690 5896  ShellHWDetection - ok
15:25:21.0726 5896  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
15:25:21.0744 5896  sisagp - ok
15:25:21.0776 5896  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
15:25:21.0800 5896  SiSRaid2 - ok
15:25:21.0840 5896  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:25:21.0859 5896  SiSRaid4 - ok
15:25:21.0935 5896  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
15:25:21.0954 5896  SkypeUpdate - ok
15:25:22.0096 5896  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
15:25:22.0367 5896  slsvc - ok
15:25:22.0406 5896  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
15:25:22.0475 5896  SLUINotify - ok
15:25:22.0532 5896  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:25:22.0579 5896  Smb - ok
15:25:22.0626 5896  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:25:22.0645 5896  SNMPTRAP - ok
15:25:22.0707 5896  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
15:25:22.0725 5896  spldr - ok
15:25:22.0762 5896  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
15:25:22.0828 5896  Spooler - ok
15:25:22.0896 5896  [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser      c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:25:22.0933 5896  SQLBrowser - ok
15:25:22.0983 5896  [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:25:23.0000 5896  SQLWriter - ok
15:25:23.0127 5896  [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP           C:\Windows\System32\Drivers\NIS\1309010.00E\SRTSP.SYS
15:25:23.0186 5896  SRTSP - ok
15:25:23.0220 5896  [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX          C:\Windows\system32\drivers\NIS\1309010.00E\SRTSPX.SYS
15:25:23.0236 5896  SRTSPX - ok
15:25:23.0295 5896  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:25:23.0377 5896  srv - ok
15:25:23.0429 5896  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:25:23.0475 5896  srv2 - ok
15:25:23.0523 5896  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:25:23.0549 5896  srvnet - ok
15:25:23.0615 5896  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:25:23.0682 5896  SSDPSRV - ok
15:25:23.0716 5896  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:25:23.0744 5896  SstpSvc - ok
15:25:23.0830 5896  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
15:25:23.0947 5896  stisvc - ok
15:25:23.0998 5896  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:25:24.0016 5896  swenum - ok
15:25:24.0077 5896  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
15:25:24.0112 5896  swprv - ok
15:25:24.0162 5896  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
15:25:24.0209 5896  Symc8xx - ok
15:25:24.0276 5896  [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS           C:\Windows\system32\drivers\NIS\1309010.00E\SYMDS.SYS
15:25:24.0319 5896  SymDS - ok
15:25:24.0374 5896  [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA          C:\Windows\system32\drivers\NIS\1309010.00E\SYMEFA.SYS
15:25:24.0491 5896  SymEFA - ok
15:25:24.0558 5896  [ 555FB450FE6908600310E990738B41D6 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS
15:25:24.0585 5896  SymEvent - ok
15:25:24.0607 5896  SymIMMP - ok
15:25:24.0641 5896  [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON         C:\Windows\system32\drivers\NIS\1309010.00E\Ironx86.SYS
15:25:24.0659 5896  SymIRON - ok
15:25:24.0691 5896  [ 40C6E6417C8B7D7FCF82CFBE71525795 ] SYMTDIv         C:\Windows\System32\Drivers\NIS\1309010.00E\SYMTDIV.SYS
15:25:24.0747 5896  SYMTDIv - ok
15:25:24.0782 5896  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
15:25:24.0799 5896  Sym_hi - ok
15:25:24.0840 5896  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
15:25:24.0859 5896  Sym_u3 - ok
15:25:24.0952 5896  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
15:25:25.0007 5896  SysMain - ok
15:25:25.0057 5896  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:25:25.0122 5896  TabletInputService - ok
15:25:25.0189 5896  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:25:25.0223 5896  TapiSrv - ok
15:25:25.0274 5896  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
15:25:25.0308 5896  TBS - ok
15:25:25.0361 5896  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:25:25.0422 5896  Tcpip - ok
15:25:25.0452 5896  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
15:25:25.0507 5896  Tcpip6 - ok
15:25:25.0560 5896  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:25:25.0797 5896  tcpipreg - ok
15:25:25.0846 5896  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:25:25.0896 5896  TDPIPE - ok
15:25:25.0922 5896  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:25:25.0996 5896  TDTCP - ok
15:25:26.0053 5896  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:25:26.0090 5896  tdx - ok
15:25:26.0149 5896  [ 77D6EA1ED5CAFEF6209C8A75FD7D22EC ] TeamViewer5     C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
15:25:26.0168 5896  TeamViewer5 - ok
15:25:26.0191 5896  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:25:26.0210 5896  TermDD - ok
15:25:26.0283 5896  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
15:25:26.0339 5896  TermService - ok
15:25:26.0380 5896  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
15:25:26.0403 5896  Themes - ok
15:25:26.0431 5896  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
15:25:26.0462 5896  THREADORDER - ok
15:25:26.0532 5896  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
15:25:26.0569 5896  TrkWks - ok
15:25:26.0645 5896  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:25:26.0687 5896  TrustedInstaller - ok
15:25:26.0722 5896  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:25:26.0802 5896  tssecsrv - ok
15:25:26.0850 5896  [ AA241431B3AF27B0CAAC25B313AB5121 ] TuneUp.Defrag   C:\Windows\System32\TuneUpDefragService.exe
15:25:26.0880 5896  TuneUp.Defrag - ok
15:25:26.0938 5896  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
15:25:27.0025 5896  tunmp - ok
15:25:27.0059 5896  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:25:27.0079 5896  tunnel - ok
15:25:27.0123 5896  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:25:27.0141 5896  uagp35 - ok
15:25:27.0191 5896  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:25:27.0225 5896  udfs - ok
15:25:27.0304 5896  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:25:27.0356 5896  UI0Detect - ok
15:25:27.0392 5896  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:25:27.0425 5896  uliagpkx - ok
15:25:27.0470 5896  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
15:25:27.0494 5896  uliahci - ok
15:25:27.0544 5896  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
15:25:27.0563 5896  UlSata - ok
15:25:27.0588 5896  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
15:25:27.0615 5896  ulsata2 - ok
15:25:27.0669 5896  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:25:27.0703 5896  umbus - ok
15:25:27.0762 5896  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
15:25:27.0823 5896  upnphost - ok
15:25:27.0836 5896  upperdev - ok
15:25:27.0901 5896  [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
15:25:27.0949 5896  USBAAPL ( UnsignedFile.Multi.Generic ) - warning
15:25:27.0950 5896  USBAAPL - detected UnsignedFile.Multi.Generic (1)
15:25:28.0011 5896  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:25:28.0046 5896  usbccgp - ok
15:25:28.0091 5896  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:25:28.0164 5896  usbcir - ok
15:25:28.0219 5896  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:25:28.0270 5896  usbehci - ok
15:25:28.0337 5896  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:25:28.0380 5896  usbhub - ok
15:25:28.0415 5896  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:25:28.0466 5896  usbohci - ok
15:25:28.0527 5896  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:25:28.0574 5896  usbprint - ok
15:25:28.0621 5896  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:25:28.0662 5896  usbscan - ok
15:25:28.0728 5896  [ D575246188F63DE0ACCF6EAC5FB59E6A ] usbser          C:\Windows\system32\drivers\usbser.sys
15:25:28.0765 5896  usbser - ok
15:25:28.0779 5896  UsbserFilt - ok
15:25:28.0839 5896  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:25:28.0871 5896  USBSTOR - ok
15:25:28.0939 5896  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
15:25:28.0986 5896  usbuhci - ok
15:25:29.0064 5896  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
15:25:29.0118 5896  usbvideo - ok
15:25:29.0186 5896  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
15:25:29.0230 5896  UxSms - ok
15:25:29.0284 5896  [ 838C97B3D28BFEBDD11D12ADFE957004 ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
15:25:29.0299 5896  UxTuneUp - ok
15:25:29.0359 5896  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
15:25:29.0419 5896  vds - ok
