|
Plagegeister aller Art und deren Bekämpfung: Ukash Bundespolizei Infektion - Logs anbeiWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.11.2012, 12:26 | #1 | |
| Ukash Bundespolizei Infektion - Logs anbei Hallo, seit gestern habe ich besagten Trojaner (Computer gesperrt, 100€ zahlen). Meine bisherige Recherche hat ergeben, dass ich wohl OTL-Logs posten muss und dann Anweisungen abwarten sollte. Ich danke schon jetzt für jegliche Hilfe! Im abgesicherten Modus habe ich mit OTL die folgenden Logs erstellt. Ich verwende Windows 7, Antivir und den neuesten Firefox. edit: Ich lerne ja gerne neues und versuche halbwegs zu verstehen, was vorliegt und wie die Lösung funktioniert. Am Log ist mir vor allem das hier aufgefallen (neuste Files): Zitat:
edit2: Einige Dateibewegungen (Desktop) rühren daher, dass ich für den Log aufräumen wollte (dachte die Desktopdateien werden extra aufgeführt). Ich habe beim Log auch nur 2Gb Speicher drin gehabt, weil ich die Pause gerade nutze, einen schadhaften Ram-Riegel auszumachen. OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.11.2012 11:14:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zellerli\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 46,52% Memory free 3,99 Gb Paging File | 2,95 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 921,54 Gb Total Space | 137,43 Gb Free Space | 14,91% Space Free | Partition Type: NTFS Drive G: | 1,81 Gb Total Space | 1,60 Gb Free Space | 88,55% Space Free | Partition Type: FAT Computer Name: LAEMMERSPIEL | User Name: Zellerli | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Zellerli\Desktop\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (MySQL) -- C:\xamppDaten\xampp\mysql\bin\mysqld.exe (MySQL AB) SRV - (Apache2.2) -- C:\xamppDaten\xampp\apache\bin\httpd.exe (Apache Software Foundation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (TDslMgrService) -- C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe (T-Systems Enterprise Services GmbH) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation) DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (DslMNLwf) -- C:\Windows\SysNative\drivers\dslmnlwf.sys (T-Systems Enterprise Services GmbH) DRV:64bit: - (Razerlow) -- C:\Windows\SysNative\drivers\DB3G.sys (Razer (Asia-Pacific) Pte Ltd) DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys () DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA 81 8B 16 AC 86 CD 01 [binary data] IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\..\SearchScopes\{606ADCDA-32A4-4BC9-AB42-CEA943C2C9F0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=3993BC9E-58B3-43CA-8C8E-ED25C2215BBF&apn_sauid=9BF59E63-0C7C-41C0-8F22-F2870D58D302 IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.19 10:46:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 17:46:48 | 000,000,000 | ---D | M] [2012.11.19 10:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zellerli\AppData\Roaming\mozilla\Extensions [2012.11.19 10:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000..\Run: [Spotify Web Helper] C:\Users\Zellerli\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) O4 - Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) O4 - Startup: C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E51035B1-B4D9-4B2B-A388-C30EB39FD8AC}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{7295fb20-072b-11e2-873a-6cf0490d7c79}\Shell - "" = AutoRun O33 - MountPoints2\{7295fb20-072b-11e2-873a-6cf0490d7c79}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.23 11:12:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Zellerli\Desktop\OTL.exe [2012.11.22 18:38:22 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe [2012.11.22 18:38:21 | 000,161,280 | ---- | C] (Un4seen Developments) -- C:\Users\Zellerli\wgsdgsdgdsgsd.exe [2012.11.19 10:46:44 | 000,000,000 | ---D | C] -- C:\Users\Zellerli\AppData\Roaming\Mozilla [2012.11.16 03:38:05 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.11.16 03:38:05 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.11.16 03:33:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.11.16 03:30:49 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.11.16 03:30:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.11.16 03:30:48 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.11.16 03:30:48 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.11.16 03:30:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.11.16 03:30:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.11.16 03:30:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.11.16 03:30:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.11.16 03:30:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.11.16 03:30:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.11.16 03:30:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.11.16 03:30:47 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.11.16 03:30:46 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.11.16 03:30:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.11.16 03:30:46 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.11.16 03:27:15 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.11.16 03:27:14 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.11.16 03:27:14 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.11.16 03:27:14 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.11.15 09:19:47 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012.11.15 09:19:47 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012.11.15 09:19:47 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012.11.15 09:19:43 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisRtl.dll [2012.11.15 09:19:42 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisRtl.dll [2012.11.15 09:19:42 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ahadmin.dll [2012.11.15 09:19:42 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admwprox.dll [2012.11.15 09:19:42 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll [2012.11.15 09:19:42 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisreset.exe [2012.11.15 09:19:42 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisreset.exe [2012.11.15 09:19:41 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ahadmin.dll [2012.11.15 09:19:41 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wamregps.dll [2012.11.15 09:19:41 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisrstap.dll [2012.11.15 09:19:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wamregps.dll [2012.11.15 09:19:41 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisrstap.dll [2012.11.15 09:19:39 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012.11.15 09:19:39 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012.11.15 09:19:39 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012.11.15 09:19:39 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012.11.15 09:19:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012.11.15 09:19:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012.11.15 09:19:24 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.11.15 09:19:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012.10.27 19:50:23 | 000,000,000 | ---D | C] -- C:\Users\Zellerli\AppData\Roaming\xm1 [2012.10.27 19:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\OriginLab [2012.10.27 19:40:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin86Sr0SetupFiles [2012.10.27 19:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Texmaker [2012.10.27 19:04:24 | 000,000,000 | ---D | C] -- C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker [2012.10.27 19:04:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Texmaker [2012.10.27 17:46:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2010.06.04 10:31:59 | 001,663,664 | ---- | C] (Blizzard Entertainment) -- C:\Users\Zellerli\InstallWoW.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Zellerli\AppData\Local\*.tmp files -> C:\Users\Zellerli\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.23 11:09:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.23 11:09:45 | 1607,065,600 | -HS- | M] () -- C:\hiberfil.sys [2012.11.23 10:50:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zellerli\Desktop\OTL.exe [2012.11.22 18:50:45 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.22 18:50:44 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.22 18:50:34 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.11.22 18:48:33 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.22 18:38:24 | 000,000,788 | ---- | M] () -- C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.11.22 18:38:22 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\lsass.exe [2012.11.22 18:38:21 | 000,161,280 | ---- | M] (Un4seen Developments) -- C:\Users\Zellerli\wgsdgsdgdsgsd.exe [2012.11.22 18:18:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.20 02:39:46 | 001,796,478 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.20 02:39:46 | 000,770,302 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.20 02:39:46 | 000,712,788 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.20 02:39:46 | 000,173,294 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.20 02:39:46 | 000,141,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.19 10:46:41 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.11.16 17:45:29 | 000,080,936 | ---- | M] () -- C:\Users\Zellerli\Documents\2012-03_Beschluss_sicherer_Berufseinstieg_zur_Veroeffentlichung-1.pdf [2012.11.16 10:04:23 | 000,605,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.10.27 19:04:25 | 000,000,999 | ---- | M] () -- C:\Users\Zellerli\Desktop\Texmaker.lnk [2012.10.25 17:28:30 | 001,255,701 | ---- | M] () -- C:\Users\Zellerli\Documents\ts3_clientui-win64-1351090895-2012-10-25 18_28_30.941725.dmp [2012.10.25 17:28:07 | 001,257,933 | ---- | M] () -- C:\Users\Zellerli\Documents\ts3_clientui-win64-1351090895-2012-10-25 18_28_06.925434.dmp [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Zellerli\AppData\Local\*.tmp files -> C:\Users\Zellerli\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.22 18:38:24 | 000,000,788 | ---- | C] () -- C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.11.22 18:38:23 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.11.19 10:46:41 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.11.19 10:46:41 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.11.16 17:45:29 | 000,080,936 | ---- | C] () -- C:\Users\Zellerli\Documents\2012-03_Beschluss_sicherer_Berufseinstieg_zur_Veroeffentlichung-1.pdf [2012.11.16 03:38:09 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.16 03:27:14 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.10.27 19:04:25 | 000,000,999 | ---- | C] () -- C:\Users\Zellerli\Desktop\Texmaker.lnk [2012.10.25 17:28:30 | 001,255,701 | ---- | C] () -- C:\Users\Zellerli\Documents\ts3_clientui-win64-1351090895-2012-10-25 18_28_30.941725.dmp [2012.10.25 17:28:06 | 001,257,933 | ---- | C] () -- C:\Users\Zellerli\Documents\ts3_clientui-win64-1351090895-2012-10-25 18_28_06.925434.dmp [2012.07.05 06:41:33 | 000,314,880 | ---- | C] () -- C:\Users\Zellerli\AppData\Local\vltdi.exe [2012.05.12 16:30:50 | 000,001,984 | ---- | C] () -- C:\Users\Zellerli\.recently-used.xbel [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.06.03 16:03:24 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.04.01 04:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2011.04.01 04:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011.04.01 04:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2011.03.07 23:51:00 | 000,042,615 | ---- | C] () -- C:\Users\Zellerli\dox-rs16_zurCore.rar [2011.03.07 23:50:41 | 000,176,962 | ---- | C] () -- C:\Users\Zellerli\Ravenshield_core_160.rar [2011.03.07 23:49:57 | 000,042,615 | ---- | C] () -- C:\Users\Zellerli\dox-rs16.rar [2011.03.07 23:45:24 | 000,640,707 | ---- | C] () -- C:\Users\Zellerli\jmt-MiniRS3.rar [2011.03.07 23:44:16 | 000,454,809 | ---- | C] () -- C:\Users\Zellerli\RS-mi_SuperK.rar [2010.12.06 00:22:02 | 000,007,608 | ---- | C] () -- C:\Users\Zellerli\AppData\Local\Resmon.ResmonCfg [2010.10.18 14:15:29 | 000,000,035 | ---- | C] () -- C:\Users\Zellerli\AppData\Roaming\Opusbext.dat [2010.10.06 23:52:54 | 003,121,971 | ---- | C] () -- C:\Users\Zellerli\17_gesamt_003_087_klein.pdf [2010.07.24 16:14:08 | 000,001,155 | ---- | C] () -- C:\Users\Zellerli\AppData\Roaming\SAS7_000.DAT [2010.05.13 18:28:32 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.04.26 21:41:51 | 001,024,270 | ---- | C] () -- C:\Users\Zellerli\strahlungsfelder_11.pdf [2010.04.19 19:18:55 | 002,699,555 | ---- | C] () -- C:\Users\Zellerli\theo-vorbereitung.zip [2010.04.15 23:12:24 | 203,279,596 | ---- | C] () -- C:\Users\Zellerli\Queen.rar ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.03.11 21:42:23 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\.minecraft [2011.04.25 20:27:51 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Ahnenblatt [2012.10.20 00:52:56 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Audacity [2012.07.21 12:58:34 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\calibre [2010.11.06 20:15:38 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\DAEMON Tools Lite [2010.05.19 19:56:31 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\DeepBurner [2012.10.24 09:51:01 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Dropbox [2011.04.28 09:54:34 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\FileZilla [2011.01.14 14:15:14 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Foxit Software [2012.05.12 16:30:50 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\gtk-2.0 [2012.02.27 00:05:27 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\inkscape [2012.03.21 20:25:57 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Itwye [2011.03.22 18:33:19 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\JonDo [2011.05.21 23:08:48 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Leadertech [2010.09.01 21:23:30 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\LolClient [2012.06.17 12:53:49 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\LolClient2 [2011.08.17 23:27:22 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Mael [2010.10.02 16:08:59 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Miranda [2011.11.12 12:47:44 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Red Alert 3 [2011.12.10 11:43:43 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\SmartTools [2012.09.15 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Spotify [2012.11.22 14:39:14 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\StarOffice8 [2011.03.07 23:39:00 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\StatSoft [2010.12.22 17:07:28 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Stellarium [2011.07.26 11:44:23 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Texas Instruments [2011.07.26 11:32:49 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\TI-Nspire [2012.01.23 12:00:01 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Ubisoft [2011.09.29 16:59:30 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\uTorrent [2011.08.29 22:55:05 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\wargaming.net [2012.10.27 19:50:23 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\xm1 ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F35A93AD < End of report > Extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.11.2012 11:14:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zellerli\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 46,52% Memory free 3,99 Gb Paging File | 2,95 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 921,54 Gb Total Space | 137,43 Gb Free Space | 14,91% Space Free | Partition Type: NTFS Drive G: | 1,81 Gb Total Space | 1,60 Gb Free Space | 88,55% Space Free | Partition Type: FAT Computer Name: LAEMMERSPIEL | User Name: Zellerli | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1227684924-1299058479-1627879679-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{003E65B1-061F-4F8B-86F0-A78F2EF4417D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{04BDAF95-5D7F-401E-A259-F0216E303044}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{0592E869-A5DC-4B52-9C48-123D9F93B881}" = lport=2869 | protocol=6 | dir=in | app=system | "{0ACFFB57-3CC4-4B27-9BAC-2429C8026F4A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{0C8956ED-E466-4E8F-BA92-9425FDE23F94}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | "{11C451E4-EACC-463C-B815-C0C5B79A21FD}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | "{1CC5D8BC-5004-453E-B717-BE919613077A}" = lport=8398 | protocol=6 | dir=in | name=league of legends launcher | "{1FE6C0B7-A038-459B-8297-542BD96E87FA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{217722DE-AA15-4622-BCDD-F513027389E1}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2A862473-278D-4572-B321-94BDE60374BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{36A802B4-1C8A-4A02-8383-6E91B921372D}" = lport=6892 | protocol=17 | dir=in | name=league of legends launcher | "{3D0B3A79-5A0F-460F-9883-EB591D440287}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | "{411DBB40-A24C-47B3-BC50-01FB07D21FD1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{45230AD7-3DF3-4376-84AB-47A40350FA94}" = lport=80 | protocol=6 | dir=in | name=xampp | "{4523A691-9AF0-4851-9D11-05234EF0C7DA}" = lport=445 | protocol=6 | dir=in | app=system | "{490237B0-8DA6-419F-92D1-52ECEE319F89}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4C4ED62D-8FB7-4149-B420-480616C5B311}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4EF58C36-2A23-448C-BCB7-6EF99A1C8DDB}" = lport=6955 | protocol=17 | dir=in | name=league of legends launcher | "{53B095EE-722D-46B0-969D-768E3F51570E}" = lport=10243 | protocol=6 | dir=in | app=system | "{57490034-9B79-4E91-95E3-E8BBAF7CB6A2}" = lport=58947 | protocol=17 | dir=in | name=pando media booster | "{5D36A21C-96AD-42F0-A75C-9EA93EF5F98E}" = lport=138 | protocol=17 | dir=in | app=system | "{6400F3D4-8ABC-4701-91F1-1ECE5417E186}" = rport=139 | protocol=6 | dir=out | app=system | "{6A37EBBF-8909-4B71-854C-169A71978A93}" = lport=6888 | protocol=17 | dir=in | name=league of legends launcher | "{6A58694C-FD00-49BD-BD20-6F2C85F70A19}" = lport=8398 | protocol=17 | dir=in | name=league of legends launcher | "{6C48FE14-0CB6-406D-A5A7-F758B440EAEC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6C5FBED3-5C65-4DE5-930F-A7F1C27A009D}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | "{7E9E5C77-86F6-4EC7-98AB-DDE1C4D6F255}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{7F8AF62C-A829-4871-A0AE-C49A12CAEF96}" = lport=137 | protocol=17 | dir=in | app=system | "{802CA42E-35F7-467B-9B01-05003F326517}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{80EB48F8-13E2-429C-8FDD-6918AA17B052}" = lport=58947 | protocol=6 | dir=in | name=pando media booster | "{843FD27E-DA00-48FD-B70B-D7C5E4CBE647}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | "{85919E83-2DB1-43B1-8395-62A9403ABCA4}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{8688E206-2905-4E67-B2FB-A7AEA3E95F03}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | "{8D4DE0C9-DAF6-41A4-A11D-7785B41366B5}" = rport=80 | protocol=6 | dir=out | name=xampp | "{92A142B6-2657-4BD5-B686-CA8558EC2669}" = lport=139 | protocol=6 | dir=in | app=system | "{954D849B-68F9-4C85-B172-48CD12700EF5}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | "{9F15033C-9D53-41E9-BA5F-E88693C8558A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9F3D8019-D14B-42C8-B939-EFE738A8693D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{9F84E880-3D01-4A1C-B0D3-46A612BD5156}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AB8258F1-36B2-4224-8E0B-45485E1575E7}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | "{AFE48AC7-8B97-4A9D-9BA6-55F63830C901}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B828B1CC-719C-4E44-A994-5756971562C2}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | "{BAA1393B-3E48-4983-9947-E8043DDA3E50}" = lport=58947 | protocol=6 | dir=in | name=pando media booster | "{BB48567F-14DA-4C8B-9609-5805394EA57E}" = rport=137 | protocol=17 | dir=out | app=system | "{BCC0EDBC-32CB-4227-B05C-A883F7323D6A}" = lport=6888 | protocol=6 | dir=in | name=league of legends launcher | "{BD45B64D-8152-4F12-ACD9-6B026DDDF8AA}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{BDA9CAD8-A935-4EC5-9D66-21296EAC282E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C0B5BCC8-F755-428B-8461-36AEC66FFB47}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C21D46AB-8466-4DA1-9F3C-AA7E72A35765}" = rport=138 | protocol=17 | dir=out | app=system | "{C7140B34-9AD6-4748-AA6A-A5AB7989F1CA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CAF864E8-1323-4359-99DB-C26128D191EE}" = lport=6892 | protocol=6 | dir=in | name=league of legends launcher | "{CE2B9EB2-54BB-476E-AF97-0551DB46E9F0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CF12D3BC-C65E-408F-8676-72F66F1B4675}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CF928608-7689-4DF3-B1A1-69A2DC2B0AF7}" = lport=58947 | protocol=17 | dir=in | name=pando media booster | "{D50F8D27-4721-4BC6-9D7C-6F3B7BB6486B}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{DC72D35E-95A6-4B54-9532-1781015A6E51}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | "{DD198D1B-6402-44AD-9F71-267CB5B74DB5}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | "{E1322A1B-2843-44C9-9DEA-DE8C9C7B3B03}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | "{E15D4C25-DA62-48CF-BA82-7CE0B4C2CB73}" = lport=6955 | protocol=6 | dir=in | name=league of legends launcher | "{E44EE432-38FC-4BF7-9932-6A58184E4DAE}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | "{EABFE8E1-A134-4AE5-A5F4-DD767E496712}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | "{EC910B25-ADCD-4184-94EB-E98B3FE12FD6}" = rport=445 | protocol=6 | dir=out | app=system | "{EED24FB2-3F2C-46BA-A8E4-BD5C752D964F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{F2F97DAB-6EB4-475E-92BB-2D6601FD1073}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | "{F8732271-81F4-4AD1-A018-2D86F3DEF761}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F9105229-FC02-4C43-ADD5-16DBF43122BF}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{FA592191-9BAA-4A6D-9252-D14806D2E475}" = rport=10243 | protocol=6 | dir=out | app=system | "{FF9447FB-2099-4503-8F9A-3C401EBDDD44}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01E24798-9132-4A41-A6B8-E871EF7C02E6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2.exe | "{08EB96EC-3084-456C-8B2E-0D625754D640}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | "{0EAFA2E5-8BDE-46E2-B338-5FCE96F4108B}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | "{10412528-E2A0-45E8-B438-078C1B003485}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{19439B30-E761-450C-9026-A9682B789209}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1A562E02-40D4-463C-BE3C-9768E03787DC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2.exe | "{1AC66571-1A65-467C-B283-348562765CFD}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\anno4.exe | "{1CCE85DE-6AFB-430C-9ED4-68852776D54E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{22301842-1B9D-4EAE-B001-ED64E22D3394}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | "{235FE788-10A4-4094-922B-75B95F111013}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | "{2571AFDD-F545-4992-8BB5-3081339B7887}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | "{25E317A1-AD9F-4F52-AC8B-F66C7E2B1C36}" = protocol=17 | dir=in | app=c:\users\zellerli\appdata\roaming\dropbox\bin\dropbox.exe | "{29ADB9A2-BB69-4CE7-88C1-97FC54DE80EA}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | "{310F7292-3673-4513-A65B-0C9635FBC39D}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "{341B7905-1465-461F-83AB-54D80BD78623}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{34CAD4B2-1D1F-4D1B-822E-EE8F453D5DF2}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{36466367-7C7F-4FA1-887B-245FED326CA2}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | "{37AD5E77-A17E-4F54-B71E-6AD90741606D}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "{37C0EEE3-0619-4ADE-B26D-DE62E251CDE1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\addon.exe | "{38164E45-3C1E-4EE8-854A-50B527CD1803}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | "{39ED505F-5B89-4B4F-96E1-3209511DC0F7}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{3C8CCF41-6708-4DB8-B70F-38ECF8BCAA9B}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe | "{3F016C5F-54C2-4E10-9A51-EE49B7F91520}" = protocol=17 | dir=in | app=c:\program files (x86)\ut2k4\system\ut2004.exe | "{3FA6FB51-9681-45D8-9AC8-8D33445331D7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\tools\addonweb.exe | "{442A0033-2094-4108-9391-205DEE8E1D90}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | "{444C1016-AFFB-48B3-A7E1-E09DEB69EBDC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\duke nukem forever\system\dukeforever.exe | "{44FFC111-10DF-4940-A6E7-4661F0B12260}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{463E015E-56F1-4AA6-963F-D23FC764B6C5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{51D53117-4F64-4816-AA91-7A826DB96FBC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2.exe | "{5797B216-D8EB-4810-B5F3-AE754BD5C32F}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{58A66449-1BFB-4987-9DAC-45B4A8AE425A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5A754C9F-39D4-4BAD-84C0-7E49E068E51B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{5C00FDFC-9C2F-4517-8E40-67BE89D633BC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{5DCC306C-35FF-4DCA-938D-F9810DA8411C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{6E300200-7F30-452F-8044-818BF280326C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2_dedicated.exe | "{749FB92B-5BF0-4201-AA22-7F20BBB5061D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{74F120E7-B5EC-41A4-A845-313764ED4688}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{7B604866-1E22-42A1-8F3C-2B4DC18E96D9}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{81586FD4-4A91-4D7A-BEDD-B5B14012CDFF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8186C802-8479-4C2A-985D-18EA807ACBF5}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | "{852D04A9-8FBE-46C6-9313-D0DDA3399256}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\tools\anno4web.exe | "{89771538-1550-4543-84A1-1FCDC394DD07}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2_dedicated.exe | "{8F1932DA-8A8A-4807-8A58-1D9C2EEFA619}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{93D46D9B-4567-45F0-AC87-11284628E19B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe | "{978C20AB-4ED3-4755-AD72-E9ECB4DD74C8}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe | "{9A02C3DA-0FD9-44AA-9F9D-19DEDE5F597D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\tools\addonweb.exe | "{9ADBE6DF-716A-4B57-AC90-16A4C905DD7D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe | "{9D24E21A-13D0-4FC0-9913-A33734F8AEC7}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\starcraft ii.exe | "{A1707C1E-B9DC-4797-91E1-59AB9881A3EB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{A22414D0-D5AC-498E-8263-22971783F950}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{A33B86CD-9F41-4484-9E44-E5A7AD2EF3FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2.exe | "{A3F1F49B-515E-4D69-89D2-C2519E613B67}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | "{A51100CC-4222-4DC2-947B-901CD0829FE5}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | "{A57E067D-EB68-4B51-AC02-AD38F7984781}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A78EBD96-12EE-4DA5-8030-CC263FBC6433}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\starcraft ii.exe | "{B20A3F60-11F1-4000-8F73-D3341D069870}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B2CD6F03-2266-4D34-8B0F-7BA9BF43CD11}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B335765D-FF7B-426D-B044-4BD03B0DF83D}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "{B3C71977-66AC-42B4-9ED0-76FAC173BE8E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{B69AE2FB-99F9-44FC-9207-E8CBABB40BC4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\anno4.exe | "{B6FC33E1-452F-4D10-A5F0-A7AF8B5C4A2D}" = protocol=6 | dir=in | app=c:\users\zellerli\appdata\roaming\dropbox\bin\dropbox.exe | "{B834CFAB-38EE-410A-9A2C-8A0A7EEE26DB}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | "{B8AD7CA6-DB22-4512-A47C-DF630152AFE1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B8E97628-A3AC-4607-9A94-806ABE2429C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{BFDF1575-6070-4B3C-A9B7-70BE9A6E00B4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C3CDED26-D471-4809-8FA1-202F09DFA792}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{C44FEA29-80DC-47E4-BC0F-B4FC32309D9C}" = protocol=6 | dir=in | app=c:\program files (x86)\ut2k4\system\ut2004.exe | "{C5E6ADC8-65C1-4297-8CE7-23D22A697E0B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C62FA975-A663-43AD-8277-7D088A3A68EF}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{C6BB950E-85B9-460C-983D-8F4F010F2C0A}" = protocol=6 | dir=out | app=system | "{C7D670E1-3ED8-443C-8949-1AB6C68C36C1}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | "{C8736291-530B-4E43-8320-63E384C4EB1B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\tools\benchmark.exe | "{CB9F7A13-99B6-48B2-B320-1FA022CCFBAB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{CBE406AA-E81D-41C4-896E-240EE6E2DC59}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{CC2F1063-94E0-47CC-A108-63A9C22F5443}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CCAB01D5-41D4-4469-BDF7-37C64A0E48CD}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{CD9E0643-94BB-437B-B989-A7A3D07EF4F9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\tools\benchmark.exe | "{CE438225-9DE2-471C-8CA1-7DBCC08A7334}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{CF43A1D5-9664-4115-B384-807FE2BC5139}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D0B6DF0D-8B0F-421B-910D-64BC7B184011}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\tools\anno4web.exe | "{D1CC8C48-78D8-406A-BD7E-13EF3C65FCAB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D21109DB-7463-4DBD-8F8B-6A29F08FD77E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D324626A-1ED4-4504-A8E7-C95F7D42C313}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | "{D348747C-A9F9-499E-950B-26F6C089AE06}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D369BB07-249A-4A38-9865-36ECBE2F901C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D71D55E3-4AD0-4925-93BA-9826342BA18A}" = protocol=17 | dir=in | app=c:\program files (x86)\anno 1602 - gold edition\1602.exe | "{D9E88595-ACE4-4612-9C59-F4B4E0D1F92E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{DA0E8E94-D66C-405F-B67A-F75B8B67D5F5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{DC528CC0-5008-44D6-838F-813E43D01A35}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | "{E03B4E17-F826-40CB-8FDC-B05A4FA766F5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{E344AC1A-4D04-4C69-8F03-BB2261913579}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{E71D5DD9-8310-4C10-921F-7A23D743E73F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EAA2890B-9E21-4E0C-A2C1-8BC2989C67FE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\addon.exe | "{EB15CDDC-9DE6-4EA4-B68C-8ACF3B1C2D75}" = protocol=6 | dir=in | app=c:\program files (x86)\anno 1602 - gold edition\1602.exe | "{F02851F0-F3C5-45E4-A36D-9EDECB0F5419}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{F0861924-4AC0-480C-8683-288448B97F33}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F417E334-563A-4101-9749-717BFE8B7465}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{F4C6210F-10FC-4A4E-B964-CAC1FC9E01E9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | "{F599DA2D-E505-43BF-9AA2-F2C90FA37967}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F7C41998-4ED6-4758-BB86-D824E412AF3B}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | "{FABFD627-2EAD-4EE4-A672-F05780C2CE76}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\duke nukem forever\system\dukeforever.exe | "{FB853588-B840-49E6-B7F8-5A981928D562}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "{FE19D4D1-83B2-468D-B74B-7137C4D023B0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{FF2E998F-82F5-44BE-9600-0801AC6EC263}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "TCP Query User{03341652-A564-46B8-BE55-C17D927D8C49}C:\xamppdaten\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xamppdaten\xampp\mysql\bin\mysqld.exe | "TCP Query User{04082BF3-CDB6-4462-B034-E47B548B6C7C}C:\users\zellerli\downloads\starcraft_2_beta_dede.exe" = protocol=6 | dir=in | app=c:\users\zellerli\downloads\starcraft_2_beta_dede.exe | "TCP Query User{0442162C-6275-4F8A-82EC-9432202F146C}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "TCP Query User{0CAB75DC-F005-403C-BB6F-84CEB2DF0178}C:\program files (x86)\fox\aliens vs. predator 2\lithtech.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fox\aliens vs. predator 2\lithtech.exe | "TCP Query User{0D8CA656-B29F-4BBB-A28F-67DF203957F6}C:\users\zellerli\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\zellerli\appdata\roaming\spotify\spotify.exe | "TCP Query User{0E6C4971-5087-4F21-92F7-DC7585B3D1A2}C:\setups spiele\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=6 | dir=in | app=c:\setups spiele\downloader_warcraft3_the_frozen_throne_dede.exe | "TCP Query User{103D9D6E-D7AC-4CCC-9AC8-409D43E28478}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{10BED12C-A114-4857-AB60-C3B19CA50955}C:\users\zellerli\appdata\roaming\ipgyo\ecyvcy.exe" = protocol=6 | dir=in | app=c:\users\zellerli\appdata\roaming\ipgyo\ecyvcy.exe | "TCP Query User{163C00DD-4239-4558-B7DB-A71D31740E66}C:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2main.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2main.exe | "TCP Query User{2014D340-718F-492D-8B65-A205A74CC598}C:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe | "TCP Query User{231CF380-62A0-4342-B4D3-D8AC847F5389}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | "TCP Query User{27C92E5C-4B2B-4C56-9C27-507C8D86A7CA}C:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | "TCP Query User{298DA669-7A10-4283-8B87-592DC6484E1B}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | "TCP Query User{3A8564F5-EED0-4682-AD18-02BD6301D749}C:\program files (x86)\ubisoft\anno 1404 - königsedition\tools\addonweb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\tools\addonweb.exe | "TCP Query User{40ABAF44-2EF1-4FCF-AF17-E07FFAE4A840}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe | "TCP Query User{40B3268B-194B-48FB-B912-109438E5E475}C:\program files\miranda x64\miranda64.exe" = protocol=6 | dir=in | app=c:\program files\miranda x64\miranda64.exe | "TCP Query User{4492AB14-A845-4DDB-AC31-4FB383E9C8C6}C:\program files\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\call of duty 4 - modern warfare\iw3mp.exe | "TCP Query User{4D251248-92A7-42F2-A6BD-B948B6D68176}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe | "TCP Query User{4D902F90-6D25-4B38-AAD5-0BAA44D7CFE7}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | "TCP Query User{4EAC75C0-3901-426F-8BFA-9691D639FE4B}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{50C7C93C-76B6-47DD-8BBD-118104432274}C:\setups\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\setups\starcraft_2_eu_de-de.exe | "TCP Query User{52ECB185-B2AC-4D47-BE32-077AF75F79AB}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | "TCP Query User{56E00A92-30F5-4E86-9BB5-39788E22C3AE}C:\lan\bf2_ulf\bf2.exe" = protocol=6 | dir=in | app=c:\lan\bf2_ulf\bf2.exe | "TCP Query User{58B2AE24-7977-4429-8E62-E9FE07C406D7}C:\program files (x86)\flatout2\flatout2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flatout2\flatout2.exe | "TCP Query User{5E91AD2F-9C20-4037-9C25-673013F008C4}C:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe | "TCP Query User{6C5270BE-A891-4329-8898-96AB33711AFD}C:\program files (x86)\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | "TCP Query User{7537212F-DF51-4242-8566-3D9080E2F4E5}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | "TCP Query User{77253648-1B95-46FF-BF5A-54E941FDA6D1}C:\program files (x86)\ea games\command and conquer generals\game.dat" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\command and conquer generals\game.dat | "TCP Query User{7A936E8A-6CFF-4E14-8FDA-A9B96C68D0F0}C:\ti\game.exe" = protocol=6 | dir=in | app=c:\ti\game.exe | "TCP Query User{7DCD31C1-FB33-4A1A-A13C-BC6039A803B0}C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe | "TCP Query User{80FDE594-AC7D-458D-9CAF-3338EC86E6C9}C:\program files (x86)\ti education\ti-nspire student software\ti-nspire student software.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ti education\ti-nspire student software\ti-nspire student software.exe | "TCP Query User{831D22DD-BF82-49F9-8C95-0244FD4B471D}C:\program files (x86)\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\battlefield 2\bf2.exe | "TCP Query User{85EBB3B6-0A69-43C1-A852-A4604ED0ABE2}C:\program files (x86)\starcraft ii beta\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\support\blizzarddownloader.exe | "TCP Query User{874D29EA-B2AF-4648-9424-2B06E09E8A5C}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | "TCP Query User{8DAD0460-5BCE-4C38-AFBF-C1D249307A18}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{986CBBF3-9533-459C-B514-87BE21693C13}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe | "TCP Query User{A0BFB125-7C3F-4B85-82C1-6F886AD6A7ED}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "TCP Query User{A8175184-3AD6-44BA-BF83-1382E0DE354A}C:\setups spiele\downloader_warcraft3_reign_of_chaos_dede.exe" = protocol=6 | dir=in | app=c:\setups spiele\downloader_warcraft3_reign_of_chaos_dede.exe | "TCP Query User{AB200B5D-CA30-496B-BF41-5DE2C7E75515}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | "TCP Query User{B4A9A4A2-4808-43FC-81B3-D1744525CD37}C:\users\zellerli\appdata\roaming\ipgyo\ecyvcy.exe" = protocol=6 | dir=in | app=c:\users\zellerli\appdata\roaming\ipgyo\ecyvcy.exe | "TCP Query User{B63A236F-C12F-4164-BDAF-67777E2CBE91}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "TCP Query User{BC7B28FF-A136-4738-A7C2-52CB79FEACCB}C:\program files (x86)\anno 1602 - gold edition\1602.exe" = protocol=6 | dir=in | app=c:\program files (x86)\anno 1602 - gold edition\1602.exe | "TCP Query User{C23EB4B3-49AC-4533-BC0B-86D6EE084243}C:\program files\miranda x64\miranda64.exe" = protocol=6 | dir=in | app=c:\program files\miranda x64\miranda64.exe | "TCP Query User{C4845111-1712-4882-AE03-B429F59BBC3B}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | "TCP Query User{CADDC25C-F135-407E-AABE-AF6E39F7ED1F}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | "TCP Query User{D7459CD1-D089-4BD8-97C7-F09798E190CA}C:\program files (x86)\ubisoft\anno 1404 - königsedition\addon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\addon.exe | "TCP Query User{E2E31DD6-6B2D-4FC2-A50F-C092922FE3F8}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | "TCP Query User{E3750BC6-993A-4FAA-9B0A-46059EA94F66}C:\lan\bf2_ulf\bf2.exe" = protocol=6 | dir=in | app=c:\lan\bf2_ulf\bf2.exe | "TCP Query User{E93E1576-75B6-4722-BE94-50D34142A729}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | "TCP Query User{EB02FAA6-57BB-4228-BF02-16520586385D}C:\program files (x86)\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16605\sc2.exe | "TCP Query User{EFB6674F-978A-4D84-8940-53EC5B797C92}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | "TCP Query User{F1B1FC13-B8F9-4AB4-8C9F-D85C044CDDAD}C:\program files (x86)\common files\ti shared\commlib\1\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\ti shared\commlib\1\jre\bin\java.exe | "TCP Query User{FCB2551F-8116-472D-A86B-B604442BA48C}C:\program files (x86)\red storm entertainment\ravenshield\system\ravenshield.exe" = protocol=6 | dir=in | app=c:\program files (x86)\red storm entertainment\ravenshield\system\ravenshield.exe | "UDP Query User{01880564-2BFE-471C-A7D0-85D33586E7B2}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | "UDP Query User{02A745F4-C99C-4705-9366-197909B049A0}C:\program files\miranda x64\miranda64.exe" = protocol=17 | dir=in | app=c:\program files\miranda x64\miranda64.exe | "UDP Query User{10A0D758-4A87-4590-9C41-499E84070EB8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{1773D523-4F8D-4635-A9DF-67EF31BBFD81}C:\program files (x86)\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\battlefield 2\bf2.exe | "UDP Query User{1A19203F-B352-4F93-BF0B-C61289B13293}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{1E466306-9D64-47C2-824D-011CA77413A8}C:\lan\bf2_ulf\bf2.exe" = protocol=17 | dir=in | app=c:\lan\bf2_ulf\bf2.exe | "UDP Query User{2D4E0653-377C-486D-BBCC-967A5E7DB958}C:\ti\game.exe" = protocol=17 | dir=in | app=c:\ti\game.exe | "UDP Query User{325FE92E-BA01-4139-B889-0781CA19ED9D}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | "UDP Query User{3461833D-B6D8-409E-A215-14C20C6829B4}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | "UDP Query User{37E1D480-90D6-4CBE-8BBB-81FC40B91061}C:\program files (x86)\starcraft ii beta\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\support\blizzarddownloader.exe | "UDP Query User{3B02417F-23CD-4675-B269-3FBB3374AA14}C:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe | "UDP Query User{3E78C60C-E919-4472-AAB0-01E9499D5823}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | "UDP Query User{3E929647-C271-44B2-9C9B-5B8515874F1A}C:\program files (x86)\red storm entertainment\ravenshield\system\ravenshield.exe" = protocol=17 | dir=in | app=c:\program files (x86)\red storm entertainment\ravenshield\system\ravenshield.exe | "UDP Query User{452319E5-C7E5-434F-9020-D4BAB78EF7DD}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | "UDP Query User{4694E673-6825-434D-AA1E-A742F88789ED}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | "UDP Query User{56C854B0-F400-43EF-AEFB-A3F156AEA026}C:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe | "UDP Query User{5C21011F-3132-4C8A-A8BF-70B05D26F7A8}C:\program files (x86)\flatout2\flatout2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flatout2\flatout2.exe | "UDP Query User{5F9119DA-3CD5-428A-9C20-16EF74547365}C:\users\zellerli\downloads\starcraft_2_beta_dede.exe" = protocol=17 | dir=in | app=c:\users\zellerli\downloads\starcraft_2_beta_dede.exe | "UDP Query User{64CE4C92-690C-44A0-9BA8-36600AB6950A}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | "UDP Query User{65F4B86D-CBBD-4C90-852D-89D88374641D}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe | "UDP Query User{6D7BDDB4-C8F0-4596-9273-7B026E259BEE}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe | "UDP Query User{79506361-521B-4533-8989-F242572E81B7}C:\program files (x86)\ubisoft\anno 1404 - königsedition\addon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\addon.exe | "UDP Query User{79789828-B014-4225-B5F7-921F6BDDA1F8}C:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | "UDP Query User{7D9AA12C-958D-422D-A506-A1B748DE537E}C:\program files\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\call of duty 4 - modern warfare\iw3mp.exe | "UDP Query User{7E850182-C807-41D1-926A-DCCC76FAA52F}C:\program files (x86)\ubisoft\anno 1404 - königsedition\tools\addonweb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\tools\addonweb.exe | "UDP Query User{84785378-6D96-43EF-A346-B7664BBEF9C8}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | "UDP Query User{8C26E52F-5223-4444-9ADB-DFB3E63C3EE5}C:\users\zellerli\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\zellerli\appdata\roaming\spotify\spotify.exe | "UDP Query User{8CB60C07-8B7A-483B-9B4A-8153884488DD}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{8EB2D814-3C48-4267-88C2-7B4D7842EEBE}C:\setups\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\setups\starcraft_2_eu_de-de.exe | "UDP Query User{8FDFF509-B8AC-4EC8-8559-229A0F490618}C:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2main.