| |
| |||||||
Log-Analyse und Auswertung: GVU-Trojaner - nach Kapesky Rescue WindowsUnlocker & AntiMalware Benutzung - entfernt?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.09.2012, 01:41
| #1 |
| |  GVU-Trojaner - nach Kapesky Rescue WindowsUnlocker & AntiMalware Benutzung - entfernt? Hallo auch von mir ans Team  ,habe/hatte seit Donnerstag (30.08.2012) den GVU-Trojaner. Ich habe dann den WindowsUnlocker benutzt und mit AntiMalware versucht, alles los zu werden... Danach bin ich auf das Forum aufmerksam geworden :-) Habe nun alle Schritte soweit befolgt und anbei somit der OTL-scan. Hoffe ihr könnt mir sagen, ob der Rechner nun einigermaßen sauber ist. Vielen Dank!!! OTL-Logfile: Code:
ATTFilter OTL logfile created on: 02.09.2012 02:18:45 - Run 3 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\xxxxxxx\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 59,15% Memory free 5,99 Gb Paging File | 4,67 Gb Available in Paging File | 77,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 78,12 Gb Total Space | 12,62 Gb Free Space | 16,16% Space Free | Partition Type: NTFS Drive D: | 149,05 Gb Total Space | 6,02 Gb Free Space | 4,04% Space Free | Partition Type: NTFS Drive E: | 70,92 Gb Total Space | 25,35 Gb Free Space | 35,74% Space Free | Partition Type: NTFS Drive F: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 963,98 Mb Total Space | 532,64 Mb Free Space | 55,25% Space Free | Partition Type: FAT32 Computer Name: xxxxxxx-PC | User Name: xxxxxxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (All) ========== PRC - C:\Users\xxxxxxx\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Users\xxxxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software) PRC - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Computer, Inc.) ========== Modules (All) ========== MOD - C:\Users\xxxxxxx\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) MOD - C:\Users\xxxxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) MOD - C:\Users\xxxxxxx\AppData\Roaming\Dropbox\bin\MSVCP71.dll (Microsoft Corporation) MOD - C:\Program Files (x86)\Avira\AntiVir Desktop\ccwkrlib.dll (Avira Operations GmbH & Co. KG) MOD - c:\program files (x86)\avira\antivir desktop\gpipc.dll (Avira Operations GmbH & Co. KG) MOD - c:\program files (x86)\avira\antivir desktop\ccgen.dll (Avira Operations GmbH & Co. KG) MOD - c:\program files (x86)\avira\antivir desktop\ccwgrd.dll (Avira Operations GmbH & Co. KG) MOD - c:\program files (x86)\avira\antivir desktop\ccmsg.dll (Avira Operations GmbH & Co. KG) MOD - c:\program files (x86)\avira\antivir desktop\ccupdrc.dll (Avira Operations GmbH & Co. KG) MOD - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) MOD - C:\Program Files (x86)\Avira\AntiVir Desktop\rcimage.dll (Avira Operations GmbH & Co. KG) MOD - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MOD - C:\Windows\SysWOW64\netapi32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\browcli.dll (Microsoft Corporation) MOD - C:\Users\xxxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.) MOD - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\jscript9.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\wininet.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\jscript.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\iertutil.dll (Microsoft Corporation) MOD - C:\Users\xxxxxxx\AppData\Roaming\Dropbox\bin\MSVCR71.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\shell32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msxml6.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msxml3.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\secur32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\nvd3dum.dll (NVIDIA Corporation) MOD - C:\Program Files (x86)\Avira\AntiVir Desktop\grdcore.dll (Avira Operations GmbH & Co. KG) MOD - c:\program files (x86)\avira\antivir desktop\ccupdate.dll (Avira Operations GmbH & Co. KG) MOD - C:\Program Files (x86)\Avira\AntiVir Desktop\ccupdw.dll (Avira Operations GmbH & Co. KG) MOD - c:\program files (x86)\avira\antivir desktop\ccguard.dll (Avira Operations GmbH & Co. KG) MOD - c:\program files (x86)\avira\antivir desktop\ccgrdw.dll (Avira Operations GmbH & Co. KG) MOD - c:\program files (x86)\avira\antivir desktop\cclic.dll (Avira Operations GmbH & Co. KG) MOD - C:\Program Files (x86)\Avira\AntiVir Desktop\avipc.dll (Avira Operations GmbH & Co. KG) MOD - c:\program files (x86)\avira\antivir desktop\cfglib.dll (Avira Operations GmbH & Co. KG) MOD - c:\program files (x86)\avira\antivir desktop\ccgenrc.dll (Avira Operations GmbH & Co. KG) MOD - c:\program files (x86)\avira\antivir desktop\ccgrdrc.dll (Avira Operations GmbH & Co. KG) MOD - c:\program files (x86)\avira\antivir desktop\ccmainrc.dll (Avira Operations GmbH & Co. KG) MOD - c:\program files (x86)\avira\antivir desktop\cclicrc.dll (Avira Operations GmbH & Co. KG) MOD - c:\program files (x86)\avira\antivir desktop\ccmsgrc.dll (Avira Operations GmbH & Co. KG) MOD - C:\Windows\SysWOW64\srclient.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\crypt32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msls31.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\DWrite.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\wintrust.dll (Microsoft Corporation) MOD - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MOD - C:\Windows\SysWOW64\ntshrui.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msvcrt.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\ntdll.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\oleaut32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\oleacc.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\kernel32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\xmllite.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\devobj.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\devrtl.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\ssleay32.dll (The OpenSSL Project, hxxp://www.openssl.org/) MOD - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\libeay32.dll (The OpenSSL Project, hxxp://www.openssl.org/) MOD - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpncommoncrypt.dll (Cisco Systems, Inc.) MOD - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpncommon.dll (Cisco Systems, Inc.) MOD - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) MOD - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnapi.dll (Cisco Systems, Inc.) MOD - C:\Windows\SysWOW64\dnsapi.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\mfc100u.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msvcp100.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\mfc100deu.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\d2d1.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msvcr100.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\d3d10_1.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\wtsapi32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\ws2_32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\WindowsCodecs.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\Wldap32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\winmm.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\winsta.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\wkscli.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\wer.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\vssapi.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\usp10.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\userenv.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\sxs.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\srvcli.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\spp.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\shlwapi.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\shdocvw.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\setupapi.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\samcli.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\riched20.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\RpcRtRemote.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\rtutils.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\propsys.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\ole32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\olepro32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\netutils.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msasn1.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\MMDevAPI.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\mapi32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\logoncli.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\IPHLPAPI.DLL (Microsoft Corporation) MOD - C:\Windows\SysWOW64\gameux.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\FWPUCLNT.DLL (Microsoft Corporation) MOD - C:\Windows\SysWOW64\ExplorerFrame.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\dxgi.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\dbghelp.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\d3d9.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\d3d10warp.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\cryptui.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\d3d10_1core.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\cscapi.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\AudioSes.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\asycfilt.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\apphelp.