15:25:29.0463 5896  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:25:29.0568 5896  vga - ok
15:25:29.0624 5896  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:25:29.0671 5896  VgaSave - ok
15:25:29.0701 5896  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
15:25:29.0720 5896  viaagp - ok
15:25:29.0759 5896  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
15:25:29.0838 5896  ViaC7 - ok
15:25:29.0879 5896  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
15:25:29.0899 5896  viaide - ok
15:25:29.0934 5896  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:25:29.0953 5896  volmgr - ok
15:25:30.0037 5896  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:25:30.0064 5896  volmgrx - ok
15:25:30.0123 5896  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:25:30.0148 5896  volsnap - ok
15:25:30.0184 5896  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:25:30.0204 5896  vsmraid - ok
15:25:30.0263 5896  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
15:25:30.0336 5896  VSS - ok
15:25:30.0404 5896  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
15:25:30.0597 5896  W32Time - ok
15:25:30.0644 5896  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:25:30.0715 5896  WacomPen - ok
15:25:30.0770 5896  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
15:25:30.0811 5896  Wanarp - ok
15:25:30.0823 5896  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:25:30.0880 5896  Wanarpv6 - ok
15:25:30.0941 5896  [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
15:25:30.0978 5896  WcesComm - ok
15:25:31.0035 5896  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:25:31.0110 5896  wcncsvc - ok
15:25:31.0140 5896  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:25:31.0196 5896  WcsPlugInService - ok
15:25:31.0246 5896  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
15:25:31.0270 5896  Wd - ok
15:25:31.0334 5896  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:25:31.0395 5896  Wdf01000 - ok
15:25:31.0456 5896  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:25:31.0498 5896  WdiServiceHost - ok
15:25:31.0514 5896  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:25:31.0557 5896  WdiSystemHost - ok
15:25:31.0622 5896  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
15:25:31.0660 5896  WebClient - ok
15:25:31.0727 5896  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:25:31.0865 5896  Wecsvc - ok
15:25:31.0915 5896  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:25:31.0962 5896  wercplsupport - ok
15:25:32.0013 5896  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:25:32.0048 5896  WerSvc - ok
15:25:32.0127 5896  [ 0ACD399F5DB3DF1B58903CF4949AB5A8 ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:25:32.0176 5896  winachsf - ok
15:25:32.0284 5896  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
15:25:32.0340 5896  WinDefend - ok
15:25:32.0359 5896  WinHttpAutoProxySvc - ok
15:25:32.0459 5896  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:25:32.0489 5896  Winmgmt - ok
15:25:32.0576 5896  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:25:32.0706 5896  WinRM - ok
15:25:32.0787 5896  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] winusb          C:\Windows\system32\DRIVERS\winusb.sys
15:25:32.0924 5896  winusb - ok
15:25:32.0986 5896  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:25:33.0093 5896  Wlansvc - ok
15:25:33.0180 5896  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:25:33.0204 5896  wlcrasvc - ok
15:25:33.0302 5896  [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:25:33.0535 5896  wlidsvc - ok
15:25:33.0600 5896  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
15:25:33.0637 5896  WmiAcpi - ok
15:25:33.0693 5896  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:25:33.0729 5896  wmiApSrv - ok
15:25:33.0837 5896  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
15:25:33.0985 5896  WMPNetworkSvc - ok
15:25:34.0044 5896  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:25:34.0128 5896  WPCSvc - ok
15:25:34.0179 5896  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:25:34.0266 5896  WPDBusEnum - ok
15:25:34.0321 5896  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
15:25:34.0356 5896  WpdUsb - ok
15:25:34.0525 5896  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:25:34.0657 5896  WPFFontCache_v0400 - ok
15:25:34.0737 5896  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:25:34.0784 5896  ws2ifsl - ok
15:25:34.0841 5896  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
15:25:34.0865 5896  wscsvc - ok
15:25:34.0923 5896  [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
15:25:34.0953 5896  WSDPrintDevice - ok
15:25:34.0966 5896  WSearch - ok
15:25:35.0095 5896  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
15:25:35.0365 5896  wuauserv - ok
15:25:35.0434 5896  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:25:35.0516 5896  WudfPf - ok
15:25:35.0554 5896  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:25:35.0707 5896  WUDFRd - ok
15:25:35.0733 5896  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:25:35.0771 5896  wudfsvc - ok
15:25:35.0827 5896  [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
15:25:35.0852 5896  XAudio - ok
15:25:35.0918 5896  [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
15:25:35.0948 5896  XAudioService - ok
15:25:36.0012 5896  [ C2215C6ADA8B1E9FEB507CEE9B446661 ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
15:25:36.0138 5896  ZTEusbmdm6k - ok
15:25:36.0164 5896  [ 9862F9D2FF50AE748ED42C022E6AAC15 ] ZTEusbnet       C:\Windows\system32\DRIVERS\ZTEusbnet.sys
15:25:36.0195 5896  ZTEusbnet - ok
15:25:36.0227 5896  [ F16CE3C7690AB7426DC96520D54A737E ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
15:25:36.0269 5896  ZTEusbnmea - ok
15:25:36.0325 5896  [ C2215C6ADA8B1E9FEB507CEE9B446661 ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
15:25:36.0598 5896  ZTEusbser6k - ok
15:25:36.0715 5896  [ F16CE3C7690AB7426DC96520D54A737E ] ZTEusbvoice     C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
15:25:36.0763 5896  ZTEusbvoice - ok
15:25:36.0791 5896  ================ Scan global ===============================
15:25:36.0857 5896  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
15:25:36.0913 5896  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
15:25:36.0940 5896  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
15:25:37.0001 5896  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
15:25:37.0009 5896  [Global] - ok
15:25:37.0014 5896  ================ Scan MBR ==================================
15:25:37.0027 5896  [ 1A1A06F62E891045814007163C1C76C3 ] \Device\Harddisk0\DR0
15:25:37.0763 5896  \Device\Harddisk0\DR0 - ok
15:25:37.0770 5896  ================ Scan VBR ==================================
15:25:37.0775 5896  [ 4558FF6C706A2029BA223EE3EC9A3BC5 ] \Device\Harddisk0\DR0\Partition1
15:25:37.0777 5896  \Device\Harddisk0\DR0\Partition1 - ok
15:25:37.0811 5896  [ 993BC331217FD12EB773A2CEAAF3823E ] \Device\Harddisk0\DR0\Partition2
15:25:37.0826 5896  \Device\Harddisk0\DR0\Partition2 - ok
15:25:37.0831 5896  ============================================================
15:25:37.0831 5896  Scan finished
15:25:37.0831 5896  ============================================================
15:25:37.0847 1616  Detected object count: 10
15:25:37.0847 1616  Actual detected object count: 10
15:26:15.0892 1616  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:15.0892 1616  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:26:15.0893 1616  HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:15.0893 1616  HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:26:15.0893 1616  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:15.0893 1616  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:26:15.0894 1616  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:15.0894 1616  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:26:15.0894 1616  hpqwmiex ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:15.0894 1616  hpqwmiex ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:26:15.0895 1616  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:15.0895 1616  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:26:15.0895 1616  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:15.0895 1616  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:26:15.0895 1616  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:15.0896 1616  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:26:15.0896 1616  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:15.0896 1616  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:26:15.0901 1616  USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:15.0901 1616  USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:29:24.0334 3904  Deinitialize success