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2main.exe | "UDP Query User{90917955-49DB-4AE7-89FF-D5C555419851}C:\lan\bf2_ulf\bf2.exe" = protocol=17 | dir=in | app=c:\lan\bf2_ulf\bf2.exe | "UDP Query User{9DA7D87C-22BE-4F8C-913B-7FC1C1358677}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{9E9C2F35-1349-47D2-B995-99A21B19C578}C:\program files (x86)\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16605\sc2.exe | "UDP Query User{A4545ED6-888B-44C4-AEE1-A2CC7BD5C168}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | "UDP Query User{A8647FD7-C7D1-4054-A467-D1B7C723EB58}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe | "UDP Query User{A97A262C-BB96-4F9A-A503-AE6D65B73A16}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "UDP Query User{ACF4FD19-F8CC-49FC-B64A-1CAA153ACCBB}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | "UDP Query User{ADBCC90C-0781-4BD3-AE3C-28B5600E8E18}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "UDP Query User{AF5329F6-B7CF-43B7-84E1-9880EAC13A82}C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe | "UDP Query User{BCCC0B21-7F8A-4420-B205-CFA3524896FA}C:\program files (x86)\ti education\ti-nspire student software\ti-nspire student software.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ti education\ti-nspire student software\ti-nspire student software.exe | "UDP Query User{C90870D2-CAD3-44CF-9F28-958898F5EF7F}C:\users\zellerli\appdata\roaming\ipgyo\ecyvcy.exe" = protocol=17 | dir=in | app=c:\users\zellerli\appdata\roaming\ipgyo\ecyvcy.exe | "UDP Query User{CC147F0B-E4FF-4A3B-8EE4-67CDE1D45847}C:\program files (x86)\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | "UDP Query User{CE9E29AC-534A-4802-89D7-84B1684BAF45}C:\program files\miranda x64\miranda64.exe" = protocol=17 | dir=in | app=c:\program files\miranda x64\miranda64.exe | "UDP Query User{D4F81D01-9067-4A4D-940E-55211A206DA6}C:\program files (x86)\anno 1602 - gold edition\1602.exe" = protocol=17 | dir=in | app=c:\program files (x86)\anno 1602 - gold edition\1602.exe | "UDP Query User{D63233AB-9EE7-4E76-91BA-C8AAAC73EC15}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | "UDP Query User{D7E9974E-8D54-46B3-9EBE-B4F30341FE4D}C:\setups spiele\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=17 | dir=in | app=c:\setups spiele\downloader_warcraft3_the_frozen_throne_dede.exe | "UDP Query User{DAB25831-4FA9-4383-9A60-2BCF4BD94CA7}C:\xamppdaten\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xamppdaten\xampp\mysql\bin\mysqld.exe | "UDP Query User{E2DB5A7D-D45A-4FAD-89E6-C539FD93C07E}C:\program files (x86)\fox\aliens vs. predator 2\lithtech.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fox\aliens vs. predator 2\lithtech.exe | "UDP Query User{EA8147E3-B4FC-4C57-A43D-ED920CC22367}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | "UDP Query User{F4398DDB-F07E-4D39-897B-9ABA7E10BE72}C:\program files (x86)\common files\ti shared\commlib\1\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\ti shared\commlib\1\jre\bin\java.exe | "UDP Query User{F6E1C33E-E4F4-486B-8014-952DCCE3D400}C:\users\zellerli\appdata\roaming\ipgyo\ecyvcy.exe" = protocol=17 | dir=in | app=c:\users\zellerli\appdata\roaming\ipgyo\ecyvcy.exe | "UDP Query User{FAEF00E0-4197-46AC-8BEE-ED136E4C1F41}C:\program files (x86)\ea games\command and conquer generals\game.dat" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\command and conquer generals\game.dat | "UDP Query User{FE789878-EA1C-4049-BEDC-8AC92CA9B2C1}C:\setups spiele\downloader_warcraft3_reign_of_chaos_dede.exe" = protocol=17 | dir=in | app=c:\setups spiele\downloader_warcraft3_reign_of_chaos_dede.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{23F108F0-BD12-A639-8C6E-BB1F7AF736C1}" = ccc-utility64 "{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4C8281B8-D579-414B-AA10-186542582A3B}" = 64-bit MathLink Libraries (6.0.3.1048069) "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{6741B646-3DBE-AF40-75FA-959847831D9F}" = ATI Catalyst Install Manager "{78BFF077-C4A2-4715-8321-651585432C79}" = Oracle VM VirtualBox 3.2.0 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{A5D44F9D-C159-4C1E-AD21-A4D85B31AB46}" = Corel Graphics - Windows Shell Extension 64 Bit "{B860298B-CE03-4DE2-B92E-422F2C20A2D8}_is1" = PDF-XChange Lite 4 "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "sp6" = Logitech SetPoint 6.22 "STATNOVAPDF_is1" = STATNOVAPDF (novaPDF 6.1 printer) "TeamSpeak 3 Client" = TeamSpeak 3 Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup) "_{5D3DAABF-723A-44FB-9408-6AB8887DD056}" = Corel Graphics - Windows Shell Extension "_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5 "_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM) "{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup) "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals "{0DE35ACF-BDF7-41D3-B45E-4BD26A7F807B}" = STATISTICA 9.1a (DE) "{103B6835-DCA0-413F-A99E-ECAD6622726E}" = Aliens versus Predator 2: Primal Hunt "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{142DA0F4-8569-4D64-B374-0B65D8F4C9CE}" = Wolfram Notebook Indexer 2.0 "{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI "{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI "{1C3147A7-4810-45FC-AD89-064D8023A514}" = SEPA Account Converter "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.6 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data "{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI "{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA "{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{27DC856A-0916-4988-8198-8714DDD3183D}" = AGEIA PhysX v7.05.17 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3 "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228 "{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3 "{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI "{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters "{368FCA18-C510-4F87-B60E-192B9BDBAE3D}" = CorelDRAW Graphics Suite X5 "{36D8A747-3FC1-121F-6C92-2F79A9B3172D}" = Catalyst Control Center Graphics Full New "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3C2A073C-4352-4D64-9928-91EAD643CF0C}" = Wolfram Mathematica 6 "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Königsedition "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}" = Aliens vs. Predator 2 "{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0408.1 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F928B83-3D8E-402B-8480-5C5C3BCE8040}" = OKI B410 Druckermenü-Einrichtungstool "{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI "{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI "{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect "{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA "{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist "{5C52CED3-D45C-4DA9-932F-B91BD44BB461}" = Adabas D 13.01.00 "{5D3DAABF-723A-44FB-9408-6AB8887DD056}" = Corel Graphics - Windows Shell Extension "{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw "{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI "{68EE5C41-2F79-4F36-BE85-22A814F55AF7}" = CorelDRAW Graphics Suite X5 - ES "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}" = Razer Diamondback 3G "{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI "{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.20 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{89D16846-7491-A3C3-89D9-006906602FA2}" = Catalyst Control Center Graphics Previews Common "{8CDCDD72-388E-0A2A-4847-873C448033EA}" = Catalyst Control Center Graphics Previews Vista "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding "{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU "{8F18CFF8-8259-4148-AD00-2EE572754E92}" = CorelDRAW Graphics Suite X5 - FR "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager "{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT "{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{96700F76-C4C8-4D76-9A1C-0065F8CF36BA}" = Origin86 "{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav "{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer "{9FE15B75-8AD9-4A6F-A57A-7E7C03C4CBEB}" = StarOffice 8 "{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.07.07 "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch "{AF131494-F5D8-45C5-938C-D5F020CF1B0D}" = Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412 "{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2 "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B364DC2A-9783-4737-B795-D6F0562A41C5}" = calibre "{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German "{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.48 (April 23, 2011) Version v2011.build.48 "{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI "{BFE9A442-5D4B-4372-B994-FB4BCEA78662}" = CorelDRAW Graphics Suite X5 - NL "{C1EC4E2D-6F63-4806-B88E-7685B6EC186E}" = Cisco AnyConnect VPN Client "{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common "{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files "{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content "{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI "{D51BAC38-15D6-462B-9EFB-B330959F0839}" = Origin86 "{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English "{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI "{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}" = ScreenManager Pro for LCD "{DC3F66CA-9DFD-41EA-9D9E-FD86F1446A3D}" = Catalyst Control Center Core Implementation "{DC43FBD3-3E5D-419D-A981-519F1A3E6F53}" = CorelDRAW Graphics Suite X5 - IT "{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE "{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM "{E25BEA72-89F8-121D-5481-0347B9446673}" = ccc-core-static "{E288FAEB-D102-0ACA-DF6A-9BD3C90FA08B}" = Catalyst Control Center HydraVision Full "{E327C2A5-E236-44C4-A410-B899403A49A9}" = B400 Series PCL Driver from OKI® Printing Solutions for Windows "{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN "{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM) "{E4D35928-2C24-A87E-8240-CC7E25548F52}" = Catalyst Control Center Graphics Full Existing "{E76CDA48-6FB1-49C5-0769-7B9444664056}" = Catalyst Control Center Graphics Light "{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI "{EB3B36B9-E1F4-81BA-BEB5-4FB07D4CEE39}" = Catalyst Control Center InstallProxy "{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture "{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F5E0B89C-AABA-639D-B6F5-C3FB085FB120}" = CCC Help English "{F78AC3C0-578C-49AB-BD4E-3107A6036A13}" = Tom Clancy's Ghost Recon Advanced Warfighter® 2 "{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}" = CorelDRAW Graphics Suite X5 - BR "{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 9.20 "ACE LoL Client" = League of Legends - ACE Client by Matricus "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop 7.0" = Adobe Photoshop 7.0 "Advanced RAR Repair v1.2" = Advanced RAR Repair v1.2 "Ahnenblatt_is1" = Ahnenblatt 2.64 "ANNO 1602 - Gold Edition" = ANNO 1602 - Gold Edition "Audacity_is1" = Audacity 2.0 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI "Company of Heroes" = Company of Heroes "EA Download Manager" = EA Download Manager "EVEREST Corporate Edition_is1" = EVEREST Corporate Edition v5.50 "FileZilla Client" = FileZilla Client 3.2.7.1 "Gothic II" = Gothic II "GPU Caps Viewer_is1" = GPU Caps Viewer v1.4.2 "HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0 "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals "InstallShield_{3C2A073C-4352-4D64-9928-91EAD643CF0C}" = Wolfram Mathematica 6 "InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0408.1 "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "JAP" = JAP "JDownloader" = JDownloader "League of Legends_is1" = League of Legends "MiKTeX 2.8" = MiKTeX 2.8 "Miranda IM" = Miranda IM 0.9.10 "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "pdfsam" = pdfsam "PowerISO" = PowerISO "PunkBusterSvc" = PunkBuster Services "RealPlayer 12.0" = RealPlayer "Recovery Toolbox for RAR_is1" = Recovery Toolbox for RAR 1.1 "RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition "SmartToolsFalz & Lochmarken-Assistentv6.50" = SmartTools Publishing • Word Falz & Lochmarken-Assistent "SpeedFan" = SpeedFan (remove only) "StarCraft II" = StarCraft II "StarCraft II Beta" = StarCraft II Beta "Steam App 15620" = Warhammer® 40,000™: Dawn of War® II "Steam App 22600" = Worms Reloaded "Steam App 2760" = Neverwinter Nights 2: Platinum "Steam App 49470" = Magic: The Gathering — Duels of the Planeswalkers 2012 "Steam App 57900" = Duke Nukem Forever "Stellarium_is1" = Stellarium 0.10.6.1 "Sweet Home 3D_is1" = Sweet Home 3D version 3.3 "Texmaker" = Texmaker "TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1 "TI-Nspire CAS Student Software" = TI-Nspire CAS Student Software "TI-Nspire Student Software" = TI-Nspire Student Software "TripleAVersion1_2_5_5" = TripleA Version 1_2_5_5 "TrueCrypt" = TrueCrypt "uTorrent" = µTorrent "VLC media player" = VLC media player 2.0.2 "Warcraft III" = Warcraft III "WinGimp-2.0_is1" = GIMP 2.6.8 "WinRAR archiver" = WinRAR Archivierer "World of Warcraft" = World of Warcraft ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1227684924-1299058479-1627879679-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "GeoGebra 4" = GeoGebra 4 "Hades webstart" = Hades webstart "Inkscape" = Inkscape 0.48.2 "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 13.11.2011 16:04:21 | Computer Name = Laemmerspiel | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 13.11.2011 16:05:23 | Computer Name = Laemmerspiel | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 14.11.2011 02:17:05 | Computer Name = Laemmerspiel | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 14.11.2011 02:18:08 | Computer Name = Laemmerspiel | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 14.11.2011 03:42:20 | Computer Name = Laemmerspiel | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 14.11.2011 03:43:37 | Computer Name = Laemmerspiel | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 14.11.2011 03:56:57 | Computer Name = Laemmerspiel | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 14.11.2011 03:57:21 | Computer Name = Laemmerspiel | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 14.11.2011 05:34:39 | Computer Name = Laemmerspiel | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 14.11.2011 05:46:41 | Computer Name = Laemmerspiel | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . [ Cisco AnyConnect VPN Client Events ] Error - 21.11.2012 14:29:44 | Computer Name = Laemmerspiel | Source = vpnagent | ID = 67108866 Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function: _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error: No such file or directory Error - 22.11.2012 03:06:19 | Computer Name = Laemmerspiel | Source = vpnagent | ID = 67108866 Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function: _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error: No such file or directory Error - 22.11.2012 06:09:34 | Computer Name = Laemmerspiel | Source = vpnagent | ID = 67108866 Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function: _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error: No such file or directory Error - 22.11.2012 09:21:48 | Computer Name = Laemmerspiel | Source = vpnagent | ID = 67108866 Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function: _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error: No such file or directory Error - 22.11.2012 10:52:52 | Computer Name = Laemmerspiel | Source = vpnagent | ID = 67108866 Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function: _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error: No such file or directory Error - 22.11.2012 13:40:30 | Computer Name = LAEMMERSPIEL | Source = vpnagent | ID = 67108866 Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function: _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error: No such file or directory Error - 22.11.2012 13:48:27 | Computer Name = Laemmerspiel | Source = vpnagent | ID = 67108866 Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function: _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error: No such file or directory Error - 22.11.2012 13:50:44 | Computer Name = Laemmerspiel | Source = vpnagent | ID = 67110873 Description = Termination reason code 9: Client PC is shutting down. Error - 22.11.2012 13:50:44 | Computer Name = Laemmerspiel | Source = vpnagent | ID = 67108866 Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function: _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error: No such file or directory Error - 23.11.2012 06:08:07 | Computer Name = Laemmerspiel | Source = vpnagent | ID = 67108866 Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function: _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error: No such file or directory [ System Events ] Error - 23.11.2012 06:10:34 | Computer Name = Laemmerspiel | Source = DCOM | ID = 10005 Description = Error - 23.11.2012 06:10:34 | Computer Name = Laemmerspiel | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 23.11.2012 06:10:34 | Computer Name = Laemmerspiel | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 23.11.2012 06:10:34 | Computer Name = Laemmerspiel | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 23.11.2012 06:10:34 | Computer Name = Laemmerspiel | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 23.11.2012 06:10:34 | Computer Name = Laemmerspiel | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 23.11.2012 06:10:34 | Computer Name = Laemmerspiel | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 23.11.2012 06:10:53 | Computer Name = Laemmerspiel | Source = DCOM | ID = 10005 Description = Error - 23.11.2012 06:10:52 | Computer Name = Laemmerspiel | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 23.11.2012 06:10:53 | Computer Name = Laemmerspiel | Source = DCOM | ID = 10005 Description = < End of report > Geändert von zellerli (23.11.2012 um 12:43 Uhr) |
23.11.2012, 21:54 | #2 |
/// Helfer-Team | Ukash Bundespolizei Infektion - Logs anbeiDie Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL O4 - Startup: C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation) [2012.11.22 18:38:24 | 000,000,788 | ---- | M] () -- C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:F35A93AD [2012.11.22 18:38:22 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe [2012.11.22 18:38:21 | 000,161,280 | ---- | C] (Un4seen Developments) -- C:\Users\Zellerli\wgsdgsdgdsgsd.exe [2012.11.22 18:38:23 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad :Files C:\ProgramData\*.exe C:\ProgramData\*.dll C:\ProgramData\*.tmp C:\ProgramData\TEMP C:\Users\Zellerli\*.tmp C:\Users\Zellerli\AppData\Local\Temp\*.exe C:\Users\Zellerli\AppData\LocalLow\Sun\Java\Deployment\cache %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk ipconfig /flushdns /c :Commands [emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ |
24.11.2012, 00:37 | #3 | |
| Ukash Bundespolizei Infektion - Logs anbei Danke für deine Hilfe t'john!
