Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   emailadresse verschickt spam (https://www.trojaner-board.de/133881-emailadresse-verschickt-spam.html)

Atina 18.04.2013 13:07
emailadresse verschickt spam
 
Hallo Leute,
der folgende Rechner verschickt seit geraumer Zeit täglich Spam-Mails an unbekannte Adressen („Inkassoschreiben“). Auf dem Rechner befindet sich eine aktuelle Microsoft Security Essentials-Version. Der letzte (schnell)Scan ist vom 08.04. In einer der letzten Scans wurde eine Win32/autorun!inf auf f: (vermutlich UBS) gefunden (welcher in Quarantäne ist). Software/windowsupdates werden (gerade) durchgeführt.
Ein vollständiger Suchdurchlauf von mbam:

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.18.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Heike :: *** [Administrator]

18.04.2013 12:03:04
mbam-log-2013-04-18 (12-03-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 343525
Laufzeit: 1 Stunde(n), 45 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Vielen Dank für die Hilfe im Voraus!

cosinus 18.04.2013 13:21
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Atina 18.04.2013 13:29
Ein gmer Scan liegt noch vor:

Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-18 14:27:32
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-6 WDC_WD800JD-08MSA1 rev.10.01E01 74,54GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Heike\AppData\Local\Temp\kwdoipog.sys


---- Kernel code sections - GMER 2.1 ----

?      system32\DRIVERS\PROCDD.SYS                                                              Das System kann den angegebenen Pfad nicht finden. !

---- User code sections - GMER 2.1 ----

.text  C:\Program Files\Mozilla Firefox\firefox.exe[1340] ntdll.dll!LdrLoadDll                  77289378 5 Bytes  JMP 60BA6D70 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[1340] kernel32.dll!HeapSetInformation + 26  76B9A8B0 7 Bytes  JMP 60BC1C62 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[1340] kernel32.dll!LockResource + C        76BB6ACB 7 Bytes  JMP 60EFD713 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[1340] kernel32.dll!VirtualAllocEx + 54      76BBAF50 7 Bytes  JMP 60EFD736 C:\Program Files\Mozilla Firefox\xul.dll
.text  C:\Program Files\Mozilla Firefox\firefox.exe[1340] GDI32.dll!SetStretchBltMode + 256    76DF745C 7 Bytes  JMP 60EFD694 C:\Program Files\Mozilla Firefox\xul.dll

---- Disk sectors - GMER 2.1 ----

Disk  \Device\Harddisk0\DR0                                                                    unknown MBR code

---- EOF - GMER 2.1 ----
(nach folgender Anleitung)

"""
Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
"""

cosinus 18.04.2013 13:30
GMER ist kein Virenscanner, sondern ein Anti-Rookit-Tool. Ich wolte aber wissen, ob der Virenscanner bei diesem Rechner jemals fündig wurde und wenn ja, wollte ich die Logs dazu sehen.

Atina 18.04.2013 13:33
Bis auf folgendes, kann ich dazu nichts weiter sagen. Ein weiterer Virenscanner war und ist nicht installiert. Daher keine weiteren Funde. Ein mbam Scan aus 2012 ist noch vorhanden, (keine) Funde, ansonsten nichts...

"Auf dem Rechner befindet sich eine aktuelle Microsoft Security Essentials-Version. Der letzte (schnell)Scan ist vom 08.04. In einer der letzten Scans wurde eine Win32/autorun!inf auf f: (vermutlich UBS) gefunden (welcher in Quarantäne ist)."

cosinus 18.04.2013 13:35
Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

Atina 18.04.2013 13:48
OTL.txt

Code:
OTL logfile created on: 18.04.2013 14:36:33 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\***\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 0,87 Gb Available Physical Memory | 46,32% Memory free
4,00 Gb Paging File | 2,80 Gb Available in Paging File | 69,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,21 Gb Total Space | 3,70 Gb Free Space | 5,35% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
PRC - C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
PRC - C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Common Files\Lenovo\CDRecord.dll ()
MOD - C:\Programme\Common Files\Lenovo\xml4cmessages5_5.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia)
SRV - (SUService) -- C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TVT Backup Protection Service) -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (tvtnetwk) -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
SRV - (IPSSVC) -- C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (Diskeeper) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PROCDD) -- system32\DRIVERS\PROCDD.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (kwdoipog) -- C:\Users\***\AppData\Local\Temp\kwdoipog.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                          )
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (pelusblf) -- C:\Windows\System32\drivers\PELUSBLF.SYS (Primax Electronics Ltd.)
DRV - (pelmouse) -- C:\Windows\System32\drivers\PELMOUSE.SYS (Primax Electronics Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com
IE - HKLM\..\SearchScopes,DefaultScope = {A537DD92-568B-4D03-B7DF-BD7C5285681C}
IE - HKLM\..\SearchScopes\{A537DD92-568B-4D03-B7DF-BD7C5285681C}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkcentre [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=101702
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {A537DD92-568B-4D03-B7DF-BD7C5285681C}
IE - HKCU\..\SearchScopes\{A537DD92-568B-4D03-B7DF-BD7C5285681C}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
IE - HKCU\..\SearchScopes\{DB944F20-2B82-44C7-870D-6BEC5ACF98F5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=F4&apn_dtid=YYYYYYYYDE&apn_uid=33d4a297-f124-4853-8696-797f40bad524&apn_sauid=E9A7B184-A4A4-4970-8BA8-10037A87859C
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.17 07:46:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2004.01.01 01:27:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.04.18 13:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cdqgoz7k.default\extensions
[2013.04.18 13:28:39 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cdqgoz7k.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.04.18 13:28:41 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cdqgoz7k.default\extensions\firefox@ghostery.com
[2013.04.18 13:28:39 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cdqgoz7k.default\extensions\ich@maltegoetz.de
[2012.05.13 09:50:09 | 000,002,404 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\cdqgoz7k.default\searchplugins\askcom.xml
[2013.04.17 07:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.17 07:46:19 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.04.17 07:45:56 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.17 07:45:56 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.04.17 07:45:56 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.17 07:45:56 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.17 07:45:56 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.17 07:45:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe (lenovo)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA83122A-07F8-48A5-8696-A7F39FA8CC4D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFC60E0C-770F-4F0E-93E0-8841EB3DD5CF}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.18 13:31:21 | 000,691,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.04.18 13:31:21 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.04.18 13:27:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2013.04.18 13:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.04.18 13:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013.04.18 12:15:15 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Schul Curriculum
[2013.04.18 12:12:29 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\HP drucker verknüpfg
[2013.04.18 11:55:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.04.17 21:29:07 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.17 21:29:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.17 21:29:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.17 21:29:04 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.17 21:29:03 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.17 21:29:02 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.17 21:29:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.17 21:28:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.17 07:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.04.13 18:18:42 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Venedig etc
[2013.04.10 07:28:27 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 07:28:27 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 07:28:27 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.10 07:28:07 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.04.10 07:21:09 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.03.22 15:50:06 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.18 13:53:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.18 13:53:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.18 13:31:21 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.04.18 13:31:21 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.04.18 13:27:05 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.04.18 13:22:24 | 022,916,830 | ---- | M] () -- C:\Users\***\Documents\vlc-2.0.5-win32.exe
[2013.04.18 13:14:42 | 000,002,631 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk
[2013.04.18 13:03:23 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.04.18 12:00:47 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.18 11:55:02 | 000,017,886 | ---- | M] () -- C:\Users\***\Documents\cc_20130418_115453.reg
[2013.04.18 11:53:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.17 21:43:57 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.17 21:43:56 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.17 21:43:56 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.17 21:43:56 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.17 21:35:41 | 000,368,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.17 21:34:30 | 2012,405,760 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.04.04 10:48:37 | 000,418,411 | ---- | M] () -- C:\Users\***\Documents\Scan0043.pdf
[2013.04.04 09:13:52 | 000,423,365 | ---- | M] () -- C:\Users\***\Documents\Scan0042.pdf
[2013.04.04 07:41:54 | 000,370,403 | ---- | M] () -- C:\Users\***\Documents\Scan0041.pdf
[2013.04.04 07:41:17 | 000,233,383 | ---- | M] () -- C:\Users\***\Documents\Scan0040.pdf
[2013.04.04 07:40:32 | 000,219,780 | ---- | M] () -- C:\Users\***\Documents\Scan0039.pdf
[2013.04.03 19:14:53 | 000,677,090 | ---- | M] () -- C:\Users\***\Documents\Scan0038.pdf
[2013.04.03 19:13:49 | 000,212,573 | ---- | M] () -- C:\Users\***\Documents\Scan0037.pdf
[2013.04.02 16:57:36 | 000,463,116 | ---- | M] () -- C:\Users\***\Documents\Scan0036.pdf
[2013.04.02 12:33:22 | 000,237,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.03.24 12:54:12 | 000,002,104 | ---- | M] () -- C:\Users\Public\Desktop\Steuer-Spar- Erklärung 2013.lnk
 