cosinus · 15.03.2013, 15:40

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

ToJaNa · 15.03.2013, 17:29

Hier der Log von Combofix.
Er hatte trotz das ich Norton deaktiviert habe darüber gemeckert.

Code:

ATTFilter

ComboFix 13-03-15.01 - Compaq 15.03.2013  17:04:40.1.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1033.18.2037.864 [GMT 1:00]
ausgeführt von:: c:\users\Compaq\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Compaq\AppData\Roaming\Smiley.ico
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\KBL.LOG
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-15 bis 2013-03-15  ))))))))))))))))))))))))))))))
.
.
2013-03-15 16:16 . 2013-03-15 16:16	--------	d-----w-	c:\users\Compaq\AppData\Local\temp
2013-03-15 16:16 . 2013-03-15 16:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-15 16:16 . 2013-03-15 16:16	--------	d-----w-	c:\users\Besucher\AppData\Local\temp
2013-03-14 12:21 . 2013-02-12 01:57	15872	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-03-12 17:46 . 2013-03-12 17:45	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-12 17:45 . 2013-03-12 17:45	--------	d-----w-	c:\users\Compaq\AppData\Roaming\Malwarebytes
2013-03-12 17:43 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-12 17:43 . 2013-03-12 17:44	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-02-22 18:16 . 2013-02-22 18:16	--------	d-----w-	c:\program files\iPod
2013-02-22 18:16 . 2013-02-22 18:18	--------	d-----w-	c:\program files\iTunes
2013-02-22 17:47 . 2013-02-22 17:47	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2013-02-22 17:47 . 2013-02-22 17:47	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2013-02-22 17:47 . 2013-02-22 17:47	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-02-22 17:47 . 2013-02-22 17:47	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-02-22 17:47 . 2013-02-22 17:47	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-02-22 17:47 . 2013-02-22 17:47	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-02-22 17:47 . 2013-02-22 17:47	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-02-22 17:44 . 2013-02-22 17:47	--------	d-----w-	c:\program files\QuickTime
2013-02-22 17:33 . 2013-01-08 22:01	768000	----a-w-	c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-02-22 17:25 . 2013-01-05 05:26	3602808	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-02-22 17:25 . 2013-01-05 05:26	3550072	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-22 17:25 . 2013-01-04 01:38	2048512	----a-w-	c:\windows\system32\win32k.sys
2013-02-22 17:25 . 2013-01-04 11:28	905576	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-22 17:24 . 2012-11-08 03:48	1314816	----a-w-	c:\windows\system32\quartz.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-12 17:45 . 2012-09-21 18:35	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-03-12 17:45 . 2010-05-07 19:42	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-06 18:34 . 2012-04-02 17:03	691568	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-03-06 18:34 . 2011-07-04 15:40	71024	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 13:12 . 2012-12-22 18:44	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-22 18:44	293376	----a-w-	c:\windows\system32\atmfd.dll
2013-03-08 14:27 . 2013-03-08 14:26	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2007-06-30 00:48 . 2013-03-08 14:26	292208	----a-w-	c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\Compaq\Desktop\mbar-1.01.0.1021\mbar\mbar.exe" [2013-02-16 1363016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QlbCtrl"=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
"ACQTMOUSE"="c:\program files\SPEEDLINK Wheel Mouse\ACQTMAPP.exe"
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QlbCtrl.exe"=c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3080769578-2973585157-627236985-1003]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 79484733
*NewlyCreated* - ASWMBR
*Deregistered* - 79484733
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-23 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-08-01 08:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Compaq\AppData\Roaming\Mozilla\Firefox\Profiles\532q5lx5.default\
FF - prefs.js: browser.startup.homepage - 
FF - ExtSQL: 2013-03-13 09:19; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn
FF - ExtSQL: !HIDDEN! 2009-08-02 19:07; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Internet Designer Pro - c:\windows\unin0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-03-15 17:16
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-03-15  17:21:23
ComboFix-quarantined-files.txt  2013-03-15 16:21
.
Vor Suchlauf: 34.440.421.376 bytes free
Nach Suchlauf: 33.260.810.240 bytes free
.
- - End Of File - - C780CE021FDA3F3E4D64EE01841E6CCD