__________________EDIT: Der nachfolgende Text entspricht nicht dem neuesten Stand. Hat beim zweiten Anlauf geklappt. Weitere Logs werden nun generiert (weiß nicht wie lange das dauert, daher dieser Edit, da sonst die Frist abläuft). [HINFÄLLIG] Beim Durchlaufen der fix ist folgendes passiert: Zuerst kam: "Ein kritischer Fehler ist aufgetreten, Windows wird in einer Minute neu gestartet, Speichern Sie jetzt Ihre Daten." (gelbes Symbol), habe dort OK geklickt in der Annahme es handelt sich um den angekündigten Neustart. Dann kam noch ein Fehler mit rotem Symbol, relativ kurz mit iexplorer.exe und Speicheradressen. Nach der Minute ist der Rechner dann auch neugestartet (dies hat ab dem Windows-Start sehr lange gedauert, meine Maus ging dabei auch ca. 1 Minute nicht). Es erschien dieses Log-File (habe es hoffentlich Zeichengenau abgetippt, wenn du es kopiersicher brauchst, sag bescheid!): Zitat:
Ich befinde mich nicht im abgesicherten Modus. Der Trojaner bleibt still, wenn das Internet weg ist, weshalb ich alles ausführen kann. [/HINFÄLLIG] Geändert von zellerli (24.11.2012 um 00:46 Uhr) |
24.11.2012, 06:04 | #4 |
/// Helfer-Team | Ukash Bundespolizei Infektion - Logs anbei Hast du den Fix richtig reinkopiert? Versuche es im abgesicherten Modus nochmal. |
24.11.2012, 11:15 | #5 |
| Ukash Bundespolizei Infektion - Logs anbei Dann erstmal Historie: Als ich gestern den Rechner ohne LAN einschaltete, konnte ich normal ins Windows. Das war nach dem hochgeladenen OLT-Log. Ich habe in diesem Zustand Antivir durchlaufen lassen, weil es wieder ging. Im Nachhinein denke ich mir, dass das ein Fehler gewesen sein könnte und entschuldige mich dafür. Wird nicht wieder vorkommen. Der Vollständigkeit halber: Antivir hat jedenfalls folgendes zwei Files in die Quarantäne: Code:
ATTFilter Die Datei 'C:\Users\Zellerli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\341b2629-4a0b7a51' enthielt einen Virus oder unerwünschtes Programm 'JAVA/Inject.AX' [virus]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '552f5eb5.qua' verschoben! Die Datei 'C:\Users\Zellerli\AppData\Local\vltdi.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Winwebsec.aziouq' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4c7b714a.qua' verschoben! Das erste mal OLT-Fix wurde abgebrochen (siehe Beitrag). Ich bin mir sehr sicher, dass ich das Skript richtig reinkopiert habe. Ich habe mir dann gedacht, dass das schlimmste, was beim nochmaligen Versuch passieren kann ist, dass irgend eine (aber dokumnetierte) Datei flöten geht und habe es nochmal versuch. Es hat (laut OLT) geklappt. OLTFix-Log: Code:
ATTFilter All processes killed ========== OTL ========== File move failed. C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk scheduled to be moved on reboot. File C:\ProgramData\lsass.exe not found. File C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found. Unable to delete ADS C:\ProgramData\Temp:F35A93AD . File C:\ProgramData\lsass.exe not found. File C:\Users\Zellerli\wgsdgsdgdsgsd.exe not found. File C:\ProgramData\dsgsdgdsgdsgw.pad not found. ========== FILES ========== File\Folder C:\ProgramData\*.exe not found. File\Folder C:\ProgramData\*.dll not found. File\Folder C:\ProgramData\*.tmp not found. File\Folder C:\ProgramData\TEMP not found. File\Folder C:\Users\Zellerli\*.tmp not found. File\Folder C:\Users\Zellerli\AppData\Local\Temp\*.exe not found. File\Folder C:\Users\Zellerli\AppData\LocalLow\Sun\Java\Deployment\cache not found. File/Folder C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Zellerli\Desktop\cmd.bat deleted successfully. C:\Users\Zellerli\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: DefaultAppPool ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Zellerli ->Temp folder emptied: 398377 bytes ->Temporary Internet Files folder emptied: 188083652 bytes ->FireFox cache emptied: 60466359 bytes ->Flash cache emptied: 193439 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 580643774 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes RecycleBin emptied: 11516276 bytes Total Files Cleaned = 802,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11242012_004213 Files\Folders moved on Reboot... File\Folder C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found! C:\Users\Zellerli\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Users\Zellerli\AppData\Local\Temp\Plan Auftritte.doc not found! PendingFileRenameOperations files... Registry entries deleted on Reboot... Malwarebytes-Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.23.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Zellerli :: LAEMMERSPIEL [Administrator] 24.11.2012 00:49:45 mbam-log-2012-11-24 (00-49-45).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 562097 Laufzeit: 1 Stunde(n), 57 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v2.008 - Datei am 24/11/2012 um 10:19:51 erstellt # Aktualisiert am 17/11/2012 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzer : Zellerli - LAEMMERSPIEL # Bootmodus : Normal # Ausgeführt unter : C:\Users\Zellerli\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\ProgramData\Ask ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v16.0.2 (de) Profilname : default Datei : C:\Users\Zellerli\AppData\Roaming\Mozilla\Firefox\Profiles\u08xwy80.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [1036 octets] - [24/11/2012 10:19:51] ########## EOF - C:\AdwCleaner[S1].txt - [1096 octets] ########## Code:
ATTFilter All processes killed ========== OTL ========== File move failed. C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk scheduled to be moved on reboot. File C:\ProgramData\lsass.exe not found. File C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found. Unable to delete ADS C:\ProgramData\Temp:F35A93AD . File C:\ProgramData\lsass.exe not found. File C:\Users\Zellerli\wgsdgsdgdsgsd.exe not found. File C:\ProgramData\dsgsdgdsgdsgw.pad not found. ========== FILES ========== File\Folder C:\ProgramData\*.exe not found. File\Folder C:\ProgramData\*.dll not found. File\Folder C:\ProgramData\*.tmp not found. File\Folder C:\ProgramData\TEMP not found. File\Folder C:\Users\Zellerli\*.tmp not found. File\Folder C:\Users\Zellerli\AppData\Local\Temp\*.exe not found. File\Folder C:\Users\Zellerli\AppData\LocalLow\Sun\Java\Deployment\cache not found. File/Folder C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache konnte nicht geleert werden: Beim Ausfhren der Funktion ist ein Fehler aufgetreten. C:\Users\Zellerli\Desktop\cmd.bat deleted successfully. C:\Users\Zellerli\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: DefaultAppPool ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Zellerli ->Temp folder emptied: 399731 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 608 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11242012_104118 Ich hoffe dass die einzelnen Prozesse sich nicht gegenseitig behindert haben und meine Annahmen stimmen. Danke dir nochmals für deine Hilfe! Weitere Instruktionen? Nachtrag: Hier noch das Log von Malwarebytes im abgesicherten Modus (dort habe ich ein Laufwerk mehr gehabt als im nicht-abgesicherten, denke das ist von der Virtual Machine): Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.23.09 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus) Internet Explorer 9.0.8112.16421 Zellerli :: LAEMMERSPIEL [Administrator] 24.11.2012 10:55:13 mbam-log-2012-11-24 (10-55-13).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 561222 Laufzeit: 1 Stunde(n), 18 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v2.008 - Datei am 24/11/2012 um 12:28:20 erstellt # Aktualisiert am 17/11/2012 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzer : Zellerli - LAEMMERSPIEL # Bootmodus : Abgesicherter Modus # Ausgeführt unter : C:\Users\Zellerli\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v16.0.2 (de) Profilname : default Datei : C:\Users\Zellerli\AppData\Roaming\Mozilla\Firefox\Profiles\u08xwy80.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [1163 octets] - [24/11/2012 10:19:51] AdwCleaner[S2].txt - [834 octets] - [24/11/2012 12:28:20] ########## EOF - C:\AdwCleaner[S2].txt - [893 octets] ########## Antivir (nochmal Sorry) Nicht-abgesichert: OLT-Fix gescheitert OLT-Fix funktioniert Malwarebytes (up to date) funktioniert Adware funktioniert Abgesichert: OLT-Fix funktioniert Malwarebytes (up to date) funktioniert Adware funktioniert |
24.11.2012, 21:42 | #6 |
/// Helfer-Team | Ukash Bundespolizei Infektion - Logs anbei Gut, Rechner normal starten Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
__________________ --> Ukash Bundespolizei Infektion - Logs anbei |
25.11.2012, 02:32 | #7 |
| Ukash Bundespolizei Infektion - Logs anbei Das kam dabei raus: OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.11.2012 02:13:57 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zellerli\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,50 Gb Available Physical Memory | 81,31% Memory free 15,99 Gb Paging File | 14,30 Gb Available in Paging File | 89,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 921,54 Gb Total Space | 136,33 Gb Free Space | 14,79% Space Free | Partition Type: NTFS Computer Name: LAEMMERSPIEL | User Name: Zellerli | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Zellerli\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\Zellerli\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\xamppDaten\xampp\mysql\bin\mysqld.exe (MySQL AB) PRC - C:\xamppDaten\xampp\apache\bin\httpd.exe (Apache Software Foundation) PRC - C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com)) PRC - C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe () PRC - C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe () PRC - C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe (Razer Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\Zellerli\AppData\Local\Temp\sfamcc00001.dll () MOD - C:\Users\Zellerli\AppData\Local\Temp\sfareca00001.dll () MOD - C:\Users\Zellerli\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () MOD - C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe () MOD - C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (MySQL) -- C:\xamppDaten\xampp\mysql\bin\mysqld.exe (MySQL AB) SRV - (Apache2.2) -- C:\xamppDaten\xampp\apache\bin\httpd.exe (Apache Software Foundation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (TDslMgrService) -- C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe (T-Systems Enterprise Services GmbH) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation) DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (DslMNLwf) -- C:\Windows\SysNative\drivers\dslmnlwf.sys (T-Systems Enterprise Services GmbH) DRV:64bit: - (Razerlow) -- C:\Windows\SysNative\drivers\DB3G.sys (Razer (Asia-Pacific) Pte Ltd) DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys () DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA 81 8B 16 AC 86 CD 01 [binary data] IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\..\SearchScopes\{606ADCDA-32A4-4BC9-AB42-CEA943C2C9F0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=3993BC9E-58B3-43CA-8C8E-ED25C2215BBF&apn_sauid=9BF59E63-0C7C-41C0-8F22-F2870D58D302 IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.19 10:46:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 17:46:48 | 000,000,000 | ---D | M] [2012.11.19 10:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zellerli\AppData\Roaming\mozilla\Extensions [2012.11.19 10:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000..\Run: [Spotify Web Helper] C:\Users\Zellerli\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) O4 - Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E51035B1-B4D9-4B2B-A388-C30EB39FD8AC}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{7295fb20-072b-11e2-873a-6cf0490d7c79}\Shell - "" = AutoRun O33 - MountPoints2\{7295fb20-072b-11e2-873a-6cf0490d7c79}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.24 00:20:29 | 000,000,000 | ---D | C] -- C:\_OTL [2012.11.23 23:58:18 | 000,000,000 | ---D | C] -- C:\Users\Zellerli\AppData\Roaming\Malwarebytes [2012.11.23 23:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.23 23:57:26 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.23 23:57:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.23 23:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.23 11:12:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Zellerli\Desktop\OTL.exe [2012.11.19 10:46:44 | 000,000,000 | ---D | C] -- C:\Users\Zellerli\AppData\Roaming\Mozilla [2012.11.16 03:38:05 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.11.16 03:38:05 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.11.16 03:33:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.11.16 03:30:49 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.11.16 03:30:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.11.16 03:30:48 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.11.16 03:30:48 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.11.16 03:30:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.11.16 03:30:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.11.16 03:30:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.11.16 03:30:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.11.16 03:30:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.11.16 03:30:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.11.16 03:30:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.11.16 03:30:47 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.11.16 03:30:46 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.11.16 03:30:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.11.16 03:30:46 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.11.16 03:27:15 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.11.16 03:27:14 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.11.16 03:27:14 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.11.16 03:27:14 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.11.15 09:19:47 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012.11.15 09:19:47 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012.11.15 09:19:47 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012.11.15 09:19:43 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisRtl.dll [2012.11.15 09:19:42 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisRtl.dll [2012.11.15 09:19:42 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ahadmin.dll [2012.11.15 09:19:42 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admwprox.dll [2012.11.15 09:19:42 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll [2012.11.15 09:19:42 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisreset.exe [2012.11.15 09:19:42 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisreset.exe [2012.11.15 09:19:41 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ahadmin.dll [2012.11.15 09:19:41 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wamregps.dll [2012.11.15 09:19:41 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisrstap.dll [2012.11.15 09:19:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wamregps.dll [2012.11.15 09:19:41 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisrstap.dll [2012.11.15 09:19:39 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012.11.15 09:19:39 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012.11.15 09:19:39 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012.11.15 09:19:39 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012.11.15 09:19:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012.11.15 09:19:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012.11.15 09:19:24 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.11.15 09:19:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012.10.27 19:50:23 | 000,000,000 | ---D | C] -- C:\Users\Zellerli\AppData\Roaming\xm1 [2012.10.27 19:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\OriginLab [2012.10.27 19:40:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin86Sr0SetupFiles [2012.10.27 19:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Texmaker [2012.10.27 19:04:24 | 000,000,000 | ---D | C] -- C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker [2012.10.27 19:04:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Texmaker [2012.10.27 17:46:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2010.06.04 10:31:59 | 001,663,664 | ---- | C] (Blizzard Entertainment) -- C:\Users\Zellerli\InstallWoW.exe [1 C:\Users\Zellerli\AppData\Local\*.tmp files -> C:\Users\Zellerli\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.25 02:18:19 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.25 02:17:07 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.25 02:17:07 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.25 02:13:08 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.25 02:09:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.25 02:09:30 | 2143,936,511 | -HS- | M] () -- C:\hiberfil.sys [2012.11.23 10:56:40 | 000,543,531 | ---- | M] () -- C:\Users\Zellerli\Desktop\adwcleaner.exe [2012.11.23 10:50:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zellerli\Desktop\OTL.exe [2012.11.20 02:39:46 | 001,796,478 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.20 02:39:46 | 000,770,302 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.20 02:39:46 | 000,712,788 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.20 02:39:46 | 000,173,294 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.20 02:39:46 | 000,141,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.19 10:46:41 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.11.16 17:45:29 | 000,080,936 | ---- | M] () -- C:\Users\Zellerli\Documents\2012-03_Beschluss_sicherer_Berufseinstieg_zur_Veroeffentlichung-1.pdf [2012.11.16 10:04:23 | 000,605,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.10.27 19:04:25 | 000,000,999 | ---- | M] () -- C:\Users\Zellerli\Desktop\Texmaker.lnk [1 C:\Users\Zellerli\AppData\Local\*.tmp files -> C:\Users\Zellerli\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.24 10:19:29 | 000,543,531 | ---- | C] () -- C:\Users\Zellerli\Desktop\adwcleaner.exe [2012.11.19 10:46:41 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.11.19 10:46:41 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.11.16 17:45:29 | 000,080,936 | ---- | C] () -- C:\Users\Zellerli\Documents\2012-03_Beschluss_sicherer_Berufseinstieg_zur_Veroeffentlichung-1.pdf [2012.11.16 03:38:09 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.16 03:27:14 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.10.27 19:04:25 | 000,000,999 | ---- | C] () -- C:\Users\Zellerli\Desktop\Texmaker.lnk [2012.05.12 16:30:50 | 000,001,984 | ---- | C] () -- C:\Users\Zellerli\.recently-used.xbel [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.06.03 16:03:24 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.04.01 04:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2011.04.01 04:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011.04.01 04:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2011.03.07 23:51:00 | 000,042,615 | ---- | C] () -- C:\Users\Zellerli\dox-rs16_zurCore.rar [2011.03.07 23:50:41 | 000,176,962 | ---- | C] () -- C:\Users\Zellerli\Ravenshield_core_160.rar [2011.03.07 23:49:57 | 000,042,615 | ---- | C] () -- C:\Users\Zellerli\dox-rs16.rar [2011.03.07 23:45:24 | 000,640,707 | ---- | C] () -- C:\Users\Zellerli\jmt-MiniRS3.rar [2011.03.07 23:44:16 | 000,454,809 | ---- | C] () -- C:\Users\Zellerli\RS-mi_SuperK.rar [2010.12.06 00:22:02 | 000,007,608 | ---- | C] () -- C:\Users\Zellerli\AppData\Local\Resmon.ResmonCfg [2010.10.18 14:15:29 | 000,000,035 | ---- | C] () -- C:\Users\Zellerli\AppData\Roaming\Opusbext.dat [2010.10.06 23:52:54 | 003,121,971 | ---- | C] () -- C:\Users\Zellerli\17_gesamt_003_087_klein.pdf [2010.07.24 16:14:08 | 000,001,155 | ---- | C] () -- C:\Users\Zellerli\AppData\Roaming\SAS7_000.DAT [2010.05.13 18:28:32 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.04.26 21:41:51 | 001,024,270 | ---- | C] () -- C:\Users\Zellerli\strahlungsfelder_11.pdf [2010.04.19 19:18:55 | 002,699,555 | ---- | C] () -- C:\Users\Zellerli\theo-vorbereitung.zip [2010.04.15 23:12:24 | 203,279,596 | ---- | C] () -- C:\Users\Zellerli\Queen.rar ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.03.11 21:42:23 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\.minecraft [2011.04.25 20:27:51 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Ahnenblatt [2012.10.20 00:52:56 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Audacity [2012.07.21 12:58:34 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\calibre [2010.11.06 20:15:38 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\DAEMON Tools Lite [2010.05.19 19:56:31 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\DeepBurner [2012.10.24 09:51:01 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Dropbox [2011.04.28 09:54:34 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\FileZilla [2011.01.14 14:15:14 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Foxit Software [2012.05.12 16:30:50 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\gtk-2.0 [2012.02.27 00:05:27 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\inkscape [2012.03.21 20:25:57 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Itwye [2011.03.22 18:33:19 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\JonDo [2011.05.21 23:08:48 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Leadertech [2010.09.01 21:23:30 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\LolClient [2012.06.17 12:53:49 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\LolClient2 [2011.08.17 23:27:22 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Mael [2010.10.02 16:08:59 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Miranda [2011.11.12 12:47:44 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Red Alert 3 [2011.12.10 11:43:43 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\SmartTools [2012.09.15 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Spotify [2012.11.22 14:39:14 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\StarOffice8 [2011.03.07 23:39:00 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\StatSoft [2010.12.22 17:07:28 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Stellarium [2011.07.26 11:44:23 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Texas Instruments [2011.07.26 11:32:49 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\TI-Nspire [2012.01.23 12:00:01 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Ubisoft [2011.09.29 16:59:30 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\uTorrent [2011.08.29 22:55:05 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\wargaming.net [2012.10.27 19:50:23 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\xm1 ========== Purity Check ========== < End of report > |
25.11.2012, 08:46 | #8 |
/// Helfer-Team | Ukash Bundespolizei Infektion - Logs anbei Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL MOD - C:\Users\Zellerli\AppData\Local\Temp\sfamcc00001.dll () MOD - C:\Users\Zellerli\AppData\Local\Temp\sfareca00001.dll () :Files C:\ProgramData\*.exe C:\ProgramData\*.dll C:\ProgramData\*.tmp C:\ProgramData\TEMP C:\Users\Zellerli\*.tmp C:\Users\Zellerli\AppData\Local\Temp\*.exe C:\Users\Zellerli\AppData\LocalLow\Sun\Java\Deployment\cache ipconfig /flushdns /c :Commands [emptytemp]
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers danach: 3. Schritt TDSSKiller von Kaspersky - Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.Hier findest Du eine ausführlichere TDSSKiller Anleitung. |
25.11.2012, 15:51 | #9 |
| Ukash Bundespolizei Infektion - Logs anbei Der OLT-Fix hat beim Scan wieder den kritischen Fehler generiert (System startet in 1min neu), aber war lange vor dem Zwangsneustart fertig. Das Log sah auch so "fertig" aus wie die obigen, korrekt gelaufenen Fixes: Code:
ATTFilter All processes killed ========== OTL ========== ========== FILES ========== File\Folder C:\ProgramData\*.exe not found. File\Folder C:\ProgramData\*.dll not found. File\Folder C:\ProgramData\*.tmp not found. File\Folder C:\ProgramData\TEMP not found. File\Folder C:\Users\Zellerli\*.tmp not found. File\Folder C:\Users\Zellerli\AppData\Local\Temp\*.exe not found. File\Folder C:\Users\Zellerli\AppData\LocalLow\Sun\Java\Deployment\cache not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Zellerli\Desktop\cmd.bat deleted successfully. C:\Users\Zellerli\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: DefaultAppPool ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Zellerli ->Temp folder emptied: 569859 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11252012_151821 Files\Folders moved on Reboot... C:\Users\Zellerli\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Users\Zellerli\AppData\Local\Temp\Plan Auftritte.doc not found! PendingFileRenameOperations files... Registry entries deleted on Reboot... Malwarebytes Anti-Rootkit hat mir gratuliert und nichts gefunden: Code:
ATTFilter Malwarebytes Anti-Rootkit 1.1.0.1009 www.malwarebytes.org Database version: v2012.11.25.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Zellerli :: LAEMMERSPIEL [administrator] 25.11.2012 15:36:58 mbar-log-2012-11-25 (15-36-58).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: PUP | PUM | P2P Objects scanned: 27805 Time elapsed: 7 minute(s), 33 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Ich drücke Scan, es scannt und findet eine verdächtige, verschlüsselte Datei mit mittlerem Risiko. Die C:\Windows\system32\Drivers\sptd.sys Ich wähle "copy to quarantine" und drücke "continue". Es erscheint der Bericht (1474 objects, 1 threat, 1 quarantined) und wieder der Startbildschirm mit dem Button "Start scan" und "close". Scanne ich wieder, findet er wieder diese Datei (obwohl sie doch in Quarantäne ist... ?). Drücke ich "close", kommt keinerlei weitere Aufforderung (z.B. zum Neustart). Auch nach einem manuellen Neustart, geht dieser Kreislauf weiter (wieder der gleiche Fund). edit: Habe diesmal "delete" gewählt und er will neu starten. Nach dem Neustart ist die File weg und der Scan ist ganz clean. Log-Files gibt es dazu mehrere. Das hier ist das erste (wo ich nur quarantäniert habe), brauchst du andere Logs, sag bescheid!: Code:
ATTFilter 15:38:39.0792 5396 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 15:38:39.0807 5396 ============================================================ 15:38:39.0807 5396 Current date / time: 2012/11/25 15:38:39.0807 15:38:39.0807 5396 SystemInfo: 15:38:39.0807 5396 15:38:39.0807 5396 OS Version: 6.1.7601 ServicePack: 1.0 15:38:39.0807 5396 Product type: Workstation 15:38:39.0807 5396 ComputerName: LAEMMERSPIEL 15:38:39.0807 5396 UserName: Zellerli 15:38:39.0807 5396 Windows directory: C:\Windows 15:38:39.0807 5396 System windows directory: C:\Windows 15:38:39.0807 5396 Running under WOW64 15:38:39.0807 5396 Processor architecture: Intel x64 15:38:39.0807 5396 Number of processors: 4 15:38:39.0807 5396 Page size: 0x1000 15:38:39.0807 5396 Boot type: Normal boot 15:38:39.0807 5396 ============================================================ 15:38:40.0728 5396 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040 15:38:40.0728 5396 Drive \Device\Harddisk1\DR1 - Size: 0x74000000 (1.81 Gb), SectorSize: 0x200, Cylinders: 0xEC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 15:38:40.0759 5396 ============================================================ 15:38:40.0759 5396 \Device\Harddisk0\DR0: 15:38:40.0759 5396 MBR partitions: 15:38:40.0759 5396 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 15:38:40.0759 5396 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x73313AB0 15:38:40.0790 5396 \Device\Harddisk1\DR1: 15:38:40.0790 5396 MBR partitions: 15:38:40.0790 5396 ============================================================ 15:38:40.0853 5396 C: <-> \Device\Harddisk0\DR0\Partition2 15:38:40.0853 5396 ============================================================ 15:38:40.0853 5396 Initialize success 15:38:40.0853 5396 ============================================================ 15:38:51.0289 5012 ============================================================ 15:38:51.0289 5012 Scan started 15:38:51.0289 5012 Mode: Manual; 15:38:51.0289 5012 ============================================================ 15:38:51.0695 5012 ================ Scan system memory ======================== 15:38:51.0695 5012 System memory - ok 15:38:51.0695 5012 ================ Scan services ============================= 15:38:51.0897 5012 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 15:38:51.0897 5012 1394ohci - ok 15:38:51.0960 5012 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 15:38:51.0960 5012 ACPI - ok 15:38:52.0022 5012 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 15:38:52.0022 5012 AcpiPmi - ok 15:38:52.0241 5012 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 15:38:52.0241 5012 AdobeARMservice - ok 15:38:52.0303 5012 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 15:38:52.0303 5012 adp94xx - ok ... [Skript gekürzt wegen Zeichenüberschreitung: Hier standen diverse Files aus dem Ordner, alle mit "ok" - brauchst du das volle Skript, werde ich es als Anhang hochladen!] ... 15:39:08.0121 5012 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 15:39:08.0137 5012 Spooler - ok 15:39:08.0324 5012 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 15:39:08.0355 5012 sppsvc - ok 15:39:08.0387 5012 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 15:39:08.0387 5012 sppuinotify - ok 15:39:08.0418 5012 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys 15:39:08.0418 5012 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB 15:39:08.0418 5012 sptd ( LockedFile.Multi.Generic ) - warning 15:39:08.0418 5012 sptd - detected LockedFile.Multi.Generic (1) 15:39:08.0511 5012 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 15:39:08.0511 5012 srv - ok 15:39:08.0699 5012 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 15:39:08.0699 5012 srv2 - ok 15:39:08.0714 5012 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 15:39:08.0714 5012 srvnet - ok 15:39:08.0761 5012 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 15:39:08.0761 5012 SSDPSRV - ok 15:39:08.0761 5012 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 15:39:08.0761 5012 SstpSvc - ok 15:39:08.0823 5012 Steam Client Service - ok 15:39:08.0855 5012 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 15:39:08.0855 5012 stexstor - ok 15:39:09.0011 5012 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 15:39:09.0011 5012 stisvc - ok 15:39:09.0073 5012 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 15:39:09.0073 5012 storflt - ok 15:39:09.0120 5012 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll 15:39:09.0120 5012 StorSvc - ok 15:39:09.0213 5012 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 15:39:09.0213 5012 storvsc - ok 15:39:09.0276 5012 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 15:39:09.0276 5012 swenum - ok 15:39:09.0323 5012 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 15:39:09.0323 5012 swprv - ok 15:39:09.0416 5012 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 15:39:09.0432 5012 SysMain - ok 15:39:09.0525 5012 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 15:39:09.0525 5012 TabletInputService - ok 15:39:09.0635 5012 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 15:39:09.0635 5012 TapiSrv - ok 15:39:09.0681 5012 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 15:39:09.0681 5012 TBS - ok 15:39:09.0900 5012 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 15:39:09.0931 5012 Tcpip - ok 15:39:10.0025 5012 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 15:39:10.0040 5012 TCPIP6 - ok 15:39:10.0118 5012 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 15:39:10.0118 5012 tcpipreg - ok 15:39:10.0165 5012 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 15:39:10.0165 5012 TDPIPE - ok 15:39:10.0368 5012 [ 1226A953D4FDBDFD570DA5CEE66EAA55 ] TDslMgrService C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe 15:39:10.0493 5012 TDslMgrService - ok 15:39:10.0555 5012 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 15:39:10.0555 5012 TDTCP - ok 15:39:10.0664 5012 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 15:39:10.0664 5012 tdx - ok 15:39:10.0680 5012 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 15:39:10.0680 5012 TermDD - ok 15:39:10.0836 5012 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 15:39:10.0836 5012 TermService - ok 15:39:10.0851 5012 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 15:39:10.0867 5012 Themes - ok 15:39:10.0883 5012 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 15:39:10.0883 5012 THREADORDER - ok 15:39:10.0898 5012 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 15:39:10.0914 5012 TrkWks - ok 15:39:11.0007 5012 [ 8DE922CD4FEA6F83B10805DF965B9A08 ] truecrypt C:\Windows\system32\drivers\truecrypt.sys 15:39:11.0007 5012 truecrypt - ok 15:39:11.0101 5012 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 15:39:11.0101 5012 TrustedInstaller - ok 15:39:11.0163 5012 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 15:39:11.0163 5012 tssecsrv - ok 15:39:11.0241 5012 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 15:39:11.0241 5012 TsUsbFlt - ok 15:39:11.0304 5012 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 15:39:11.0304 5012 tunnel - ok 15:39:11.0319 5012 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 15:39:11.0319 5012 uagp35 - ok 15:39:11.0382 5012 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 15:39:11.0382 5012 udfs - ok 15:39:11.0413 5012 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 15:39:11.0413 5012 UI0Detect - ok 15:39:11.0444 5012 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 15:39:11.0444 5012 uliagpkx - ok 15:39:11.0507 5012 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 15:39:11.0507 5012 umbus - ok 15:39:11.0538 5012 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 15:39:11.0538 5012 UmPass - ok 15:39:11.0600 5012 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 15:39:11.0616 5012 UmRdpService - ok 15:39:11.0694 5012 [ 8B802B483CBDE06F62DBC04DC7AFAF8E ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe 15:39:11.0694 5012 UMVPFSrv - ok 15:39:11.0709 5012 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 15:39:11.0725 5012 upnphost - ok 15:39:11.0741 5012 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 15:39:11.0741 5012 usbaudio - ok 15:39:11.0819 5012 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 15:39:11.0819 5012 usbccgp - ok 15:39:11.0881 5012 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 15:39:11.0881 5012 usbcir - ok 15:39:11.0943 5012 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 15:39:11.0943 5012 usbehci - ok 15:39:12.0006 5012 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 15:39:12.0006 5012 usbhub - ok 15:39:12.0037 5012 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 15:39:12.0037 5012 usbohci - ok 15:39:12.0084 5012 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 15:39:12.0084 5012 usbprint - ok 15:39:12.0099 5012 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:39:12.0099 5012 USBSTOR - ok 15:39:12.0162 5012 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 15:39:12.0162 5012 usbuhci - ok 15:39:12.0224 5012 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys 15:39:12.0224 5012 usb_rndisx - ok 15:39:12.0240 5012 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 15:39:12.0240 5012 UxSms - ok 15:39:12.0271 5012 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 15:39:12.0271 5012 VaultSvc - ok 15:39:12.0333 5012 [ 6922612DCD53E825CDEB59227E2FB8E4 ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys 15:39:12.0333 5012 VBoxDrv - ok 15:39:12.0380 5012 [ 560BA2FB23485907C9D46AA4AFF6888A ] VBoxUSB C:\Windows\system32\Drivers\VBoxUSB.sys 15:39:12.0380 5012 VBoxUSB - ok 15:39:12.0443 5012 [ 955C497F1DFDBC2808F2700145EA918C ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys 15:39:12.0443 5012 VBoxUSBMon - ok 15:39:12.0458 5012 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 15:39:12.0458 5012 vdrvroot - ok 15:39:12.0521 5012 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 15:39:12.0536 5012 vds - ok 15:39:12.0552 5012 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 15:39:12.0552 5012 vga - ok 15:39:12.0567 5012 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 15:39:12.0567 5012 VgaSave - ok 15:39:12.0645 5012 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 15:39:12.0645 5012 vhdmp - ok 15:39:12.0770 5012 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 15:39:12.0770 5012 viaide - ok 15:39:12.0833 5012 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 15:39:12.0833 5012 vmbus - ok 15:39:12.0895 5012 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 15:39:12.0895 5012 VMBusHID - ok 15:39:12.0973 5012 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 15:39:12.0973 5012 volmgr - ok 15:39:13.0051 5012 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 15:39:13.0051 5012 volmgrx - ok 15:39:13.0067 5012 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 15:39:13.0067 5012 volsnap - ok 15:39:13.0223 5012 [ 4F4125C8E7FB75FED141316E0DFEBE4F ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe 15:39:13.0223 5012 vpnagent - ok 15:39:13.0301 5012 [ 13E6D95E7AC67ABB7A1196557EF8849F ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys 15:39:13.0301 5012 vpnva - ok 15:39:13.0332 5012 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 15:39:13.0347 5012 vsmraid - ok 15:39:13.0425 5012 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 15:39:13.0441 5012 VSS - ok 15:39:13.0457 5012 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 15:39:13.0457 5012 vwifibus - ok 15:39:13.0488 5012 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 15:39:13.0488 5012 W32Time - ok 15:39:13.0581 5012 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll 15:39:13.0597 5012 W3SVC - ok 15:39:13.0613 5012 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 15:39:13.0613 5012 WacomPen - ok 15:39:13.0628 5012 