========== Files Created - No Company Name ==========
 
[2013.04.18 13:27:05 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.04.18 13:20:50 | 022,916,830 | ---- | C] () -- C:\Users\***\Documents\vlc-2.0.5-win32.exe
[2013.04.18 13:03:23 | 000,001,853 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.04.18 12:00:47 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.18 11:55:00 | 000,017,886 | ---- | C] () -- C:\Users\***\Documents\cc_20130418_115453.reg
[2013.04.04 10:48:37 | 000,418,411 | ---- | C] () -- C:\Users\***\Documents\Scan0043.pdf
[2013.04.04 09:13:52 | 000,423,365 | ---- | C] () -- C:\Users\***\Documents\Scan0042.pdf
[2013.04.04 07:41:54 | 000,370,403 | ---- | C] () -- C:\Users\***\Documents\Scan0041.pdf
[2013.04.04 07:41:16 | 000,233,383 | ---- | C] () -- C:\Users\***\Documents\Scan0040.pdf
[2013.04.04 07:40:32 | 000,219,780 | ---- | C] () -- C:\Users\***\Documents\Scan0039.pdf
[2013.04.03 19:14:52 | 000,677,090 | ---- | C] () -- C:\Users\***\Documents\Scan0038.pdf
[2013.04.03 19:13:48 | 000,212,573 | ---- | C] () -- C:\Users\***\Documents\Scan0037.pdf
[2013.04.02 16:57:35 | 000,463,116 | ---- | C] () -- C:\Users\***\Documents\Scan0036.pdf
[2013.03.24 12:54:12 | 000,002,104 | ---- | C] () -- C:\Users\Public\Desktop\Steuer-Spar- Erklärung 2013.lnk
[2012.04.15 17:36:51 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2012.03.16 19:14:57 | 000,000,048 | ---- | C] () -- C:\Windows\WinInit.Ini
[2012.01.15 17:13:53 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.12.18 07:53:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.12.18 07:53:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.12.18 07:52:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.12.18 07:52:03 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.12.13 00:22:11 | 000,007,168 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.01.01 09:14:44 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
Extras.txt
Code:
OTL Extras logfile created on: 18.04.2013 14:36:33 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\***\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 0,87 Gb Available Physical Memory | 46,32% Memory free
4,00 Gb Paging File | 2,80 Gb Available in Paging File | 69,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,21 Gb Total Space | 3,70 Gb Free Space | 5,35% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0842A158-3D32-4AED-B4CF-41544E86C8CE}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{1A199FBE-74D8-4C1A-85BF-A1725069B402}" = lport=445 | protocol=6 | dir=in | app=system |
"{1AC4E986-EA5C-4AB1-8F7D-0980AC2C7289}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4C63919E-AE0C-4058-943F-7F4E01CDF9FB}" = rport=139 | protocol=6 | dir=out | app=system |
"{5A55DF0F-1B60-4935-A02F-944CC4478960}" = rport=138 | protocol=17 | dir=out | app=system |
"{5E0A0F36-7424-4CE4-AB87-8C2A7C6FF18C}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{8431C6E5-5B98-4ECF-9233-0D1D46FE4317}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{CA4F74A2-850B-4F3D-87F1-5219C6F3E06C}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{D3C41FE5-CF9B-4E80-A4EE-E38EE6207A39}" = rport=137 | protocol=17 | dir=out | app=system |
"{DE2C8E1F-72A7-4754-BC45-4F89087306F4}" = rport=445 | protocol=6 | dir=out | app=system |
"{DFA9F5F2-AC71-49FB-BDA7-B99748E89947}" = lport=137 | protocol=17 | dir=in | app=system |
"{E028A655-0DAB-4B9A-9C35-FCB3FFAA61E0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{ED917DD1-3A61-4C10-A539-659DAA5221A1}" = lport=138 | protocol=17 | dir=in | app=system |
"{EE0BE00C-FBE0-41AC-AFE3-043D166499D2}" = lport=139 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B697008-C009-40A9-B789-1D6DE939B1F6}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{2EE88B89-FD7B-4DFA-886C-16300272B20D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4106E108-CA8B-4903-8528-E78A4A89AD92}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{4C57F9E7-A549-4D64-8632-EBB47193134E}" = protocol=17 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe |
"{6AD15296-C3F7-4B92-AEC9-A6447D24105C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{75FA4284-4540-461E-9562-8ACCD47C667B}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{8F8291AC-862F-41C3-97A6-5C26C9BEC302}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{9C4F54DE-AE00-4A58-B8F5-789A85B7B6E0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A5FAD6EF-C4D3-4BCE-B0BD-ACE22CB53271}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B0745AB1-012D-480A-ABD9-400D400BFF0B}" = protocol=6 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe |
"{BF7AA649-E438-432F-A1FA-B7710E34F1FB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D40774CC-AB18-477B-B92D-54E4A33B845C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D4F17648-EAB7-491A-BFBA-9A58DA9C4AD0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E6129C1E-7488-449A-8E7F-0E22426860ED}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{EB3FB244-1F5A-423E-9A7B-BEC4666DA6E3}" = dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{5393EA08-9772-4328-9145-4ABD7E1A823E}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe |
"TCP Query User{F57F765D-F5C0-4C1E-8AC2-C9B369914625}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe |
"UDP Query User{B92F401D-22F8-44ED-8AD9-9AFACC543593}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe |
"UDP Query User{C753BCD2-C811-4559-B615-87DCC42CAC57}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06973580-503D-B2F8-B932-C6FFF6DE7615}" = CCC Help Chinese Traditional
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{0ADB6A81-F35D-4040-36CE-C50206F09737}" = CCC Help Japanese
"{0F4EFCE8-E358-4430-A504-F55F32BA1816}" = Client Security Solution
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1438FB49-8B53-D209-2B32-B0F33DA65336}" = Catalyst Control Center Localization Thai
"{18B9E358-08D9-0955-2FF3-EA15FF11DF02}" = Catalyst Control Center Localization Italian
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{2641973f-107f-4a4a-83a5-dfaff7a75097}" = Nero 9
"{27A7337A-765F-AA01-7115-06C3023E88E1}" = CCC Help Czech
"{2A73DA05-35C1-AA35-07D5-36C077D3183F}" = Catalyst Control Center Core Implementation
"{2AFE1AE5-1828-E0AE-B067-6B71620AF388}" = Catalyst Control Center Localization German
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3184A571-E021-817E-378D-9EC6EE412E09}" = Catalyst Control Center Graphics Light
"{36249169-E3FC-6737-9FA7-9BA520BE0DB2}" = CCC Help French
"{37652D83-7BDC-4735-8954-3FE0C2F2AD18}" = ccc-Branding
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{40BCF117-291F-BA1E-FC3E-C5C80F061641}" = CCC Help Hungarian
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{4654A4C6-B8C4-CC1C-91C3-2D938EFD12E8}" = Catalyst Control Center Localization Polish
"{46A62B59-10D1-46B9-C32A-D5CA90899A8B}" = Catalyst Control Center Graphics Full Existing
"{47229A8F-CB6D-E104-412D-206B0D68E02A}" = Catalyst Control Center Localization Turkish
"{476796E1-CD51-1300-F212-15B10724A91F}" = CCC Help Russian
"{48B0DEBB-4A67-0523-0DBB-E82D88FA333D}" = Catalyst Control Center Localization Spanish
"{49850071-F9BA-1736-29B8-3B663CE7738C}" = CCC Help Chinese Standard
"{4BAB05AF-F263-D3FC-217B-33B0F1B9D118}" = Catalyst Control Center Localization Hungarian
"{4CFA2AC8-FE0B-C8F8-4C3C-73EC24CD52C8}" = CCC Help German
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{51242B4E-E559-29D1-F01C-FAD101303CD3}" = CCC Help Italian
"{53A363EF-AC2C-ED65-7011-8F21641E5FAB}" = Catalyst Control Center Localization Portuguese
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56AA716F-007D-66D2-EC91-9A4C48947E00}" = CCC Help Swedish
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{577E5938-7280-43C8-6585-CCE7CC0B286C}" = Catalyst Control Center Localization Norwegian
"{5967C9BB-1F4D-AAD2-2EDB-93B57376ECD5}" = Catalyst Control Center Localization Danish
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{689C7F35-3627-E074-E17B-A03DC82DF234}" = Catalyst Control Center Localization Japanese
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6BA6EB17-ABA5-32E6-FD02-618F39E07347}" = Catalyst Control Center Localization Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{747B2C81-B13B-F720-9DDC-C31BF1D492DF}" = Catalyst Control Center Localization Korean
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{76A0AADC-437C-10ED-7210-9B9FC38EACE6}" = CCC Help Korean
"{76AB986D-421F-B618-F738-028626176904}" = CCC Help Danish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Home
"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe
"{7B462657-E26A-BB05-1064-A3A94D84583D}" = CCC Help Polish
"{7C032D1E-DD75-6856-2F78-1FF1FE3712DB}" = CCC Help Norwegian
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{818EA00F-8D02-671E-FE70-C2377EE4F24C}" = Catalyst Control Center Localization Dutch
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8FC6E83A-EE8C-88D6-7C7B-74E6BE7C8667}" = CCC Help Thai
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUSR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUSR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUSR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{949997C4-6532-8E7A-A1A0-AACBC665123E}" = Catalyst Control Center Localization French
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A6700AA-8775-4DAB-6284-771145BAA661}" = Catalyst Control Center Graphics Full New
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9AFF5F50-1936-8859-AF93-5F66F785EE63}" = CCC Help Dutch
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{A1A84D7F-3C2E-1255-2469-8175F972AB58}" = CCC Help Greek
"{A682297F-4CA6-A1EE-D68B-06A3EB847255}" = ccc-core-static
"{A6C2B54A-5D1C-45DE-0FD1-2C3A200163A4}" = CCC Help Turkish
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A88852F0-1790-1E1D-9164-95FFCF435E97}" = Catalyst Control Center Localization Chinese Traditional
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AE6D88D5-9064-84EA-C9DD-AC5927C44AA1}" = CCC Help Finnish
"{AEB61F7A-4BBA-4292-A096-7893E09034A4}" = Steuer-Spar-Erklärung 2013
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B346EA79-BF20-5BE1-E599-45EEFB0CB3BD}" = Catalyst Control Center Localization Greek
"{B460F0C7-98ED-9B55-6D24-E54E98A89A78}" = Skins
"{B4B5E290-81EF-A724-E52C-DE05DC85B2E6}" = Catalyst Control Center Graphics Previews Vista
"{B4BCBF59-3F39-1F6D-2ED2-72198CC7AC49}" = Catalyst Control Center Localization Russian
"{B84B5373-AAC0-07AD-38A0-C44AAA4BD82F}" = CCC Help Spanish
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BF0B0BF5-366A-6B6E-5718-A98E2E845322}" = ccc-utility
"{C0D49C3F-237B-94C7-EECD-10D22851C76E}" = CCC Help English
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C9521CC8-D7EC-145F-33B7-B27BFF631715}" = CCC Help Portuguese
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkCentre
"{D7A2D358-B2BB-691E-EAD7-E95CDAE9842F}" = Catalyst Control Center Localization Swedish
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DB6B6CCF-D509-C223-D06E-1D2118ECD193}" = Catalyst Control Center Localization Finnish
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E048D0DC-7419-7867-FCD2-CF176C73E629}" = Catalyst Control Center Localization Chinese Standard
"{E2E25F53-EB64-4BC1-8A9E-B970BBEF8C1C}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5991C8EB35AA0A2B41B0060067BD0DA30E877FFF" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (10/22/2007 6.0.1.5499)
"89838CF0B3DF29FE9FFF8893ACB04964C75A6F1E" = Windows Driver Package - ATI Technogies Inc (pci) System  (11/02/2006 1.00.0000.1)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ATI Uninstaller" = ATI Uninstaller
"C16E2639B8851B54030DE09318A01581A8096E29" = Windows Driver Package - Marvell (yukonwlh) Net  (09/18/2007 10.24.1.3)
"CCleaner" = CCleaner
"D4B97D41574F60753BAE597542C02A55D48392C9" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (10/22/2007 6.0.1.5499)
"FileHippo.com" = FileHippo.com Update Checker
"Foxit Reader_is1" = Foxit Reader
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.6.1
"Lenovo Registration" = Lenovo Registration
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MouseSuite98" = Mouse Suite
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
"Picasa 3" = Picasa 3
"PROPLUSR" = Microsoft Office Professional Plus 2007
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"VLC media player" = VLC media player 2.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.02.2013 07:53:39 | Computer Name = ***-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 03.02.2013 07:57:08 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 11.02.2013 01:27:51 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 22.02.2013 07:34:55 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 22.02.2013 07:36:03 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung bmgr32.exe, Version 4.0.106.0, Zeitstempel 0x4693e0f2,
 fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5,
 Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d,  Prozess-ID 0xe0c, Anwendungsstartzeit
 01ce10f0cb59a66a.
 
Error - 22.02.2013 07:40:16 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 24.02.2013 08:22:34 | Computer Name = ***-PC | Source = System Restore | ID = 8193
Description =
 
Error - 24.02.2013 08:22:34 | Computer Name = ***-PC | Source = System Restore | ID = 8210
Description =
 
Error - 24.02.2013 08:22:59 | Computer Name = ***-PC | Source = VSS | ID = 8193
Description =
 
Error - 24.02.2013 08:22:59 | Computer Name = ***-PC | Source = VSS | ID = 12291
Description =
 
[ System Events ]
Error - 14.04.2013 09:08:53 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 14.04.2013 09:09:52 | Computer Name = ***-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
Error - 14.04.2013 09:10:02 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 14.04.2013 09:10:32 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 14.04.2013 09:11:10 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 14.04.2013 09:11:48 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 17.04.2013 15:36:38 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 17.04.2013 15:36:40 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 17.04.2013 15:37:54 | Computer Name = ***-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
Error - 17.04.2013 15:38:17 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description =
 
 
< End of report >

cosinus 18.04.2013 13:52
Zitat:
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Warum hast du eine Business-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?

Atina 18.04.2013 13:55
Die Windowsversion war vorinstalliert, als der Rechner gebraucht gekauft wurde.

cosinus 18.04.2013 14:25
Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Atina 18.04.2013 21:19
Hallo nochmal von meiner Seite,
danke erst einmal für die Hilfestellungen! Ich werde die Punkte am Samstag abarbeiten können, da ich dann wieder Zugriff auf den Rechner habe.
Bitte den Thread offen lassen, so dass ich die Logs posten kann.
Bis dahin einen angenehmen Freitag!

Beste Grüße,

Atina

cosinus 19.04.2013 00:59
Ok, aber eine Bitte: lass solche Zwischenrufe, poste nur wenn es Probleme gibt oder wenn du die Logs hast (diese dann auch posten in CODE-Tags)

Atina 20.04.2013 13:52
TDSS-Killer:

Code:
14:39:56.0932 2288  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:39:57.0235 2288  ============================================================
14:39:57.0235 2288  Current date / time: 2013/04/20 14:39:57.0235
14:39:57.0235 2288  SystemInfo:
14:39:57.0235 2288 
14:39:57.0235 2288  OS Version: 6.0.6002 ServicePack: 2.0
14:39:57.0235 2288  Product type: Workstation
14:39:57.0235 2288  ComputerName: ***
14:39:57.0235 2288  UserName: ***
14:39:57.0235 2288  Windows directory: C:\Windows
14:39:57.0235 2288  System windows directory: C:\Windows
14:39:57.0235 2288  Processor architecture: Intel x86
14:39:57.0235 2288  Number of processors: 2
14:39:57.0235 2288  Page size: 0x1000
14:39:57.0235 2288  Boot type: Normal boot
14:39:57.0235 2288  ============================================================
14:39:59.0233 2288  Drive \Device\Harddisk0\DR0 - Size: 0x12A2480000 (74.54 Gb), SectorSize: 0x200, Cylinders: 0xB396, SectorsPerTrack: 0x11, TracksPerCylinder: 0xC8, Type 'K0', Flags 0x00000050
14:39:59.0271 2288  ============================================================
14:39:59.0271 2288  \Device\Harddisk0\DR0:
14:39:59.0271 2288  MBR partitions:
14:39:59.0271 2288  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xAA4000, BlocksNum 0x8A6D800
14:39:59.0271 2288  ============================================================
14:39:59.0321 2288  C: <-> \Device\Harddisk0\DR0\Partition1
14:39:59.0321 2288  ============================================================
14:39:59.0321 2288  Initialize success
14:39:59.0321 2288  ============================================================
14:42:41.0007 1528  ============================================================
14:42:41.0007 1528  Scan started
14:42:41.0007 1528  Mode: Manual; SigCheck; TDLFS;
14:42:41.0007 1528  ============================================================
14:42:42.0567 1528  ================ Scan system memory ========================
14:42:42.0567 1528  System memory - ok
14:42:42.0567 1528  ================ Scan services =============================
14:42:43.0020 1528  [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
14:42:43.0269 1528  AAV UpdateService - ok
14:42:43.0690 1528  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
14:42:43.0753 1528  ACPI - ok
14:42:44.0018 1528  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:42:44.0049 1528  AdobeARMservice - ok
14:42:44.0143 1528  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
14:42:44.0205 1528  adp94xx - ok
14:42:44.0361 1528  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci        C:\Windows\system32\drivers\adpahci.sys
14:42:44.0439 1528  adpahci - ok
14:42:44.0502 1528  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
14:42:44.0533 1528  adpu160m - ok
14:42:44.0564 1528  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
14:42:44.0580 1528  adpu320 - ok
14:42:44.0720 1528  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
14:42:45.0375 1528  AeLookupSvc - ok
14:42:45.0531 1528  [ 3911B972B55FEA0478476B2E777B29FA ] AFD            C:\Windows\system32\drivers\afd.sys
14:42:45.0687 1528  AFD - ok
14:42:45.0796 1528  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:42:45.0843 1528  agp440 - ok
14:42:45.0999 1528  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
14:42:46.0046 1528  aic78xx - ok
14:42:46.0124 1528  [ A1545B731579895D8CC44FC0481C1192 ] ALG            C:\Windows\System32\alg.exe
14:42:46.0873 1528  ALG - ok
14:42:46.0920 1528  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:42:46.0951 1528  aliide - ok
14:42:47.0044 1528  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
14:42:47.0122 1528  amdagp - ok
14:42:47.0138 1528  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:42:47.0200 1528  amdide - ok
14:42:47.0278 1528  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7          C:\Windows\system32\drivers\amdk7.sys
14:42:47.0325 1528  AmdK7 - ok
14:42:47.0356 1528  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
14:42:47.0434 1528  AmdK8 - ok
14:42:47.0606 1528  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo        C:\Windows\System32\appinfo.dll
14:42:47.0778 1528  Appinfo - ok
14:42:47.0965 1528  [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:42:48.0012 1528  Apple Mobile Device - ok
14:42:48.0230 1528  [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt        C:\Windows\System32\appmgmts.dll
14:42:48.0355 1528  AppMgmt - ok
14:42:48.0418 1528  [ 5D2888182FB46632511ACEE92FDAD522 ] arc            C:\Windows\system32\drivers\arc.sys
14:42:48.0496 1528  arc - ok
14:42:48.0559 1528  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:42:48.0590 1528  arcsas - ok
14:42:48.0621 1528  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:42:48.0715 1528  AsyncMac - ok
14:42:48.0793 1528  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi          C:\Windows\system32\drivers\atapi.sys
14:42:48.0808 1528  atapi - ok
14:42:48.0980 1528  [ A63B95991D0036D8D5A188BB4A31CF18 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
14:42:49.0198 1528  Ati External Event Utility - ok
14:42:49.0479 1528  [ DACA081E9DC82D4A05B0D21E8AA93DF8 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
14:42:50.0025 1528  atikmdag - ok
14:42:50.0212 1528  [ 4AA1EB65481C392955939E735D27118B ] AtiPcie        C:\Windows\system32\DRIVERS\AtiPcie.sys
14:42:50.0290 1528  AtiPcie ( UnsignedFile.Multi.Generic ) - warning
14:42:50.0290 1528  AtiPcie - detected UnsignedFile.Multi.Generic (1)
14:42:50.0399 1528  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:42:50.0477 1528  AudioEndpointBuilder - ok
14:42:50.0524 1528  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
14:42:50.0587 1528  Audiosrv - ok
14:42:50.0805 1528  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:42:50.0883 1528  Beep - ok
14:42:51.0086 1528  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE            C:\Windows\System32\bfe.dll
14:42:51.0257 1528  BFE - ok
14:42:51.0398 1528  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
14:42:51.0507 1528  BITS - ok
14:42:51.0585 1528  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
14:42:51.0647 1528  blbdrive - ok
14:42:51.0991 1528  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:42:52.0053 1528  Bonjour Service - ok
14:42:52.0147 1528  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:42:52.0271 1528  bowser - ok
14:42:52.0381 1528  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
14:42:52.0459 1528  BrFiltLo - ok
14:42:52.0490 1528  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
14:42:52.0568 1528  BrFiltUp - ok
14:42:52.0646 1528  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser        C:\Windows\System32\browser.dll
14:42:52.0708 1528  Browser - ok
14:42:52.0849 1528  [ B304E75CFF293029EDDF094246747113 ] Brserid        C:\Windows\system32\drivers\brserid.sys
14:42:53.0254 1528  Brserid - ok
14:42:53.0301 1528  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
14:42:53.0426 1528  BrSerWdm - ok
14:42:53.0473 1528  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
14:42:53.0644 1528  BrUsbMdm - ok
14:42:53.0675 1528  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
14:42:53.0753 1528  BrUsbSer - ok
14:42:53.0863 1528  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:42:53.0956 1528  BTHMODEM - ok
14:42:54.0081 1528  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:42:54.0206 1528  cdfs - ok
14:42:54.0268 1528  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
14:42:54.0424 1528  cdrom - ok
14:42:54.0487 1528  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc    C:\Windows\System32\certprop.dll
14:42:54.0596 1528  CertPropSvc - ok
14:42:54.0689 1528  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
14:42:54.0767 1528  circlass - ok
14:42:54.0861 1528  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
14:42:55.0033 1528  CLFS - ok
14:42:55.0298 1528  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:42:55.0313 1528  clr_optimization_v2.0.50727_32 - ok
14:42:55.0360 1528  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:42:55.0391 1528  cmdide - ok
14:42:55.0438 1528  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
14:42:55.0469 1528  Compbatt - ok
14:42:55.0469 1528  COMSysApp - ok
14:42:55.0501 1528  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
14:42:55.0547 1528  crcdisk - ok
14:42:55.0625 1528  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
14:42:55.0688 1528  Crusoe - ok
14:42:55.0797 1528  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:42:55.0922 1528  CryptSvc - ok
14:42:56.0015 1528  [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC            C:\Windows\system32\drivers\csc.sys
14:42:56.0234 1528  CSC - ok
14:42:56.0327 1528  [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService      C:\Windows\System32\cscsvc.dll
14:42:56.0608 1528  CscService - ok
14:42:56.0858 1528  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:42:57.0107 1528  DcomLaunch - ok
14:42:57.0154 1528  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:42:57.0232 1528  DfsC - ok
14:42:57.0560 1528  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
14:42:58.0137 1528  DFSR - ok
14:42:58.0309 1528  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
14:42:58.0480 1528  Dhcp - ok
14:42:58.0574 1528  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
14:42:58.0621 1528  disk - ok
14:42:58.0730 1528  [ 5F4944CFB8E60F2B02B7CD7419B3C314 ] Diskeeper      C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
14:42:58.0839 1528  Diskeeper ( UnsignedFile.Multi.Generic ) - warning
14:42:58.0839 1528  Diskeeper - detected UnsignedFile.Multi.Generic (1)
14:42:58.0933 1528  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:42:59.0089 1528  Dnscache - ok
14:42:59.0167 1528  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc        C:\Windows\System32\dot3svc.dll
14:42:59.0323 1528  dot3svc - ok
14:42:59.0354 1528  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS            C:\Windows\system32\dps.dll
14:42:59.0447 1528  DPS - ok
14:42:59.0525 1528  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
14:42:59.0666 1528  drmkaud - ok
14:42:59.0759 1528  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
14:42:59.0915 1528  DXGKrnl - ok
14:43:00.0025 1528  [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express      C:\Windows\system32\DRIVERS\e1e6032.sys
14:43:00.0165 1528  e1express - ok
14:43:00.0227 1528  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60          C:\Windows\system32\DRIVERS\E1G60I32.sys
14:43:00.0321 1528  E1G60 - ok
14:43:00.0383 1528  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost        C:\Windows\System32\eapsvc.dll
14:43:00.0461 1528  EapHost - ok
14:43:00.0617 1528  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
14:43:00.0680 1528  Ecache - ok
14:43:00.0805 1528  [ 23B62471681A124889978F6295B3F4C6 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
14:43:00.0945 1528  elxstor - ok
14:43:01.0070 1528  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt        C:\Windows\system32\emdmgmt.dll
14:43:01.0413 1528  EMDMgmt - ok
14:43:01.0475 1528  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:43:01.0553 1528  ErrDev - ok
14:43:01.0756 1528  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem    C:\Windows\system32\es.dll
14:43:01.0834 1528  EventSystem - ok
14:43:01.0943 1528  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat          C:\Windows\system32\drivers\exfat.sys
14:43:02.0146 1528  exfat - ok
14:43:02.0209 1528  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
14:43:02.0318 1528  fastfat - ok
14:43:02.0396 1528  [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax            C:\Windows\system32\fxssvc.exe
14:43:02.0552 1528  Fax - ok
14:43:02.0645 1528  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
14:43:02.0723 1528  fdc - ok
14:43:02.0755 1528  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost        C:\Windows\system32\fdPHost.dll
14:43:02.0801 1528  fdPHost - ok
14:43:02.0833 1528  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:43:02.0911 1528  FDResPub - ok
14:43:02.0942 1528  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:43:02.0973 1528  FileInfo - ok
14:43:02.0989 1528  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
14:43:03.0051 1528  Filetrace - ok
14:43:03.0098 1528  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:43:03.0145 1528  flpydisk - ok
14:43:03.0176 1528  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:43:03.0254 1528  FltMgr - ok
14:43:03.0410 1528  [ 452FEAAB2A8DBB42ED751754CB2594F5 ] FontCache      C:\Windows\system32\FntCache.dll
14:43:03.0800 1528  FontCache - ok
14:43:03.0956 1528  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:43:04.0018 1528  FontCache3.0.0.0 - ok
14:43:04.0065 1528  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:43:04.0143 1528  Fs_Rec - ok
14:43:04.0221 1528  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:43:04.0252 1528  gagp30kx - ok
14:43:04.0346 1528  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:43:04.0377 1528  GEARAspiWDM - ok
14:43:04.0564 1528  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc          C:\Windows\System32\gpsvc.dll
14:43:04.0689 1528  gpsvc - ok
14:43:04.0814 1528  [ C1B577B2169900F4CF7190C39F085794 ] gusvc          C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:43:04.0829 1528  gusvc - ok
14:43:04.0892 1528  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:43:05.0017 1528  HdAudAddService - ok
14:43:05.0204 1528  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:43:05.0251 1528  HDAudBus - ok
14:43:05.0297 1528  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:43:05.0407 1528  HidBth - ok
14:43:05.0469 1528  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr          C:\Windows\system32\drivers\hidir.sys
14:43:05.0563 1528  HidIr - ok
14:43:05.0656 1528  [ 84067081F3318162797385E11A8F0582 ] hidserv        C:\Windows\system32\hidserv.dll
14:43:05.0843 1528  hidserv - ok
14:43:05.0906 1528  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:43:05.0968 1528  HidUsb - ok
14:43:06.0015 1528  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:43:06.0093 1528  hkmsvc - ok
14:43:06.0124 1528  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs        C:\Windows\system32\drivers\hpcisss.sys
14:43:06.0155 1528  HpCISSs - ok
14:43:06.0296 1528  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:43:06.0639 1528  HTTP - ok
14:43:06.0717 1528  [ C6B032D69650985468160FC9937CF5B4 ] i2omp          C:\Windows\system32\drivers\i2omp.sys
14:43:06.0733 1528  i2omp - ok
14:43:06.0842 1528  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
14:43:06.0951 1528  i8042prt - ok
14:43:06.0982 1528  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV        C:\Windows\system32\drivers\iastorv.sys
14:43:07.0076 1528  iaStorV - ok
14:43:07.0247 1528  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
14:43:07.0341 1528  IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:43:07.0341 1528  IDriverT - detected UnsignedFile.Multi.Generic (1)
14:43:07.0528 1528  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:43:07.0622 1528  idsvc - ok
14:43:07.0684 1528  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
14:43:07.0700 1528  iirsp - ok
14:43:07.0778 1528  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
14:43:07.0856 1528  IKEEXT - ok
14:43:07.0996 1528  [ 60AD91FDA0D2C285435AA76860DCAF35 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
14:43:08.0761 1528  IntcAzAudAddService - ok
14:43:08.0917 1528  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:43:08.0948 1528  intelide - ok
14:43:08.0979 1528  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:43:09.0026 1528  intelppm - ok
14:43:09.0073 1528  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
14:43:09.0119 1528  IPBusEnum - ok
14:43:09.0166 1528  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:43:09.0244 1528  IpFilterDriver - ok
14:43:09.0307 1528  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:43:09.0463 1528  iphlpsvc - ok
14:43:09.0463 1528  IpInIp - ok
14:43:09.0494 1528  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV        C:\Windows\system32\drivers\ipmidrv.sys
14:43:09.0556 1528  IPMIDRV - ok
14:43:09.0587 1528  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT          C:\Windows\system32\DRIVERS\ipnat.sys
14:43:09.0681 1528  IPNAT - ok
14:43:09.0853 1528  [ CA1972397B845B2F53F5DC63C22FD98A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:43:09.0884 1528  iPod Service - ok
14:43:09.0931 1528  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:43:10.0024 1528  IRENUM - ok
14:43:10.0087 1528  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:43:10.0133 1528  isapnp - ok
14:43:10.0196 1528  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
14:43:10.0274 1528  iScsiPrt - ok
14:43:10.0305 1528  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
14:43:10.0321 1528  iteatapi - ok
14:43:10.0336 1528  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid        C:\Windows\system32\drivers\iteraid.sys
14:43:10.0336 1528  iteraid - ok