cosinus · 15.03.2013, 19:24

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

ToJaNa · 15.03.2013, 20:20

JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.1 (03.12.2013:1)
OS: Windows Vista (TM) Home Basic x86
Ran by Compaq on 15.03.2013 at 19:28:39,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Failed to delete: [Registry Key] "hkey_local_machine\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\scheduled update for ask toolbar" 



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Compaq\AppData\Roaming\mozilla\firefox\profiles\532q5lx5.default\minidumps [165 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.03.2013 at 19:36:29,79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

adwcleaner
AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.114 - Logfile created 03/15/2013 at 19:38:02
# Updated 05/03/2013 by Xplode
# Operating system : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# User : Compaq - AU2008
# Boot Mode : Normal
# Running from : C:\Users\Compaq\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (de)

File : C:\Users\Compaq\AppData\Roaming\Mozilla\Firefox\Profiles\532q5lx5.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [9322 octets] - [13/03/2013 19:29:42]
AdwCleaner[R2].txt - [1041 octets] - [13/03/2013 19:34:33]
AdwCleaner[R3].txt - [1161 octets] - [13/03/2013 19:39:52]
AdwCleaner[R4].txt - [1281 octets] - [13/03/2013 19:45:50]
AdwCleaner[R5].txt - [1402 octets] - [13/03/2013 19:55:52]
AdwCleaner[R6].txt - [1462 octets] - [14/03/2013 10:57:07]
AdwCleaner[S1].txt - [9387 octets] - [13/03/2013 19:30:38]
AdwCleaner[S2].txt - [981 octets] - [13/03/2013 19:36:06]
AdwCleaner[S3].txt - [1101 octets] - [13/03/2013 19:40:52]
AdwCleaner[S4].txt - [1222 octets] - [13/03/2013 19:46:24]
AdwCleaner[S5].txt - [1273 octets] - [15/03/2013 19:38:02]

########## EOF - C:\AdwCleaner[S5].txt - [1333 octets] ##########

--- --- ---

otl

Code:

ATTFilter

OTL logfile created on: 15.03.2013 19:50:09 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Compaq\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 41,81% Memory free
4,21 Gb Paging File | 2,99 Gb Available in Paging File | 70,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,11 Gb Total Space | 25,18 Gb Free Space | 24,66% Space Free | Partition Type: NTFS
Drive D: | 9,68 Gb Total Space | 2,53 Gb Free Space | 26,17% Space Free | Partition Type: NTFS
 
Computer Name: AU2008 | User Name: Compaq | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Compaq\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\ASCOMP Software\BackUp Maker\bkmaker.exe (ASCOMP Software GmbH)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe (Symantec Corporation)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (UsbserFilt) -- system32\DRIVERS\usbser_lowerfltj.sys File not found
DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (nmwcdnsuc) -- system32\drivers\nmwcdnsuc.sys File not found
DRV - (nmwcdnsu) -- system32\drivers\nmwcdnsu.sys File not found
DRV - (nmwcdc) -- system32\drivers\ccdcmbo.sys File not found
DRV - (nmwcd) -- system32\drivers\ccdcmb.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Compaq\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (Aspi32) --  File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130315.004\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130315.004\NAVENG.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130301.001\BHDrvx86.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130313.003\IDSvix86.sys (Symantec Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1309010.00E\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1309010.00E\srtspx.sys (Symantec Corporation)
DRV - (ccSet_NIS) -- C:\Windows\System32\drivers\NIS\1309010.00E\ccsetx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1309010.00E\symefa.sys (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\drivers\NIS\1309010.00E\symtdiv.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1309010.00E\ironx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1309010.00E\symds.sys (Symantec Corporation)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Company)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3080769578-2973585157-627236985-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3080769578-2973585157-627236985-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3080769578-2973585157-627236985-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3080769578-2973585157-627236985-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3080769578-2973585157-627236985-1003\..\SearchScopes\{732E2BA6-DE69-4EFB-89FA-E7ABA8D48B5E}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKU\S-1-5-21-3080769578-2973585157-627236985-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3080769578-2973585157-627236985-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledAddons: service%40touchpdf.com:1.17
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: service@touchpdf.com:1.15
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.2.1.6
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.06.15 04:26:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2013.03.15 19:47:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 15:27:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.14 12:27:31 | 000,000,000 | ---D | M]
 