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 15:39:13.0628 5012 WANARP - ok 15:39:13.0628 5012 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 15:39:13.0628 5012 Wanarpv6 - ok 15:39:13.0659 5012 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll 15:39:13.0659 5012 WAS - ok 15:39:13.0737 5012 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 15:39:13.0753 5012 wbengine - ok 15:39:13.0769 5012 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 15:39:13.0769 5012 WbioSrvc - ok 15:39:13.0800 5012 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll 15:39:13.0800 5012 WcesComm - ok 15:39:13.0862 5012 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 15:39:13.0862 5012 wcncsvc - ok 15:39:13.0878 5012 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 15:39:13.0878 5012 WcsPlugInService - ok 15:39:13.0893 5012 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 15:39:13.0893 5012 Wd - ok 15:39:13.0956 5012 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 15:39:13.0971 5012 Wdf01000 - ok 15:39:13.0987 5012 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 15:39:13.0987 5012 WdiServiceHost - ok 15:39:13.0987 5012 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 15:39:14.0003 5012 WdiSystemHost - ok 15:39:14.0065 5012 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 15:39:14.0081 5012 WebClient - ok 15:39:14.0096 5012 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 15:39:14.0096 5012 Wecsvc - ok 15:39:14.0112 5012 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 15:39:14.0112 5012 wercplsupport - ok 15:39:14.0143 5012 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 15:39:14.0143 5012 WerSvc - ok 15:39:14.0159 5012 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 15:39:14.0159 5012 WfpLwf - ok 15:39:14.0174 5012 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 15:39:14.0174 5012 WIMMount - ok 15:39:14.0174 5012 WinDefend - ok 15:39:14.0190 5012 WinHttpAutoProxySvc - ok 15:39:14.0237 5012 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 15:39:14.0237 5012 Winmgmt - ok 15:39:14.0330 5012 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 15:39:14.0361 5012 WinRM - ok 15:39:14.0439 5012 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 15:39:14.0439 5012 WinUsb - ok 15:39:14.0471 5012 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 15:39:14.0486 5012 Wlansvc - ok 15:39:14.0642 5012 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 15:39:14.0658 5012 wlidsvc - ok 15:39:14.0705 5012 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 15:39:14.0705 5012 WmiAcpi - ok 15:39:14.0720 5012 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 15:39:14.0736 5012 wmiApSrv - ok 15:39:14.0736 5012 WMPNetworkSvc - ok 15:39:14.0751 5012 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 15:39:14.0751 5012 WPCSvc - ok 15:39:14.0814 5012 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 15:39:14.0814 5012 WPDBusEnum - ok 15:39:14.0845 5012 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 15:39:14.0845 5012 ws2ifsl - ok 15:39:14.0861 5012 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 15:39:14.0861 5012 wscsvc - ok 15:39:14.0861 5012 WSearch - ok 15:39:14.0970 5012 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 15:39:14.0985 5012 wuauserv - ok 15:39:15.0032 5012 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 15:39:15.0032 5012 WudfPf - ok 15:39:15.0063 5012 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 15:39:15.0063 5012 WUDFRd - ok 15:39:15.0126 5012 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 15:39:15.0141 5012 wudfsvc - ok 15:39:15.0157 5012 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 15:39:15.0157 5012 WwanSvc - ok 15:39:15.0188 5012 ================ Scan global =============================== 15:39:15.0204 5012 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 15:39:15.0266 5012 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 15:39:15.0282 5012 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 15:39:15.0297 5012 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 15:39:15.0329 5012 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 15:39:15.0329 5012 [Global] - ok 15:39:15.0329 5012 ================ Scan MBR ================================== 15:39:15.0344 5012 [ A3095E5B8060D0D6B97E87EC1BB50C3C ] \Device\Harddisk0\DR0 15:39:15.0422 5012 \Device\Harddisk0\DR0 - ok 15:39:15.0438 5012 [ BB51795341398A02FBB2FAB12C9A32E1 ] \Device\Harddisk1\DR1 15:39:15.0500 5012 \Device\Harddisk1\DR1 - ok 15:39:15.0500 5012 ================ Scan VBR ================================== 15:39:15.0500 5012 [ 0BD4D2F48AB403B4B7C748D7AE8CA845 ] \Device\Harddisk0\DR0\Partition1 15:39:15.0500 5012 \Device\Harddisk0\DR0\Partition1 - ok 15:39:15.0500 5012 [ 8C22E1A68D07F4139D4DE3E73E63A73D ] \Device\Harddisk0\DR0\Partition2 15:39:15.0500 5012 \Device\Harddisk0\DR0\Partition2 - ok 15:39:15.0500 5012 ============================================================ 15:39:15.0500 5012 Scan finished 15:39:15.0500 5012 ============================================================ 15:39:15.0516 5372 Detected object count: 1 15:39:15.0516 5372 Actual detected object count: 1 15:40:02.0113 5372 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine 15:40:02.0113 5372 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine 15:40:21.0457 5668 ============================================================ 15:40:21.0457 5668 Scan started 15:40:21.0457 5668 Mode: Manual; 15:40:21.0457 5668 ============================================================ 15:40:21.0722 5668 ================ Scan system memory ======================== 15:40:21.0722 5668 System memory - ok 15:40:21.0722 5668 ================ Scan services ============================= 15:40:21.0910 5668 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 15:40:21.0910 5668 1394ohci - ok 15:40:21.0972 5668 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 15:40:21.0972 5668 ACPI - ok 15:40:22.0034 5668 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 15:40:22.0034 5668 AcpiPmi - ok 15:40:22.0206 5668 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 15:40:22.0206 5668 AdobeARMservice - ok 15:40:22.0237 5668 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 15:40:22.0253 5668 adp94xx - ok 15:40:22.0268 5668 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 15:40:22.0268 5668 adpahci - ok 15:40:22.0284 5668 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 15:40:22.0284 5668 adpu320 - ok 15:40:22.0315 5668 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 15:40:22.0315 5668 AeLookupSvc - ok 15:40:22.0378 5668 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 15:40:22.0393 5668 AFD - ok 15:40:22.0440 5668 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 15:40:22.0440 5668 agp440 - ok 15:40:22.0456 5668 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 15:40:22.0456 5668 ALG - ok 15:40:22.0487 5668 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 15:40:22.0487 5668 aliide - ok 15:40:22.0534 5668 [ B4143CB1DD16AE73C6177C72F33450A6 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 15:40:22.0534 5668 AMD External Events Utility - ok 15:40:22.0549 5668 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 15:40:22.0549 5668 amdide - ok 15:40:22.0565 5668 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 15:40:22.0565 5668 AmdK8 - ok 15:40:22.0705 5668 [ D1D06810BF7E21F5763EB06CB7E7262B ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys 15:40:22.0721 5668 amdkmdag - ok 15:40:22.0752 5668 [ 6BA71D6616B56816E57394D77DD1BB6F ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 15:40:22.0752 5668 amdkmdap - ok 15:40:22.0768 5668 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 15:40:22.0768 5668 AmdPPM - ok 15:40:22.0830 5668 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 15:40:22.0830 5668 amdsata - ok 15:40:22.0846 5668 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 15:40:22.0846 5668 amdsbs - ok 15:40:22.0861 5668 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 15:40:22.0861 5668 amdxata - ok 15:40:22.0986 5668 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 15:40:22.0986 5668 AntiVirSchedulerService - ok 15:40:23.0064 5668 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 15:40:23.0064 5668 AntiVirService - ok 15:40:23.0314 5668 [ FB32F046A2578755FA0DA5052C6A9CD3 ] Apache2.2 C:\xamppDaten\xampp\apache\bin\httpd.exe 15:40:23.0314 5668 Apache2.2 - ok 15:40:23.0407 5668 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll 15:40:23.0407 5668 AppHostSvc - ok 15:40:23.0454 5668 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 15:40:23.0454 5668 AppID - ok 15:40:23.0485 5668 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 15:40:23.0485 5668 AppIDSvc - ok 15:40:23.0548 5668 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 15:40:23.0548 5668 Appinfo - ok 15:40:23.0579 5668 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 15:40:23.0579 5668 AppMgmt - ok 15:40:23.0579 5668 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 15:40:23.0594 5668 arc - ok 15:40:23.0610 5668 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 15:40:23.0610 5668 arcsas - ok 15:40:23.0766 5668 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 15:40:23.0766 5668 aspnet_state - ok 15:40:23.0797 5668 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 15:40:23.0797 5668 AsyncMac - ok 15:40:23.0860 5668 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 15:40:23.0860 5668 atapi - ok 15:40:23.0891 5668 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys 15:40:23.0891 5668 AtiHdmiService - ok 15:40:24.0062 5668 [ D1D06810BF7E21F5763EB06CB7E7262B ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 15:40:24.0078 5668 atikmdag - ok 15:40:24.0156 5668 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 15:40:24.0156 5668 AudioEndpointBuilder - ok 15:40:24.0172 5668 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 15:40:24.0172 5668 AudioSrv - ok 15:40:24.0234 5668 [ B1224E6B086CD6548315B04AB575A23E ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 15:40:24.0234 5668 avgntflt - ok 15:40:24.0250 5668 [ ED45F12CFA62B83765C9C1496758CC87 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 15:40:24.0250 5668 avipbb - ok 15:40:24.0312 5668 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 15:40:24.0312 5668 AxInstSV - ok 15:40:24.0328 5668 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 15:40:24.0328 5668 b06bdrv - ok 15:40:24.0343 5668 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 15:40:24.0359 5668 b57nd60a - ok 15:40:24.0390 5668 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 15:40:24.0390 5668 BDESVC - ok 15:40:24.0406 5668 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 15:40:24.0406 5668 Beep - ok 15:40:24.0437 5668 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 15:40:24.0452 5668 BFE - ok 15:40:24.0499 5668 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 15:40:24.0499 5668 BITS - ok 15:40:24.0515 5668 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 15:40:24.0530 5668 blbdrive - ok 15:40:24.0593 5668 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 15:40:24.0593 5668 bowser - ok 15:40:24.0608 5668 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 15:40:24.0608 5668 BrFiltLo - ok 15:40:24.0624 5668 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 15:40:24.0624 5668 BrFiltUp - ok 15:40:24.0686 5668 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 15:40:24.0686 5668 Browser - ok 15:40:24.0702 5668 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 15:40:24.0702 5668 Brserid - ok 15:40:24.0718 5668 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 15:40:24.0718 5668 BrSerWdm - ok 15:40:24.0733 5668 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 15:40:24.0733 5668 BrUsbMdm - ok 15:40:24.0749 5668 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 15:40:24.0749 5668 BrUsbSer - ok 15:40:24.0764 5668 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 15:40:24.0764 5668 BTHMODEM - ok 15:40:24.0780 5668 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 15:40:24.0780 5668 bthserv - ok 15:40:24.0796 5668 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 15:40:24.0796 5668 cdfs - ok 15:40:24.0858 5668 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 15:40:24.0874 5668 cdrom - ok 15:40:24.0920 5668 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 15:40:24.0936 5668 CertPropSvc - ok 15:40:24.0936 5668 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 15:40:24.0936 5668 circlass - ok 15:40:24.0967 5668 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 15:40:24.0967 5668 CLFS - ok 15:40:25.0030 5668 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:40:25.0045 5668 clr_optimization_v2.0.50727_32 - ok 15:40:25.0076 5668 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 15:40:25.0076 5668 clr_optimization_v2.0.50727_64 - ok 15:40:25.0201 5668 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:40:25.0201 5668 clr_optimization_v4.0.30319_32 - ok 15:40:25.0217 5668 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 15:40:25.0232 5668 clr_optimization_v4.0.30319_64 - ok 15:40:25.0248 5668 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 15:40:25.0248 5668 CmBatt - ok 15:40:25.0264 5668 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 15:40:25.0264 5668 cmdide - ok 15:40:25.0326 5668 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 15:40:25.0326 5668 CNG - ok 15:40:25.0342 5668 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 15:40:25.0342 5668 Compbatt - ok 15:40:25.0357 5668 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 15:40:25.0357 5668 CompositeBus - ok 15:40:25.0373 5668 COMSysApp - ok 15:40:25.0388 5668 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 15:40:25.0388 5668 crcdisk - ok 15:40:25.0451 5668 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 15:40:25.0451 5668 CryptSvc - ok 15:40:25.0529 5668 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 15:40:25.0529 5668 CSC - ok 15:40:25.0607 5668 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 15:40:25.0607 5668 CscService - ok 15:40:25.0685 5668 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 15:40:25.0685 5668 DcomLaunch - ok 15:40:25.0716 5668 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 15:40:25.0716 5668 defragsvc - ok 15:40:25.0778 5668 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 15:40:25.0778 5668 DfsC - ok 15:40:25.0856 5668 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 15:40:25.0856 5668 Dhcp - ok 15:40:25.0872 5668 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 15:40:25.0872 5668 discache - ok 15:40:25.0872 5668 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 15:40:25.0872 5668 Disk - ok 15:40:25.0934 5668 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 15:40:25.0934 5668 Dnscache - ok 15:40:25.0997 5668 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 15:40:26.0012 5668 dot3svc - ok 15:40:26.0075 5668 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 15:40:26.0075 5668 DPS - ok 15:40:26.0106 5668 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 15:40:26.0106 5668 drmkaud - ok 15:40:26.0168 5668 [ D52EEB224DF107AAD9059597F0EB95CC ] DslMNLwf C:\Windows\system32\DRIVERS\dslmnlwf.sys 15:40:26.0168 5668 DslMNLwf - ok 15:40:26.0200 5668 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 15:40:26.0200 5668 DXGKrnl - ok 15:40:26.0215 5668 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 15:40:26.0231 5668 EapHost - ok 15:40:26.0293 5668 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 15:40:26.0309 5668 ebdrv - ok 15:40:26.0371 5668 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 15:40:26.0371 5668 EFS - ok 15:40:26.0418 5668 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 15:40:26.0434 5668 ehRecvr - ok 15:40:26.0449 5668 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 15:40:26.0449 5668 ehSched - ok 15:40:26.0480 5668 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 15:40:26.0480 5668 elxstor - ok 15:40:26.0543 5668 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 15:40:26.0543 5668 ErrDev - ok 15:40:26.0605 5668 [ 84486624268E078255BC7AA47F0960BC ] etdrv C:\Windows\etdrv.sys 15:40:26.0605 5668 etdrv - ok 15:40:26.0621 5668 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 15:40:26.0636 5668 EventSystem - ok 15:40:26.0636 5668 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 15:40:26.0652 5668 exfat - ok 15:40:26.0668 5668 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 15:40:26.0668 5668 fastfat - ok 15:40:26.0730 5668 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 15:40:26.0746 5668 Fax - ok 15:40:26.0761 5668 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 15:40:26.0761 5668 fdc - ok 15:40:26.0777 5668 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 15:40:26.0777 5668 fdPHost - ok 15:40:26.0792 5668 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 15:40:26.0792 5668 FDResPub - ok 15:40:26.0792 5668 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 15:40:26.0808 5668 FileInfo - ok 15:40:26.0808 5668 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 15:40:26.0808 5668 Filetrace - ok 15:40:26.0824 5668 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 15:40:26.0824 5668 flpydisk - ok 15:40:26.0886 5668 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 15:40:26.0886 5668 FltMgr - ok 15:40:26.0964 5668 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 15:40:26.0980 5668 FontCache - ok 15:40:27.0089 5668 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 15:40:27.0089 5668 FontCache3.0.0.0 - ok 15:40:27.0120 5668 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 15:40:27.0120 5668 FsDepends - ok 15:40:27.0167 5668 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 15:40:27.0167 5668 Fs_Rec - ok 15:40:27.0229 5668 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 15:40:27.0245 5668 fvevol - ok 15:40:27.0245 5668 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 15:40:27.0245 5668 gagp30kx - ok 15:40:27.0307 5668 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv C:\Windows\gdrv.sys 15:40:27.0307 5668 gdrv - ok 15:40:27.0385 5668 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 15:40:27.0385 5668 gpsvc - ok 15:40:27.0494 5668 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 15:40:27.0510 5668 gupdate - ok 15:40:27.0510 5668 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 15:40:27.0510 5668 gupdatem - ok 15:40:27.0572 5668 [ 8126331FBD4ED29EB3B356F9C905064D ] GVTDrv64 C:\Windows\GVTDrv64.sys 15:40:27.0572 5668 GVTDrv64 - ok 15:40:27.0588 5668 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 15:40:27.0588 5668 hcw85cir - ok 15:40:27.0666 5668 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 15:40:27.0666 5668 HdAudAddService - ok 15:40:27.0744 5668 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 15:40:27.0744 5668 HDAudBus - ok 15:40:27.0760 5668 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 15:40:27.0760 5668 HidBatt - ok 15:40:27.0775 5668 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 