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\advapi32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\activeds.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\winspool.drv (Microsoft Corporation) MOD - C:\Windows\SysWOW64\user32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\rpcrt4.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\gdi32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\imm32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcp80.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\rsaenh.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\wsock32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\wship6.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\WSHTCPIP.DLL (Microsoft Corporation) MOD - C:\Windows\SysWOW64\wlanapi.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\winnsi.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\wlanutil.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\vsstrace.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\version.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\slc.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\sfc_os.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\shfolder.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\sechost.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\samlib.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\SensApi.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\rasapi32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\powrprof.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\oledlg.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\rasman.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\profapi.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\rasadhlp.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\psapi.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\ntmarta.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\ntdsapi.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\nsi.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msvcp60.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msimtf.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msimg32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msctf.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msacm32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\mpr.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\mlang.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\linkinfo.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\FirewallAPI.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\EhStorShell.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\dui70.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\duser.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\dhcpcsvc.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\dhcpcsvc6.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\d3d8thk.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\cryptsp.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\clbcatq.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\avrt.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\atl.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\adsldpc.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\SysWOW64\uxtheme.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\lpk.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\sfc.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\security.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\icmp.dll (Microsoft Corporation) MOD - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.) MOD - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) MOD - C:\PROGRA~2\MICROS~1\Office12\GrooveUtil.DLL (Microsoft Corporation) MOD - C:\PROGRA~2\MICROS~1\Office12\GrooveNew.DLL (Microsoft Corporation) MOD - C:\Program Files (x86)\Microsoft Office\Office12\1031\ONINTL.DLL (Microsoft Corporation) MOD - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) MOD - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.deu (Adobe Systems Inc.) MOD - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroTray.FRA (Adobe Systems Inc.) MOD - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\FNP_Act_Installer.dll (Macrovision Europe Ltd.) MOD - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\adobe_pcd.dll (Adobe Systems Incorporated) MOD - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\adobe_personalization.dll (Adobe Systems Incorporated) MOD - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\adobe_epic.dll (Adobe Systems Incorporated) MOD - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\asneu.dll (Adobe Systems Inc.) MOD - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) ========== Services (All) ========== SRV:64bit: - (Browser) -- C:\Windows\SysNative\browser.dll (Microsoft Corporation) SRV:64bit: - (wuauserv) -- C:\Windows\SysNative\wuaueng.dll (Microsoft Corporation) SRV:64bit: - (nvsvc) -- C:\Windows\SysNative\nvvsvc.exe (NVIDIA Corporation) SRV:64bit: - (ProfSvc) -- C:\Windows\SysNative\profsvc.dll (Microsoft Corporation) SRV:64bit: - (CryptSvc) -- C:\Windows\SysNative\cryptsvc.dll (Microsoft Corporation) SRV:64bit: - (Spooler) -- C:\Windows\SysNative\spoolsv.exe (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\lsass.exe (Microsoft Corporation) SRV:64bit: - (SamSs) -- C:\Windows\SysNative\lsass.exe (Microsoft Corporation) SRV:64bit: - (ProtectedStorage) -- C:\Windows\SysNative\lsass.exe (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\lsass.exe (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\lsass.exe (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\lsass.exe (Microsoft Corporation) SRV:64bit: - (PlugPlay) -- C:\Windows\SysNative\umpnpmgr.dll (Microsoft Corporation) SRV:64bit: - (WSearch) -- C:\Windows\SysNative\SearchIndexer.exe (Microsoft Corporation) SRV:64bit: - (Dnscache) -- C:\Windows\SysNative\dnsrslvr.dll (Microsoft Corporation) SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (wudfsvc) -- C:\Windows\SysNative\WUDFSvc.dll (Microsoft Corporation) SRV:64bit: - (WinRM) -- C:\Windows\SysNative\WsmSvc.dll (Microsoft Corporation) SRV:64bit: - (eventlog) -- C:\Windows\SysNative\wevtsvc.dll (Microsoft Corporation) SRV:64bit: - (stisvc) -- C:\Windows\SysNative\wiaservc.dll (Microsoft Corporation) SRV:64bit: - (WinHttpAutoProxySvc) -- C:\Windows\SysNative\winhttp.dll (Microsoft Corporation) SRV:64bit: - (WebClient) -- C:\Windows\SysNative\WebClnt.dll (Microsoft Corporation) SRV:64bit: - (LanmanWorkstation) -- C:\Windows\SysNative\wkssvc.dll (Microsoft Corporation) SRV:64bit: - (WPDBusEnum) -- C:\Windows\SysNative\wpdbusenum.dll (Microsoft Corporation) SRV:64bit: - (wcncsvc) -- C:\Windows\SysNative\wcncsvc.dll (Microsoft Corporation) SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (SysMain) -- C:\Windows\SysNative\sysmain.dll (Microsoft Corporation) SRV:64bit: - (TermService) -- C:\Windows\SysNative\termsrv.dll (Microsoft Corporation) SRV:64bit: - (TapiSrv) -- C:\Windows\SysNative\tapisrv.dll (Microsoft Corporation) SRV:64bit: - (LanmanServer) -- C:\Windows\SysNative\srvsvc.dll (Microsoft Corporation) SRV:64bit: - (TabletInputService) -- C:\Windows\SysNative\TabSvc.dll (Microsoft Corporation) SRV:64bit: - (Schedule) -- C:\Windows\SysNative\schedsvc.dll (Microsoft Corporation) SRV:64bit: - (ShellHWDetection) -- C:\Windows\SysNative\shsvcs.dll (Microsoft Corporation) SRV:64bit: - (SDRSVC) -- C:\Windows\SysNative\sdrsvc.dll (Microsoft Corporation) SRV:64bit: - (SessionEnv) -- C:\Windows\SysNative\SessEnv.dll (Microsoft Corporation) SRV:64bit: - (seclogon) -- C:\Windows\SysNative\seclogon.dll (Microsoft Corporation) SRV:64bit: - (RpcSs) -- C:\Windows\SysNative\rpcss.dll (Microsoft Corporation) SRV:64bit: - (DcomLaunch) -- C:\Windows\SysNative\rpcss.dll (Microsoft Corporation) SRV:64bit: - (RasMan) -- C:\Windows\SysNative\rasmans.dll (Microsoft Corporation) SRV:64bit: - (pla) -- C:\Windows\SysNative\pla.dll (Microsoft Corporation) SRV:64bit: - (BITS) -- C:\Windows\SysNative\qmgr.dll (Microsoft Corporation) SRV:64bit: - (napagent) -- C:\Windows\SysNative\QAGENTRT.DLL (Microsoft Corporation) SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation) SRV:64bit: - (NlaSvc) -- C:\Windows\SysNative\nlasvc.dll (Microsoft Corporation) SRV:64bit: - (MpsSvc) -- C:\Windows\SysNative\MPSSVC.dll (Microsoft Corporation) SRV:64bit: - (Mcx2Svc) -- C:\Windows\SysNative\Mcx2Svc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation) SRV:64bit: - (hkmsvc) -- C:\Windows\SysNative\KMSVC.DLL (Microsoft Corporation) SRV:64bit: - (iphlpsvc) -- C:\Windows\SysNative\iphlpsvc.dll (Microsoft Corporation) SRV:64bit: - (PolicyAgent) -- C:\Windows\SysNative\IPSECSVC.DLL (Microsoft Corporation) SRV:64bit: - (IKEEXT) -- C:\Windows\SysNative\IKEEXT.DLL (Microsoft Corporation) SRV:64bit: - (gpsvc) -- C:\Windows\SysNative\gpsvc.dll (Microsoft Corporation) SRV:64bit: - (dot3svc) -- C:\Windows\SysNative\dot3svc.dll (Microsoft Corporation) SRV:64bit: - (DPS) -- C:\Windows\SysNative\dps.dll (Microsoft Corporation) SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (SCPolicySvc) -- C:\Windows\SysNative\certprop.dll (Microsoft Corporation) SRV:64bit: - (CertPropSvc) -- C:\Windows\SysNative\certprop.dll (Microsoft Corporation) SRV:64bit: - (BFE) -- C:\Windows\SysNative\BFE.DLL (Microsoft Corporation) SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation) SRV:64bit: - (AudioSrv) -- C:\Windows\SysNative\audiosrv.dll (Microsoft