[2008.09.15 02:38:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Compaq\AppData\Roaming\mozilla\Extensions
[2013.03.13 19:30:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\532q5lx5.default\extensions
[2010.07.03 19:34:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\532q5lx5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.02.25 19:43:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Compaq\AppData\Roaming\mozilla\Firefox\Profiles\532q5lx5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.01.22 18:08:43 | 000,057,900 | ---- | M] () (No name found) -- C:\Users\Compaq\AppData\Roaming\mozilla\firefox\profiles\532q5lx5.default\extensions\service@touchpdf.com.xpi
[2013.03.08 15:26:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.03.08 15:27:07 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007.06.30 01:48:14 | 000,292,208 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2010.05.10 18:48:14 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.05.09 19:26:07 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.17 19:54:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.05.09 19:26:07 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.09 19:26:07 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.09 19:26:07 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.09 19:26:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.03.15 17:16:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3080769578-2973585157-627236985-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3080769578-2973585157-627236985-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3080769578-2973585157-627236985-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3080769578-2973585157-627236985-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3080769578-2973585157-627236985-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3080769578-2973585157-627236985-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AA8DBD6-5A30-424F-B238-D41730331642}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B29000DE-BEF8-48D4-98EE-709383FFCC36}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CAC5D285-4B73-4B50-B4A4-86B24893C5BF}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Compaq\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Compaq\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.11.22 12:19:47 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.15 19:28:31 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.15 19:28:18 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.15 19:26:05 | 000,550,572 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Compaq\Desktop\JRT.exe
[2013.03.15 17:21:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.15 17:21:25 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Local\temp
[2013.03.15 16:58:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.15 16:58:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.15 16:58:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.15 16:58:31 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.03.15 16:58:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.15 16:57:47 | 000,000,000 | R--D | C] -- C:\Users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.03.15 16:56:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.15 16:55:25 | 005,040,250 | R--- | C] (Swearware) -- C:\Users\Compaq\Desktop\ComboFix.exe
[2013.03.15 15:17:00 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Compaq\Desktop\tdsskiller.exe
[2013.03.15 14:13:43 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Compaq\Desktop\aswMBR.exe
[2013.03.15 13:55:10 | 000,000,000 | ---D | C] -- C:\Users\Compaq\Desktop\mbar-1.01.0.1021
[2013.03.15 11:57:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Compaq\Desktop\OTL.exe
[2013.03.14 13:23:20 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.14 13:23:19 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.14 13:23:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.14 13:23:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.14 13:23:19 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.14 13:23:18 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.14 13:23:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.14 13:23:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.14 13:21:38 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.13 19:29:14 | 000,700,783 | R--- | C] (Swearware) -- C:\Users\Compaq\Desktop\dds+.exe
[2013.03.13 19:29:14 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Compaq\Desktop\TFC.exe
[2013.03.12 18:47:38 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.12 18:46:25 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.12 18:46:25 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.12 18:46:25 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.12 18:45:04 | 000,000,000 | ---D | C] -- C:\Users\Compaq\AppData\Roaming\Malwarebytes
[2013.03.12 18:43:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.12 18:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.12 18:43:35 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.12 18:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.08 15:26:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.03.04 19:44:39 | 018,741,360 | ---- | C] (Solvusoft Corporation                                       ) -- C:\Users\Compaq\Desktop\FileViewPro_2013.exe
[2013.03.03 19:39:14 | 000,000,000 | ---D | C] -- C:\Users\Compaq\Desktop\CVH
[2013.03.03 10:52:53 | 000,000,000 | ---D | C] -- C:\Users\Compaq\Desktop\Übergabe Ordner Vers1
[2013.02.22 19:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.02.22 19:16:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.02.22 19:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.02.22 19:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.02.22 18:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.02.22 18:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013.02.22 18:25:13 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.22 18:25:13 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.22 18:25:11 | 002,048,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.22 18:24:51 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.15 19:45:52 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.15 19:45:52 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.15 19:45:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.15 19:26:13 | 000,550,572 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Compaq\Desktop\JRT.exe
[2013.03.15 18:04:02 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.03.15 17:16:21 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.03.15 16:55:55 | 005,040,250 | R--- | M] (Swearware) -- C:\Users\Compaq\Desktop\ComboFix.exe
[2013.03.15 15:17:16 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Compaq\Desktop\tdsskiller.exe
[2013.03.15 15:16:05 | 000,000,512 | ---- | M] () -- C:\Users\Compaq\Desktop\MBR.dat
[2013.03.15 14:15:06 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Compaq\Desktop\aswMBR.exe
[2013.03.15 11:57:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Compaq\Desktop\OTL.exe
[2013.03.14 12:34:27 | 000,000,422 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2013.03.13 19:30:34 | 000,649,172 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.13 19:30:34 | 000,124,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.13 11:31:34 | 000,700,783 | R--- | M] (Swearware) -- C:\Users\Compaq\Desktop\dds+.exe
[2013.03.13 11:31:12 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Compaq\Desktop\TFC.exe
[2013.03.13 11:31:04 | 000,597,667 | ---- | M] () -- C:\Users\Compaq\Desktop\adwcleaner.exe
[2013.03.13 09:09:28 | 224,503,910 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.12 18:45:42 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.12 18:45:31 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.03.12 18:45:31 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.03.12 18:45:31 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.12 18:45:31 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.12 18:45:31 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.06 19:34:26 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.06 19:34:26 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.04 19:45:36 | 018,741,360 | ---- | M] (Solvusoft Corporation                                       ) -- C:\Users\Compaq\Desktop\FileViewPro_2013.exe
[2013.03.01 20:26:15 | 000,010,455 | ---- | M] () -- C:\Users\Compaq\Documents\TobiasWittke_Wittke_elster_2048.pfx
[2013.02.23 11:54:30 | 000,000,502 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2013.02.22 19:38:14 | 000,001,634 | ---- | M] () -- C:\Users\Compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2013.02.22 19:35:05 | 000,418,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.16 20:06:00 | 002,234,524 | ---- | M] () -- C:\Users\Compaq\Desktop\Foto.JPG
 