15:40:27.0775 5668 HidBth - ok 15:40:27.0791 5668 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 15:40:27.0806 5668 HidIr - ok 15:40:27.0838 5668 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 15:40:27.0838 5668 hidserv - ok 15:40:27.0900 5668 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 15:40:27.0900 5668 HidUsb - ok 15:40:27.0962 5668 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 15:40:27.0962 5668 hkmsvc - ok 15:40:28.0025 5668 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 15:40:28.0025 5668 HomeGroupListener - ok 15:40:28.0056 5668 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 15:40:28.0072 5668 HomeGroupProvider - ok 15:40:28.0103 5668 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 15:40:28.0103 5668 HpSAMD - ok 15:40:28.0181 5668 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 15:40:28.0181 5668 HTTP - ok 15:40:28.0243 5668 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 15:40:28.0243 5668 hwpolicy - ok 15:40:28.0306 5668 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 15:40:28.0306 5668 i8042prt - ok 15:40:28.0368 5668 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 15:40:28.0368 5668 iaStorV - ok 15:40:28.0430 5668 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 15:40:28.0430 5668 IDriverT - ok 15:40:28.0477 5668 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 15:40:28.0493 5668 idsvc - ok 15:40:28.0508 5668 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 15:40:28.0524 5668 iirsp - ok 15:40:28.0602 5668 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 15:40:28.0602 5668 IKEEXT - ok 15:40:28.0758 5668 [ A4A57A57020849117EF7B1D905F2A16A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 15:40:28.0774 5668 IntcAzAudAddService - ok 15:40:28.0774 5668 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 15:40:28.0774 5668 intelide - ok 15:40:28.0789 5668 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 15:40:28.0789 5668 intelppm - ok 15:40:28.0805 5668 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 15:40:28.0805 5668 IPBusEnum - ok 15:40:28.0852 5668 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:40:28.0852 5668 IpFilterDriver - ok 15:40:28.0914 5668 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 15:40:28.0914 5668 iphlpsvc - ok 15:40:28.0976 5668 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 15:40:28.0976 5668 IPMIDRV - ok 15:40:28.0992 5668 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 15:40:28.0992 5668 IPNAT - ok 15:40:28.0992 5668 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 15:40:28.0992 5668 IRENUM - ok 15:40:29.0054 5668 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 15:40:29.0054 5668 isapnp - ok 15:40:29.0117 5668 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 15:40:29.0117 5668 iScsiPrt - ok 15:40:29.0132 5668 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 15:40:29.0132 5668 kbdclass - ok 15:40:29.0210 5668 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 15:40:29.0210 5668 kbdhid - ok 15:40:29.0210 5668 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 15:40:29.0226 5668 KeyIso - ok 15:40:29.0273 5668 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 15:40:29.0288 5668 KSecDD - ok 15:40:29.0335 5668 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 15:40:29.0335 5668 KSecPkg - ok 15:40:29.0351 5668 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 15:40:29.0351 5668 ksthunk - ok 15:40:29.0366 5668 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 15:40:29.0382 5668 KtmRm - ok 15:40:29.0444 5668 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 15:40:29.0444 5668 LanmanServer - ok 15:40:29.0507 5668 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 15:40:29.0507 5668 LanmanWorkstation - ok 15:40:29.0694 5668 [ 4ADC135F525D38A498F83B089228CC2D ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe 15:40:29.0694 5668 LBTServ - ok 15:40:29.0756 5668 [ 24E09882BA51B9830AE029888A3AAF18 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys 15:40:29.0756 5668 LHidFilt - ok 15:40:29.0788 5668 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 15:40:29.0788 5668 lltdio - ok 15:40:29.0803 5668 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 15:40:29.0803 5668 lltdsvc - ok 15:40:29.0834 5668 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 15:40:29.0834 5668 lmhosts - ok 15:40:29.0850 5668 [ 2F94325D8C10E2B715F3D753C2422AAC ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys 15:40:29.0850 5668 LMouFilt - ok 15:40:29.0881 5668 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 15:40:29.0881 5668 LSI_FC - ok 15:40:29.0897 5668 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 15:40:29.0897 5668 LSI_SAS - ok 15:40:29.0912 5668 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 15:40:29.0912 5668 LSI_SAS2 - ok 15:40:29.0928 5668 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 15:40:29.0928 5668 LSI_SCSI - ok 15:40:29.0944 5668 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 15:40:29.0944 5668 luafv - ok 15:40:30.0006 5668 [ B8BE35421B9E8DC1AB4B0CB7B9B0328B ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys 15:40:30.0006 5668 LUsbFilt - ok 15:40:30.0037 5668 [ EF586B959F747E74C76603FF16AE417B ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys 15:40:30.0037 5668 LVRS64 - ok 15:40:30.0178 5668 [ EDF73BFA1BD24D74D1D64DC0ED28A7CD ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys 15:40:30.0193 5668 LVUVC64 - ok 15:40:30.0256 5668 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 15:40:30.0271 5668 Mcx2Svc - ok 15:40:30.0334 5668 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 15:40:30.0334 5668 MDM - ok 15:40:30.0349 5668 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 15:40:30.0349 5668 megasas - ok 15:40:30.0380 5668 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 15:40:30.0380 5668 MegaSR - ok 15:40:30.0396 5668 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 15:40:30.0396 5668 MMCSS - ok 15:40:30.0412 5668 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 15:40:30.0412 5668 Modem - ok 15:40:30.0427 5668 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 15:40:30.0443 5668 monitor - ok 15:40:30.0458 5668 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 15:40:30.0458 5668 mouclass - ok 15:40:30.0474 5668 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 15:40:30.0474 5668 mouhid - ok 15:40:30.0536 5668 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 15:40:30.0536 5668 mountmgr - ok 15:40:30.0599 5668 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 15:40:30.0599 5668 mpio - ok 15:40:30.0599 5668 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 15:40:30.0599 5668 mpsdrv - ok 15:40:30.0677 5668 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 15:40:30.0692 5668 MpsSvc - ok 15:40:30.0739 5668 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 15:40:30.0739 5668 MRxDAV - ok 15:40:30.0802 5668 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 15:40:30.0802 5668 mrxsmb - ok 15:40:30.0864 5668 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:40:30.0864 5668 mrxsmb10 - ok 15:40:30.0942 5668 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:40:30.0942 5668 mrxsmb20 - ok 15:40:30.0942 5668 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 15:40:30.0958 5668 msahci - ok 15:40:31.0004 5668 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 15:40:31.0004 5668 msdsm - ok 15:40:31.0020 5668 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 15:40:31.0020 5668 MSDTC - ok 15:40:31.0051 5668 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 15:40:31.0051 5668 Msfs - ok 15:40:31.0067 5668 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 15:40:31.0067 5668 mshidkmdf - ok 15:40:31.0114 5668 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 15:40:31.0114 5668 msisadrv - ok 15:40:31.0160 5668 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 15:40:31.0160 5668 MSiSCSI - ok 15:40:31.0160 5668 msiserver - ok 15:40:31.0192 5668 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 15:40:31.0192 5668 MSKSSRV - ok 15:40:31.0223 5668 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 15:40:31.0223 5668 MSPCLOCK - ok 15:40:31.0223 5668 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 15:40:31.0223 5668 MSPQM - ok 15:40:31.0301 5668 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 15:40:31.0301 5668 MsRPC - ok 15:40:31.0348 5668 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 15:40:31.0348 5668 mssmbios - ok 15:40:31.0363 5668 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 15:40:31.0363 5668 MSTEE - ok 15:40:31.0379 5668 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 15:40:31.0379 5668 MTConfig - ok 15:40:31.0394 5668 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 15:40:31.0394 5668 Mup - ok 15:40:31.0644 5668 [ 21EEF976D53A0BCB603ABFF4AB6E4C88 ] MySQL C:\xamppDaten\xampp\mysql\bin\mysqld.exe 15:40:31.0660 5668 MySQL - ok 15:40:31.0722 5668 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 15:40:31.0738 5668 napagent - ok 15:40:31.0753 5668 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 15:40:31.0769 5668 NativeWifiP - ok 15:40:31.0831 5668 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 15:40:31.0847 5668 NDIS - ok 15:40:31.0847 5668 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 15:40:31.0847 5668 NdisCap - ok 15:40:31.0862 5668 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 15:40:31.0862 5668 NdisTapi - ok 15:40:31.0909 5668 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 15:40:31.0909 5668 Ndisuio - ok 15:40:31.0972 5668 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 15:40:31.0972 5668 NdisWan - ok 15:40:32.0034 5668 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 15:40:32.0034 5668 NDProxy - ok 15:40:32.0050 5668 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 15:40:32.0050 5668 NetBIOS - ok 15:40:32.0112 5668 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 15:40:32.0128 5668 NetBT - ok 15:40:32.0143 5668 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 15:40:32.0143 5668 Netlogon - ok 15:40:32.0174 5668 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 15:40:32.0174 5668 Netman - ok 15:40:32.0237 5668 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 15:40:32.0237 5668 NetMsmqActivator - ok 15:40:32.0252 5668 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 15:40:32.0252 5668 NetPipeActivator - ok 15:40:32.0284 5668 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 15:40:32.0284 5668 netprofm - ok 15:40:32.0284 5668 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 15:40:32.0284 5668 NetTcpActivator - ok 15:40:32.0299 5668 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 15:40:32.0299 5668 NetTcpPortSharing - ok 15:40:32.0315 5668 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 15:40:32.0315 5668 nfrd960 - ok 15:40:32.0330 5668 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 15:40:32.0330 5668 NlaSvc - ok 15:40:32.0346 5668 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 15:40:32.0346 5668 Npfs - ok 15:40:32.0362 5668 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 15:40:32.0362 5668 nsi - ok 15:40:32.0377 5668 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 15:40:32.0377 5668 nsiproxy - ok 15:40:32.0455 5668 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 15:40:32.0471 5668 Ntfs - ok 15:40:32.0486 5668 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 15:40:32.0486 5668 Null - ok 15:40:32.0549 5668 [ 785298579B5F9B4032152DFBB992FDB6 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys 15:40:32.0549 5668 nusb3hub - ok 15:40:32.0611 5668 [ DF2750481B4964814467C974F2B0EEF1 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys 15:40:32.0611 5668 nusb3xhc - ok 15:40:32.0674 5668 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 15:40:32.0689 5668 nvraid - ok 15:40:32.0689 5668 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 15:40:32.0705 5668 nvstor - ok 15:40:32.0752 5668 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 15:40:32.0752 5668 nv_agp - ok 15:40:32.0814 5668 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 15:40:32.0814 5668 ohci1394 - ok 15:40:32.0876 5668 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:40:32.0876 5668 ose - ok 15:40:32.0908 5668 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 15:40:32.0923 5668 p2pimsvc - ok 15:40:32.0939 5668 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 15:40:32.0939 5668 p2psvc - ok 15:40:32.0954 5668 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 15:40:32.0954 5668 Parport - ok 15:40:33.0017 5668 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 15:40:33.0017 5668 partmgr - ok 15:40:33.0032 5668 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 15:40:33.0048 5668 PcaSvc - ok 15:40:33.0095 5668 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 15:40:33.0110 5668 pci - ok 15:40:33.0110 5668 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 15:40:33.0110 5668 pciide - ok 15:40:33.0126 5668 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 15:40:33.0126 5668 pcmcia - ok 15:40:33.0142 5668 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 15:40:33.0142 5668 pcw - ok 15:40:33.0173 5668 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 15:40:33.0173 5668 PEAUTH - ok 15:40:33.0235 5668 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 15:40:33.0235 5668 PeerDistSvc - ok 15:40:33.0329 5668 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 15:40:33.0329 5668 PerfHost - ok 15:40:33.0407 5668 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 15:40:33.0422 5668 pla - ok 15:40:33.0500 5668 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 15:40:33.0500 5668 PlugPlay - ok 15:40:33.0500 5668 PnkBstrA - ok 15:40:33.0516 5668 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 15:40:33.0516 5668 PNRPAutoReg - ok 15:40:33.0532 5668 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 15:40:33.0547 5668 PNRPsvc - ok 15:40:33.0610 5668 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 15:40:33.0625 5668 PolicyAgent - ok 15:40:33.0641 5668 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 15:40:33.0656 5668 Power - ok 15:40:33.0703 5668 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 15:40:33.0703 5668 PptpMiniport - ok 15:40:33.0734 5668 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 15:40:33.0734 5668 Processor - ok 15:40:33.0797 5668 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 15:40:33.0812 5668 ProfSvc - ok 15:40:33.0812 5668 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 15:40:33.0812 5668 ProtectedStorage - ok 15:40:33.0890 5668 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 15:40:33.0890 5668 Psched - ok 15:40:33.0953 5668 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe 15:40:33.0968 5668 PSI_SVC_2 - ok 15:40:34.0000 5668 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 15:40:34.0015 5668 ql2300 - ok 15:40:34.0031 5668 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 15:40:34.0031 5668 ql40xx - ok 15:40:34.0046 5668 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 15:40:34.0046 5668 QWAVE - ok 15:40:34.0062 5668 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 15:40:34.0062 5668 QWAVEdrv - ok 15:40:34.0187 5668 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll 15:40:34.0187 5668 RapiMgr - ok 15:40:34.0202 5668 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 15:40:34.0202 5668 RasAcd - ok 15:40:34.0218 5668 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 15:40:34.0234 5668 RasAgileVpn - ok 15:40:34.0234 5668 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 15:40:34.0249 5668 RasAuto - ok 15:40:34.0312 5668 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 15:40:34.0312 5668 Rasl2tp - ok 15:40:34.0374 5668 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 15:40:34.0374 5668 RasMan - ok 15:40:34.0390 5668 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 15:40:34.0390 5668 RasPppoe - ok 15:40:34.0405 5668 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 15:40:34.0421 5668 RasSstp - ok 15:40:34.0468 5668 [ 81DDBF4FE998EF1F4BA230F7E8D8C67E ] Razerlow C:\Windows\system32\drivers\DB3G.sys 15:40:34.0468 5668 Razerlow - ok 15:40:34.0530 5668 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 15:40:34.0530 5668 rdbss - ok 15:40:34.0546 5668 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 15:40:34.0561 5668 rdpbus - ok 15:40:34.0561 5668 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 15:40:34.0577 5668 RDPCDD - ok 15:40:34.0639 5668 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 15:40:34.0639 5668 RDPDR - ok 15:40:34.0639 5668 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 15:40:34.0639 5668 RDPENCDD - ok 15:40:34.0639 5668 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 15:40:34.0655 5668 RDPREFMP - ok 15:40:34.0702 5668 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 15:40:34.0702 5668 RDPWD - ok 15:40:34.0764 5668 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 15:40:34.0764 5668 rdyboost - ok 15:40:34.0795 5668 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 15:40:34.0795 5668 RemoteAccess - ok 15:40:34.0811 5668 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 15:40:34.0826 5668 RemoteRegistry - ok 15:40:34.0936 5668 [ A10B40CF9EB57D24E44717A2D38A00F4 ] RivaTuner64 C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys 15:40:34.0936 5668 RivaTuner64 - ok 15:40:34.0951 5668 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 15:40:34.0951 5668 RpcEptMapper - ok 15:40:34.0967 5668 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 15:40:34.0967 5668 RpcLocator - ok 15:40:35.0029 5668 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 15:40:35.0045 5668 RpcSs - ok 15:40:35.0045 5668 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 15:40:35.0045 5668 rspndr - ok 15:40:35.0107 5668 [ C20F64FCD5E2B40310A1774495877ACD ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys 15:40:35.0107 5668 RTHDMIAzAudService - ok 15:40:35.0185 5668 [ 777FC2C418465404E3D8A290DC247D24 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 15:40:35.0185 5668 RTL8167 - ok 15:40:35.0248 5668 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 15:40:35.0248 5668 s3cap - ok 15:40:35.0263 5668 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 15:40:35.0263 5668 SamSs - ok 15:40:35.0326 5668 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 15:40:35.0326 5668 sbp2port - ok 15:40:35.0326 5668 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 15:40:35.0341 5668 SCardSvr - ok 15:40:35.0372 5668 [ 07237C66E05DA6778E9F3CB67FA00736 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys 15:40:35.0372 5668 SCDEmu - ok 15:40:35.0435 5668 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 15:40:35.0435 5668 scfilter - ok 15:40:35.0497 5668 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 15:40:35.0513 5668 Schedule - ok 15:40:35.0591 5668 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 15:40:35.0591 5668 SCPolicySvc - ok 15:40:35.0638 