Corporation) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\audiosrv.dll (Microsoft Corporation) SRV:64bit: - (Appinfo) -- C:\Windows\SysNative\appinfo.dll (Microsoft Corporation) SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:64bit: - (VSS) -- C:\Windows\SysNative\VSSVC.exe (Microsoft Corporation) SRV:64bit: - (vds) -- C:\Windows\SysNative\vds.exe (Microsoft Corporation) SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation) SRV:64bit: - (msiserver) -- C:\Windows\SysNative\msiexec.exe (Microsoft Corporation) SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation) SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation) SRV:64bit: - (wscsvc) -- C:\Windows\SysNative\wscsvc.dll (Microsoft Corporation) SRV:64bit: - (WPCSvc) -- C:\Windows\SysNative\wpcsvc.dll (Microsoft Corporation) SRV:64bit: - (Wlansvc) -- C:\Windows\SysNative\wlansvc.dll (Microsoft Corporation) SRV:64bit: - (W32Time) -- C:\Windows\SysNative\w32time.dll (Microsoft Corporation) SRV:64bit: - (upnphost) -- C:\Windows\SysNative\upnphost.dll (Microsoft Corporation) SRV:64bit: - (Winmgmt) -- C:\Windows\SysNative\wbem\WMIsvc.dll (Microsoft Corporation) SRV:64bit: - (Wecsvc) -- C:\Windows\SysNative\wecsvc.dll (Microsoft Corporation) SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation) SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation) SRV:64bit: - (WdiSystemHost) -- C:\Windows\SysNative\wdi.dll (Microsoft Corporation) SRV:64bit: - (WdiServiceHost) -- C:\Windows\SysNative\wdi.dll (Microsoft Corporation) SRV:64bit: - (wercplsupport) -- C:\Windows\SysNative\wercplsupport.dll (Microsoft Corporation) SRV:64bit: - (WerSvc) -- C:\Windows\SysNative\wersvc.dll (Microsoft Corporation) SRV:64bit: - (WcsPlugInService) -- C:\Windows\SysNative\WcsPlugInService.dll (Microsoft Corporation) SRV:64bit: - (UxSms) -- C:\Windows\SysNative\uxsms.dll (Microsoft Corporation) SRV:64bit: - (TrkWks) -- C:\Windows\SysNative\trkwks.dll (Microsoft Corporation) SRV:64bit: - (TBS) -- C:\Windows\SysNative\tbssvc.dll (Microsoft Corporation) SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) SRV:64bit: - (swprv) -- C:\Windows\SysNative\swprv.dll (Microsoft Corporation) SRV:64bit: - (SSDPSRV) -- C:\Windows\SysNative\ssdpsrv.dll (Microsoft Corporation) SRV:64bit: - (SstpSvc) -- C:\Windows\SysNative\sstpsvc.dll (Microsoft Corporation) SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation) SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation) SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation) SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation) SRV:64bit: - (p2psvc) -- C:\Windows\SysNative\p2psvc.dll (Microsoft Corporation) SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (QWAVE) -- C:\Windows\SysNative\qwave.dll (Microsoft Corporation) SRV:64bit: - (SCardSvr) -- C:\Windows\SysNative\SCardSvr.dll (Microsoft Corporation) SRV:64bit: - (PcaSvc) -- C:\Windows\SysNative\pcasvc.dll (Microsoft Corporation) SRV:64bit: - (RemoteRegistry) -- C:\Windows\SysNative\regsvc.dll (Microsoft Corporation) SRV:64bit: - (RasAuto) -- C:\Windows\SysNative\rasauto.dll (Microsoft Corporation) SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation) SRV:64bit: - (SENS) -- C:\Windows\SysNative\Sens.dll (Microsoft Corporation) SRV:64bit: - (nsi) -- C:\Windows\SysNative\nsisvc.dll (Microsoft Corporation) SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofm.dll (Microsoft Corporation) SRV:64bit: - (Netman) -- C:\Windows\SysNative\netman.dll (Microsoft Corporation) SRV:64bit: - (KtmRm) -- C:\Windows\SysNative\msdtckrm.dll (Microsoft Corporation) SRV:64bit: - (RemoteAccess) -- C:\Windows\SysNative\mprdim.dll (Microsoft Corporation) SRV:64bit: - (THREADORDER) -- C:\Windows\SysNative\mmcss.dll (Microsoft Corporation) SRV:64bit: - (MMCSS) -- C:\Windows\SysNative\mmcss.dll (Microsoft Corporation) SRV:64bit: - (lltdsvc) -- C:\Windows\SysNative\lltdsvc.dll (Microsoft Corporation) SRV:64bit: - (lmhosts) -- C:\Windows\SysNative\lmhsvc.dll (Microsoft Corporation) SRV:64bit: - (MSiSCSI) -- C:\Windows\SysNative\iscsiexe.dll (Microsoft Corporation) SRV:64bit: - (SharedAccess) -- C:\Windows\SysNative\ipnathlp.dll (Microsoft Corporation) SRV:64bit: - (IPBusEnum) -- C:\Windows\SysNative\IPBusEnum.dll (Microsoft Corporation) SRV:64bit: - (hidserv) -- C:\Windows\SysNative\hidserv.dll (Microsoft Corporation) SRV:64bit: - (FDResPub) -- C:\Windows\SysNative\FDResPub.dll (Microsoft Corporation) SRV:64bit: - (fdPHost) -- C:\Windows\SysNative\fdPHost.dll (Microsoft Corporation) SRV:64bit: - (EventSystem) -- C:\Windows\SysNative\es.dll (Microsoft Corporation) SRV:64bit: - (EapHost) -- C:\Windows\SysNative\eapsvc.dll (Microsoft Corporation) SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation) SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AeLookupSvc) -- C:\Windows\SysNative\aelupsvc.dll (Microsoft Corporation) SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation) SRV:64bit: - (wmiApSrv) -- C:\Windows\SysNative\wbem\WmiApSrv.exe (Microsoft Corporation) SRV:64bit: - (UI0Detect) -- C:\Windows\SysNative\UI0Detect.exe (Microsoft Corporation) SRV:64bit: - (SNMPTRAP) -- C:\Windows\SysNative\snmptrap.exe (Microsoft Corporation) SRV:64bit: - (MSDTC) -- C:\Windows\SysNative\msdtc.exe (Microsoft Corporation) SRV:64bit: - (RpcLocator) -- C:\Windows\SysNative\Locator.exe (Microsoft Corporation) SRV:64bit: - (COMSysApp) -- C:\Windows\SysNative\dllhost.exe (Microsoft Corporation) SRV:64bit: - (ALG) -- C:\Windows\SysNative\alg.exe (Microsoft Corporation) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (gupdatem) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.) SRV - (gupdate) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (CryptSvc) -- C:\Windows\SysWOW64\cryptsvc.dll (Microsoft Corporation) SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (mitsijm2013) -- C:\Programme\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe ( ) SRV - (WSearch) -- C:\Windows\SysWow64\SearchIndexer.exe (Microsoft Corporation) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (mitsijm2012) -- C:\Programme\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe (Autodesk, Inc.) SRV - (TrustedInstaller) -- C:\Windows\servicing\TrustedInstaller.exe (Microsoft Corporation) SRV - (ehRecvr) -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation) SRV - (WinRM) -- C:\Windows\SysWOW64\WsmSvc.dll (Microsoft Corporation) SRV - (WinHttpAutoProxySvc) -- C:\Windows\SysWow64\winhttp.dll (Microsoft Corporation) SRV - (wcncsvc) -- C:\Windows\SysWOW64\wcncsvc.dll (Microsoft Corporation) SRV - (WebClient) -- C:\Windows\SysWOW64\WebClnt.dll (Microsoft Corporation) SRV - (TapiSrv) -- C:\Windows\SysWOW64\tapisrv.dll (Microsoft Corporation) SRV - (ShellHWDetection) -- C:\Windows\SysWOW64\shsvcs.dll (Microsoft Corporation) SRV - (SessionEnv) -- C:\Windows\SysWOW64\SessEnv.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation) SRV - (pla) -- C:\Windows\SysWOW64\pla.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation) SRV - (msiserver) -- C:\Windows\SysWow64\msiexec.exe (Microsoft Corporation) SRV - (FontCache3.0.0.0) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (idsvc) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software) SRV - (ehSched) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation) SRV - (WPCSvc) -- C:\Windows\SysWOW64\wpcsvc.dll (Microsoft Corporation) SRV - (WdiSystemHost) -- C:\Windows\SysWOW64\wdi.dll (Microsoft Corporation) SRV - (WdiServiceHost) -- C:\Windows\SysWOW64\wdi.dll (Microsoft Corporation) SRV - (WcsPlugInService) -- C:\Windows\SysWOW64\WcsPlugInService.dll (Microsoft Corporation) SRV - (upnphost) -- C:\Windows\SysWOW64\upnphost.dll (Microsoft Corporation) SRV - (SENS) -- C:\Windows\SysWOW64\Sens.dll (Microsoft Corporation) SRV - (QWAVE) -- C:\Windows\SysWOW64\qwave.dll (Microsoft Corporation) SRV - (netprofm) -- C:\Windows\SysWOW64\netprofm.dll (Microsoft Corporation) SRV - (RemoteAccess) -- C:\Windows\SysWOW64\mprdim.dll (Microsoft Corporation) SRV - (hidserv) -- C:\Windows\SysWOW64\hidserv.dll (Microsoft Corporation) SRV - (EventSystem) -- C:\Windows\SysWOW64\es.dll (Microsoft Corporation) SRV - (AppMgmt) -- C:\Windows\SysWOW64\appmgmts.dll (Microsoft Corporation) SRV - (PerfHost) -- C:\Windows\SysWOW64\perfhost.exe (Microsoft Corporation) SRV - (COMSysApp) -- C:\Windows\SysWow64\dllhost.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (odserv) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Bonjour Service) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Computer, Inc.) ========== Driver Services (All) ========== DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation) DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation) DRV:64bit: - (KSecDD) -- C:\Windows\SysNative\drivers\ksecdd.sys (Microsoft Corporation) DRV:64bit: - (VBoxDrv) -- C:\Windows\SysNative\drivers\VBoxDrv.sys (Oracle Corporation) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (VBoxUSBMon) -- C:\Windows\SysNative\drivers\VBoxUSBMon.sys (Oracle Corporation) DRV:64bit: - (VBoxNetFlt) -- C:\Windows\SysNative\drivers\VBoxNetFlt.sys (Oracle Corporation) DRV:64bit: - (nvlddmkm) -- C:\Windows\SysNative\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (RDPWD) -- C:\Windows\SysNative\drivers\rdpwd.sys (Microsoft Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (TCPIP6) -- C:\Windows\SysNative\drivers\tcpip.sys (Microsoft Corporation) DRV:64bit: - (Tcpip) -- C:\Windows\SysNative\drivers\tcpip.sys (Microsoft Corporation) DRV:64bit: - (partmgr) -- C:\Windows\SysNative\drivers\partmgr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (TDTCP) -- C:\Windows\SysNative\drivers\tdtcp.sys (Microsoft Corporation) DRV:64bit: - (AFD) -- C:\Windows\SysNative\drivers\afd.