========== Files Created - No Company Name ==========
 
[2013.03.15 18:04:02 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013.03.15 16:58:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.15 16:58:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.15 16:58:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.15 16:58:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.15 16:58:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.15 15:16:05 | 000,000,512 | ---- | C] () -- C:\Users\Compaq\Desktop\MBR.dat
[2013.03.13 19:29:14 | 000,597,667 | ---- | C] () -- C:\Users\Compaq\Desktop\adwcleaner.exe
[2013.02.16 20:05:59 | 002,234,524 | ---- | C] () -- C:\Users\Compaq\Desktop\Foto.JPG
[2011.11.08 21:04:15 | 000,000,680 | ---- | C] () -- C:\Users\Compaq\AppData\Local\d3d9caps.dat
[2011.08.01 19:52:54 | 000,150,996 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.01.18 20:54:58 | 000,001,940 | ---- | C] () -- C:\Users\Compaq\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.03.25 19:54:23 | 000,021,111 | ---- | C] () -- C:\Users\Compaq\Tobias.elfo
[2008.08.19 10:31:43 | 000,027,872 | ---- | C] () -- C:\Users\Compaq\AppData\Roaming\UserTile.png
[2008.05.15 08:36:59 | 000,162,304 | ---- | C] () -- C:\Users\Compaq\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.15 08:21:56 | 000,000,632 | RHS- | C] () -- C:\Users\Compaq\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:AC9C6AC1

< End of report >

extra.txt

Code:

ATTFilter

OTL Extras logfile created on: 15.03.2013 19:50:09 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Compaq\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 41,81% Memory free
4,21 Gb Paging File | 2,99 Gb Available in Paging File | 70,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,11 Gb Total Space | 25,18 Gb Free Space | 24,66% Space Free | Partition Type: NTFS
Drive D: | 9,68 Gb Total Space | 2,53 Gb Free Space | 26,17% Space Free | Partition Type: NTFS
 