14:43:10.0461 1528  [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr      C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
14:43:10.0492 1528  IviRegMgr - ok
14:43:10.0539 1528  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:43:10.0570 1528  kbdclass - ok
14:43:10.0633 1528  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:43:10.0742 1528  kbdhid - ok
14:43:10.0804 1528  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
14:43:10.0945 1528  KeyIso - ok
14:43:11.0132 1528  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:43:11.0288 1528  KSecDD - ok
14:43:11.0413 1528  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm          C:\Windows\system32\msdtckrm.dll
14:43:11.0569 1528  KtmRm - ok
14:43:11.0647 1528  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:43:11.0771 1528  LanmanServer - ok
14:43:11.0865 1528  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:43:12.0052 1528  LanmanWorkstation - ok
14:43:12.0099 1528  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:43:12.0146 1528  lltdio - ok
14:43:12.0208 1528  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
14:43:12.0317 1528  lltdsvc - ok
14:43:12.0489 1528  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts        C:\Windows\System32\lmhsvc.dll
14:43:12.0551 1528  lmhosts - ok
14:43:12.0583 1528  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:43:12.0629 1528  LSI_FC - ok
14:43:12.0676 1528  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
14:43:12.0723 1528  LSI_SAS - ok
14:43:12.0754 1528  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:43:12.0771 1528  LSI_SCSI - ok
14:43:12.0818 1528  [ 8F5C7426567798E62A3B3614965D62CC ] luafv          C:\Windows\system32\drivers\luafv.sys
14:43:12.0849 1528  luafv - ok
14:43:12.0911 1528  [ 0001CE609D66632FA17B84705F658879 ] megasas        C:\Windows\system32\drivers\megasas.sys
14:43:12.0958 1528  megasas - ok
14:43:13.0067 1528  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
14:43:13.0301 1528  MegaSR - ok
14:43:13.0364 1528  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS          C:\Windows\system32\mmcss.dll
14:43:13.0442 1528  MMCSS - ok
14:43:13.0520 1528  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem          C:\Windows\system32\drivers\modem.sys
14:43:13.0598 1528  Modem - ok
14:43:13.0629 1528  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
14:43:13.0691 1528  monitor - ok
14:43:13.0769 1528  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:43:13.0785 1528  mouclass - ok
14:43:13.0832 1528  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:43:13.0925 1528  mouhid - ok
14:43:13.0988 1528  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
14:43:14.0019 1528  MountMgr - ok
14:43:14.0175 1528  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:43:14.0253 1528  MozillaMaintenance - ok
14:43:14.0378 1528  [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
14:43:14.0471 1528  MpFilter - ok
14:43:14.0487 1528  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:43:14.0518 1528  mpio - ok
14:43:14.0565 1528  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:43:14.0674 1528  mpsdrv - ok
14:43:14.0861 1528  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:43:15.0033 1528  MpsSvc - ok
14:43:15.0111 1528  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
14:43:15.0126 1528  Mraid35x - ok
14:43:15.0189 1528  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:43:15.0236 1528  MRxDAV - ok
14:43:15.0298 1528  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:43:15.0438 1528  mrxsmb - ok
14:43:15.0485 1528  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:43:15.0626 1528  mrxsmb10 - ok
14:43:15.0672 1528  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:43:15.0750 1528  mrxsmb20 - ok
14:43:15.0797 1528  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
14:43:15.0844 1528  msahci - ok
14:43:15.0875 1528  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
14:43:15.0922 1528  msdsm - ok
14:43:16.0000 1528  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC          C:\Windows\System32\msdtc.exe
14:43:16.0078 1528  MSDTC - ok
14:43:16.0140 1528  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:43:16.0265 1528  Msfs - ok
14:43:16.0374 1528  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:43:16.0390 1528  msisadrv - ok
14:43:16.0484 1528  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
14:43:16.0546 1528  MSiSCSI - ok
14:43:16.0562 1528  msiserver - ok
14:43:16.0593 1528  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
14:43:16.0624 1528  MSKSSRV - ok
14:43:16.0811 1528  [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc        c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:43:16.0858 1528  MsMpSvc - ok
14:43:16.0905 1528  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:43:16.0952 1528  MSPCLOCK - ok
14:43:17.0030 1528  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
14:43:17.0061 1528  MSPQM - ok
14:43:17.0186 1528  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
14:43:17.0232 1528  MsRPC - ok
14:43:17.0264 1528  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
14:43:17.0310 1528  mssmbios - ok
14:43:17.0357 1528  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
14:43:17.0388 1528  MSTEE - ok
14:43:17.0420 1528  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup            C:\Windows\system32\Drivers\mup.sys
14:43:17.0498 1528  Mup - ok
14:43:17.0607 1528  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
14:43:17.0716 1528  napagent - ok
14:43:17.0825 1528  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
14:43:17.0856 1528  NativeWifiP - ok
14:43:17.0981 1528  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:43:18.0090 1528  NDIS - ok
14:43:18.0168 1528  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:43:18.0231 1528  NdisTapi - ok
14:43:18.0278 1528  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
14:43:18.0324 1528  Ndisuio - ok
14:43:18.0402 1528  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
14:43:18.0512 1528  NdisWan - ok
14:43:18.0543 1528  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
14:43:18.0590 1528  NDProxy - ok
14:43:19.0011 1528  [ 27FE4B70C12A2C67A58D799B9A4E8D81 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
14:43:19.0058 1528  Nero BackItUp Scheduler 4.0 - ok
14:43:19.0136 1528  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
14:43:19.0245 1528  NetBIOS - ok
14:43:19.0292 1528  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt          C:\Windows\system32\DRIVERS\netbt.sys
14:43:19.0416 1528  netbt - ok
14:43:19.0448 1528  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
14:43:19.0463 1528  Netlogon - ok
14:43:19.0541 1528  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
14:43:19.0666 1528  Netman - ok
14:43:19.0744 1528  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
14:43:19.0978 1528  netprofm - ok
14:43:20.0040 1528  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:43:20.0056 1528  NetTcpPortSharing - ok
14:43:20.0134 1528  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
14:43:20.0150 1528  nfrd960 - ok
14:43:20.0259 1528  [ 832E098BCA8235436FE2D8AE50AC3718 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:43:20.0306 1528  NisDrv - ok
14:43:20.0415 1528  [ E570ECA850F30EB740C2E9699DF3D2BD ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
14:43:20.0524 1528  NisSrv - ok
14:43:20.0586 1528  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:43:20.0664 1528  NlaSvc - ok
14:43:20.0758 1528  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:43:20.0805 1528  Npfs - ok
14:43:20.0836 1528  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi            C:\Windows\system32\nsisvc.dll
14:43:20.0883 1528  nsi - ok
14:43:20.0930 1528  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:43:21.0008 1528  nsiproxy - ok
14:43:21.0320 1528  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:43:21.0522 1528  Ntfs - ok
14:43:21.0585 1528  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi      C:\Windows\system32\drivers\ntrigdigi.sys
14:43:21.0678 1528  ntrigdigi - ok
14:43:21.0710 1528  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
14:43:21.0866 1528  Null - ok
14:43:21.0928 1528  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:43:21.0975 1528  nvraid - ok
14:43:22.0022 1528  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:43:22.0068 1528  nvstor - ok
14:43:22.0131 1528  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:43:22.0193 1528  nv_agp - ok
14:43:22.0193 1528  NwlnkFlt - ok
14:43:22.0209 1528  NwlnkFwd - ok
14:43:22.0380 1528  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:43:22.0396 1528  odserv - ok
14:43:22.0427 1528  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:43:22.0552 1528  ohci1394 - ok
14:43:22.0770 1528  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:43:22.0833 1528  ose - ok
14:43:23.0067 1528  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
14:43:23.0363 1528  p2pimsvc - ok
14:43:23.0457 1528  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:43:23.0566 1528  p2psvc - ok
14:43:23.0613 1528  [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
14:43:23.0691 1528  Parport - ok
14:43:23.0738 1528  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
14:43:23.0800 1528  partmgr - ok
14:43:23.0878 1528  [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
14:43:23.0972 1528  Parvdm - ok
14:43:24.0003 1528  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:43:24.0284 1528  PcaSvc - ok
14:43:24.0424 1528  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci            C:\Windows\system32\drivers\pci.sys
14:43:24.0486 1528  pci - ok
14:43:24.0549 1528  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys
14:43:24.0611 1528  pciide - ok
14:43:24.0658 1528  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:43:24.0674 1528  pcmcia - ok
14:43:24.0876 1528  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:43:25.0251 1528  PEAUTH - ok
14:43:25.0344 1528  [ DCB53E6BA9DF64260F821613E2B37D1D ] pelmouse        C:\Windows\system32\DRIVERS\pelmouse.sys
14:43:25.0422 1528  pelmouse - ok
14:43:25.0454 1528  [ 2DCCDEAA4F79DF03824D93CE9ECC84B7 ] pelusblf        C:\Windows\system32\DRIVERS\pelusblf.sys
14:43:25.0485 1528  pelusblf - ok
14:43:25.0812 1528  [ B1689DF169143F57053F795390C99DB3 ] pla            C:\Windows\system32\pla.dll
14:43:26.0140 1528  pla - ok
14:43:26.0296 1528  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:43:26.0405 1528  PlugPlay - ok
14:43:26.0483 1528  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg    C:\Windows\system32\p2psvc.dll
14:43:26.0655 1528  PNRPAutoReg - ok
14:43:26.0780 1528  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc        C:\Windows\system32\p2psvc.dll
14:43:26.0873 1528  PNRPsvc - ok
14:43:26.0982 1528  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
14:43:27.0154 1528  PolicyAgent - ok
14:43:27.0279 1528  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:43:27.0404 1528  PptpMiniport - ok
14:43:27.0466 1528  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor      C:\Windows\system32\drivers\processr.sys
14:43:27.0606 1528  Processor - ok
14:43:27.0716 1528  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc        C:\Windows\system32\profsvc.dll
14:43:27.0762 1528  ProfSvc - ok
14:43:27.0825 1528  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
14:43:27.0856 1528  ProtectedStorage - ok
14:43:27.0950 1528  [ AAC08DEFB15AAAB00B30341C716EFA35 ] psadd          C:\Windows\system32\DRIVERS\psadd.sys
14:43:28.0043 1528  psadd - ok
14:43:28.0106 1528  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
14:43:28.0230 1528  PSched - ok
14:43:28.0308 1528  [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI            C:\Windows\system32\DRIVERS\psi_mf.sys
14:43:28.0355 1528  PSI - ok
14:43:28.0386 1528  [ F7BB4E7A7C02AB4A2672937E124E306E ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
14:43:28.0402 1528  PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
14:43:28.0402 1528  PxHelp20 - detected UnsignedFile.Multi.Generic (1)
14:43:28.0589 1528  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:43:28.0683 1528  ql2300 - ok
14:43:28.0808 1528  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:43:28.0870 1528  ql40xx - ok
14:43:28.0995 1528  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE          C:\Windows\system32\qwave.dll
14:43:29.0088 1528  QWAVE - ok
14:43:29.0104 1528  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:43:29.0135 1528  QWAVEdrv - ok
14:43:29.0182 1528  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:43:29.0276 1528  RasAcd - ok
14:43:29.0291 1528  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto        C:\Windows\System32\rasauto.dll
14:43:29.0369 1528  RasAuto - ok
14:43:29.0416 1528  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
14:43:29.0494 1528  Rasl2tp - ok
14:43:29.0556 1528  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
14:43:29.0619 1528  RasMan - ok
14:43:29.0681 1528  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:43:29.0790 1528  RasPppoe - ok
14:43:29.0884 1528  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
14:43:30.0040 1528  RasSstp - ok
14:43:30.0147 1528  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
14:43:30.0240 1528  rdbss - ok
14:43:30.0303 1528  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:43:30.0412 1528  RDPCDD - ok
14:43:30.0583 1528  [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr          C:\Windows\system32\DRIVERS\rdpdr.sys
14:43:30.0755 1528  rdpdr - ok
14:43:30.0771 1528  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:43:30.0817 1528  RDPENCDD - ok
14:43:30.0942 1528  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
14:43:31.0067 1528  RDPWD - ok
14:43:31.0192 1528  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:43:31.0270 1528  RemoteAccess - ok
14:43:31.0348 1528  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:43:31.0379 1528  RemoteRegistry - ok
14:43:31.0457 1528  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
14:43:31.0644 1528  RpcLocator - ok
14:43:31.0691 1528  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs          C:\Windows\system32\rpcss.dll
14:43:31.0800 1528  RpcSs - ok
14:43:31.0863 1528  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:43:31.0909 1528  rspndr - ok
14:43:32.0097 1528  [ 0797877413D3225700D94488F06273A8 ] RTL8192su      C:\Windows\system32\DRIVERS\RTL8192su.sys
14:43:32.0143 1528  RTL8192su - ok
14:43:32.0190 1528  [ A3E186B4B935905B829219502557314E ] SamSs          C:\Windows\system32\lsass.exe
14:43:32.0190 1528  SamSs - ok
14:43:32.0221 1528  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:43:32.0237 1528  sbp2port - ok
14:43:32.0315 1528  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:43:32.0377 1528  SCardSvr - ok
14:43:32.0533 1528  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
14:43:32.0845 1528  Schedule - ok
14:43:32.0892 1528  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc    C:\Windows\System32\certprop.dll
14:43:32.0923 1528  SCPolicySvc - ok
14:43:32.0970 1528  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:43:33.0267 1528  SDRSVC - ok
14:43:33.0298 1528  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:43:33.0391 1528  secdrv - ok
14:43:33.0438 1528  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
14:43:33.0469 1528  seclogon - ok
14:43:33.0750 1528  [ 5B66DB4877BBAC9F7493AA8D84421E49 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
14:43:33.0844 1528  Secunia PSI Agent - ok
14:43:33.0937 1528  [ 0E88FDF474F2CDD370A4A6CE77D018F0 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
14:43:34.0125 1528  Secunia Update Agent - ok
14:43:34.0187 1528  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
14:43:34.0281 1528  SENS - ok
14:43:34.0312 1528  [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
14:43:34.0437 1528  Serenum - ok
14:43:34.0515 1528  [ 6D663022DB3E7058907784AE14B69898 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:43:34.0577 1528  Serial - ok
14:43:34.0655 1528  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:43:34.0717 1528  sermouse - ok
14:43:34.0780 1528  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:43:34.0842 1528  SessionEnv - ok
14:43:34.0858 1528  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
14:43:34.0936 1528  sffdisk - ok
14:43:34.0967 1528  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:43:35.0045 1528  sffp_mmc - ok
14:43:35.0107 1528  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
14:43:35.0201 1528  sffp_sd - ok
14:43:35.0326 1528  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
14:43:35.0466 1528  sfloppy - ok
14:43:35.0560 1528  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:43:35.0638 1528  SharedAccess - ok
14:43:35.0747 1528  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:43:35.0997 1528  ShellHWDetection - ok
14:43:36.0043 1528  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
14:43:36.0106 1528  sisagp - ok
14:43:36.0153 1528  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
14:43:36.0200 1528  SiSRaid2 - ok
14:43:36.0216 1528  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:43:36.0232 1528  SiSRaid4 - ok