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (mrxsmb10) -- C:\Windows\SysNative\drivers\mrxsmb10.sys (Microsoft Corporation) DRV:64bit: - (srv) -- C:\Windows\SysNative\drivers\srv.sys (Microsoft Corporation) DRV:64bit: - (srv2) -- C:\Windows\SysNative\drivers\srv2.sys (Microsoft Corporation) DRV:64bit: - (srvnet) -- C:\Windows\SysNative\drivers\srvnet.sys (Microsoft Corporation) DRV:64bit: - (mrxsmb) -- C:\Windows\SysNative\drivers\mrxsmb.sys (Microsoft Corporation) DRV:64bit: - (mrxsmb20) -- C:\Windows\SysNative\drivers\mrxsmb20.sys (Microsoft Corporation) DRV:64bit: - (usbhub) -- C:\Windows\SysNative\drivers\usbhub.sys (Microsoft Corporation) DRV:64bit: - (usbccgp) -- C:\Windows\SysNative\drivers\usbccgp.sys (Microsoft Corporation) DRV:64bit: - (usbehci) -- C:\Windows\SysNative\drivers\usbehci.sys (Microsoft Corporation) DRV:64bit: - (usbohci) -- C:\Windows\SysNative\drivers\usbohci.sys (Microsoft Corporation) DRV:64bit: - (usbuhci) -- C:\Windows\SysNative\drivers\usbuhci.sys (Microsoft Corporation) DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\drivers\ntfs.sys (Microsoft Corporation) DRV:64bit: - (nvstor) -- C:\Windows\SysNative\drivers\nvstor.sys (NVIDIA Corporation) DRV:64bit: - (nvraid) -- C:\Windows\SysNative\drivers\nvraid.sys (NVIDIA Corporation) DRV:64bit: - (iaStorV) -- C:\Windows\SysNative\drivers\iaStorV.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (USBSTOR) -- C:\Windows\SysNative\drivers\USBSTOR.SYS (Microsoft Corporation) DRV:64bit: - (bowser) -- C:\Windows\SysNative\drivers\bowser.sys (Microsoft Corporation) DRV:64bit: - (volsnap) -- C:\Windows\SysNative\drivers\volsnap.sys (Microsoft Corporation) DRV:64bit: - (volmgrx) -- C:\Windows\SysNative\drivers\volmgrx.sys (Microsoft Corporation) DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation) DRV:64bit: - (volmgr) -- C:\Windows\SysNative\drivers\volmgr.sys (Microsoft Corporation) DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation) DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation) DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation) DRV:64bit: - (TermDD) -- C:\Windows\SysNative\drivers\termdd.sys (Microsoft Corporation) DRV:64bit: - (sbp2port) -- C:\Windows\SysNative\drivers\sbp2port.sys (Microsoft Corporation) DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation) DRV:64bit: - (pci) -- C:\Windows\SysNative\drivers\pci.sys (Microsoft Corporation) DRV:64bit: - (NDIS) -- C:\Windows\SysNative\drivers\ndis.sys (Microsoft Corporation) DRV:64bit: - (MsRPC) -- C:\Windows\SysNative\drivers\msrpc.sys (Microsoft Corporation) DRV:64bit: - (iScsiPrt) -- C:\Windows\SysNative\drivers\msiscsi.sys (Microsoft Corporation) DRV:64bit: - (mpio) -- C:\Windows\SysNative\drivers\mpio.sys (Microsoft Corporation) DRV:64bit: - (msdsm) -- C:\Windows\SysNative\drivers\msdsm.sys (Microsoft Corporation) DRV:64bit: - (msahci) -- C:\Windows\SysNative\drivers\msahci.sys (Microsoft Corporation) DRV:64bit: - (mountmgr) -- C:\Windows\SysNative\drivers\mountmgr.sys (Microsoft Corporation) DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (FltMgr) -- C:\Windows\SysNative\drivers\fltMgr.sys (Microsoft Corporation) DRV:64bit: - (DXGKrnl) -- C:\Windows\SysNative\drivers\dxgkrnl.sys (Microsoft Corporation) DRV:64bit: - (ACPI) -- C:\Windows\SysNative\drivers\acpi.sys (Microsoft Corporation) DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RDPDR) -- C:\Windows\SysNative\drivers\rdpdr.sys (Microsoft Corporation) DRV:64bit: - (tssecsrv) -- C:\Windows\SysNative\drivers\tssecsrv.sys (Microsoft Corporation) DRV:64bit: - (Wanarpv6) -- C:\Windows\SysNative\drivers\wanarp.sys (Microsoft Corporation) DRV:64bit: - (WANARP) -- C:\Windows\SysNative\drivers\wanarp.sys (Microsoft Corporation) DRV:64bit: - (Rasl2tp) -- C:\Windows\SysNative\drivers\rasl2tp.sys (Microsoft Corporation) DRV:64bit: - (NdisWan) -- C:\Windows\SysNative\drivers\ndiswan.sys (Microsoft Corporation) DRV:64bit: - (PptpMiniport) -- C:\Windows\SysNative\drivers\raspptp.sys (Microsoft Corporation) DRV:64bit: - (Psched) -- C:\Windows\SysNative\drivers\pacer.sys (Microsoft Corporation) DRV:64bit: - (NDProxy) -- C:\Windows\SysNative\drivers\ndproxy.sys (Microsoft Corporation) DRV:64bit: - (IpFilterDriver) -- C:\Windows\SysNative\drivers\ipfltdrv.sys (Microsoft Corporation) DRV:64bit: - (tunnel) -- C:\Windows\SysNative\drivers\tunnel.sys (Microsoft Corporation) DRV:64bit: - (tcpipreg) -- C:\Windows\SysNative\drivers\tcpipreg.sys (Microsoft Corporation) DRV:64bit: - (Ndisuio) -- C:\Windows\SysNative\drivers\ndisuio.sys (Microsoft Corporation) DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation) DRV:64bit: - (umbus) -- C:\Windows\SysNative\drivers\umbus.sys (Microsoft Corporation) DRV:64bit: - (usbvideo) -- C:\Windows\SysNative\drivers\usbvideo.sys (Microsoft Corporation) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation) DRV:64bit: - (HidUsb) -- C:\Windows\SysNative\drivers\hidusb.sys (Microsoft Corporation) DRV:64bit: - (HDAudBus) -- C:\Windows\SysNative\drivers\hdaudbus.sys (Microsoft Corporation) DRV:64bit: - (WUDFRd) -- C:\Windows\SysNative\drivers\WUDFRd.sys (Microsoft Corporation) DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation) DRV:64bit: - (sffp_sd) -- C:\Windows\SysNative\drivers\sffp_sd.sys (Microsoft Corporation) DRV:64bit: - (kbdhid) -- C:\Windows\SysNative\drivers\kbdhid.sys (Microsoft Corporation) DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation) DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation) DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation) DRV:64bit: - (IPMIDRV) -- C:\Windows\SysNative\drivers\IPMIDrv.sys (Microsoft Corporation) DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation) DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation) DRV:64bit: - (rdbss) -- C:\Windows\SysNative\drivers\rdbss.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (MRxDAV) -- C:\Windows\SysNative\drivers\mrxdav.sys (Microsoft Corporation) DRV:64bit: - (DfsC) -- C:\Windows\SysNative\drivers\dfsc.sys (Microsoft Corporation) DRV:64bit: - (udfs) -- C:\Windows\SysNative\drivers\udfs.sys (Microsoft Corporation) DRV:64bit: - (HTTP) -- C:\Windows\SysNative\drivers\http.sys (Microsoft Corporation) DRV:64bit: - (NetBT) -- C:\Windows\SysNative\drivers\netbt.sys (Microsoft Corporation) DRV:64bit: - (tdx) -- C:\Windows\SysNative\drivers\tdx.sys (Microsoft Corporation) DRV:64bit: - (cdrom) -- C:\Windows\SysNative\drivers\cdrom.sys (Microsoft Corporation) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\clfs.sys (Microsoft Corporation) DRV:64bit: - (Compbatt) -- C:\Windows\SysNative\drivers\compbatt.sys (Microsoft Corporation) DRV:64bit: - (cmdide) -- C:\Windows\SysNative\drivers\cmdide.sys (CMD Technology, Inc.) DRV:64bit: - (adp94xx) -- C:\Windows\SysNative\drivers\adp94xx.sys (Adaptec, Inc.) DRV:64bit: - (adpahci) -- C:\Windows\SysNative\drivers\adpahci.sys (Adaptec, Inc.) DRV:64bit: - (adpu320) -- C:\Windows\SysNative\drivers\adpu320.sys (Adaptec, Inc.) DRV:64bit: - (arcsas) -- C:\Windows\SysNative\drivers\arcsas.sys (Adaptec, Inc.) DRV:64bit: - (arc) -- C:\Windows\SysNative\drivers\arc.sys (Adaptec, Inc.) DRV:64bit: - (agp440) -- C:\Windows\SysNative\drivers\AGP440.sys (Microsoft Corporation) DRV:64bit: - (atapi) -- C:\Windows\SysNative\drivers\atapi.sys (Microsoft Corporation) DRV:64bit: - (amdide) -- C:\Windows\SysNative\drivers\amdide.sys (Microsoft Corporation) DRV:64bit: - (aliide) -- C:\Windows\SysNative\drivers\aliide.sys (Acer Laboratories Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (Mup) -- C:\Windows\SysNative\drivers\mup.sys (Microsoft Corporation) DRV:64bit: - (mouclass) -- C:\Windows\SysNative\drivers\mouclass.sys (Microsoft Corporation) DRV:64bit: - (mssmbios) -- C:\Windows\SysNative\drivers\mssmbios.sys (Microsoft Corporation) DRV:64bit: - (msisadrv) -- C:\Windows\SysNative\drivers\msisadrv.sys (Microsoft Corporation) DRV:64bit: - (nv_agp) -- C:\Windows\SysNative\drivers\NV_AGP.SYS (Microsoft Corporation) DRV:64bit: - (nfrd960) -- C:\Windows\SysNative\drivers\nfrd960.sys (IBM Corporation) DRV:64bit: - (MegaSR) -- C:\Windows\SysNative\drivers\MegaSR.sys (LSI Corporation, Inc.) DRV:64bit: - (LSI_SCSI) -- C:\Windows\SysNative\drivers\lsi_scsi.sys (LSI Corporation) DRV:64bit: - (LSI_FC) -- C:\Windows\SysNative\drivers\lsi_fc.sys (LSI Corporation) DRV:64bit: - (LSI_SAS) -- C:\Windows\SysNative\drivers\lsi_sas.sys (LSI Corporation) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (kbdclass) -- C:\Windows\SysNative\drivers\kbdclass.sys (Microsoft Corporation) DRV:64bit: - (iirsp) -- C:\Windows\SysNative\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV:64bit: - (megasas) -- C:\Windows\SysNative\drivers\megasas.sys (LSI Corporation) DRV:64bit: - (isapnp) -- C:\Windows\SysNative\drivers\isapnp.sys (Microsoft Corporation) DRV:64bit: - (intelide) -- C:\Windows\SysNative\drivers\intelide.sys (Microsoft Corporation) DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation) DRV:64bit: - (elxstor) -- C:\Windows\SysNative\drivers\elxstor.sys (Emulex) DRV:64bit: - (Disk) -- C:\Windows\SysNative\drivers\disk.sys (Microsoft Corporation) DRV:64bit: - (FileInfo) -- C:\Windows\SysNative\drivers\fileinfo.sys (Microsoft Corporation) DRV:64bit: - (gagp30kx) -- C:\Windows\SysNative\drivers\GAGP30KX.SYS (Microsoft Corporation) DRV:64bit: - (crcdisk) -- C:\Windows\SysNative\drivers\crcdisk.sys (Microsoft Corporation) DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation) DRV:64bit: - (Wdf01000) -- C:\Windows\SysNative\drivers\Wdf01000.sys (Microsoft Corporation) DRV:64bit: - (vsmraid) -- C:\Windows\SysNative\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV:64bit: - (uliagpkx) -- C:\Windows\SysNative\drivers\ULIAGPKX.SYS (Microsoft Corporation) DRV:64bit: - (uagp35) -- C:\Windows\SysNative\drivers\UAGP35.SYS (Microsoft Corporation) DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Wd) -- C:\Windows\SysNative\drivers\wd.sys (Microsoft Corporation) DRV:64bit: - (spldr) -- C:\Windows\SysNative\drivers\spldr.sys (Microsoft Corporation) DRV:64bit: - (viaide) -- C:\Windows\SysNative\drivers\viaide.sys (VIA Technologies, Inc.) DRV:64bit: - (swenum) -- C:\Windows\SysNative\drivers\swenum.sys (Microsoft Corporation) DRV:64bit: - (ql2300) -- C:\Windows\SysNative\drivers\ql2300.sys (QLogic Corporation) DRV:64bit: - (SiSRaid4) -- C:\Windows\SysNative\drivers\sisraid4.sys (Silicon Integrated Systems) DRV:64bit: - (pcmcia) -- C:\Windows\SysNative\drivers\pcmcia.sys (Microsoft Corporation) DRV:64bit: - (ql40xx) -- C:\Windows\SysNative\drivers\ql40xx.sys (QLogic Corporation) DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation) DRV:64bit: - (SiSRaid2) -- C:\Windows\SysNative\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (pciide) -- C:\Windows\SysNative\drivers\pciide.sys (Microsoft Corporation) DRV:64bit: - (Brserid) -- C:\Windows\SysNative\drivers\BrSerId.sys (Brother Industries Ltd.) DRV:64bit: - (PEAUTH) -- C:\Windows\SysNative\drivers\PEAuth.sys (Microsoft Corporation) DRV:64bit: - (usbprint) -- C:\Windows\SysNative\drivers\usbprint.sys (Microsoft Corporation) DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation) DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation) DRV:64bit: - (RDPENCDD) -- C:\Windows\SysNative\drivers\RDPENCDD.sys (Microsoft Corporation) DRV:64bit: - (RDPCDD) -- C:\Windows\SysNative\drivers\RDPCDD.sys (Microsoft Corporation) DRV:64bit: - (TDPIPE) -- C:\Windows\SysNative\drivers\tdpipe.sys (Microsoft Corporation) DRV:64bit: - (Modem) -- C:\Windows\SysNative\drivers\modem.sys (Microsoft Corporation) DRV:64bit: - (ws2ifsl) -- C:\Windows\SysNative\drivers\ws2ifsl.sys (Microsoft Corporation) DRV:64bit: - (RasSstp) -- C:\Windows\SysNative\drivers\rassstp.sys (Microsoft Corporation) DRV:64bit: - (RasAgileVpn) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation) DRV:64bit: - (RasPppoe) -- C:\Windows\SysNative\drivers\raspppoe.sys (Microsoft Corporation) DRV:64bit: - (AsyncMac) -- C:\Windows\SysNative\drivers\asyncmac.sys (Microsoft Corporation) DRV:64bit: - (RasAcd) -- C:\Windows\SysNative\drivers\rasacd.sys (Microsoft Corporation) DRV:64bit: - (IPNAT) -- C:\Windows\SysNative\drivers\ipnat.sys (Microsoft Corporation) DRV:64bit: - (NdisTapi) -- C:\Windows\SysNative\drivers\ndistapi.sys (Microsoft Corporation) DRV:64bit: - (QWAVEdrv) -- C:\Windows\SysNative\drivers\qwavedrv.sys (Microsoft Corporation) DRV:64bit: - (NetBIOS) -- C:\Windows\SysNative\drivers\netbios.sys (Microsoft Corporation) DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation) DRV:64bit: - (Smb) -- C:\Windows\SysNative\drivers\smb.sys (Microsoft Corporation) DRV:64bit: - (IRENUM) -- C:\Windows\SysNative\drivers\irenum.sys (Microsoft Corporation) DRV:64bit: - (rspndr) -- C:\Windows\SysNative\drivers\rspndr.sys (Microsoft Corporation) DRV:64bit: - (lltdio) -- C:\Windows\SysNative\drivers\lltdio.sys (Microsoft Corporation) DRV:64bit: - (mpsdrv) -- C:\Windows\SysNative\drivers\mpsdrv.sys (Microsoft Corporation) DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation) DRV:64bit: - (NativeWifiP) -- C:\Windows\SysNative\drivers\nwifi.sys (Microsoft Corporation) DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation) DRV:64bit: - (HidBth) -- C:\Windows\SysNative\drivers\hidbth.sys (Microsoft Corporation) DRV:64bit: - (BTHMODEM) -- C:\Windows\SysNative\drivers\bthmodem.sys (Microsoft Corporation) DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation) DRV:64bit: - (ohci1394) -- C:\Windows\SysNative\drivers\ohci1394.sys (Microsoft Corporation) DRV:64bit: - (usbcir) -- C:\Windows\SysNative\drivers\usbcir.sys (Microsoft Corporation) DRV:64bit: - (circlass) -- C:\Windows\SysNative\drivers\circlass.sys (Microsoft Corporation) DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation) DRV:64bit: - (HidIr) -- C:\Windows\SysNative\drivers\hidir.sys (Microsoft Corporation) DRV:64bit: - (drmkaud) -- C:\Windows\SysNative\drivers\drmkaud.sys (Microsoft Corporation) DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation) DRV:64bit: - (WacomPen) -- C:\Windows\SysNative\drivers\wacompen.sys (Microsoft Corporation) DRV:64bit: - (sffp_mmc) -- C:\Windows\SysNative\drivers\sffp_mmc.sys (Microsoft Corporation) DRV:64bit: - (sfloppy) -- C:\Windows\SysNative\drivers\sfloppy.sys (Microsoft Corporation) DRV:64bit: - (sffdisk) -- C:\Windows\SysNative\drivers\sffdisk.sys (Microsoft Corporation) DRV:64bit: - (fdc) -- C:\Windows\SysNative\drivers\fdc.sys (Microsoft Corporation) DRV:64bit: - (flpydisk) -- C:\Windows\SysNative\drivers\flpydisk.sys (Microsoft Corporation) DRV:64bit: - (Parport) -- C:\Windows\SysNative\drivers\parport.sys (Microsoft Corporation) DRV:64bit: - (Serial) -- C:\Windows\SysNative\drivers\serial.sys (Microsoft Corporation) DRV:64bit: - (Serenum) -- C:\Windows\SysNative\drivers\serenum.sys (Microsoft Corporation) DRV:64bit: - (mouhid) -- C:\Windows\SysNative\drivers\mouhid.sys (Microsoft Corporation) DRV:64bit: - (sermouse) -- C:\Windows\SysNative\drivers\sermouse.sys (Microsoft Corporation) DRV:64bit: - (ksthunk) -- C:\Windows\SysNative\drivers\ksthunk.sys (Microsoft Corporation) DRV:64bit: - (MSKSSRV) -- C:\Windows\SysNative\drivers\mskssrv.sys (Microsoft Corporation) DRV:64bit: - (MSTEE) -- C:\Windows\SysNative\drivers\mstee.sys (Microsoft Corporation) DRV:64bit: - (MSPCLOCK) -- C:\Windows\SysNative\drivers\mspclock.sys (Microsoft Corporation) DRV:64bit: - (MSPQM) -- C:\Windows\SysNative\drivers\mspqm.sys (Microsoft Corporation) DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation) DRV:64bit: - (monitor) -- C:\Windows\SysNative\drivers\monitor.sys (Microsoft Corporation) DRV:64bit: - (VgaSave) -- C:\Windows\SysNative\drivers\vga.sys (Microsoft Corporation) DRV:64bit: - (vga) -- C:\Windows\SysNative\drivers\vgapnp.sys (Microsoft Corporation) DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation) DRV:64bit: - (blbdrive) -- C:\Windows\SysNative\drivers\blbdrive.sys (Microsoft Corporation) DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation) DRV:64bit: - (ErrDev) -- C:\Windows\SysNative\drivers\errdev.sys (Microsoft Corporation) DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation) DRV:64bit: - (WmiAcpi) -- C:\Windows\SysNative\drivers\wmiacpi.sys (Microsoft Corporation) DRV:64bit: - (luafv) -- C:\Windows\SysNative\drivers\luafv.sys (Microsoft Corporation) DRV:64bit: - (Filetrace) -- C:\Windows\SysNative\drivers\filetrace.sys (Microsoft Corporation) DRV:64bit: - (fastfat) -- C:\Windows\SysNative\drivers\fastfat.sys (Microsoft Corporation) DRV:64bit: - (exfat) -- C:\Windows\SysNative\drivers\exfat.sys (Microsoft Corporation) DRV:64bit: - (nsiproxy) -- C:\Windows\SysNative\drivers\nsiproxy.sys (Microsoft Corporation) DRV:64bit: - (i8042prt) -- C:\Windows\SysNative\drivers\i8042prt.sys (Microsoft Corporation) DRV:64bit: - (Npfs) -- C:\Windows\SysNative\drivers\npfs.sys (Microsoft Corporation) DRV:64bit: - (cdfs) -- C:\Windows\SysNative\drivers\cdfs.sys (Microsoft Corporation) DRV:64bit: - (Msfs) -- C:\Windows\SysNative\drivers\msfs.sys (Microsoft Corporation) DRV:64bit: - (Null) -- C:\Windows\SysNative\drivers\null.sys (Microsoft Corporation) DRV:64bit: - (AmdK8) -- C:\Windows\SysNative\drivers\amdk8.sys (Microsoft Corporation) DRV:64bit: - (intelppm) -- C:\Windows\SysNative\drivers\intelppm.sys (Microsoft Corporation) DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation) DRV:64bit: - (Processor) -- C:\Windows\SysNative\drivers\processr.sys (Microsoft Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (BrSerWdm) -- C:\Windows\SysNative\drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV:64bit: - (BrUsbMdm) -- C:\Windows\SysNative\drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV:64bit: - (BrUsbSer) -- C:\Windows\SysNative\drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV:64bit: - (BrFiltLo) -- C:\Windows\SysNative\drivers\BrFiltLo.sys (Brother Industries, Ltd.) DRV:64bit: - (BrFiltUp) -- C:\Windows\SysNative\drivers\BrFiltUp.sys (Brother Industries, Ltd.) DRV:64bit: - (secdrv) -- C:\Windows\SysNative\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=109958&tt=290312_bexdll&babsrc=HP_ss&mntrId=9c1bd709000000000000001b38cebf97 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E 91 C6 8E 0C 11 CD 01 [binary data] IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109958&tt=290312_bexdll&babsrc=SP_ss&mntrId=9c1bd709000000000000001b38cebf97 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.spiegel.de" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.04.09 17:04:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.02 20:26:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.02 22:17:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxxx\AppData\Roaming\mozilla\Extensions [2012.07.26 