Computer Name: AU2008 | User Name: Compaq | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3080769578-2973585157-627236985-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3080769578-2973585157-627236985-1003]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0491C923-5E86-4D77-AF74-C3E1FA907A8B}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{05306EDB-53DF-425B-A3E9-973D2666B5FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1D68CF95-31F2-472E-8594-12FB6E706B73}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{2A1BE32E-D08D-4452-9A8A-EF2C6EB70A1B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3969C421-AE18-459B-B314-899A339D6487}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{430D9A08-2657-4003-894D-BD60EC6AAC56}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{70BE0E9C-405A-4B7F-B24D-6F857F41391A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{8768317C-64C3-4ACD-BC01-BC10C08B72F5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A1AA31CE-5D53-446A-9D4D-65E39EAB8C37}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{A3D657A1-118F-4CB3-BB7A-6731DE2785CE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A62FE286-9CA0-44BD-9C29-6C716D401D48}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{AA2B0F19-23BE-4D12-B4C5-5E18C2DF43F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B9F8D14C-8364-4B63-8E11-6F3413742268}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D7D8942C-8036-4365-928A-A55C26681EEB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{E8F6FB58-6B76-4CBF-95EA-04E66FE734B5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F8C41F6C-9580-4B00-AEF7-C6A7473472A6}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{FAD655C8-698F-4B7C-B00C-BEC671E59ADB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{FC25A70A-7C53-4013-8A45-E79489681B35}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{FF1D1CCD-647D-4A3D-8BFE-F31F44183DA6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0422286E-DD60-48BD-9F6A-E22DE920CDDB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{048588A0-E45D-4A8B-8C2A-8CE553F924CA}" = protocol=17 | dir=in | app=c:\windows\temp\~os7a4e.tmp\rlvknlg.exe | 
"{060FC708-2B3B-45BB-B979-D7FC71E4756F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{061ADCC0-9125-4184-88B5-CFF5CBF8328B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{11A0B681-B05C-4388-9F0D-02DF56A42530}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{16AAB70E-5B1F-44A4-A756-8CA88103668F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{17F098EA-EA01-4B78-8445-04321A3DCF6D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{189A6A12-6783-4E59-A0E4-B74E6953C5D2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{18B8FD1F-3329-4DCB-82B7-CE4A07088E82}" = protocol=17 | dir=in | app=c:\windows\temp\~osec23.tmp\rlvknlg.exe | 
"{1D842218-54C3-4F04-B4BF-7FDE214FB543}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1E48F375-439F-46CB-AA63-197ABF691560}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe | 
"{23D319C4-497A-4D6F-AA27-4552B80780F3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{327C668A-7A34-4715-95BA-105994A74F94}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{338B69E6-3A1E-487A-AEE2-0E067EEEF821}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{37AEAF55-390C-47FA-96AA-7EC9815ACD5F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3916AB70-4C33-4B7A-9304-22DA983CEFEF}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{3AF97B38-FB63-4B02-904B-A77841EA59AC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{3D18A06D-486D-4399-9E6F-5B3D1B294ACA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{41016814-FE0B-4B16-8A71-1A18FB049961}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{411836EB-F365-4F32-9100-2229966B3C62}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{44486D4A-B2D2-4434-93B4-C248F4B59EE2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4D8F4599-60F0-4F21-BDFA-5C0D5598AFDC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{4D9C46A1-EA9D-416C-8BE9-F261C550DBA9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4DB70EED-1D92-4238-8760-57ABEE59B9D5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{4F3E27C6-33CE-4D06-BCAA-784938D4DB96}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{5351C4A9-BA7E-4EB3-A7BD-1F6F2412133A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{551C1C97-560D-4017-81D0-5783FE0C36CE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{56A18EC9-CA6D-4AA7-9D29-0479CD314345}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{57AA6B9E-5210-485A-BB50-4865F802BD7E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{58F362F8-254C-490C-83D4-EA7B6842D959}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{59938901-03A1-47D6-A88D-BF0791E81B1A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5DC984DB-177E-430E-919B-2840BD606514}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5F4762F3-DAB6-4419-B649-F0069D956BF4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5F4DF4A1-927E-4ACA-88AE-E9210316DD1A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{64463F93-6DE6-4EE0-B1E0-3B79A230AAE8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6F221698-32E7-47EA-98E0-7C991DC6341E}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe | 
"{758A21DE-7E76-48B9-88E0-375CFAEA884B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7A7C3540-01F2-40B4-8D28-034180EFB62F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{7AA94A7E-F0DF-425A-96C0-6796EAFEE4E1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{7B7B757C-CAE6-4F7E-B0DA-FAFA46CC6C08}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{8DFA2A90-8087-4504-8C0C-3F2355F2A730}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{8E43442C-B0B2-41AE-A87D-B8AAE371E9E2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{8E64BBF6-D4E4-4B30-A0FD-B9F50273723C}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{9A8D274F-62D1-40A3-8D95-62F376B1930A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9B416B5E-7CAA-45FE-BD86-22364357830B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9C65E343-4812-4420-B6FB-3B85A172720E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9C8160B4-9CD1-4519-ADE1-A0409C646F45}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{9E5ED6D5-DC7A-4C0B-8BE2-FB721F202E0E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{AB30F0E9-0F6B-41FE-97D6-E2F67E8AB387}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{AC13454A-1B0F-4291-9294-14DBB34A2D84}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{ADB76D2F-2B16-403E-97D1-6EC58A95CD40}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{ADC84A76-E3DC-4246-9564-E0FA2BB1C20B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{B26D6972-0556-47FE-A4EF-EFB349B86349}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B59FC68C-A918-460B-B5E7-64F01DF16816}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B6D63895-4129-4280-B38B-D8BE704B1944}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B86F4213-4338-4A38-BC41-2773614565E9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B88A3898-E267-42B7-BE94-0ECB0B31EA24}" = dir=in | app=e:\setup\hpznui01.exe | 
"{BC818F91-4CF2-4DF8-B3B2-D8700316DF49}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C58D3586-0A11-431F-BF81-F40363B30945}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C83A6293-422D-4A2C-9779-51672AB28DAB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{C992D31A-713C-4C2F-9E26-B4620ED26565}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{CADAB097-F640-4401-A191-565164B05CE4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{CB9BAF2A-3352-4C2C-884F-6505E12263C8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{CD5097A1-2BEF-4A3F-B726-E9E58984ED6C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{CF9F6F55-3769-47FC-BBA8-7A937E815C8F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{D005DF3B-EDC7-49F8-B72A-BF4331A3ADC7}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{D23153FA-C8AF-4865-A2FC-A91866E7DE0E}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe | 
"{D34D3504-12EB-47C4-A9EE-1BCE0295BF01}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{D4AFBFC7-5534-4886-8FE7-C1089D34CEE5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D506B40C-47BC-479A-8DBA-DC5E89B17ED5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D83A9884-B3D2-4865-B6FA-E61C8581205F}" = protocol=6 | dir=in | app=c:\windows\temp\~osec23.tmp\rlvknlg.exe | 
"{DAE91B68-FEEF-416B-8037-ABF840AAD8DA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DBBB7E62-113B-4326-BEE0-900F9B4AAB5F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DBFB9E95-9628-4729-AB5C-F5A8BBCBF354}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DD1EB512-F9C1-47D5-A178-5A60F2BBC4E0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DFAAB917-30FF-44D8-8D85-126070A4797D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{DFE4C2D7-E134-493E-8C00-58CD06341B3C}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{E2153323-BE99-4058-9394-EA38F147671B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E72DEFBB-0292-458E-BA8A-798765806B6F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E940C9A9-2E8D-4869-8775-6E5C5812EB31}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | 
"{ECB9068C-7B8B-4ADC-8D71-0D0087C707D6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ED5C2D4D-B914-4CC9-89E6-0220E37D3A73}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe | 
"{EEFFC21F-6112-4C40-A15B-F39A9AB1207A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EFC06CF1-B11D-480E-8EE7-11A831A96DB2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{EFF17110-5AD2-4599-8056-0E0F0BE684F0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F1008B8F-BF29-4AB2-91B1-3C4819823B31}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{F19EDB19-DC88-41C2-8E08-F047EA8ABB46}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F22223B3-4EED-4989-AF10-C07593250DA6}" = protocol=6 | dir=in | app=c:\windows\temp\~os7a4e.tmp\rlvknlg.exe | 
"{F43DB8F3-F8FA-468B-AAFC-7CCD1FC18275}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F8FA6591-05E6-47AC-A419-653BD49DC6DF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FBB2F635-026C-4F05-AC2E-FF8AF77D735C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FF2E2A0A-1CEC-4934-B25B-21B46C12D9A5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{88D3EB07-01C9-4A00-916C-D87350CCFDC4}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{93E52334-75DB-4D51-87CB-F3AF8EB336D5}C:\program files\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare\bearshare.exe | 
"TCP Query User{E21AB5E2-5D0A-4D20-ADC2-4CFDD5BBE4FC}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{004F4394-4980-462D-9669-3D596C392235}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{30BF26F0-2155-400B-94C0-2602ECFCF5F9}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{7BD494A8-16F1-4208-BF16-2D96E7A849D9}C:\program files\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare\bearshare.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}" = HP Photosmart C4500 All-In-One Driver Software12.0 Rel .4
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{171D5A75-8CDE-11DC-AB11-000374890932}" = Internet Software Pak
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{403E07CF-040C-4653-85C6-1053B992CA53}" = C4580
"{4086BCA1-9B64-498B-8B8B-CA236029C816}" = Adobe Setup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{458CD97D-56E5-4330-81DB-5829500BBF7A}" = Adobe GoLive 9
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}" = PS_AIO_04_C4580_Software_Min
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54C7CFA4-9DDD-40c7-A58F-AF0E7916848C}" = HPPhotoGadget
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7061301A-0D44-432F-859D-AF705DA2C81F}_is1" = 4Free Video Converter 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7D386596-0E80-4808-8AAE-C1DDA8212F7F}" = Adobe Setup
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{865DB1C9-D5E4-408B-B37D-9927E605BD2D}" = ESU for Microsoft Vista
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001C-0407-0000-0000000FF1CE}" = Microsoft Office Access Runtime (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7358B07-4F10-4014-9869-7999578BE8ED}" = HP User Guides 0093
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe_25db75244653b42cb93dc27939d1c0e" = Adobe Dreamweaver CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_a7223e4b8dff4f6a5bb90518a80851d" = Adobe GoLive 9
"Audacity_is1" = Audacity 1.2.6
"AZ-Handbuch 2004" = AZ-Handbuch 2004
"BackUp Maker_is1" = BackUp Maker
"BPM-Studio 4 Profi" = BPM-Studio 4 Profi
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"ElsterFormular für Privatanwender 12.1.0.6164p" = ElsterFormular für Privatanwender
"FileZilla Client" = FileZilla Client 3.3.2.1
"Foxit Reader" = Foxit Reader
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"NIS" = Norton Internet Security
"SPEEDLINK TiltWheel Mouse_is1" = SPEEDLINK TiltWheel Mouse 4.0
"TeamViewer 5" = TeamViewer 5
"Techno4ever Player" = Techno4ever Player
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VideoLAN VLC media player 0.8.6h
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 20 Event Log Errors ==========
 