14:43:36.0372 1528  [ A37740568718F245E818D0C5575B9AA9 ] SkypeUpdate    C:\Program Files\Skype\Updater\Updater.exe
14:43:36.0419 1528  SkypeUpdate - ok
14:43:36.0668 1528  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc          C:\Windows\system32\SLsvc.exe
14:43:37.0808 1528  slsvc - ok
14:43:37.0933 1528  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
14:43:37.0964 1528  SLUINotify - ok
14:43:38.0027 1528  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
14:43:38.0105 1528  Smb - ok
14:43:38.0151 1528  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:43:38.0246 1528  SNMPTRAP - ok
14:43:38.0308 1528  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr          C:\Windows\system32\drivers\spldr.sys
14:43:38.0340 1528  spldr - ok
14:43:38.0433 1528  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler        C:\Windows\System32\spoolsv.exe
14:43:38.0558 1528  Spooler - ok
14:43:38.0652 1528  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv            C:\Windows\system32\DRIVERS\srv.sys
14:43:38.0917 1528  srv - ok
14:43:38.0979 1528  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:43:39.0120 1528  srv2 - ok
14:43:39.0166 1528  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:43:39.0213 1528  srvnet - ok
14:43:39.0276 1528  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
14:43:39.0307 1528  SSDPSRV - ok
14:43:39.0432 1528  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
14:43:39.0525 1528  SstpSvc - ok
14:43:39.0650 1528  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
14:43:39.0744 1528  stisvc - ok
14:43:39.0900 1528  [ C2191C1A5DFED0795E3D3B68905B195B ] SUService      C:\Program Files\Lenovo\System Update\SUService.exe
14:43:39.0915 1528  SUService ( UnsignedFile.Multi.Generic ) - warning
14:43:39.0915 1528  SUService - detected UnsignedFile.Multi.Generic (1)
14:43:39.0993 1528  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
14:43:40.0024 1528  swenum - ok
14:43:40.0118 1528  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv          C:\Windows\System32\swprv.dll
14:43:40.0243 1528  swprv - ok
14:43:40.0305 1528  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx        C:\Windows\system32\drivers\symc8xx.sys
14:43:40.0321 1528  Symc8xx - ok
14:43:40.0368 1528  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
14:43:40.0399 1528  Sym_hi - ok
14:43:40.0414 1528  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
14:43:40.0430 1528  Sym_u3 - ok
14:43:40.0602 1528  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain        C:\Windows\system32\sysmain.dll
14:43:40.0789 1528  SysMain - ok
14:43:40.0836 1528  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:43:41.0070 1528  TabletInputService - ok
14:43:41.0179 1528  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv        C:\Windows\System32\tapisrv.dll
14:43:41.0320 1528  TapiSrv - ok
14:43:41.0383 1528  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS            C:\Windows\System32\tbssvc.dll
14:43:41.0492 1528  TBS - ok
14:43:41.0648 1528  [ 3535CD93F944C00F098E73E12EE7FEB6 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
14:43:41.0960 1528  Tcpip - ok
14:43:42.0069 1528  [ 3535CD93F944C00F098E73E12EE7FEB6 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
14:43:42.0163 1528  Tcpip6 - ok
14:43:42.0241 1528  [ CD21572F83F7EC6E2C20C465967BEDD9 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:43:42.0350 1528  tcpipreg - ok
14:43:42.0475 1528  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:43:42.0506 1528  TDPIPE - ok
14:43:42.0537 1528  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
14:43:42.0631 1528  TDTCP - ok
14:43:42.0724 1528  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
14:43:42.0802 1528  tdx - ok
14:43:42.0849 1528  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
14:43:42.0911 1528  TermDD - ok
14:43:42.0989 1528  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService    C:\Windows\System32\termsrv.dll
14:43:43.0145 1528  TermService - ok
14:43:43.0255 1528  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
14:43:43.0333 1528  Themes - ok
14:43:43.0520 1528  [ 64CFBE1A6A66A5062C26D0B178A42C91 ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
14:43:43.0660 1528  ThinkVantage Registry Monitor Service - ok
14:43:43.0707 1528  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER    C:\Windows\system32\mmcss.dll
14:43:43.0738 1528  THREADORDER - ok
14:43:43.0816 1528  [ CB258C2F726F1BE73C507022BE33EBB3 ] TPM            C:\Windows\system32\drivers\tpm.sys
14:43:43.0863 1528  TPM - ok
14:43:43.0957 1528  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
14:43:44.0113 1528  TrkWks - ok
14:43:44.0253 1528  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:43:44.0378 1528  TrustedInstaller - ok
14:43:44.0596 1528  [ 865760E60F51D2A33E51AE9BA1806FF8 ] TSSCoreService  C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
14:43:44.0955 1528  TSSCoreService - ok
14:43:44.0986 1528  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:43:45.0033 1528  tssecsrv - ok
14:43:45.0080 1528  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp          C:\Windows\system32\DRIVERS\tunmp.sys
14:43:45.0251 1528  tunmp - ok
14:43:45.0376 1528  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:43:45.0439 1528  tunnel - ok
14:43:45.0610 1528  [ 40489F1CD98AC221C97B4E1D269C3331 ] TVT Backup Protection Service C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
14:43:45.0673 1528  TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - warning
14:43:45.0673 1528  TVT Backup Protection Service - detected UnsignedFile.Multi.Generic (1)
14:43:45.0844 1528  [ 06519C96036F937B829D4E3EAF8F7596 ] TVT Backup Service C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
14:43:46.0016 1528  TVT Backup Service ( UnsignedFile.Multi.Generic ) - warning
14:43:46.0016 1528  TVT Backup Service - detected UnsignedFile.Multi.Generic (1)
14:43:46.0453 1528  [ E9EA448F1174BE4052416B62263EA4EE ] TVT Scheduler  c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
14:43:46.0546 1528  TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning
14:43:46.0546 1528  TVT Scheduler - detected UnsignedFile.Multi.Generic (1)
14:43:46.0640 1528  [ 49258A02A1E8D304ED88B0F1C56B1738 ] tvtfilter      C:\Windows\system32\DRIVERS\tvtfilter.sys
14:43:46.0640 1528  tvtfilter ( UnsignedFile.Multi.Generic ) - warning
14:43:46.0640 1528  tvtfilter - detected UnsignedFile.Multi.Generic (1)
14:43:46.0733 1528  [ 8AB24D4B7DA715C2C80455137910E792 ] TVTI2C          C:\Windows\system32\DRIVERS\Tvti2c.sys
14:43:46.0827 1528  TVTI2C - ok
14:43:46.0874 1528  [ 2E72C66682E9274C97AE3F5A57C2FA33 ] tvtnetwk        C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
14:43:46.0889 1528  tvtnetwk ( UnsignedFile.Multi.Generic ) - warning
14:43:46.0889 1528  tvtnetwk - detected UnsignedFile.Multi.Generic (1)
14:43:46.0921 1528  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:43:46.0936 1528  uagp35 - ok
14:43:47.0061 1528  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:43:47.0170 1528  udfs - ok
14:43:47.0248 1528  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
14:43:47.0311 1528  UI0Detect - ok
14:43:47.0342 1528  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:43:47.0373 1528  uliagpkx - ok
14:43:47.0420 1528  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci        C:\Windows\system32\drivers\uliahci.sys
14:43:47.0435 1528  uliahci - ok
14:43:47.0467 1528  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
14:43:47.0498 1528  UlSata - ok
14:43:47.0529 1528  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2        C:\Windows\system32\drivers\ulsata2.sys
14:43:47.0545 1528  ulsata2 - ok
14:43:47.0576 1528  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
14:43:47.0638 1528  umbus - ok
14:43:47.0747 1528  [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService    C:\Windows\System32\umrdp.dll
14:43:47.0935 1528  UmRdpService - ok
14:43:48.0075 1528  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
14:43:48.0215 1528  upnphost - ok
14:43:48.0340 1528  [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL        C:\Windows\system32\Drivers\usbaapl.sys
14:43:48.0434 1528  USBAAPL - ok
14:43:48.0543 1528  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
14:43:48.0605 1528  usbccgp - ok
14:43:48.0668 1528  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:43:48.0761 1528  usbcir - ok
14:43:48.0871 1528  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
14:43:48.0917 1528  usbehci - ok
14:43:48.0980 1528  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:43:49.0073 1528  usbhub - ok
14:43:49.0105 1528  [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
14:43:49.0136 1528  usbohci - ok
14:43:49.0214 1528  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:43:49.0276 1528  usbprint - ok
14:43:49.0339 1528  [ A508C9BD8724980512136B039BBA65E9 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
14:43:49.0370 1528  usbscan - ok
14:43:49.0463 1528  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:43:49.0588 1528  USBSTOR - ok
14:43:49.0635 1528  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
14:43:49.0713 1528  usbuhci - ok
14:43:49.0791 1528  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms          C:\Windows\System32\uxsms.dll
14:43:49.0885 1528  UxSms - ok
14:43:50.0041 1528  [ CD88D1B7776DC17A119049742EC07EB4 ] vds            C:\Windows\System32\vds.exe
14:43:50.0243 1528  vds - ok
14:43:50.0321 1528  [ 87B06E1F30B749A114F74622D013F8D4 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
14:43:50.0384 1528  vga - ok
14:43:50.0477 1528  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave        C:\Windows\System32\drivers\vga.sys
14:43:50.0555 1528  VgaSave - ok
14:43:50.0633 1528  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
14:43:50.0680 1528  viaagp - ok
14:43:50.0774 1528  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7          C:\Windows\system32\drivers\viac7.sys
14:43:50.0852 1528  ViaC7 - ok
14:43:50.0899 1528  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
14:43:50.0930 1528  viaide - ok
14:43:50.0992 1528  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:43:51.0023 1528  volmgr - ok
14:43:51.0164 1528  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
14:43:51.0273 1528  volmgrx - ok
14:43:51.0367 1528  [ 786DB5771F05EF300390399F626BF30A ] volsnap        C:\Windows\system32\drivers\volsnap.sys
14:43:51.0429 1528  volsnap - ok
14:43:51.0507 1528  [ 587253E09325E6BF226B299774B728A9 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
14:43:51.0554 1528  vsmraid - ok
14:43:51.0725 1528  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS            C:\Windows\system32\vssvc.exe
14:43:52.0022 1528  VSS - ok
14:43:52.0131 1528  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time        C:\Windows\system32\w32time.dll
14:43:52.0318 1528  W32Time - ok
14:43:52.0334 1528  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:43:52.0412 1528  WacomPen - ok
14:43:52.0443 1528  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
14:43:52.0459 1528  Wanarp - ok
14:43:52.0505 1528  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:43:52.0537 1528  Wanarpv6 - ok
14:43:52.0677 1528  [ 20B23332885DFB93FE0185362EE811E9 ] wbengine        C:\Windows\system32\wbengine.exe
14:43:52.0927 1528  wbengine - ok
14:43:53.0176 1528  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc        C:\Windows\System32\wcncsvc.dll
14:43:53.0504 1528  wcncsvc - ok
14:43:53.0613 1528  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:43:53.0753 1528  WcsPlugInService - ok
14:43:53.0847 1528  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
14:43:53.0878 1528  Wd - ok
14:43:54.0050 1528  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:43:54.0362 1528  Wdf01000 - ok
14:43:54.0377 1528  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:43:54.0455 1528  WdiServiceHost - ok
14:43:54.0471 1528  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
14:43:54.0533 1528  WdiSystemHost - ok
14:43:54.0627 1528  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient      C:\Windows\System32\webclnt.dll
14:43:54.0705 1528  WebClient - ok
14:43:55.0001 1528  [ 905214925A88311FCE52F66153DE7610 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:43:55.0173 1528  Wecsvc - ok
14:43:55.0220 1528  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
14:43:55.0329 1528  wercplsupport - ok
14:43:55.0376 1528  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:43:55.0407 1528  WerSvc - ok
14:43:55.0469 1528  [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4 ] WimFltr        C:\Windows\system32\DRIVERS\wimfltr.sys
14:43:55.0563 1528  WimFltr - ok
14:43:55.0750 1528  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
14:43:55.0766 1528  WinDefend - ok
14:43:55.0781 1528  WinHttpAutoProxySvc - ok
14:43:56.0015 1528  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
14:43:56.0031 1528  Winmgmt - ok
14:43:56.0187 1528  [ 01874D4689C212460FBABF0ECD7CB7F7 ] WinRM          C:\Windows\system32\WsmSvc.dll
14:43:56.0437 1528  WinRM - ok
14:43:56.0593 1528  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc        C:\Windows\System32\wlansvc.dll
14:43:56.0717 1528  Wlansvc - ok
14:43:56.0749 1528  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
14:43:56.0827 1528  WmiAcpi - ok
14:43:56.0936 1528  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:43:57.0014 1528  wmiApSrv - ok
14:43:57.0185 1528  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
14:43:57.0622 1528  WMPNetworkSvc - ok
14:43:57.0685 1528  [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:43:57.0872 1528  WPDBusEnum - ok
14:43:57.0950 1528  [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
14:43:57.0997 1528  WpdUsb - ok
14:43:58.0075 1528  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
14:43:58.0121 1528  ws2ifsl - ok
14:43:58.0262 1528  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
14:43:58.0324 1528  wscsvc - ok
14:43:58.0324 1528  WSearch - ok
14:43:58.0730 1528  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
14:43:59.0260 1528  wuauserv - ok
14:43:59.0291 1528  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:43:59.0354 1528  WUDFRd - ok
14:43:59.0416 1528  [ 575A4190D989F64732119E4114045A4F ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
14:43:59.0479 1528  wudfsvc - ok
14:43:59.0681 1528  [ F081ED0B8BD09D7F50AC9A30BBBB06BC ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
14:43:59.0822 1528  yukonwlh - ok
14:43:59.0837 1528  ================ Scan global ===============================
14:43:59.0915 1528  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
14:44:00.0056 1528  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
14:44:00.0087 1528  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
14:44:00.0274 1528  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
14:44:00.0430 1528  [Global] - ok
14:44:00.0430 1528  ================ Scan MBR ==================================
14:44:00.0461 1528  [ 5DD6CFB684A01AEE2A4361080F2C881B ] \Device\Harddisk0\DR0
14:44:01.0460 1528  \Device\Harddisk0\DR0 - ok
14:44:01.0475 1528  ================ Scan VBR ==================================
14:44:01.0475 1528  [ 9CDADEB8350067C53B1B0DD2E30CE973 ] \Device\Harddisk0\DR0\Partition1
14:44:01.0491 1528  \Device\Harddisk0\DR0\Partition1 - ok
14:44:01.0491 1528  ============================================================
14:44:01.0491 1528  Scan finished
14:44:01.0491 1528  ============================================================
14:44:01.0538 1428  Detected object count: 10
14:44:01.0538 1428  Actual detected object count: 10
14:44:31.0460 1428  AtiPcie ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:31.0460 1428  AtiPcie ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:44:31.0460 1428  Diskeeper ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:31.0460 1428  Diskeeper ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:44:31.0460 1428  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:31.0460 1428  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:44:31.0476 1428  PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:31.0476 1428  PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:44:31.0476 1428  SUService ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:31.0476 1428  SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:44:31.0476 1428  TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:31.0476 1428  TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:44:31.0476 1428  TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:31.0476 1428  TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:44:31.0476 1428  TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:31.0476 1428  TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:44:31.0476 1428  tvtfilter ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:31.0476 1428  tvtfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:44:31.0476 1428  tvtnetwk ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:31.0476 1428  tvtnetwk ( UnsignedFile.Multi.Generic ) - User select action: Skip