09:59:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\kcyerzas.default\extensions [2012.04.03 20:52:37 | 000,000,000 | ---D | M] (StumbleUpon) -- C:\Users\xxxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\kcyerzas.default\extensions\toolbar@stumbleupon.com [2012.08.02 20:15:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.08.02 20:15:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.07.26 09:59:07 | 000,012,095 | ---- | M] () (No name found) -- C:\USERS\xxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KCYERZAS.DEFAULT\EXTENSIONS\URLLISTER@BINNYVA.COM.XPI [2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.03 20:43:29 | 000,002,353 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 02:45:07 | 000,003,368 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml [2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\xxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: YouTube = C:\Users\xxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\xxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google-Suche = C:\Users\xxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\xxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ CHR - Extension: Google Mail = C:\Users\xxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SwissAcademic.Citavi.Picker.IEPicker) - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files (x86)\Smart File Advisor\sfa.exe (Filefacts.net) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - Startup: C:\Users\xxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\xxxxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\xxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Citavi Picker - {619D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{225A2A1D-DF96-4BE0-831A-34177873F4E7}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.07.15 21:39:51 | 000,000,122 | R--- | M] () - F:\autorun.inf -- [ UDF ] O33 - MountPoints2\{fa91e766-7dc0-11e1-aeb1-001b38cebf97}\Shell - "" = AutoRun O33 - MountPoints2\{fa91e766-7dc0-11e1-aeb1-001b38cebf97}\Shell\AutoRun\command - "" = I:\Autoplay.exe -auto O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.01 23:06:52 | 000,000,000 | R--D | C] -- C:\Users\xxxxxxx\Dropbox [2012.09.01 23:05:36 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012.09.01 23:04:42 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxx\AppData\Roaming\Dropbox [2012.09.01 18:39:40 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxx\AppData\Roaming\Malwarebytes [2012.09.01 18:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.01 18:39:33 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.01 18:39:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.09.01 18:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.01 18:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012.09.01 17:33:28 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\xxxxxxx\Desktop\OTL.exe [2012.08.31 13:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012.08.31 13:44:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2012.08.30 23:02:11 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.08.30 18:15:40 | 000,000,000 | -HSD | C] -- C:\Users\xxxxxxx\AppData\Roaming\System [2012.08.30 18:15:34 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxx\AppData\Roaming\Ryit [2012.08.30 18:15:34 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxx\AppData\Roaming\Emak [2012.08.30 18:15:34 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxx\AppData\Roaming\Atinyv [2012.08.19 15:23:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.08.18 13:42:59 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxx\Desktop\Ausdruck2 [2012.08.16 19:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium [2012.08.16 19:26:24 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2012.08.16 10:00:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.08.16 10:00:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.08.16 10:00:02 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.08.16 10:00:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.08.16 10:00:01 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.08.16 10:00:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.08.16 10:00:01 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.08.16 10:00:00 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.08.16 10:00:00 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.08.16 10:00:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.08.16 10:00:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.08.16 09:59:59 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.08.16 09:59:58 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.08.15 23:17:18 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012.08.15 23:17:14 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012.08.15 23:17:14 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012.08.15 23:17:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2012.08.15 23:17:13 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.08.15 23:17:13 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.08.15 23:17:13 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.08.15 23:17:09 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012.08.08 18:04:43 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxx\AppData\Roaming\e-academy Inc [2012.08.08 18:04:43 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxx\AppData\Local\e-academy Inc [2012.08.06 19:41:06 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxx\AppData\Roaming\vlc [2012.08.06 19:40:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.08.06 19:40:19 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2012.08.06 11:49:21 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxx\AppData\Roaming\WinRAR [2012.08.06 11:49:21 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.08.06 11:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.08.06 11:49:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.02 02:21:29 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.02 02:21:29 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.02 02:13:38 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.02 02:13:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.02 02:13:11 | 2414,333,952 | -HS- | M] () -- C:\hiberfil.sys [2012.09.02 02:11:46 | 000,000,214 | ---- | M] () -- C:\Users\xxxxxxx\defogger_reenable [2012.09.02 01:10:14 | 000,511,265 | ---- | M] () -- C:\Users\xxxxxxx\Desktop\adwcleaner.exe [2012.09.02 01:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.02 01:01:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.01 23:06:52 | 000,001,051 | ---- | M] () -- C:\Users\xxxxxxx\Desktop\Dropbox.lnk [2012.09.01 23:05:58 | 000,001,061 | ---- | M] () -- C:\Users\xxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.09.01 18:39:34 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.01 16:58:22 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\xxxxxxx\Desktop\OTL.exe [2012.08.30 20:14:12 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.30 20:14:12 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.30 20:14:12 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.30 20:14:12 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.30 20:14:12 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.30 18:15:49 | 000,252,509 | -HS- | M] () -- C:\Users\xxxxxxx\AppData\Roaming\rt1.png [2012.08.28 16:24:52 | 000,311,883 | ---- | M] () -- C:\Users\xxxxxxx\Desktop\2007-H-MDI-L.pdf [2012.08.28 16:14:46 | 000,465,337 | ---- | M] () -- C:\Users\xxxxxxx\Desktop\2.png [2012.08.28 16:13:50 | 000,497,129 | ---- | M] () -- C:\Users\xxxxxxx\Desktop\Unbenanntes Bild.png [2012.08.25 21:23:00 | 003,576,834 | ---- | M] () -- C:\Users\xxxxxxx\Desktop\DSC_0157.JPG [2012.08.25 21:23:00 | 000,191,544 | ---- | M] () -- C:\Users\xxxxxxx\Desktop\brillencheck_klein.jpg [2012.08.25 21:22:00 | 004,085,663 | ---- | M] () -- C:\Users\xxxxxxx\Desktop\DSC_0156.JPG [2012.08.25 21:21:35 | 000,000,840 | ---- | M] () -- C:\Users\xxxxxxx\Desktop\Caedium.lnk [2012.08.25 21:21:14 | 001,917,301 | ---- | M] () -- C:\Users\xxxxxxx\Desktop\brillencheck.jpg [2012.08.16 22:23:44 | 002,449,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.14 22:05:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.14 22:05:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.08 18:04:43 | 000,003,179 | ---- | M] () -- C:\Users\xxxxxxx\Desktop\Secure Download Manager.lnk [2012.08.06 19:40:41 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.02 02:11:45 | 000,000,214 | ---- | C] () -- C:\Users\xxxxxxx\defogger_reenable [2012.09.02 01:10:08 | 000,511,265 | ---- | C] () -- C:\Users\xxxxxxx\Desktop\adwcleaner.exe [2012.09.01 23:06:52 | 000,001,051 | ---- | C] () -- C:\Users\xxxxxxx\Desktop\Dropbox.lnk [2012.09.01 23:05:58 | 000,001,061 | ---- | C] () -- C:\Users\xxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.09.01 18:39:34 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.30 18:15:48 | 000,252,509 | -HS- | C] () -- C:\Users\xxxxxxx\AppData\Roaming\rt1.png [2012.08.28 16:24:50 | 000,311,883 | ---- | C] () -- C:\Users\xxxxxxx\Desktop\2007-H-MDI-L.pdf [2012.08.28 16:14:46 | 000,465,337 | ---- | C] () -- C:\Users\xxxxxxx\Desktop\2.png [2012.08.28 16:13:50 | 000,497,129 | ---- | C] () -- C:\Users\xxxxxxx\Desktop\Unbenanntes Bild.png [2012.08.25 21:22:59 | 000,191,544 | ---- | C] () -- C:\Users\xxxxxxx\Desktop\brillencheck_klein.jpg [2012.08.25 21:21:12 | 001,917,301 | ---- | C] () -- C:\Users\xxxxxxx\Desktop\brillencheck.jpg [2012.08.25 21:17:24 | 004,085,663 | ---- | C] () -- C:\Users\xxxxxxx\Desktop\DSC_0156.JPG [2012.08.25 21:17:24 | 003,576,834 | ---- | C] () -- C:\Users\xxxxxxx\Desktop\DSC_0157.JPG [2012.08.08 18:04:43 | 000,003,179 | ---- | C] () -- C:\Users\xxxxxxx\Desktop\Secure Download Manager.lnk [2012.08.06 19:40:41 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.04.19 14:58:20 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2012.04.19 14:58:20 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2012.04.07 20:07:37 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.04.03 22:57:41 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll < End of report > |