[ OSession Events ]
Error - 15.05.2012 15:32:06 | Computer Name = AU2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 73
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 15.05.2012 15:33:27 | Computer Name = AU2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 24
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 15.05.2012 15:46:14 | Computer Name = AU2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 15.05.2012 15:47:05 | Computer Name = AU2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 42
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 05.06.2012 15:28:40 | Computer Name = AU2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1484
 seconds with 1380 seconds of active time.  This session ended with a crash.
 
Error - 17.07.2012 12:56:49 | Computer Name = AU2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 286
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 25.10.2012 14:05:48 | Computer Name = AU2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 727
 seconds with 720 seconds of active time.  This session ended with a crash.
 
Error - 25.11.2012 09:30:14 | Computer Name = AU2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 177
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 11.12.2012 14:30:02 | Computer Name = AU2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2418
 seconds with 2160 seconds of active time.  This session ended with a crash.
 
Error - 12.12.2012 14:30:32 | Computer Name = AU2008 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 783
 seconds with 780 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 15.03.2013 14:40:35 | Computer Name = AU2008 | Source = netbt | ID = 4321
Description = The name "LAPTOP         :0" could not be registered on the interface
 with IP address 192.168.1.36.  The computer with the IP address 192.168.1.34 did 
not allow the name to be claimed by  this computer.
 
Error - 15.03.2013 14:41:37 | Computer Name = AU2008 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.03.2013 14:41:46 | Computer Name = AU2008 | Source = DCOM | ID = 10016
Description = 
 
Error - 15.03.2013 14:45:58 | Computer Name = AU2008 | Source = netbt | ID = 4321
Description = The name "LAPTOP         :0" could not be registered on the interface
 with IP address 192.168.1.36.  The computer with the IP address 192.168.1.34 did 
not allow the name to be claimed by  this computer.
 
Error - 15.03.2013 14:46:50 | Computer Name = AU2008 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.03.2013 14:47:05 | Computer Name = AU2008 | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >

cosinus · 15.03.2013, 20:29

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-3080769578-2973585157-627236985-1003\..\SearchScopes\{732E2BA6-DE69-4EFB-89FA-E7ABA8D48B5E}: "URL" = http://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
[2013.03.15 15:16:05 | 000,000,512 | ---- | M] () -- C:\Users\Compaq\Desktop\MBR.dat
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:AC9C6AC1
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

ToJaNa · 15.03.2013, 20:50

otl

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3080769578-2973585157-627236985-1003\Software\Microsoft\Internet Explorer\SearchScopes\{732E2BA6-DE69-4EFB-89FA-E7ABA8D48B5E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{732E2BA6-DE69-4EFB-89FA-E7ABA8D48B5E}\ not found.
C:\Users\Compaq\Desktop\MBR.dat moved successfully.
ADS C:\ProgramData\TEMP:AC9C6AC1 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Compaq\Desktop\cmd.bat deleted successfully.
C:\Users\Compaq\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Besucher
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Compaq
->Temp folder emptied: 322155 bytes
->Temporary Internet Files folder emptied: 161351 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 2657406 bytes
->Flash cache emptied: 492 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23825 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 3,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 03152013_204401

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 15.03.2013, 21:57

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

ToJaNa · 16.03.2013, 14:44

Malewarebytes sah gut aus:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.16.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Compaq :: AU2008 [Administrator]

Schutz: Aktiviert

16.03.2013 09:36:43
mbam-log-2013-03-16 (09-36-43).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 239304
Laufzeit: 25 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ESET weniger gut (oder gehört das zu diese USB Software U3?):

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6296a8b3e7cbcb44a336defb66c671d0
# engine=13401
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-16 01:20:10
# local_time=2013-03-16 02:20:10 (+0100, W. Europe Standard Time)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3591 16777213 100 99 2153068 126036595 0 0
# compatibility_mode=5892 16776574 100 95 76875154 200972782 0 0
# scanned=361353
# found=1
# cleaned=0
# scan_time=14263
sh=56E242E8D0B96F26AC72E274DEA916B179D0FFFA ft=0 fh=0000000000000000 vn="INF/Autorun.AA worm" ac=I fn="C:\Users\Compaq\AppData\Roaming\U3\temp\48cdc44b0\autorun.inf"