mbar:

Code:
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.20.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Heike :: *** [administrator]

20.04.2013 13:40:00
mbar-log-2013-04-20 (13-40-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28136
Time elapsed: 24 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
aswmbr:

Code:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-20 13:51:20
-----------------------------
13:51:20.544    OS Version: Windows 6.0.6002 Service Pack 2
13:51:20.544    Number of processors: 2 586 0x6B01
13:51:20.545    ComputerName: HEIKE-PC  UserName: Heike
13:51:21.003    Initialize success
13:51:38.453    AVAST engine defs: 13042000
13:51:42.703    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-6
13:51:42.710    Disk 0 Vendor: WDC_WD800JD-08MSA1 10.01E01 Size: 76324MB BusType: 3
13:51:43.368    Disk 0 MBR read successfully
13:51:43.375    Disk 0 MBR scan
13:51:43.387    Disk 0 unknown MBR code
13:51:43.409    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        5447 MB offset 2048
13:51:43.467    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        70875 MB offset 11157504
13:51:43.500    Disk 0 scanning sectors +156309504
13:51:43.699    Disk 0 scanning C:\Windows\system32\drivers
13:52:09.196    Service scanning
13:52:42.118    Modules scanning
13:52:49.050    Disk 0 trace - called modules:
13:52:49.081    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
13:52:49.081    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x850f4780]
13:52:49.097    3 CLASSPNP.SYS[877a98b3] -> nt!IofCallDriver -> [0x84c1d8f8]
13:52:49.097    5 acpi.sys[8060a6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-6[0x84c155a8]
13:52:49.971    AVAST engine scan C:\
14:52:01.296    Disk 0 MBR has been saved successfully to "C:\Users\Heike\Desktop\MBR.dat"
14:52:01.312    The log file has been saved successfully to "C:\Users\Heike\Desktop\aswMBR.txt"

cosinus 20.04.2013 17:50
Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Atina 23.04.2013 16:33
Combofix:

Code:
ComboFix 13-04-23.02 - *** 23.04.2013  16:32:50.1.2 - x86
Microsoft® Windows Vista™ Business  6.0.6002.2.1252.49.1031.18.1918.1082 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-03-23 bis 2013-04-23  ))))))))))))))))))))))))))))))
.
.
2013-04-23 14:41 . 2013-04-23 14:42        --------        d-----w-        c:\users\***\AppData\Local\temp
2013-04-23 14:41 . 2013-04-23 14:41        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-04-23 08:10 . 2013-04-10 03:08        6906960        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4AD7E4F0-74FD-4894-84CA-38AC4A7DB202}\mpengine.dll
2013-04-22 07:23 . 2013-04-10 03:08        6906960        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-18 11:31 . 2013-04-18 11:31        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-18 11:31 . 2013-04-18 11:31        691592        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-04-18 11:27 . 2013-04-18 11:38        --------        d-----w-        c:\users\***\AppData\Roaming\vlc
2013-04-17 19:28 . 2013-02-22 03:37        1427968        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-04-10 05:28 . 2013-03-11 13:25        3603816        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2013-04-10 05:28 . 2013-03-11 13:25        3551080        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-04-10 05:28 . 2013-03-09 03:45        49152        ----a-w-        c:\windows\system32\csrsrv.dll
2013-04-10 05:28 . 2013-03-09 01:28        64000        ----a-w-        c:\windows\system32\smss.exe
2013-04-10 05:28 . 2013-03-08 03:52        2067968        ----a-w-        c:\windows\system32\mstscax.dll
2013-04-10 05:28 . 2013-03-08 03:53        376320        ----a-w-        c:\windows\system32\winsrv.dll
2013-04-10 05:21 . 2013-03-05 01:40        2049024        ----a-w-        c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-04 12:50 . 2012-07-25 21:46        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-04-02 10:33 . 2011-12-10 20:54        237088        ------w-        c:\windows\system32\MpSigStub.exe
2013-02-12 01:57 . 2013-03-22 13:50        15872        ----a-w-        c:\windows\system32\drivers\usb8023.sys
2013-04-17 05:46 . 2013-04-17 05:46        263064        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-22 4702208]
"Mouse Suite 98 Daemon"="ICO.EXE" [2007-02-11 77824]
"LenovoOobeOffers"="c:\swtools\LenovoWelcome\LenovoOobeOffers.exe" [2007-09-25 28672]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-09 2630968]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader - Schnellstart.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader - Schnellstart.lnk
backup=c:\windows\pss\Adobe Reader - Schnellstart.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LenovoRegistration.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\LenovoRegistration.lnk
backup=c:\windows\pss\LenovoRegistration.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22        59240        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2006-11-15 15:21        217176        ----a-w-        c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-12 23:24        421736        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2007-04-26 17:10        120368        ------w-        c:\progra~1\THINKV~1\PrdCtr\LPMGR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 12:18        17420464        ----a-r-        c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-11-07 17:15        9478320        ----a-w-        c:\users\***\AppData\Roaming\Spotify\spotify.exe
.
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com/?l=dis&o=101702
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\cdqgoz7k.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - ExtSQL: 2013-04-18 13:28; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\cdqgoz7k.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-04-18 13:28; ich@maltegoetz.de; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\cdqgoz7k.default\extensions\ich@maltegoetz.de
FF - ExtSQL: 2013-04-18 13:28; firefox@ghostery.com; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\cdqgoz7k.default\extensions\firefox@ghostery.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-EzPrint - c:\program files\Lexmark 5400 Series\ezprint.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-04-23 16:42
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\users\***\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Zeit der Fertigstellung: 2013-04-23  16:47:42
ComboFix-quarantined-files.txt  2013-04-23 14:47
.
Vor Suchlauf: 3.878.707.200 Bytes frei
Nach Suchlauf: 4.009.435.136 Bytes frei
.
- - End Of File - - B077CFB12B297071445ED91848155093

cosinus 23.04.2013 23:09
JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

Atina 28.04.2013 17:52
JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.1 (04.27.2013:1)
OS: Windows Vista (TM) Business x86
Ran by *** on 28.04.2013 at 16:05:36,56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2805077007-1916498649-1146870764-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A537DD92-568B-4D03-B7DF-BD7C5285681C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DB944F20-2B82-44C7-870D-6BEC5ACF98F5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{A537DD92-568B-4D03-B7DF-BD7C5285681C}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\cdqgoz7k.default\searchplugins\askcom.xml
Successfully deleted the following from C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\cdqgoz7k.default\prefs.js

user_pref("browser.search.order.1", "Ask.com");
Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\cdqgoz7k.default\minidumps [60 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.04.2013 at 16:07:12,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
adw:

Code:
# AdwCleaner v2.300 - Datei am 28/04/2013 um 16:08:30 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Business Service Pack 2 (32 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\cdqgoz7k.default\foxydeal.sqlite

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\cdqgoz7k.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1521 octets] - [28/04/2013 16:08:13]
AdwCleaner[S1].txt - [1454 octets] - [28/04/2013 16:08:30]

########## EOF - C:\AdwCleaner[S1].txt - [1514 octets] ##########
OTL - Extra:

Code:
OTL Extras logfile created on: 28.04.2013 17:45:35 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\***\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 71,76% Memory free
4,00 Gb Paging File | 3,14 Gb Available in Paging File | 78,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,21 Gb Total Space | 5,58 Gb Free Space | 8,06% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2805077007-1916498649-1146870764-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0842A158-3D32-4AED-B4CF-41544E86C8CE}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{1A199FBE-74D8-4C1A-85BF-A1725069B402}" = lport=445 | protocol=6 | dir=in | app=system |
"{1AC4E986-EA5C-4AB1-8F7D-0980AC2C7289}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4C63919E-AE0C-4058-943F-7F4E01CDF9FB}" = rport=139 | protocol=6 | dir=out | app=system |
"{5A55DF0F-1B60-4935-A02F-944CC4478960}" = rport=138 | protocol=17 | dir=out | app=system |
"{5E0A0F36-7424-4CE4-AB87-8C2A7C6FF18C}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{8431C6E5-5B98-4ECF-9233-0D1D46FE4317}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{CA4F74A2-850B-4F3D-87F1-5219C6F3E06C}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{D3C41FE5-CF9B-4E80-A4EE-E38EE6207A39}" = rport=137 | protocol=17 | dir=out | app=system |
"{DE2C8E1F-72A7-4754-BC45-4F89087306F4}" = rport=445 | protocol=6 | dir=out | app=system |
"{DFA9F5F2-AC71-49FB-BDA7-B99748E89947}" = lport=137 | protocol=17 | dir=in | app=system |
"{E028A655-0DAB-4B9A-9C35-FCB3FFAA61E0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{ED917DD1-3A61-4C10-A539-659DAA5221A1}" = lport=138 | protocol=17 | dir=in | app=system |
"{EE0BE00C-FBE0-41AC-AFE3-043D166499D2}" = lport=139 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B697008-C009-40A9-B789-1D6DE939B1F6}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{2EE88B89-FD7B-4DFA-886C-16300272B20D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4106E108-CA8B-4903-8528-E78A4A89AD92}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{4C57F9E7-A549-4D64-8632-EBB47193134E}" = protocol=17 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe |
"{6AD15296-C3F7-4B92-AEC9-A6447D24105C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{75FA4284-4540-461E-9562-8ACCD47C667B}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{8F8291AC-862F-41C3-97A6-5C26C9BEC302}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{9C4F54DE-AE00-4A58-B8F5-789A85B7B6E0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A5FAD6EF-C4D3-4BCE-B0BD-ACE22CB53271}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B0745AB1-012D-480A-ABD9-400D400BFF0B}" = protocol=6 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe |
"{BF7AA649-E438-432F-A1FA-B7710E34F1FB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D40774CC-AB18-477B-B92D-54E4A33B845C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D4F17648-EAB7-491A-BFBA-9A58DA9C4AD0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E6129C1E-7488-449A-8E7F-0E22426860ED}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{EB3FB244-1F5A-423E-9A7B-BEC4666DA6E3}" = dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{5393EA08-9772-4328-9145-4ABD7E1A823E}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe |
"TCP Query User{F57F765D-F5C0-4C1E-8AC2-C9B369914625}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe |
"UDP Query User{B92F401D-22F8-44ED-8AD9-9AFACC543593}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe |
"UDP Query User{C753BCD2-C811-4559-B615-87DCC42CAC57}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06973580-503D-B2F8-B932-C6FFF6DE7615}" = CCC Help Chinese Traditional
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{0ADB6A81-F35D-4040-36CE-C50206F09737}" = CCC Help Japanese
"{0F4EFCE8-E358-4430-A504-F55F32BA1816}" = Client Security Solution
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1438FB49-8B53-D209-2B32-B0F33DA65336}" = Catalyst Control Center Localization Thai
"{18B9E358-08D9-0955-2FF3-EA15FF11DF02}" = Catalyst Control Center Localization Italian
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{2641973f-107f-4a4a-83a5-dfaff7a75097}" = Nero 9
"{27A7337A-765F-AA01-7115-06C3023E88E1}" = CCC Help Czech
"{2A73DA05-35C1-AA35-07D5-36C077D3183F}" = Catalyst Control Center Core Implementation
"{2AFE1AE5-1828-E0AE-B067-6B71620AF388}" = Catalyst Control Center Localization German
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3184A571-E021-817E-378D-9EC6EE412E09}" = Catalyst Control Center Graphics Light
"{36249169-E3FC-6737-9FA7-9BA520BE0DB2}" = CCC Help French
"{37652D83-7BDC-4735-8954-3FE0C2F2AD18}" = ccc-Branding
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{40BCF117-291F-BA1E-FC3E-C5C80F061641}" = CCC Help Hungarian
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{4654A4C6-B8C4-CC1C-91C3-2D938EFD12E8}" = Catalyst Control Center Localization Polish
"{46A62B59-10D1-46B9-C32A-D5CA90899A8B}" = Catalyst Control Center Graphics Full Existing
"{47229A8F-CB6D-E104-412D-206B0D68E02A}" = Catalyst Control Center Localization Turkish
"{476796E1-CD51-1300-F212-15B10724A91F}" = CCC Help Russian
"{48B0DEBB-4A67-0523-0DBB-E82D88FA333D}" = Catalyst Control Center Localization Spanish
"{49850071-F9BA-1736-29B8-3B663CE7738C}" = CCC Help Chinese Standard
"{4BAB05AF-F263-D3FC-217B-33B0F1B9D118}" = Catalyst Control Center Localization Hungarian
"{4CFA2AC8-FE0B-C8F8-4C3C-73EC24CD52C8}" = CCC Help German
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{51242B4E-E559-29D1-F01C-FAD101303CD3}" = CCC Help Italian
"{53A363EF-AC2C-ED65-7011-8F21641E5FAB}" = Catalyst Control Center Localization Portuguese
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56AA716F-007D-66D2-EC91-9A4C48947E00}" = CCC Help Swedish
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{577E5938-7280-43C8-6585-CCE7CC0B286C}" = Catalyst Control Center Localization Norwegian
"{5967C9BB-1F4D-AAD2-2EDB-93B57376ECD5}" = Catalyst Control Center Localization Danish
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{689C7F35-3627-E074-E17B-A03DC82DF234}" = Catalyst Control Center Localization Japanese
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6BA6EB17-ABA5-32E6-FD02-618F39E07347}" = Catalyst Control Center Localization Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{747B2C81-B13B-F720-9DDC-C31BF1D492DF}" = Catalyst Control Center Localization Korean
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{76A0AADC-437C-10ED-7210-9B9FC38EACE6}" = CCC Help Korean
"{76AB986D-421F-B618-F738-028626176904}" = CCC Help Danish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Home
"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe
"{7B462657-E26A-BB05-1064-A3A94D84583D}" = CCC Help Polish
"{7C032D1E-DD75-6856-2F78-1FF1FE3712DB}" = CCC Help Norwegian
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{818EA00F-8D02-671E-FE70-C2377EE4F24C}" = Catalyst Control Center Localization Dutch
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8FC6E83A-EE8C-88D6-7C7B-74E6BE7C8667}" = CCC Help Thai
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUSR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUSR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUSR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{949997C4-6532-8E7A-A1A0-AACBC665123E}" = Catalyst Control Center Localization French
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A6700AA-8775-4DAB-6284-771145BAA661}" = Catalyst Control Center Graphics Full New
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9AFF5F50-1936-8859-AF93-5F66F785EE63}" = CCC Help Dutch
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{A1A84D7F-3C2E-1255-2469-8175F972AB58}" = CCC Help Greek
"{A682297F-4CA6-A1EE-D68B-06A3EB847255}" = ccc-core-static
"{A6C2B54A-5D1C-45DE-0FD1-2C3A200163A4}" = CCC Help Turkish
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A88852F0-1790-1E1D-9164-95FFCF435E97}" = Catalyst Control Center Localization Chinese Traditional
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AE6D88D5-9064-84EA-C9DD-AC5927C44AA1}" = CCC Help Finnish
"{AEB61F7A-4BBA-4292-A096-7893E09034A4}" = Steuer-Spar-Erklärung 2013
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B346EA79-BF20-5BE1-E599-45EEFB0CB3BD}" = Catalyst Control Center Localization Greek
"{B460F0C7-98ED-9B55-6D24-E54E98A89A78}" = Skins
"{B4B5E290-81EF-A724-E52C-DE05DC85B2E6}" = Catalyst Control Center Graphics Previews Vista
"{B4BCBF59-3F39-1F6D-2ED2-72198CC7AC49}" = Catalyst Control Center Localization Russian
"{B84B5373-AAC0-07AD-38A0-C44AAA4BD82F}" = CCC Help Spanish
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BF0B0BF5-366A-6B6E-5718-A98E2E845322}" = ccc-utility
"{C0D49C3F-237B-94C7-EECD-10D22851C76E}" = CCC Help English
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C9521CC8-D7EC-145F-33B7-B27BFF631715}" = CCC Help Portuguese
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkCentre
"{D7A2D358-B2BB-691E-EAD7-E95CDAE9842F}" = Catalyst Control Center Localization Swedish
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DB6B6CCF-D509-C223-D06E-1D2118ECD193}" = Catalyst Control Center Localization Finnish
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E048D0DC-7419-7867-FCD2-CF176C73E629}" = Catalyst Control Center Localization Chinese Standard
"{E2E25F53-EB64-4BC1-8A9E-B970BBEF8C1C}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5991C8EB35AA0A2B41B0060067BD0DA30E877FFF" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (10/22/2007 6.0.1.5499)
"89838CF0B3DF29FE9FFF8893ACB04964C75A6F1E" = Windows Driver Package - ATI Technogies Inc (pci) System  (11/02/2006 1.00.0000.1)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ATI Uninstaller" = ATI Uninstaller
"C16E2639B8851B54030DE09318A01581A8096E29" = Windows Driver Package - Marvell (yukonwlh) Net  (09/18/2007 10.24.1.3)
"CCleaner" = CCleaner
"D4B97D41574F60753BAE597542C02A55D48392C9" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (10/22/2007 6.0.1.5499)
"FileHippo.com" = FileHippo.com Update Checker
"Foxit Reader_is1" = Foxit Reader
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.6.1
"Lenovo Registration" = Lenovo Registration
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MouseSuite98" = Mouse Suite
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
"Picasa 3" = Picasa 3
"PROPLUSR" = Microsoft Office Professional Plus 2007
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"VLC media player" = VLC media player 2.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2805077007-1916498649-1146870764-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.04.2013 10:12:14 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 28.04.2013 10:14:10 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 28.04.2013 10:14:40 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 28.04.2013 10:17:39 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 28.04.2013 10:18:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 28.04.2013 10:18:39 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 28.04.2013 10:19:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 28.04.2013 10:19:40 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 28.04.2013 10:20:10 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 28.04.2013 10:20:40 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 28.04.2013 10:21:10 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description =
 
 
< End of report >
OTL:

Code:
OTL logfile created on: 28.04.2013 17:45:35 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\***\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 71,76% Memory free
4,00 Gb Paging File | 3,14 Gb Available in Paging File | 78,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,21 Gb Total Space | 5,58 Gb Free Space | 8,06% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
PRC - C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Windows\System32\PELMICED.EXE (Primax Electronics Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Common Files\Lenovo\CDRecord.dll ()
MOD - C:\Programme\Common Files\Lenovo\xml4cmessages5_5.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia)
SRV - (SUService) -- C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TVT Backup Protection Service) -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (tvtnetwk) -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (Diskeeper) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\***\AppData\Local\Temp\catchme.sys File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                          )
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (pelusblf) -- C:\Windows\System32\drivers\PELUSBLF.SYS (Primax Electronics Ltd.)
DRV - (pelmouse) -- C:\Windows\System32\drivers\PELMOUSE.SYS (Primax Electronics Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2805077007-1916498649-1146870764-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkcentre [binary data]
IE - HKU\S-1-5-21-2805077007-1916498649-1146870764-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2805077007-1916498649-1146870764-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2805077007-1916498649-1146870764-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2805077007-1916498649-1146870764-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2805077007-1916498649-1146870764-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2805077007-1916498649-1146870764-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2805077007-1916498649-1146870764-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.17 07:46:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2004.01.01 01:27:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.04.18 13:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cdqgoz7k.default\extensions
[2013.04.18 13:28:39 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cdqgoz7k.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.04.18 13:28:41 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cdqgoz7k.default\extensions\firefox@ghostery.com
[2013.04.18 13:28:39 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cdqgoz7k.default\extensions\ich@maltegoetz.de
[2013.04.17 07:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.17 07:46:19 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.04.17 07:45:56 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.17 07:45:56 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.04.17 07:45:56 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.17 07:45:56 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.17 07:45:56 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.17 07:45:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.23 16:42:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O4 - HKLM..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe (lenovo)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2805077007-1916498649-1146870764-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2805077007-1916498649-1146870764-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2805077007-1916498649-1146870764-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA83122A-07F8-48A5-8696-A7F39FA8CC4D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFC60E0C-770F-4F0E-93E0-8841EB3DD5CF}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.28 16:05:32 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.28 16:05:25 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.23 16:48:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.23 16:47:52 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.23 16:47:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp
[2013.04.23 16:30:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.23 16:30:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.23 16:30:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.23 16:30:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.23 16:29:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.23 16:22:20 | 005,059,674 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2013.04.20 13:13:19 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar
[2013.04.18 13:31:21 | 000,691,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.04.18 13:31:21 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.04.18 13:27:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2013.04.18 13:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.04.18 13:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013.04.18 12:15:15 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Schul Curriculum
[2013.04.18 12:12:29 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\HP drucker verknüpfg
[2013.04.18 11:55:50 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.04.17 21:29:07 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.17 21:29:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.17 21:29:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.17 21:29:04 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.17 21:29:03 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.17 21:29:02 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.17 21:29:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.17 21:28:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.17 07:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.04.13 18:18:42 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Venedig etc
[2013.04.10 07:28:27 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 07:28:27 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 07:28:27 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.10 07:28:07 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.04.10 07:21:09 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.28 17:43:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.28 16:10:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.28 16:10:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.28 16:10:22 | 2012,405,760 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.23 16:42:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.04.23 16:22:51 | 005,059,674 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2013.04.22 07:52:52 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.22 07:52:52 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.22 07:52:52 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.22 07:52:52 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.20 14:52:01 | 000,000,512 | ---- | M] () -- C:\Users\***\Desktop\MBR.dat
[2013.04.18 13:31:21 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.04.18 13:31:21 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.04.18 13:27:05 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.04.18 13:22:24 | 022,916,830 | ---- | M] () -- C:\Users\***\Documents\vlc-2.0.5-win32.exe
[2013.04.18 13:14:42 | 000,002,631 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk
[2013.04.18 13:03:23 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.04.18 12:00:47 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.18 11:55:02 | 000,017,886 | ---- | M] () -- C:\Users\***\Documents\cc_20130418_115453.reg
[2013.04.17 21:35:41 | 000,368,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.04.04 10:48:37 | 000,418,411 | ---- | M] () -- C:\Users\***\Documents\Scan0043.pdf
[2013.04.04 09:13:52 | 000,423,365 | ---- | M] () -- C:\Users\***\Documents\Scan0042.pdf
[2013.04.04 07:41:54 | 000,370,403 | ---- | M] () -- C:\Users\***\Documents\Scan0041.pdf
[2013.04.04 07:41:17 | 000,233,383 | ---- | M] () -- C:\Users\***\Documents\Scan0040.pdf
[2013.04.04 07:40:32 | 000,219,780 | ---- | M] () -- C:\Users\***\Documents\Scan0039.pdf
[2013.04.03 19:14:53 | 000,677,090 | ---- | M] () -- C:\Users\***\Documents\Scan0038.pdf
[2013.04.03 19:13:49 | 000,212,573 | ---- | M] () -- C:\Users\***\Documents\Scan0037.pdf
[2013.04.02 16:57:36 | 000,463,116 | ---- | M] () -- C:\Users\***\Documents\Scan0036.pdf
[2013.04.02 12:33:22 | 000,237,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
 
========== Files Created - No Company Name ==========
 
[2013.04.23 16:30:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.23 16:30:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.23 16:30:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.23 16:30:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.23 16:30:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.20 14:52:01 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat
[2013.04.18 13:27:05 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.04.18 13:20:50 | 022,916,830 | ---- | C] () -- C:\Users\***\Documents\vlc-2.0.5-win32.exe
[2013.04.18 13:03:23 | 000,001,853 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.04.18 12:00:47 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.18 11:55:00 | 000,017,886 | ---- | C] () -- C:\Users\***\Documents\cc_20130418_115453.reg
[2013.04.04 10:48:37 | 000,418,411 | ---- | C] () -- C:\Users\***\Documents\Scan0043.pdf
[2013.04.04 09:13:52 | 000,423,365 | ---- | C] () -- C:\Users\***\Documents\Scan0042.pdf
[2013.04.04 07:41:54 | 000,370,403 | ---- | C] () -- C:\Users\***\Documents\Scan0041.pdf
[2013.04.04 07:41:16 | 000,233,383 | ---- | C] () -- C:\Users\***\Documents\Scan0040.pdf
[2013.04.04 07:40:32 | 000,219,780 | ---- | C] () -- C:\Users\***\Documents\Scan0039.pdf
[2013.04.03 19:14:52 | 000,677,090 | ---- | C] () -- C:\Users\***\Documents\Scan0038.pdf
[2013.04.03 19:13:48 | 000,212,573 | ---- | C] () -- C:\Users\***\Documents\Scan0037.pdf
[2013.04.02 16:57:35 | 000,463,116 | ---- | C] () -- C:\Users\***\Documents\Scan0036.pdf
[2012.04.15 17:36:51 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2012.01.15 17:13:53 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.12.18 07:53:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.12.18 07:53:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.12.18 07:52:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.12.18 07:52:03 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.12.13 00:22:11 | 000,007,168 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.01.01 09:14:44 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

cosinus 28.04.2013 19:37
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Atina 11.05.2013 18:06
Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=099100c68b15f144b5cc8abc1738871e
# engine=13807
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-11 04:58:19
# local_time=2013-05-11 06:58:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 24444395 205824201 0 0
# scanned=172224
# found=3
# cleaned=0
# scan_time=8303
sh=8541CCE07FBE76C2D7DDCFCF1335DDEF61356EE4 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="H:\***\backup rechner alt\desktop\2007--Foto-Urlaub-.JPG_.zip"
sh=5E1DFA40F861E3E79E1D2A4118449BC79921E12A ft=0 fh=0000000000000000 vn="probably a variant of Java/TrojanDownloader.Agent.NCT trojan" ac=I fn="H:\Thinkcentre backup august 2011\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\649e4dc0-6b392631"
sh=5E1DFA40F861E3E79E1D2A4118449BC79921E12A ft=0 fh=0000000000000000 vn="probably a variant of Java/TrojanDownloader.Agent.NCT trojan" ac=I fn="H:\eigene Dateien\Thinkcentre backup august 2011\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\649e4dc0-6b392631"
Die Funde befinden sich alle auf der externen Festplatte, die angeschlossen ist.
Vom 22.04.-29.04. gab es keine spammails, die von der Mailadresse ausgingen.
Ab dem 29.04. gibt es wieder regelmäßig SPAM.
Der malwarebytes-scan läuft noch durch.