|
02.09.2012, 01:42
| #2 |
| | GVU-Trojaner - nach Kapesky Rescue WindowsUnlocker & AntiMalware Benutzung - entfernt? und hier der OTL-Extra-Scan
__________________OTL-Extras OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 02.09.2012 02:18:45 - Run 3
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\xxxxxxx\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 59,15% Memory free
5,99 Gb Paging File | 4,67 Gb Available in Paging File | 77,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,12 Gb Total Space | 12,62 Gb Free Space | 16,16% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 6,02 Gb Free Space | 4,04% Space Free | Partition Type: NTFS
Drive E: | 70,92 Gb Total Space | 25,35 Gb Free Space | 35,74% Space Free | Partition Type: NTFS
Drive F: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 963,98 Mb Total Space | 532,64 Mb Free Space | 55,25% Space Free | Partition Type: FAT32
Computer Name: xxxxxxx-PC | User Name: xxxxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050AF4B5-C2AF-42E2-8B43-515EB3AB87DA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0FA99D58-CF56-415A-AC27-43125FEF53E2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{161A92D5-30BB-4649-876A-50D6DB463E34}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2424E69B-AFF5-4D23-9F87-7AF46E4CF690}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3497CB08-264C-4264-B6CF-3E4C669C24EA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3D58CA36-C10E-4A07-B29E-F02547B3556E}" = lport=139 | protocol=6 | dir=in | app=system |
"{4D78835A-B77C-4C87-95E2-4E8D55735A5A}" = lport=445 | protocol=6 | dir=in | app=system |
"{4E43F01B-275B-4574-AE0D-26E3A5FCC5CD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{54D1274A-FDEC-4E45-88FA-EB5484AE795B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{61375F29-DEE6-4897-BABF-610A146A863E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7EB35AE6-6526-4B7F-98DB-DCC50F0101DE}" = rport=445 | protocol=6 | dir=out | app=system |
"{855B009F-BBB6-408C-8CE6-A0EB516A9750}" = rport=139 | protocol=6 | dir=out | app=system |
"{8B53B779-680B-4411-9F38-4BFE99FE822C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8CCF3030-A6E5-4D57-B98A-A5EC30E017F1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E899A37-9700-472D-ACE8-FDAC08C9F38A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{93BCF732-9BD1-4D95-8746-08306CCEE802}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A303EDAC-67FE-4EC5-91CD-6ACCE59A46C9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B5DE6F38-2DE9-4035-9F98-C75FCCBC9E74}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B90B94F3-D654-48DE-B47E-A95A1B1B2EA5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2C508E2-5CBF-4400-9FF3-DC3D3A3F5DED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D5A917BE-D16A-44AF-8C7D-CDFBCCBF0E0D}" = rport=138 | protocol=17 | dir=out | app=system |
"{E49230DE-4780-400B-9FCF-198F4D21A241}" = rport=137 | protocol=17 | dir=out | app=system |
"{EC70871A-E8E5-4FEF-A0CB-F99D0B9EE35A}" = lport=137 | protocol=17 | dir=in | app=system |
"{FCD6DBC9-E3EF-4E3A-BA6E-6726CE8F06D5}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026100D2-55B0-4A73-A86B-18AF60A4B8A5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{10DE2B5D-C080-45E6-9996-5A27650067B4}" = protocol=17 | dir=in | app=c:\users\xxxxxxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{128A2F0D-5E72-48BA-BA5A-5E59A372C32E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{162CAAF6-F951-4C12-986F-B89537711BA8}" = protocol=6 | dir=in | app=d:\cs\hl.exe |
"{31714BE6-3E79-4943-9C2B-9E0925C01E3E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{326A861B-FE8E-4AE0-AB56-5762BB7BA26E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3366E211-E33E-4FAF-8EE9-A72F2722B9A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3BD5FC16-31C5-44FD-BF9E-A7221BA6AABD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{42675B87-7FD1-402C-8F79-141A270EA44C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{461EC464-97AB-4F03-B44F-83DDF581A90C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{50D357C3-4CAC-43C9-9989-F2A0C27800A6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6BE1B40E-1E5E-473A-8F9B-5DA18498BAE6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6E852EC9-2F50-47FE-B62C-C253435CDEE6}" = protocol=6 | dir=in | app=c:\users\xxxxxxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{70F5597F-B220-42D5-9709-02100EEFF17B}" = protocol=6 | dir=out | app=system |
"{71369E71-8A3A-4C9A-82B0-5AA8CCD67E43}" = protocol=6 | dir=in | app=c:\program files (x86)\alcohol soft\alcohol 52\starwind\starwindserviceae.exe |
"{748C8104-491C-4FEA-A878-C1E55E94B7C6}" = protocol=6 | dir=in | app=c:\users\xxxxxxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{75316C08-3872-4F09-A504-ABA823FF1A7E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{7EF8EB29-1CE7-4944-956D-2878FF29A469}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8051553B-246A-44CF-AA24-EE3CDF923B7A}" = protocol=17 | dir=in | app=c:\program files (x86)\alcohol soft\alcohol 52\starwind\starwindserviceae.exe |
"{80F6A628-77CD-45BB-B226-7A77CCE070E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{839E089E-5C77-42CA-947E-A827EF17A95E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{8D5E8ED9-FF97-4A90-AFE6-633BDFDAB71C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8F4F791A-5AE2-475B-A378-11EA52FE4C40}" = protocol=17 | dir=in | app=c:\users\xxxxxxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{97965166-99D9-42E0-B4C9-BA228000A1A4}" = protocol=17 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe |
"{99B96C17-31FE-48C2-A5A6-1E625F4FDEC8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9B4FDCED-1AA3-4F78-ADE4-1B34DB775EE5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A60ACE28-B70F-4252-AC35-3FBA6B7CEEFF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B0186B89-DC99-4A8C-AB4A-9F18DDC391A4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C188861B-38EC-4746-BD4A-B02F8164708D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C494BAAB-8EB4-4C61-8FAB-4AA0F11E33E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CA83524A-0894-4088-BD23-E93302F3245F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CD9561DA-6BAB-4FF7-8663-E20409500FA1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D824D46A-4EB1-4593-B9AA-F4FFA3C24D3D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E01E0769-80D4-4710-BE45-5449278D7A72}" = protocol=6 | dir=in | app=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe |
"{E05F0C55-9B95-44F6-9494-2EDA55121575}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4B6AFA2-E4D4-4B25-8D07-B00A0035D50D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{F1545413-7153-44FA-BB29-977AA6101763}" = protocol=17 | dir=in | app=d:\cs\hl.exe |
"{F999F979-8634-4530-A44B-51E9B2AEB403}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{BFC1AD8C-8C31-4597-80A5-5056EE738457}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{DB1E1430-7F00-4BFA-834B-5D599C217929}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{C894A76A-DA82-4E9D-B537-2CBF8A03AF6D}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{D327B3CD-DCBE-4B08-BD9F-E55DA8963C8C}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{08BCFE15-8AA1-4A58-B018-4FEF486BA922}" = Autodesk Inventor Fusion for Inventor 2013 Add-in
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-B028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2013
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{792A9A32-718A-40D1-9867-A903F76AE2F8}" = Eco Materials Adviser for Autodesk Inventor 2013
"{7F4DD591-1664-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2012
"{7F4DD591-1664-0409-0001-7107D70F3DB4}" = Autodesk Inventor Professional 2012 Language Pack - Deutsch
"{7F4DD591-1764-0001-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2013
"{7F4DD591-1764-0001-1033-7107D70F3DB4}" = Autodesk Inventor Professional 2013 English Language Pack
"{8479E184-8AFC-49D8-8C53-B1569ADBF3B3}_is1" = Caedium::Full
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B46DECD1-1664-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2012 (Desktop Content)
"{B46DECD1-1764-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2013 (Desktop Content)
"{D25FF5C1-1664-469A-9794-69309387C193}" = Schnell-Deinstallations-Tool für Autodesk Inventor 2012
"{D25FF5C1-1764-469A-9794-69309387C193}" = Autodesk Inventor 2013 Quick Uninstaller
"{D3299935-57F7-403A-9D7B-0B8F9F56F44B}" = Microsoft HPC Pack 2008 R2 MS-MPI Redistributable Pack
"{E027C59C-4C47-4BE8-8078-BCD3D2680EC3}" = Eco Materials Adviser (x64)
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD67869B-C97B-4F2C-AD80-ABF130238441}" = Oracle VM VirtualBox 4.1.16