5668 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 15:40:35.0653 5668 SDRSVC - ok 15:40:35.0653 5668 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 15:40:35.0653 5668 secdrv - ok 15:40:35.0731 5668 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 15:40:35.0731 5668 seclogon - ok 15:40:35.0747 5668 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 15:40:35.0747 5668 SENS - ok 15:40:35.0778 5668 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 15:40:35.0778 5668 SensrSvc - ok 15:40:35.0794 5668 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 15:40:35.0794 5668 Serenum - ok 15:40:35.0809 5668 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 15:40:35.0809 5668 Serial - ok 15:40:35.0856 5668 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 15:40:35.0856 5668 sermouse - ok 15:40:35.0934 5668 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 15:40:35.0934 5668 SessionEnv - ok 15:40:35.0996 5668 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 15:40:35.0996 5668 sffdisk - ok 15:40:36.0012 5668 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 15:40:36.0012 5668 sffp_mmc - ok 15:40:36.0028 5668 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 15:40:36.0028 5668 sffp_sd - ok 15:40:36.0043 5668 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 15:40:36.0043 5668 sfloppy - ok 15:40:36.0074 5668 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 15:40:36.0090 5668 SharedAccess - ok 15:40:36.0152 5668 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 15:40:36.0152 5668 ShellHWDetection - ok 15:40:36.0168 5668 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 15:40:36.0168 5668 SiSRaid2 - ok 15:40:36.0184 5668 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 15:40:36.0184 5668 SiSRaid4 - ok 15:40:36.0199 5668 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 15:40:36.0199 5668 Smb - ok 15:40:36.0215 5668 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 15:40:36.0215 5668 SNMPTRAP - ok 15:40:36.0277 5668 [ 5F9785E7535F8F602CB294A54962C9E7 ] speedfan C:\Windows\syswow64\speedfan.sys 15:40:36.0277 5668 speedfan - ok 15:40:36.0308 5668 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 15:40:36.0308 5668 spldr - ok 15:40:36.0371 5668 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 15:40:36.0386 5668 Spooler - ok 15:40:36.0511 5668 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 15:40:36.0527 5668 sppsvc - ok 15:40:36.0542 5668 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 15:40:36.0542 5668 sppuinotify - ok 15:40:36.0574 5668 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys 15:40:36.0574 5668 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB 15:40:36.0574 5668 sptd ( LockedFile.Multi.Generic ) - warning 15:40:36.0574 5668 sptd - detected LockedFile.Multi.Generic (1) 15:40:36.0636 5668 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 15:40:36.0652 5668 srv - ok 15:40:36.0714 5668 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 15:40:36.0714 5668 srv2 - ok 15:40:36.0745 5668 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 15:40:36.0745 5668 srvnet - ok 15:40:36.0761 5668 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 15:40:36.0776 5668 SSDPSRV - ok 15:40:36.0792 5668 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 15:40:36.0792 5668 SstpSvc - ok 15:40:36.0823 5668 Steam Client Service - ok 15:40:36.0870 5668 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 15:40:36.0870 5668 stexstor - ok 15:40:36.0932 5668 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 15:40:36.0932 5668 stisvc - ok 15:40:36.0995 5668 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 15:40:36.0995 5668 storflt - ok 15:40:37.0026 5668 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll 15:40:37.0026 5668 StorSvc - ok 15:40:37.0088 5668 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 15:40:37.0088 5668 storvsc - ok 15:40:37.0166 5668 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 15:40:37.0166 5668 swenum - ok 15:40:37.0182 5668 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 15:40:37.0198 5668 swprv - ok 15:40:37.0276 5668 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 15:40:37.0307 5668 SysMain - ok 15:40:37.0354 5668 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 15:40:37.0369 5668 TabletInputService - ok 15:40:37.0432 5668 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 15:40:37.0432 5668 TapiSrv - ok 15:40:37.0447 5668 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 15:40:37.0447 5668 TBS - ok 15:40:37.0541 5668 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 15:40:37.0556 5668 Tcpip - ok 15:40:37.0619 5668 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 15:40:37.0634 5668 TCPIP6 - ok 15:40:37.0681 5668 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 15:40:37.0681 5668 tcpipreg - ok 15:40:37.0697 5668 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 15:40:37.0697 5668 TDPIPE - ok 15:40:37.0775 5668 [ 1226A953D4FDBDFD570DA5CEE66EAA55 ] TDslMgrService C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe 15:40:37.0775 5668 TDslMgrService - ok 15:40:37.0837 5668 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 15:40:37.0837 5668 TDTCP - ok 15:40:37.0900 5668 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 15:40:37.0900 5668 tdx - ok 15:40:37.0915 5668 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 15:40:37.0915 5668 TermDD - ok 15:40:37.0993 5668 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 15:40:37.0993 5668 TermService - ok 15:40:38.0009 5668 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 15:40:38.0024 5668 Themes - ok 15:40:38.0040 5668 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 15:40:38.0040 5668 THREADORDER - ok 15:40:38.0056 5668 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 15:40:38.0071 5668 TrkWks - ok 15:40:38.0134 5668 [ 8DE922CD4FEA6F83B10805DF965B9A08 ] truecrypt C:\Windows\system32\drivers\truecrypt.sys 15:40:38.0134 5668 truecrypt - ok 15:40:38.0227 5668 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 15:40:38.0227 5668 TrustedInstaller - ok 15:40:38.0290 5668 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 15:40:38.0290 5668 tssecsrv - ok 15:40:38.0352 5668 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 15:40:38.0352 5668 TsUsbFlt - ok 15:40:38.0414 5668 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 15:40:38.0414 5668 tunnel - ok 15:40:38.0430 5668 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 15:40:38.0430 5668 uagp35 - ok 15:40:38.0492 5668 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 15:40:38.0492 5668 udfs - ok 15:40:38.0524 5668 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 15:40:38.0524 5668 UI0Detect - ok 15:40:38.0539 5668 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 15:40:38.0539 5668 uliagpkx - ok 15:40:38.0602 5668 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 15:40:38.0602 5668 umbus - ok 15:40:38.0617 5668 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 15:40:38.0617 5668 UmPass - ok 15:40:38.0633 5668 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 15:40:38.0648 5668 UmRdpService - ok 15:40:38.0711 5668 [ 8B802B483CBDE06F62DBC04DC7AFAF8E ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe 15:40:38.0726 5668 UMVPFSrv - ok 15:40:38.0742 5668 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 15:40:38.0742 5668 upnphost - ok 15:40:38.0758 5668 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 15:40:38.0758 5668 usbaudio - ok 15:40:38.0820 5668 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 15:40:38.0820 5668 usbccgp - ok 15:40:38.0882 5668 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 15:40:38.0882 5668 usbcir - ok 15:40:38.0945 5668 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 15:40:38.0945 5668 usbehci - ok 15:40:38.0992 5668 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 15:40:39.0007 5668 usbhub - ok 15:40:39.0038 5668 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 15:40:39.0038 5668 usbohci - ok 15:40:39.0054 5668 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 15:40:39.0054 5668 usbprint - ok 15:40:39.0070 5668 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:40:39.0070 5668 USBSTOR - ok 15:40:39.0132 5668 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 15:40:39.0132 5668 usbuhci - ok 15:40:39.0179 5668 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys 15:40:39.0179 5668 usb_rndisx - ok 15:40:39.0194 5668 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 15:40:39.0194 5668 UxSms - ok 15:40:39.0210 5668 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 15:40:39.0226 5668 VaultSvc - ok 15:40:39.0288 5668 [ 6922612DCD53E825CDEB59227E2FB8E4 ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys 15:40:39.0288 5668 VBoxDrv - ok 15:40:39.0335 5668 [ 560BA2FB23485907C9D46AA4AFF6888A ] VBoxUSB C:\Windows\system32\Drivers\VBoxUSB.sys 15:40:39.0335 5668 VBoxUSB - ok 15:40:39.0382 5668 [ 955C497F1DFDBC2808F2700145EA918C ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys 15:40:39.0382 5668 VBoxUSBMon - ok 15:40:39.0413 5668 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 15:40:39.0413 5668 vdrvroot - ok 15:40:39.0444 5668 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 15:40:39.0460 5668 vds - ok 15:40:39.0491 5668 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 15:40:39.0491 5668 vga - ok 15:40:39.0506 5668 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 15:40:39.0506 5668 VgaSave - ok 15:40:39.0538 5668 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 15:40:39.0538 5668 vhdmp - ok 15:40:39.0569 5668 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 15:40:39.0569 5668 viaide - ok 15:40:39.0600 5668 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 15:40:39.0600 5668 vmbus - ok 15:40:39.0616 5668 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 15:40:39.0616 5668 VMBusHID - ok 15:40:39.0631 5668 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 15:40:39.0631 5668 volmgr - ok 15:40:39.0694 5668 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 15:40:39.0694 5668 volmgrx - ok 15:40:39.0709 5668 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 15:40:39.0709 5668 volsnap - ok 15:40:39.0787 5668 [ 4F4125C8E7FB75FED141316E0DFEBE4F ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe 15:40:39.0787 5668 vpnagent - ok 15:40:39.0818 5668 [ 13E6D95E7AC67ABB7A1196557EF8849F ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys 15:40:39.0818 5668 vpnva - ok 15:40:39.0834 5668 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 15:40:39.0834 5668 vsmraid - ok 15:40:39.0881 5668 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 15:40:39.0896 5668 VSS - ok 15:40:39.0912 5668 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 15:40:39.0912 5668 vwifibus - ok 15:40:39.0943 5668 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 15:40:39.0943 5668 W32Time - ok 15:40:39.0990 5668 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll 15:40:39.0990 5668 W3SVC - ok 15:40:40.0006 5668 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 15:40:40.0006 5668 WacomPen - ok 15:40:40.0021 5668 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 15:40:40.0021 5668 WANARP - ok 15:40:40.0021 5668 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 15:40:40.0021 5668 Wanarpv6 - ok 15:40:40.0037 5668 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll 15:40:40.0037 5668 WAS - ok 15:40:40.0068 5668 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 15:40:40.0068 5668 wbengine - ok 15:40:40.0084 5668 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 15:40:40.0099 5668 WbioSrvc - ok 15:40:40.0115 5668 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll 15:40:40.0115 5668 WcesComm - ok 15:40:40.0177 5668 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 15:40:40.0193 5668 wcncsvc - ok 15:40:40.0208 5668 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 15:40:40.0208 5668 WcsPlugInService - ok 15:40:40.0208 5668 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 15:40:40.0208 5668 Wd - ok 15:40:40.0286 5668 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 15:40:40.0286 5668 Wdf01000 - ok 15:40:40.0318 5668 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 15:40:40.0318 5668 WdiServiceHost - ok 15:40:40.0318 5668 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 15:40:40.0318 5668 WdiSystemHost - ok 15:40:40.0333 5668 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 15:40:40.0333 5668 WebClient - ok 15:40:40.0349 5668 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 15:40:40.0349 5668 Wecsvc - ok 15:40:40.0364 5668 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 15:40:40.0364 5668 wercplsupport - ok 15:40:40.0380 5668 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 15:40:40.0380 5668 WerSvc - ok 15:40:40.0396 5668 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 15:40:40.0396 5668 WfpLwf - ok 15:40:40.0411 5668 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 15:40:40.0411 5668 WIMMount - ok 15:40:40.0411 5668 WinDefend - ok 15:40:40.0427 5668 WinHttpAutoProxySvc - ok 15:40:40.0474 5668 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 15:40:40.0474 5668 Winmgmt - ok 15:40:40.0520 5668 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 15:40:40.0536 5668 WinRM - ok 15:40:40.0583 5668 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 15:40:40.0583 5668 WinUsb - ok 15:40:40.0630 5668 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 15:40:40.0645 5668 Wlansvc - ok 15:40:40.0770 5668 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 15:40:40.0786 5668 wlidsvc - ok 15:40:40.0817 5668 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 15:40:40.0817 5668 WmiAcpi - ok 15:40:40.0832 5668 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 15:40:40.0832 5668 wmiApSrv - ok 15:40:40.0848 5668 WMPNetworkSvc - ok 15:40:40.0848 5668 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 15:40:40.0848 5668 WPCSvc - ok 15:40:40.0926 5668 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 15:40:40.0926 5668 WPDBusEnum - ok 15:40:40.0942 5668 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 15:40:40.0942 5668 ws2ifsl - ok 15:40:40.0957 5668 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 15:40:40.0957 5668 wscsvc - ok 15:40:40.0957 5668 WSearch - ok 15:40:41.0066 5668 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 15:40:41.0098 5668 wuauserv - ok 15:40:41.0144 5668 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 15:40:41.0160 5668 WudfPf - ok 15:40:41.0176 5668 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 15:40:41.0176 5668 WUDFRd - ok 15:40:41.0238 5668 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 15:40:41.0254 5668 wudfsvc - ok 15:40:41.0269 5668 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 15:40:41.0269 5668 WwanSvc - ok 15:40:41.0285 5668 ================ Scan global =============================== 15:40:41.0316 5668 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 15:40:41.0363 5668 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 15:40:41.0378 5668 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 15:40:41.0394 5668 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 15:40:41.0425 5668 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 15:40:41.0425 5668 [Global] - ok 15:40:41.0425 5668 ================ Scan MBR ================================== 15:40:41.0425 5668 [ A3095E5B8060D0D6B97E87EC1BB50C3C ] \Device\Harddisk0\DR0 15:40:41.0519 5668 \Device\Harddisk0\DR0 - ok 15:40:41.0519 5668 [ BB51795341398A02FBB2FAB12C9A32E1 ] \Device\Harddisk1\DR1 15:40:41.0566 5668 \Device\Harddisk1\DR1 - ok 15:40:41.0566 5668 ================ Scan VBR ================================== 15:40:41.0566 5668 [ 0BD4D2F48AB403B4B7C748D7AE8CA845 ] \Device\Harddisk0\DR0\Partition1 15:40:41.0566 5668 \Device\Harddisk0\DR0\Partition1 - ok 15:40:41.0581 5668 [ 8C22E1A68D07F4139D4DE3E73E63A73D ] \Device\Harddisk0\DR0\Partition2 15:40:41.0581 5668 \Device\Harddisk0\DR0\Partition2 - ok 15:40:41.0581 5668 ============================================================ 15:40:41.0581 5668 Scan finished 15:40:41.0581 5668 ============================================================ 15:40:41.0597 4392 Detected object count: 1 15:40:41.0597 4392 Actual detected object count: 1 15:40:56.0666 4392 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine 15:40:56.0666 4392 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine 15:41:21.0455 4640 Deinitialize success Geändert von zellerli (25.11.2012 um 16:08 Uhr) |
26.11.2012, 03:21 | #10 |
/// Helfer-Team | Ukash Bundespolizei Infektion - Logs anbei ESET Online Scanner Vorbereitung
|
26.11.2012, 10:49 | #11 | |
| Ukash Bundespolizei Infektion - Logs anbei Das habe ich alles gemacht. Mich hat aber Zitat:
Bei dem als Admin ausgeführten Programm vor dessen Start ich Firewall, Antivir und sonstige Programme deaktiviert habe, kam folgendes raus: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=2c47cdbb21fb6449ad26f274b7de5414 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-11-26 09:40:17 # local_time=2012-11-26 10:40:17 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1797 16775165 100 94 650885 90463273 406787 0 # compatibility_mode=5893 16776573 100 94 48927 105552667 0 0 # compatibility_mode=8192 67108863 100 0 3635 3635 0 0 # scanned=0 # found=0 # cleaned=0 # scan_time=0 |
27.11.2012, 11:12 | #12 |
| Ukash Bundespolizei Infektion - Logs anbei Sorry für den Doppelpost. Bin ich schon clean? |
27.11.2012, 12:11 | #13 |
/// Helfer-Team | Ukash Bundespolizei Infektion - Logs anbei Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
28.11.2012, 15:27 | #14 |
| Ukash Bundespolizei Infektion - Logs anbei Ich habe die neueste Version gemäß deiner Anleitung installiert. Danach habe ich in meiner Softwareliste einmal die neueste Java-Version gefunden und ein anderen Java-Eintrag (glaube irgendwas mit FX), der schon 4 Monate alt war. Den hab ich deinstalliert und neu gestartet. Bei Software in den Systemsteuerungen geht das Java-Symbol (hinter dem übrigens 32 Bit steht) nicht. Es kommt ein Fehler (siehe Anhang). Hat das was mit dem Deinstallieren des FX-Eintrags zu tun? Ich habe danach nochmal Java installiert (dachte mir, wenn es daran hängt, müsste es ja mitinstalliert werden), aber es geht immernoch nicht. |
29.11.2012, 05:10 | #15 |
/// Helfer-Team | Ukash Bundespolizei Infektion - Logs anbei Du kannst versuchen alles von Java mit JavaRa Download - JavaRa 2.0 zu entfernen. Sehr gut! damit bist Du sauber und entlassen! adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
Themen zu Ukash Bundespolizei Infektion - Logs anbei |
7-zip, adobe reader xi, antivir, autorun, avira, bho, computer, error, excel, fehler, flash player, helper, iexplore.exe, install.exe, jdownloader, league of legends, logfile, object, pando media booster, plug-in, poweriso, realtek, registry, rundll, scan, security, server, software, spotify web helper, storm, svchost.exe, teamspeak, trojaner, usb 3.0, virtualbox, visual studio, wgsdgsdgdsgsd.exe, windows |