Beste Grüße,
Atina

mbam:
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.11.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Heike :: HEIKE-PC [Administrator]

11.05.2013 18:59:56
MBAM-log-2013-05-12 (10-33-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 377787
Laufzeit: 1 Stunde(n), 33 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
H:\Papa\backup rechner alt\desktop\2007--Foto-Urlaub-.JPG_.zip (Trojan.KillAV) -> Keine Aktion durchgeführt.

(Ende)

cosinus 12.05.2013 20:48
Die Funde bitte löschen

Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Atina 12.05.2013 20:59
Vom 22.04.-29.04. gab es keine spammails, die von der Mailadresse des Rechners ausgingen. Ab dem 29.04. versendet der Rechner (bzw. die Emailadresse) wieder regelmäßig spam (und das in rauen Mengen). Ich bin langsam ein wenig ratlos.

cosinus 12.05.2013 21:19
Du hast das Passwort aber schon geändert?
Und du hast auch kein schwaches Passwort verwendet?
Nutzt du nur diesen Rechner um auf dein Mailpostfach zuzugreifen?

Atina 12.05.2013 21:38
Nein, nein, ja.

Edit:

zu drittens, falsch: Die Emailadresse wird auch über das Androidhandy angesteuert.

cosinus 12.05.2013 21:51
Bitte ändere UMGEHEND das Passwort von deinem Mailacc, das sollte das Problem beheben.
Noch Probleme offen?

Atina 12.05.2013 22:09
Weitere Probleme existieren nicht.

cosinus 12.05.2013 22:27
Dann wären wir durch! :daumenhoc


Falls du noch Lob oder Kritik loswerden möchtest => http://www.trojaner-board.de/lob-kritik-wuensche/



Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Atina 15.05.2013 17:29
Hallo,
leider tritt auch heute wieder "Befall" auf, nachdem das Passwort geändert wurde (es wurden mehrere Versuche gemacht, Mails abzuschicken von der Emailadresse aus (aufgefallen durch "mail delivery failed").

Mit besten Grüßen,

Atina

cosinus 15.05.2013 19:29
Zitat:
Mails abzuschicken von der Emailadresse aus (aufgefallen durch "mail delivery failed").
Das muss aber kein Befall sein!
Spammer können Adressen fälschen

Atina 15.05.2013 19:50
In Ordnung - klar, dass man das machen kann. Nennt man wohl (allgemein) spoofing, egal ob durch Befall oder anderweitig, wie ich mir jetzt angelesen habe. Kann natürlich sein, dass die einfach die Emailadresse als Absender angeben. Das Problem ist trotzdem, dass jetzt wieder vermehrt im Takt von eine halben Stunde solche Rückläufer ins Postfach flattern. Eine Kurzzeitlösung via Filter ist auch nicht möglich, da der Anbieter das nicht unterstützt für den Webmailer und an eine längerfristige Lösung wag ich gar nicht zu denken. Wer könnte jetzt weitere Ansprechpartner sein? Bzw. welche Infos kann ich mir dazu durchlesen? Ich weiß nicht einmal wo ich da ansetzen kann.
Die Telekom vermittelt an folgende Seite, was ich gelinde gesagt etwas schwach finde: https://www.botfrei.de/index.html
Und naja, das abuse-Team könnte man noch anschreiben, aber sonst..?

cosinus 15.05.2013 20:08
Poste mal bitte die Kopfzeilen so einer Mail
Und ändere bitte das Passwort nochmal. Nimm kein schwaches Passwort!

Atina 15.05.2013 20:19
Hier sind die drei letzten Mails. Immer unterschiedliche IPs aus unterschiedlichsten Ecken, die zu unterschiedlichsten Provider gehören... Das nennt sich dann wohl Bot-net, oder?
So ein E-Mail Header Analyzer ist ganz nett um da durchzusehen, aber helfen tuts noch nicht.


Code:
Return-path: <xyz@t-online.de>
Received: from fwd13.aul.t-online.de (fwd13.aul.t-online.de )
        by mailout09.t-online.de with smtp
        id 1Ucg6r-0000ab-SX; Wed, 15 May 2013 20:07:29 +0200
Received: from ullibuero (rCgb6yZ1whflyI0-7QJXNeK0K5q-5UioeI2ORMwcIgChoLU4L-AGn7K90A7CfGAg3V@[91.56.39.219]) by fwd13.t-online.de
        with esmtp id 1Ucg6i-0zjkn20; Wed, 15 May 2013 20:07:20 +0200
From: "Plus Online AG Inkasso" <heikeschade@t-online.de>
To: "Jankugler" <jankugler@hotmail.de>
Subject: Rechnung 15.05.2013 Plus Online
Date: Wed, 15 May 2013 18:06:41 GMT
MIME-Version: 1.0
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-Priority: 3
Content-Type: multipart/mixed; boundary="=-XCCE30054C"
Message-ID: <1Ucg6i-0zjkn20@fwd13.t-online.de>
X-ID: rCgb6yZ1whflyI0-7QJXNeK0K5q-5UioeI2ORMwcIgChoLU4L-AGn7K90A7CfGAg3V
X-TOI-MSGID: e286e3df-c283-4fe0-bb9e-1d52b459e578
Code:
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  dj.mawa@web.de
    SMTP error from remote mail server after RCPT TO:<dj.mawa@web.de>:
    host mx-ha03.web.de [213.165.67.104]: 550 Requested action not taken:
    mailbox unavailable

------ This is a copy of the message, including all the headers. ------
------ The body of the message is 87039 characters long; only the first
------ 16384 or so are included here.

Return-path: <xyz@t-online.de>
Received: from fwd04.aul.t-online.de (fwd04.aul.t-online.de )
        by mailout01.t-online.de with smtp
        id 1Ucfi4-0004hd-Sp; Wed, 15 May 2013 19:41:52 +0200
Received: from Klaus (STPaF8ZEohPhp2RpSTwgjAtyLOYGCjwpMCTDO2dwn6-G8E2fOMhsuIamqHen6qzQ1n@[84.184.173.241]) by fwd04.t-online.de
        with esmtp id 1Ucfhz-4dNl0C0; Wed, 15 May 2013 19:41:47 +0200
From: "Sportscheck Online Rechnungsstelle" <heikeschade@t-online.de>
To: "Dj.mawa" <dj.mawa@web.de>
Subject: Vertrag Sportscheck Shop
Date: Wed, 16 May 2012 17:43:48 GMT
MIME-Version: 1.0
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-Priority: 3
Content-Type: multipart/mixed; boundary="=-XCC1516273"
Message-ID: <1Ucfhz-4dNl0C0@fwd04.t-online.de>
X-ID: STPaF8ZEohPhp2RpSTwgjAtyLOYGCjwpMCTDO2dwn6-G8E2fOMhsuIamqHen6qzQ1n
X-TOI-MSGID: 447a3cfa-ecb8-4899-8f7c-59b9d7c0b11c

--=-XCC1516273
Code:
  hase.joerg@gmx.de
    SMTP error from remote mail server after RCPT TO:<hase.joerg@gmx.de>:
    host mx00.gmx.net [213.165.67.99]: 550 Requested action not taken:
    mailbox unavailable

------ This is a copy of the message, including all the headers. ------
------ The body of the message is 87122 characters long; only the first
------ 16384 or so are included here.

Return-path: <xyz@t-online.de>
Received: from fwd04.aul.t-online.de (fwd04.aul.t-online.de )
        by mailout01.t-online.de with smtp
        id 1UcfI2-0006wo-Lj; Wed, 15 May 2013 19:14:58 +0200
Received: from lars-avtyn682xd (EAvUPGZcwh5SIX7tjiBQV28aHCYc7KMY2kYy6aYVgow8NShN5xdCw1xZcH8BDsuQ-l@[178.25.95.140]) by fwd04.t-online.de
        with esmtp id 1UcfHz-1aVuKW0; Wed, 15 May 2013 19:14:55 +0200
From: "HM GmbH Online Support" <heikeschade@t-online.de>
To: "Hase.joerg" <hase.joerg@gmx.de>
Subject: Abrechnung 15.05.2013 HM GmbH
Date: Wed, 15 May 2013 17:14:54 GMT
MIME-Version: 1.0
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-Priority: 3
Content-Type: multipart/mixed; boundary="=-XC7214897D"
Message-ID: <1UcfHz-1aVuKW0@fwd04.t-online.de>
X-ID: EAvUPGZcwh5SIX7tjiBQV28aHCYc7KMY2kYy6aYVgow8NShN5xdCw1xZcH8BDsuQ-l
X-TOI-MSGID: ae65e906-f37d-4a68-a96f-662723d1330e

Edit: Hast du schon einmal was von "Sender Policy Framework" gehört und könnte das an diesem Punkt weiterhelfen?

cosinus 15.05.2013 20:28
Es sieht nicht so aus, als wenn dein Anschluss diesen SPAM rausballert. Wenn dem so ist, dann bleiben meiner Meinung nach nur zwei Möglichkeiten

1) Die spammer fälschen die Absendeadresse
2) Die kennen dein Passwort zum Mailkonto und missbrauchen es

(2) sollte unwahrscheinlich sein, da du das Passwort je geändert hast. Außerdem hätte bei der Menge dein Provider auf den Missbrauch auch mal stoßen müssen oder hast du schon derartige Hinweise vom Provider bekommen?

Atina 15.05.2013 20:41
Aber wenn das wirklich nicht nur Spammer sind, sondern wenn das ein Bot-netz ist, dann kann das ja ewig so weitergehen...

Edit: nein, der Provider hat noch nicht geschrieben, glücklicherweise. Aber mit einer Sprerrung müsste man da irgendwann rechnen können, bei dem Auflauf an Spam...

cosinus 15.05.2013 20:51
Gegen Adressfälschung kannst du nichts machen.
Und jeder Spammer setzt in seinem ureigenen Interesse Botnetze ein. Oder würdest du strafbare Handlungen über deinen privaten Inet Anschluss machen, wo du in Nullkommanix zurückverfolgbar bist? :lach:

Atina 15.05.2013 20:58
mja... Dann werd ich mich mal an den Support von t-online wenden, wenn man da sonst nix machen kann. Seid ihr im Kontakt mit Anbietern/Foren, die sich speziell mit solchen Problemen auseinandersetzen? (Edit: hab das mal rausgenommen, bin etwas gefrustet, aber gut...)
Trotzdem nochmal danke für die ausführliche Hilfe. Hier hab ich immer das Gefühl, ich bin gut aufgehoben mit solchen Sachen.

Beste Grüße,

Atina

Ich möchte nochmail ein Update geben:

Telekom/T-online hat sich gestern noch um 23(!) Uhr rückgemeldet mit einer recht ausführlichen, aber vermutlich als Standardmail formulierten, Antwort:
Zwei Punkte wurden angesprochen, die sich im Wesentlichen auf Passwörter ändern und auf "Schadwsoftware beseitigen" beschränken.

Zu erstens: "Bitte prüfen Sie deshalb zu Ihrer eigenen Sicherheit *alle* (!) Rechner
und ändern Sie auch *alle* Passworte!"
Ok, ich soll alle Rechner des internen Netzes oder alle Rechner überprüfen, mit denen man sich jemals auf dem speziellen Emailkonto angemeldet wurde und ich soll alle Passwörter auf den Rechner überprüfen?
Zitat:
"Auch wenn Sie Ihren Rechner bereinigt haben, kann weiterer Schaden durch
den Missbrauch bereits gestohlener Zugangsdaten entstehen. Daher raten
wir Ihnen, *alle* Passwörter zu ändern, vergessen Sie dabei nicht
etwaige Passwörter für Onlinebanking, eBay, Amazon & Co., falls Sie
solche Dienste nutzen."
Selbst die Zugangsdaten zum Router sollen geändert werden:
"Das neue 'Persönliche Kennwort' nach der Änderung bitte auch für den
Internetzugang z. B. im Router eintragen:"
Ist das nicht etwas übertrieben? Aber gut.
Zu zweitens wird ein Microsofttool, Malwarebytes, der "DE-Cleaner", gmer und die "DE-Cleaner Rettungssystem CD" von Avira," empfohlen.
Na gut, dann werde ich nochmal ausführlich alle Passwörter ändern und schreib T-online nochmal. Was soll ich denen noch sagen, damit ich verdeutlichen kann, dass auf dem Rechner nichts mehr drauf ist an Schadsoftware?

Beste Grüße,

Atina


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:46 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131