"{FFF5619F-2013-0064-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2013
"Autodesk Inventor Fusion 2013" = Autodesk Inventor Fusion 2013
"Autodesk Inventor Professional 2012" = Autodesk Inventor Professional 2012 Deutsch
"Autodesk Inventor Professional 2013" = Autodesk Inventor Professional 2013 English
"DWG TrueView 2013" = DWG TrueView 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"VLC media player" = VLC media player 2.0.2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24FF088D-CDCF-480C-8A4B-98F14A54CAA8}" = Autodesk Material Library Low Resolution Image Library 2012
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}" = Autodesk Material Library Low Resolution Image Library 2013
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2C65AEAA-EDF4-42E0-AA43-D74A5362CA02}" = Adobe Setup
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5B1F04DA-0F27-45B7-96F2-37190D5E11AE}" = Cisco AnyConnect Secure Mobility Client
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9268B41D-6045-4F5F-A14E-3F8E51CD2666}" = Secure Download Manager
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8ABD8C7-991E-4A70-B5A3-20C6FC680680}" = LogMeIn Hamachi
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DA896917-C1DA-45B2-B4D2-68162F16C0DD}" = Adobe Creative Suite 3 Master Collection
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DFFDDCF5-CB32-4354-8823-1B9E68025953}" = Adobe Setup
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_67a7fb1e97aa14ee9ef0950eb6fd757" = Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen
"Adobe_71c180716438072ebd356ce2549df41" = Adobe Premiere Pro CS3 Third Party Content
"AudioConverter" = AudioConverter
"Avira AntiVir Desktop" = Avira Free Antivirus
"CINEMA 4D Release 10" = CINEMA 4D Release 10
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"IsoBuster_is1" = IsoBuster 3.0
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Miranda IM" = Miranda IM 0.9.47
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Smart File Advisor_is1" = Smart File Advisor 1.1.1
"Updater Service" = Updater Service
"VideoPerformer" = VideoPerformer
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.09.2012 16:03:09 | Computer Name = xxxxxxx-PC | Source = Audiorecorder | ID = 65535
Description =
Error - 01.09.2012 16:03:09 | Computer Name = xxxxxxx-PC | Source = Audiorecorder | ID = 65535
Description =
Error - 01.09.2012 16:03:09 | Computer Name = xxxxxxx-PC | Source = Audiorecorder | ID = 65535
Description =
Error - 01.09.2012 16:03:09 | Computer Name = xxxxxxx-PC | Source = Audiorecorder | ID = 65535
Description =
Error - 01.09.2012 16:03:09 | Computer Name = xxxxxxx-PC | Source = Audiorecorder | ID = 65535
Description =
Error - 01.09.2012 16:03:09 | Computer Name = xxxxxxx-PC | Source = Audiorecorder | ID = 65535
Description =
Error - 01.09.2012 16:03:09 | Computer Name = xxxxxxx-PC | Source = Audiorecorder | ID = 65535
Description =
Error - 01.09.2012 16:03:09 | Computer Name = xxxxxxx-PC | Source = Audiorecorder | ID = 65535
Description =
Error - 01.09.2012 16:03:09 | Computer Name = xxxxxxx-PC | Source = Audiorecorder | ID = 65535
Description =
Error - 01.09.2012 16:03:09 | Computer Name = xxxxxxx-PC | Source = Audiorecorder | ID = 65535
Description =
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 01.09.2012 20:11:56 | Computer Name = xxxxxxx-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
(0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE
Error - 01.09.2012 20:13:26 | Computer Name = xxxxxxx-PC | Source = acvpnagent | ID = 67108866
Description = Function: Directory::ReadDir File: .\Utility\Directory.cpp Line: 156
Invoked
Function: ::FindNextFile Return Code: 18 (0x00000012) Description: Es sind keine
weiteren Dateien vorhanden.
Error - 01.09.2012 20:13:26 | Computer Name = xxxxxxx-PC | Source = acvpnagent | ID = 67108866
Description = Function: PluginLoader::QuickCreatePlugin File: c:\temp\build\thehoff\DaVinci_MR10.327428428415\DaVinci_MR1\vpn\Common\Utility/PluginLoader.h
Line:
145 Invoked Function: PluginLoader::CreateInstance Return Code: -29294580 (0xFE41000C)
Description:
PLUGINLOADER_ERROR_COULD_NOT_CREATE
Error - 01.09.2012 20:13:26 | Computer Name = xxxxxxx-PC | Source = acvpnagent | ID = 67108866
Description = Function: PluginLoader::QuickCreatePlugin File: c:\temp\build\thehoff\DaVinci_MR10.327428428415\DaVinci_MR1\vpn\Common\Utility/PluginLoader.h
Line:
145 Invoked Function: PluginLoader::CreateInstance Return Code: -29294580 (0xFE41000C)
Description:
PLUGINLOADER_ERROR_COULD_NOT_CREATE
Error - 01.09.2012 20:13:26 | Computer Name = xxxxxxx-PC | Source = acvpnagent | ID = 67108866
Description = Function: PluginLoader::QuickCreatePlugin File: c:\temp\build\thehoff\DaVinci_MR10.327428428415\DaVinci_MR1\vpn\Common\Utility/PluginLoader.h
Line:
145 Invoked Function: PluginLoader::CreateInstance Return Code: -29294580 (0xFE41000C)
Description:
PLUGINLOADER_ERROR_COULD_NOT_CREATE
Error - 01.09.2012 20:13:57 | Computer Name = xxxxxxx-PC | Source = acvpnui | ID = 67108866
Description = Function: Directory::ReadDir File: .\Utility\Directory.cpp Line: 156
Invoked
Function: ::FindNextFile Return Code: 18 (0x00000012) Description: Es sind keine
weiteren Dateien vorhanden.
Error - 01.09.2012 20:13:57 | Computer Name = xxxxxxx-PC | Source = acvpnui | ID = 67108866
Description = Function: PluginLoader::QuickCreatePlugin File: c:\temp\build\thehoff\DaVinci_MR10.327428428415\DaVinci_MR1\vpn\Common\Utility/PluginLoader.h
Line:
145 Invoked Function: PluginLoader::CreateInstance Return Code: -29294580 (0xFE41000C)
Description:
PLUGINLOADER_ERROR_COULD_NOT_CREATE
Error - 01.09.2012 20:13:57 | Computer Name = xxxxxxx-PC | Source = acvpnui | ID = 67108866
Description = Function: PluginLoader::QuickCreatePlugin File: c:\temp\build\thehoff\DaVinci_MR10.327428428415\DaVinci_MR1\vpn\Common\Utility/PluginLoader.h
Line:
145 Invoked Function: PluginLoader::CreateInstance Return Code: -29294580 (0xFE41000C)
Description:
PLUGINLOADER_ERROR_COULD_NOT_CREATE
Error - 01.09.2012 20:13:58 | Computer Name = xxxxxxx-PC | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4156
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
Daten mehr verfügbar.
Error - 01.09.2012 20:14:04 | Computer Name = xxxxxxx-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1020 NULL object. Cannot establish a connection at this time.
[ OSession Events ]
Error - 02.08.2012 06:07:53 | Computer Name = xxxxxxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 48615
seconds with 120 seconds of active time. This session ended with a crash.
Error - 12.08.2012 13:54:46 | Computer Name = xxxxxxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 207749 seconds with 30420 seconds of active time. This session ended with
a crash.
Error - 12.08.2012 14:12:18 | Computer Name = xxxxxxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 878 seconds with 660 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 01.09.2012 20:09:57 | Computer Name = xxxxxxx-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 01.09.2012 20:09:57 | Computer Name = xxxxxxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 01.09.2012 20:09:58 | Computer Name = xxxxxxx-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 01.09.2012 20:09:58 | Computer Name = xxxxxxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 01.09.2012 20:12:00 | Computer Name = xxxxxxx-PC | Source = PNRPSvc | ID = 102
Description =
Error - 01.09.2012 20:12:00 | Computer Name = xxxxxxx-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 01.09.2012 20:12:00 | Computer Name = xxxxxxx-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 01.09.2012 20:13:12 | Computer Name = xxxxxxx-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Die Energieverwaltungsfeatures für Leistung des Prozessors "0" in
der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie
sich beim Hersteller des Computers nach aktualisierter Firmware.
Error - 01.09.2012 20:13:12 | Computer Name = xxxxxxx-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Die Energieverwaltungsfeatures für Leistung des Prozessors "1" in
der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie
sich beim Hersteller des Computers nach aktualisierter Firmware.
Error - 01.09.2012 20:13:34 | Computer Name = xxxxxxx-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Updater Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
< End of report >
[/CODE] |
|
05.12.2012, 19:12
| #3 |
| /// Helfer-Team  | GVU-Trojaner - nach Kapesky Rescue WindowsUnlocker & AntiMalware Benutzung - entfernt? Dein Thema ist leider untergegangen, bitte in Zukunft nicht selbst antworten. Benoetigst du noch Hilfe?
__________________ |
|
23.02.2013, 16:16
| #4 |
| /// Helfer-Team | GVU-Trojaner - nach Kapesky Rescue WindowsUnlocker & AntiMalware Benutzung - entfernt? Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu GVU-Trojaner - nach Kapesky Rescue WindowsUnlocker & AntiMalware Benutzung - entfernt? |
| .dll, adobe, antivir, autorun, avg, avira, bho, bonjour, browser, corp./icp, dllhost.exe, dnsapi.dll, dxgkrnl, explorer, firefox, flash player, fontcache, format, ftp, google, google earth, hdaudio.sys, helper, kaspersky, langs, lanmanworkstation, locker, mfc100u.dll, monitor, msiexec.exe, msvcr80.dll, ntdll.dll, nvidia, nvidia update, object, plug-in, policyagent, samlib.dll, schannel.dll, senden, server, software, trustedinstaller, tunnel, usbvideo.sys, usp10.dll, wintrust.dll, wlansvc, wsearch, wshtcpip.dll |
Linear-Darstellung
